def test_structure_selector(self): """ Check that a deactivated member can't access the structure from the dashboard selector """ siae2 = SiaeWithMembershipFactory() guest = siae2.members.first() siae = SiaeWith2MembershipsFactory() admin = siae.members.first() siae.members.add(guest) memberships = guest.siaemembership_set.all() self.assertEqual(len(memberships), 2) # Admin remove guest from structure self.client.login(username=admin.email, password=DEFAULT_PASSWORD) url = reverse("siaes_views:deactivate_member", kwargs={"user_id": guest.id}) response = self.client.post(url) self.assertEqual(response.status_code, 302) self.client.logout() # guest must be able to login self.client.login(username=guest.email, password=DEFAULT_PASSWORD) url = reverse("dashboard:index") response = self.client.get(url) # Wherever guest lands should give a 200 OK self.assertEqual(response.status_code, 200) # Check response context, only one SIAE should remain self.assertEqual(len(response.context["user_siaes"]), 1)
def setUp(self): self.siae = SiaeWith2MembershipsFactory() self.sender = self.siae.members.first() self.invitation = SiaeSentInvitationFactory(sender=self.sender, siae=self.siae) self.user = get_user_model() self.response = None
def test_send_two_invitations_to_the_same_guest(self): # SIAE 1 invites guest once. self.client.post(self.send_invitation_url, data=self.post_data) # SIAE 2 invites guest too siae_2 = SiaeWith2MembershipsFactory() siae_2_sender = siae_2.members.first() self.client.login(email=siae_2_sender.email, password=DEFAULT_PASSWORD) post_data = { "form-TOTAL_FORMS": "1", "form-INITIAL_FORMS": "0", "form-MIN_NUM_FORMS": "", "form-MAX_NUM_FORMS": "", "form-0-first_name": self.guest.first_name, "form-0-last_name": self.guest.last_name, "form-0-email": self.guest.email, } self.client.post(self.send_invitation_url, data=post_data) invitation_query = self.invitations_model.objects.filter(siae=siae_2) self.assertTrue(invitation_query.exists()) invitation = invitation_query.first() self.assertEqual(invitation.first_name, self.guest.first_name) self.assertEqual(invitation.last_name, self.guest.last_name) self.assertEqual(invitation.email, self.guest.email) # SIAE 1 should be able to refresh the invitation. self.client.login(email=self.sender.email, password=DEFAULT_PASSWORD) self.client.post(self.send_invitation_url, data=self.post_data)
def test_accept_existing_user_not_logged_in(self): self.user = SiaeWith2MembershipsFactory().members.first() # The user verified its email EmailAddress(user_id=self.user.pk, email=self.user.email, verified=True, primary=True).save() self.invitation = SiaeSentInvitationFactory( sender=self.sender, siae=self.siae, first_name=self.user.first_name, last_name=self.user.last_name, email=self.user.email, ) response = self.client.get(self.invitation.acceptance_link, follow=True) self.assertIn(reverse("account_login"), response.wsgi_request.get_full_path()) self.assertFalse(self.invitation.accepted) self.response = self.client.post( response.wsgi_request.get_full_path(), data={ "login": self.user.email, "password": DEFAULT_PASSWORD }, follow=True, ) self.assertTrue(self.response.wsgi_request.user.is_authenticated)
def test_user_with_no_siae_left(self): """ Former SIAE members with no SIAE membership left must not be able to log in. They are still "active" technically speaking, so if they are activated/invited again, they will be able to log in. """ siae = SiaeWith2MembershipsFactory() admin = siae.members.filter(siaemembership__is_admin=True).first() guest = siae.members.filter(siaemembership__is_admin=False).first() self.client.login(username=admin.email, password=DEFAULT_PASSWORD) url = reverse("siaes_views:deactivate_member", kwargs={"user_id": guest.id}) response = self.client.post(url) self.assertEqual(response.status_code, 302) self.client.logout() self.client.login(username=guest.email, password=DEFAULT_PASSWORD) url = reverse("dashboard:index") response = self.client.get(url) # should be redirected to logout self.assertEqual(response.status_code, 302) self.assertEqual(response.url, reverse("account_logout"))
def test_new_siae_staff_form(self): siae = SiaeWith2MembershipsFactory() sender = siae.members.first() form = NewSiaeStaffInvitationForm(sender=sender, siae=siae) form.save() invitation = SiaeStaffInvitation.objects.get(sender=sender) self.assertEqual(invitation.siae.pk, siae.pk)
