def test_invalid_invitation_in_session(self):
"invitation_required() with invalid guest session returns 403."
# Setup:
#
# * fake invitation uuid in session
# * Ticket.objects.get() returns expired ticket.
place = u'louvre'
purpose = u'visit'
fake_uuid = uuid.uuid4()
invitation = models.Ticket(place=place, purpose=purpose,
uuid=fake_uuid,
expiry_datetime=now() - timedelta(days=2))
self.assertFalse(invitation.is_valid())
decorator = decorators.invitation_required(
place=place,
purpose=purpose)
decorator.get_ticket_from_credentials = mock.Mock(
side_effect=exceptions.NoTicketError)
decorator.get_ticket_from_session = mock.Mock(
return_value=invitation)
decorator.forbidden = mock.Mock(return_value=mock.sentinel.forbidden)
request = mock.MagicMock()
request.session = {}
# Run.
response = decorator(self.authorized_view)(request)
# Check.
self.assertEqual(response, mock.sentinel.forbidden)
decorator.get_ticket_from_credentials.assert_called_once_with(request)
decorator.get_ticket_from_session.assert_called_once_with(request)
decorator.forbidden.assert_called_once_with(request)
def test_run_no_ticket_error(self):
"""invitation_required.run() calls unauthorized() if NoTicketError."""
decorator = decorators.invitation_required(place=u'', purpose=u'')
decorator.get_ticket = mock.Mock(side_effect=exceptions.NoTicketError)
decorator.unauthorized = mock.Mock()
decorator.run('fake request')
decorator.unauthorized.assert_called_once_with('fake request')
def test_run_no_ticket_error(self):
"""invitation_required.run() calls unauthorized() if NoTicketError."""
decorator = decorators.invitation_required(place=u'', purpose=u'')
decorator.get_ticket = mock.Mock(side_effect=exceptions.NoTicketError)
decorator.unauthorized = mock.Mock()
decorator.run('fake request')
decorator.unauthorized.assert_called_once_with('fake request')
def test_valid_invitation_in_session(self):
"invitation_required() with valid guest session runs decorated view."
# Setup.
place = u'louvre'
purpose = u'visit'
fake_uuid = uuid.uuid4()
invitation = models.Ticket(place=place, purpose=purpose)
invitation.uuid = fake_uuid
self.assertTrue(invitation.is_valid())
self.request.session = {'invitation': invitation}
self.request.cache = {}
decorator = decorators.invitation_required(
place=place,
purpose=purpose)
decorator.get_ticket_from_credentials = mock.Mock(
side_effect=exceptions.NoTicketError)
decorator.get_ticket_from_session = mock.Mock(
return_value=invitation)
# Run.
response = decorator(self.authorized_view)(self.request,
*self.request_args,
**self.request_kwargs)
# Check.
self.authorized_view.assert_called_once_with(self.request,
*self.request_args,
**self.request_kwargs)
self.assertEqual(response, self.authorized_view.return_value)
self.assertFalse(self.unauthorized_view.called)
self.assertFalse(self.forbidden_view.called)
self.assertEqual(self.request.cache['invitation'], invitation)
def test_invalid_invitation_in_session(self):
"invitation_required() with invalid guest session returns 403."
# Setup:
#
# * fake invitation uuid in session
# * Ticket.objects.get() returns expired ticket.
place = u'louvre'
purpose = u'visit'
fake_uuid = uuid.uuid4()
invitation = models.Ticket(place=place,
purpose=purpose,
uuid=fake_uuid,
expiry_datetime=now() - timedelta(days=2))
self.assertFalse(invitation.is_valid())
decorator = decorators.invitation_required(place=place,
purpose=purpose)
decorator.get_ticket_from_credentials = mock.Mock(
side_effect=exceptions.NoTicketError)
decorator.get_ticket_from_session = mock.Mock(return_value=invitation)
decorator.forbidden = mock.Mock(return_value=mock.sentinel.forbidden)
request = mock.MagicMock()
request.session = {}
# Run.
response = decorator(self.authorized_view)(request)
# Check.
self.assertEqual(response, mock.sentinel.forbidden)
decorator.get_ticket_from_credentials.assert_called_once_with(request)
decorator.get_ticket_from_session.assert_called_once_with(request)
decorator.forbidden.assert_called_once_with(request)
def test_valid_invitation_in_session(self):
"invitation_required() with valid guest session runs decorated view."
# Setup.
place = u'louvre'
purpose = u'visit'
fake_uuid = uuid.uuid4()
invitation = models.Ticket(place=place, purpose=purpose)
invitation.uuid = fake_uuid
self.assertTrue(invitation.is_valid())
self.request.session = {'invitation': invitation}
self.request.cache = {}
decorator = decorators.invitation_required(place=place,
purpose=purpose)
decorator.get_ticket_from_credentials = mock.Mock(
side_effect=exceptions.NoTicketError)
decorator.get_ticket_from_session = mock.Mock(return_value=invitation)
# Run.
response = decorator(self.authorized_view)(self.request,
*self.request_args,
**self.request_kwargs)
# Check.
self.authorized_view.assert_called_once_with(self.request,
*self.request_args,
**self.request_kwargs)
self.assertEqual(response, self.authorized_view.return_value)
self.assertFalse(self.unauthorized_view.called)
self.assertFalse(self.forbidden_view.called)
self.assertEqual(self.request.cache['invitation'], invitation)
def test_get_invitation_from_session(self):
"""invitation_required() reads invitation from session."""
