def mask(request): """ Disguise """ referer = request.META.get('HTTP_REFERER', '/') form = DisguiseForm(request.POST or None) if form.is_valid(): # if not hasattr(request,'original_user') or request.original_user is None: if KEYNAME not in request.session: request.original_user = request.user request.session[KEYNAME] = request.original_user # Okay, security checks complete. Log the user in. new_user = form.get_user() new_user.backend = 'django.contrib.auth.backends.ModelBackend' # Change current user request.session[SESSION_KEY] = new_user.id request.session[BACKEND_SESSION_KEY] = new_user.backend if hasattr(request, 'user'): request.user = new_user if request.session.test_cookie_worked(): request.session.delete_test_cookie() if 'update_last_login' in form.cleaned_data: request.user.last_login = datetime.datetime.now() request.user.save() return redirect(referer)
def test_handle_invalid_username(regular_user): form = DisguiseForm({'username': regular_user.username + '_not'}) assert not form.is_valid() assert 'username' in form.errors
def test_form_invalid_everything(): form = DisguiseForm({}) assert not form.is_valid() assert '__all__' in form.errors
def test_form_valid_when_correct_user_id(regular_user): form = DisguiseForm({'user_id': regular_user.id}) assert form.is_valid()
def test_handle_valid_username(regular_user): form = DisguiseForm({'username': regular_user.username}) assert form.is_valid()
def test_handle_invalid_user_id(): form = DisguiseForm({'user_id': 31337}) assert not form.is_valid() assert 'user_id' in form.errors
def test_form_valid_when_correct_user_id(self): form = DisguiseForm({'user_id': self.user.pk}) self.assertTrue(form.is_valid())
def test_form_invalid_when_wrong_username(self): form = DisguiseForm({'username': self.user.username + '_not'}) self.assertFalse(form.is_valid()) self.assertIn('username', form.errors)
def test_form_invalid_when_wrong_user_id(self): form = DisguiseForm({'user_id': 31337}) self.assertFalse(form.is_valid()) self.assertIn('user_id', form.errors)
def test_form_invalid_everything(self): form = DisguiseForm({}) self.assertFalse(form.is_valid()) self.assertIn('__all__', form.errors)