class ReviewAbuseTest(TestCase):
fixtures = ['group_perms']
def setUp(self):
self.site = get_current_site(self.client.request)
self.site.config = SiteConfigFactory(site=self.site)
self.standard_user = UserFactory()
self.reporting_user = UserFactory()
self.accused_user = UserFactory()
self.moderator = ModeratorFactory()
self.abuse_report = AbuseReportFactory(
logged_against=self.accused_user,
logged_by=self.reporting_user
)
self.abuse_warning = AbuseWarningFactory(
logged_against=self.accused_user
)
def post_data(self, decision, comments, report_id=''):
if not report_id:
report_id = self.abuse_report.id
return self.client.post(
reverse('moderation:review-abuse'),
data={
'report_id': report_id,
'decision': decision,
'comments': comments,
},
)
def dismiss_report(self):
return self.post_data(AbuseReport.DISMISS, 'Spam Report')
def warn_user(self):
return self.post_data(AbuseReport.WARN, 'This is a warning')
def ban_user(self):
return self.post_data(AbuseReport.BAN, 'You are banned')
def test_review_abuse_url(self):
self.check_url('/moderation/review-abuse-reports/', review_abuse)
def test_unauthenticated_users_cannot_access_reports(self):
response = self.client.get(reverse('moderation:review-abuse'))
# Unauthenticated user is redirected to login page
self.assertRedirects(
response,
'/accounts/login/?next=/moderation/review-abuse-reports/',
status_code=302
)
def test_authenticated_standard_users_cannot_access_reports(self):
self.client.login(username=self.standard_user.email, password='******')
response = self.client.get(reverse('moderation:review-abuse'))
# User lacking relevant permissions is redirected to login page
self.assertRedirects(
response,
'/accounts/login/?next=/moderation/review-abuse-reports/')
def test_authenticated_moderators_can_access_reports(self):
self.client.login(username=self.moderator.email, password='******')
response = self.client.get(reverse('moderation:review-abuse'))
# User in moderation group can view the page
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, 'moderation/review_abuse.html')
def test_only_undecided_abuse_reports_in_response(self):
self.client.login(username=self.moderator.email, password='******')
response = self.client.get(reverse('moderation:review-abuse'))
context_reports = response.context['reports']
self.assertEqual(len(context_reports), 1)
self.assertIn(self.abuse_report, context_reports)
def test_previous_warnings_are_attached_to_abuse_report(self):
self.client.login(username=self.moderator.email, password='******')
response = self.client.get(reverse('moderation:review-abuse'))
context_reports = response.context['reports']
self.assertEqual(len(context_reports), 1)
context_report = context_reports[0]
self.assertEqual(len(context_report.prior_warnings), 1)
self.assertIn(self.abuse_warning, context_report.prior_warnings)
def test_moderator_cannot_see_abuse_reports_about_themself(self):
moderator_abuse_report = AbuseReportFactory(
logged_against=self.moderator
)
self.client.login(username=self.moderator.email, password='******')
response = self.client.get(reverse('moderation:review-abuse'))
# We should only see self.abuse_report - as this is the only undecided
# abuse report that is not about the logged in moderator
context_reports = response.context['reports']
self.assertEqual(len(context_reports), 1)
self.assertIn(self.abuse_report, context_reports)
def test_invalid_report_id_raises_404(self):
self.client.login(username=self.moderator.email, password='******')
response = self.post_data(AbuseReport.BAN, 'comment',
report_id='7777777')
self.assertEqual(response.status_code, 404)
def test_can_dismiss_abuse_report(self):
self.client.login(username=self.moderator.email, password='******')
response = self.dismiss_report()
report = AbuseReport.objects.get(id=self.abuse_report.id)
self.assertEqual(report.moderator, self.moderator)
self.assertEqual(report.moderator_decision, AbuseReport.DISMISS)
self.assertEqual(report.moderator_comment, 'Spam Report')
self.assertTrue(report.decision_datetime)
def test_can_log_dismissal(self):
self.client.login(username=self.moderator.email, password='******')
response = self.dismiss_report()
log = ModerationLogMsg.objects.get(comment='Spam Report')
self.assertIsInstance(log, ModerationLogMsg)
self.assertEqual(log.msg_type, ModerationLogMsg.DISMISSAL)
self.assertEqual(log.pertains_to, self.accused_user)
self.assertEqual(log.logged_by, self.moderator)
def test_can_send_dismissal_email_to_reporting_user(self):
self.client.login(username=self.moderator.email, password='******')
response = self.dismiss_report()
expected_subject = ('Your {} Abuse Report has'
' been dismissed'.format(self.site.name))
expected_intro = 'Hi {},'.format('Hello')
expected_content = 'against {} at {}'.format(
self.accused_user.get_full_name(),
self.site.name
)
expected_email = self.site.config.email
expected_footer = 'logged an abuse report at {}'.format(self.site.name)
email = mail.outbox[0]
self.assertEqual(len(mail.outbox), 1)
self.assertEqual(email.subject, expected_subject)
self.assertEqual(email.to[0], self.reporting_user.email)
self.assertIn(expected_content, email.body)
self.assertIn('Spam Report', email.body)
self.assertIn(expected_email, email.body)
self.assertIn(expected_footer, email.body)
def test_can_issue_warning(self):
self.client.login(username=self.moderator.email, password='******')
response = self.warn_user()
report = AbuseReport.objects.get(id=self.abuse_report.id)
self.assertEqual(report.moderator, self.moderator)
self.assertEqual(report.moderator_decision, AbuseReport.WARN)
self.assertEqual(report.moderator_comment, 'This is a warning')
self.assertTrue(report.decision_datetime)
def test_can_log_warning(self):
self.client.login(username=self.moderator.email, password='******')
response = self.warn_user()
log = ModerationLogMsg.objects.get(comment='This is a warning')
self.assertIsInstance(log, ModerationLogMsg)
self.assertEqual(log.msg_type, ModerationLogMsg.WARNING)
self.assertEqual(log.pertains_to, self.accused_user)
self.assertEqual(log.logged_by, self.moderator)
def test_can_send_warning_emails(self):
"""
Test that both the accused user and user who made the report receive
an email.