place = u'louvre'
purpose = u'visit'
invitation = models.Ticket(place=place, purpose=purpose)
fake_uuid = uuid.uuid4()
invitation.uuid = fake_uuid
decorator = decorators.invitation_required(place=place,
purpose=purpose)
decorator.ticket = invitation
# Check result when session is empty.
self.request.session = {}
with self.assertRaises(exceptions.NoTicketError):
decorator.get_ticket_from_session(self.request)
# Invalid uuid triggers exception
self.request.session = {'invitation': 'notavaliduuid'}
with self.assertRaises(exceptions.NoTicketError):
decorator.get_ticket_from_session(self.request)
# Check result when session holds invitation but DB does not.
self.request.session = {'invitation': str(fake_uuid)}
with self.assertRaises(exceptions.CredentialsError):
decorator.get_ticket_from_session(self.request)
# Check result when invitation is in both session and DB.
backup = models.Ticket.objects.get
try:
models.Ticket.objects.get = mock.Mock(return_value=invitation)
instance = decorator.get_ticket_from_session(self.request)
self.assertIs(instance, invitation)
models.Ticket.objects.get.assert_called_once_with(
uuid=fake_uuid,
place=place,
purpose=purpose,
)
finally:
models.Ticket.objects.get = backup
def test_run_ticket_expired_error(self):
"invitation_required.run() calls forbidden() if TicketExpiredError."
decorator = decorators.invitation_required(place=u'', purpose=u'')
decorator.get_ticket = mock.Mock(
side_effect=exceptions.TicketExpiredError)
decorator.forbidden = mock.Mock()
decorator.run('fake request')
decorator.forbidden.assert_called_once_with('fake request')
def test_run_ticket_expired_error(self):
"invitation_required.run() calls forbidden() if TicketExpiredError."
decorator = decorators.invitation_required(place=u'', purpose=u'')
decorator.get_ticket = mock.Mock(
side_effect=exceptions.TicketExpiredError)
decorator.forbidden = mock.Mock()
decorator.run('fake request')
decorator.forbidden.assert_called_once_with('fake request')
def run_decorated_view(self, place=u'', purpose=u''):
"""Setup, decorate and call view, then return response."""
# Get decorator.
decorator = decorators.invitation_required(place=place,
purpose=purpose)
decorator.unauthorized = self.unauthorized_view
decorator.forbidden = self.forbidden_view
# Decorate view.
decorated_view = decorator(self.authorized_view)
# Return response.
return decorated_view(self.request, *self.request_args,
**self.request_kwargs)
def test_redirect_session(self):
"""invitation_required() stores invitation UUID in session."""
place = u'louvre'
purpose = u'visit'
invitation = models.Ticket(place=place, purpose=purpose)
fake_uuid = uuid.uuid4()
invitation.uuid = fake_uuid
decorator = decorators.invitation_required(place=place,
purpose=purpose)
decorator.ticket = invitation
self.request.session = {}
decorator.redirect(self.request)
self.assertEqual(self.request.session['invitation'], str(fake_uuid))
def test_redirect_session(self):
"""invitation_required() stores invitation UUID in session."""
place = u'louvre'
purpose = u'visit'
invitation = models.Ticket(place=place, purpose=purpose)
fake_uuid = uuid.uuid4()
invitation.uuid = fake_uuid
decorator = decorators.invitation_required(
place=place,
purpose=purpose)
decorator.ticket = invitation
self.request.session = {}
decorator.redirect(self.request)
self.assertEqual(self.request.session['invitation'], str(fake_uuid))
def run_decorated_view(self, place=u'', purpose=u''):
"""Setup, decorate and call view, then return response."""
# Get decorator.
decorator = decorators.invitation_required(
place=place,
purpose=purpose)
decorator.unauthorized = self.unauthorized_view
decorator.forbidden = self.forbidden_view
# Decorate view.
decorated_view = decorator(self.authorized_view)
# Return response.
return decorated_view(self.request,
*self.request_args,
**self.request_kwargs)
def test_get_invitation_from_session(self):
"""invitation_required() reads invitation from session."""
place = u'louvre'
purpose = u'visit'
invitation = models.Ticket(place=place, purpose=purpose)
fake_uuid = uuid.uuid4()
invitation.uuid = fake_uuid
decorator = decorators.invitation_required(
place=place,
purpose=purpose)
decorator.ticket = invitation
# Check result when session is empty.
self.request.session = {}
with self.assertRaises(exceptions.NoTicketError):
decorator.get_ticket_from_session(self.request)
# Invalid uuid triggers exception
self.request.session = {'invitation': 'notavaliduuid'}
with self.assertRaises(exceptions.NoTicketError):
decorator.get_ticket_from_session(self.request)
# Check result when session holds invitation but DB does not.
self.request.session = {'invitation': str(fake_uuid)}
with self.assertRaises(exceptions.CredentialsError):
decorator.get_ticket_from_session(self.request)
# Check result when invitation is in both session and DB.
backup = models.Ticket.objects.get
try:
models.Ticket.objects.get = mock.Mock(return_value=invitation)
instance = decorator.get_ticket_from_session(self.request)
self.assertIs(instance, invitation)
models.Ticket.objects.get.assert_called_once_with(
uuid=fake_uuid,
place=place,
purpose=purpose,
)
finally:
models.Ticket.objects.get = backup