def test_admin_management_permissions(self): """ Non-admin users can't update admin members """ siae = SiaeWith2MembershipsFactory() admin = siae.members.filter(siaemembership__is_admin=True).first() guest = siae.members.filter(siaemembership__is_admin=False).first() self.client.login(username=guest.email, password=DEFAULT_PASSWORD) url = reverse("siaes_views:update_admin_role", kwargs={ "action": "remove", "user_id": admin.id }) # Redirection to confirm page response = self.client.get(url) self.assertEqual(response.status_code, 403) # Confirm action response = self.client.post(url) self.assertEqual(response.status_code, 403) # Add self as admin with no privilege url = reverse("siaes_views:update_admin_role", kwargs={ "action": "add", "user_id": guest.id }) response = self.client.get(url) self.assertEqual(response.status_code, 403) response = self.client.post(url) self.assertEqual(response.status_code, 403)
def test_deactivate_with_no_perms(self): """ Non-admin user can't change memberships """ siae = SiaeWith2MembershipsFactory() guest = siae.members.filter(siaemembership__is_admin=False).first() self.client.login(username=guest.email, password=DEFAULT_PASSWORD) url = reverse("siaes_views:deactivate_member", kwargs={"user_id": guest.id}) response = self.client.post(url) self.assertEqual(response.status_code, 403)
def test_siae_with_2_memberships_factory(self): siae = SiaeWith2MembershipsFactory() self.assertEqual(siae.members.count(), 2) self.assertEqual(siae.active_members.count(), 2) self.assertEqual(siae.active_admin_members.count(), 1) admin_user = siae.active_admin_members.get() self.assertTrue(siae.has_admin(admin_user)) all_users = list(siae.members.all()) self.assertEqual(len(all_users), 2) all_users.remove(admin_user) self.assertEqual(len(all_users), 1) regular_user = all_users[0] self.assertFalse(siae.has_admin(regular_user))
def test_has_admin(self): siae1 = SiaeWith2MembershipsFactory() siae1_admin_user = siae1.active_admin_members.get() siae1_regular_user = siae1.active_members.exclude(pk=siae1_admin_user.pk).get() siae2 = SiaeWith4MembershipsFactory(membership2__user=siae1_admin_user) self.assertTrue(siae1.has_member(siae1_admin_user)) self.assertTrue(siae1.has_admin(siae1_admin_user)) self.assertTrue(siae1.has_member(siae1_regular_user)) self.assertFalse(siae1.has_admin(siae1_regular_user)) self.assertTrue(siae2.has_member(siae1_admin_user)) self.assertFalse(siae2.has_admin(siae1_admin_user))
def test_accept_existing_user_is_employer(self): self.user = SiaeWith2MembershipsFactory().members.first() self.invitation = SiaeSentInvitationFactory( sender=self.sender, siae=self.siae, first_name=self.user.first_name, last_name=self.user.last_name, email=self.user.email, ) self.client.login(email=self.user.email, password=DEFAULT_PASSWORD) self.response = self.client.get(self.invitation.acceptance_link, follow=True) current_siae = get_current_siae_or_404(self.response.wsgi_request) self.assertEqual(self.invitation.siae.pk, current_siae.pk)
def test_suspicious_action(self): """ Test "suspicious" actions: action code not registered for use (even if admin) """ suspicious_action = "h4ckm3" siae = SiaeWith2MembershipsFactory() admin = siae.members.filter(siaemembership__is_admin=True).first() guest = siae.members.filter(siaemembership__is_admin=False).first() self.client.login(username=guest.email, password=DEFAULT_PASSWORD) # update: less test with RE_PATH with self.assertRaises(NoReverseMatch): reverse("siaes_views:update_admin_role", kwargs={ "action": suspicious_action, "user_id": admin.id })
def setUp(self): self.siae = SiaeWith2MembershipsFactory() self.sender = self.siae.members.first() self.guest = UserFactory.build(first_name="Léonie", last_name="Bathiat") self.post_data = { "form-TOTAL_FORMS": "1", "form-INITIAL_FORMS": "0", "form-MIN_NUM_FORMS": "", "form-MAX_NUM_FORMS": "", "form-0-first_name": self.guest.first_name, "form-0-last_name": self.guest.last_name, "form-0-email": self.guest.email, } self.invitations_model = SiaeStaffInvitation self.client.login(email=self.sender.email, password=DEFAULT_PASSWORD) self.send_invitation_url = reverse( "invitations_views:invite_siae_staff")