"""
self.client.login(username=self.moderator.email, password='******')
response = self.warn_user()
self.assertEqual(len(mail.outbox), 2)
# Reporting user's email
reporting_subject = ('{} has been issued a formal '
'warning from {}'.format(
self.accused_user.get_full_name(),
self.site.name,
))
reporting_intro = 'Hi {},'.format(
self.reporting_user.first_name,
)
reporting_content = 'against {} at {}'.format(
self.accused_user.get_full_name(),
self.site.name
)
reporting_content_2 = "{}'s profile and will be flagged".format(
self.accused_user.get_full_name()
)
reporting_footer = 'an abuse report at {}'.format(self.site.name)
email = mail.outbox[0]
self.assertEqual(email.subject, reporting_subject)
self.assertEqual(email.to[0], self.reporting_user.email)
self.assertIn(reporting_content, email.body)
self.assertIn(reporting_content_2, email.body)
self.assertIn(reporting_footer, email.body)
# Offending user's email
offending_subject = 'A formal warning from {}'.format(self.site.name)
offending_intro = 'Hi {},'.format(
self.accused_user.first_name,
)
offending_content = 'against you at {}'.format(self.site.name)
offending_url = self.site.config.email
offending_footer = 'logged against you at {}'.format(self.site.name)
email = mail.outbox[1]
self.assertEqual(email.subject, offending_subject)
self.assertEqual(email.to[0], self.accused_user.email)
self.assertIn(offending_content, email.body)
self.assertIn('This is a warning', email.body)
self.assertIn(offending_url, email.body)
self.assertIn(offending_footer, email.body)
def test_can_ban_user(self):
self.client.login(username=self.moderator.email, password='******')
response = self.ban_user()
report = AbuseReport.objects.get(id=self.abuse_report.id)
user = report.logged_against
self.assertEqual(report.moderator, self.moderator)
self.assertEqual(report.moderator_decision, AbuseReport.BAN)
self.assertEqual(report.moderator_comment, 'You are banned')
self.assertTrue(report.decision_datetime)
self.assertFalse(user.is_active)
def test_can_log_ban(self):
self.client.login(username=self.moderator.email, password='******')
response = self.ban_user()
log = ModerationLogMsg.objects.get(comment='You are banned')
self.assertIsInstance(log, ModerationLogMsg)
self.assertEqual(log.msg_type, ModerationLogMsg.BANNING)
self.assertEqual(log.pertains_to, self.accused_user)
self.assertEqual(log.logged_by, self.moderator)
def test_can_send_ban_emails(self):
"""
Test that both the accused user and user who made the report receive
an email.