def test_remove_admin(self): """ Check the ability for an admin to remove another admin """ siae = SiaeWith2MembershipsFactory() admin = siae.members.filter(siaemembership__is_admin=True).first() guest = siae.members.filter(siaemembership__is_admin=False).first() membership = guest.siaemembership_set.first() membership.is_admin = True membership.save() self.assertTrue(guest in siae.active_admin_members) self.client.login(username=admin.email, password=DEFAULT_PASSWORD) url = reverse("siaes_views:update_admin_role", kwargs={ "action": "remove", "user_id": guest.id }) # Redirection to confirm page response = self.client.get(url) self.assertEqual(response.status_code, 200) # Confirm action response = self.client.post(url) self.assertEqual(response.status_code, 302) siae.refresh_from_db() self.assertFalse(guest in siae.active_admin_members) # The admin should receive a valid email self.assertEqual(len(mail.outbox), 1) email = mail.outbox[0] self.assertEqual( f"[Désactivation] Vous n'êtes plus administrateur de {siae.display_name}", email.subject) self.assertIn( "Un administrateur vous a retiré les droits d'administrateur d'une structure", email.body, ) self.assertEqual(email.to[0], guest.email)
def test_deactivate_user(self): """ Standard use case of user deactivation. Everything should be fine ... """ siae = SiaeWith2MembershipsFactory() admin = siae.members.filter(siaemembership__is_admin=True).first() guest = siae.members.filter(siaemembership__is_admin=False).first() membership = guest.siaemembership_set.first() self.assertFalse(guest in siae.active_admin_members) self.assertTrue(admin in siae.active_admin_members) self.client.login(username=admin.email, password=DEFAULT_PASSWORD) url = reverse("siaes_views:deactivate_member", kwargs={"user_id": guest.id}) response = self.client.post(url) self.assertEqual(response.status_code, 302) # User should be deactivated now membership.refresh_from_db() self.assertFalse(membership.is_active) self.assertEqual(admin, membership.updated_by) self.assertIsNotNone(membership.updated_at) # Check mailbox # User must have been notified of deactivation (we're human after all) self.assertEqual(len(mail.outbox), 1) email = mail.outbox[0] self.assertEqual( f"[Désactivation] Vous n'êtes plus membre de {siae.display_name}", email.subject) self.assertIn( "Un administrateur vous a retiré d'une structure sur les emplois de l'inclusion", email.body) self.assertEqual(email.to[0], guest.email)
def test_add_admin(self): """ Check the ability for an admin to add another admin to the siae """ siae = SiaeWith2MembershipsFactory() admin = siae.members.filter(siaemembership__is_admin=True).first() guest = siae.members.filter(siaemembership__is_admin=False).first() self.client.login(username=admin.email, password=DEFAULT_PASSWORD) url = reverse("siaes_views:update_admin_role", kwargs={ "action": "add", "user_id": guest.id }) # Redirection to confirm page response = self.client.get(url) self.assertEqual(response.status_code, 200) # Confirm action response = self.client.post(url) self.assertEqual(response.status_code, 302) siae.refresh_from_db() self.assertTrue(guest in siae.active_admin_members) # The admin should receive a valid email self.assertEqual(len(mail.outbox), 1) email = mail.outbox[0] self.assertEqual( f"[Activation] Vous êtes désormais administrateur de {siae.display_name}", email.subject) self.assertIn( "Vous êtes administrateur d'une structure sur les emplois de l'inclusion", email.body) self.assertEqual(email.to[0], guest.email)
def test_active_members(self): siae = SiaeWith2MembershipsFactory(membership2__user__is_active=False) self.assertEqual(siae.members.count(), 2) self.assertEqual(siae.active_members.count(), 1)
def test_invite_existing_user_is_employer(self): self.guest = SiaeWith2MembershipsFactory().members.first() self.post_data["form-0-first_name"] = self.guest.first_name self.post_data["form-0-last_name"] = self.guest.last_name self.post_data["form-0-email"] = self.guest.email self.client.post(self.send_invitation_url, data=self.post_data)
def setUp(self): self.siae = SiaeWith2MembershipsFactory() self.sender = self.siae.members.first() self.send_invitation_url = reverse( "invitations_views:invite_siae_staff") self.invitations_model = SiaeStaffInvitation