"""
self.client.login(username=self.moderator.email, password='******')
response = self.ban_user()
self.assertEqual(len(mail.outbox), 2)
# Reporting user's email
reporting_subject = '{} has been banned from {}'.format(
self.accused_user.get_full_name(),
self.site.name
)
reporting_intro = 'Hi {},'.format(
self.reporting_user.first_name,
)
reporting_content = 'against {} at {}'.format(
self.accused_user.get_full_name(),
self.site.name
)
reporting_content_2 = "decision to ban {}".format(
self.accused_user.get_full_name()
)
reporting_footer = 'an abuse report at {}'.format(self.site.name)
email = mail.outbox[0]
self.assertEqual(email.subject, reporting_subject)
self.assertEqual(email.to[0], self.reporting_user.email)
self.assertIn(reporting_content, email.body)
self.assertIn(reporting_content_2, email.body)
self.assertIn('You are banned', email.body)
self.assertIn(reporting_footer, email.body)
# Offending user's email
offending_subject = ('Your {} account has been terminated'
.format(self.site.name))
offending_intro = 'Hi {},'.format(
self.accused_user.first_name,
)
offending_content = 'against you at {}'.format(self.site.name)
offending_content_2 = "ban you from future use of {}".format(
self.site.name
)
offending_url = self.site.config.email
offending_footer = 'logged against you at {}'.format(self.site.name)
email = mail.outbox[1]
self.assertEqual(email.subject, offending_subject)
self.assertEqual(email.to[0], self.accused_user.email)
self.assertIn(offending_content, email.body)
self.assertIn(offending_content_2, email.body)
self.assertIn('You are banned', email.body)
self.assertIn(offending_url, email.body)
self.assertIn(offending_footer, email.body)
class UserModelTest(TestCase):
fixtures = ['group_perms']
def setUp(self):
self.moderator = ModeratorFactory()
self.standard_user = UserFactory(
first_name='Firsto',
last_name='Namo',
)
self.invited_pending = InvitedPendingFactory()
self.requested_pending = RequestedPendingFactory()
def test_string_method(self):
self.assertEqual(self.standard_user.__str__(), 'Firsto Namo')
def test_get_full_name(self):
full_name = self.standard_user.get_full_name()
self.assertEqual(full_name, 'Firsto Namo')
def test_get_short_name(self):
short_name = self.standard_user.get_short_name()
self.assertEqual(short_name, 'Firsto')
def test_is_pending_activation(self):
self.assertFalse(self.standard_user.is_pending_activation())
self.assertTrue(self.invited_pending.is_pending_activation())
def test_is_invited_pending_activation(self):
self.assertFalse(self.standard_user.is_invited_pending_activation())
self.assertTrue(self.invited_pending.is_invited_pending_activation())
def test_is_pending_approval(self):
self.assertFalse(self.standard_user.is_pending_approval())
self.assertTrue(self.requested_pending.is_pending_approval())
def test_moderator_can_invite_new_user(self):
user = self.moderator.invite_new_user(email='*****@*****.**',
first_name='standard_user',
last_name='user')
self.assertEqual(user.email,'*****@*****.**')
self.assertEqual(user.first_name, 'standard_user')
self.assertEqual(user.last_name, 'user')
self.assertEqual(user.registration_method, CustomUser.INVITED)
self.assertEqual(user.moderator, self.moderator)
self.assertEqual(user.moderator_decision, CustomUser.PRE_APPROVED)
self.assertIsNotNone(user.decision_datetime)
self.assertIsNotNone(user.auth_token)
def test_standard_user_user_cannot_invite_new_user(self):
with self.assertRaises(PermissionDenied):
user = self.standard_user.invite_new_user(
email='*****@*****.**',
first_name='standard_user',
last_name='user'
)
def test_moderator_can_reinvite_user(self):
decision_datetime = self.invited_pending.decision_datetime
auth_token = self.invited_pending.auth_token
self.moderator.reinvite_user(user=self.invited_pending,
email='*****@*****.**')
self.assertEqual(self.invited_pending.email, '*****@*****.**')
self.assertNotEqual(self.invited_pending.decision_datetime, decision_datetime)
self.assertNotEqual(self.invited_pending.auth_token, auth_token)
def test_standard_user_user_cannot_reinvite_user(self):
decision_datetime = self.invited_pending.decision_datetime
auth_token = self.invited_pending.auth_token
with self.assertRaises(PermissionDenied):
self.standard_user.reinvite_user(user=self.invited_pending,
email='*****@*****.**')
def test_moderator_can_approve_user_application(self):
self.moderator.approve_user_application(self.requested_pending)
self.assertEqual(self.requested_pending.moderator, self.moderator)
self.assertEqual(self.requested_pending.moderator_decision, CustomUser.APPROVED)
self.assertIsNotNone(self.requested_pending.decision_datetime)
self.assertIsNotNone(self.requested_pending.auth_token)
def test_standard_user_user_cannot_approve_user_application(self):
with self.assertRaises(PermissionDenied):
self.standard_user.approve_user_application(self.requested_pending)
def test_moderator_can_reject_user_application(self):
self.moderator.reject_user_application(self.requested_pending)
self.assertEqual(self.requested_pending.moderator, self.moderator)
self.assertEqual(self.requested_pending.moderator_decision, CustomUser.REJECTED)
self.assertIsNotNone(self.requested_pending.decision_datetime)
self.assertIsNotNone(self.requested_pending.auth_token)
def test_standard_user_user_cannot_reject_user_application(self):
with self.assertRaises(PermissionDenied):
self.standard_user.reject_user_application(self.requested_pending)
class ReportAbuseTest(TestCase):
fixtures = ['group_perms']
def setUp(self):
self.site = get_current_site(self.client.request)
self.site.config = SiteConfigFactory(site=self.site)
self.reporting_user = UserFactory()
self.accused_user = UserFactory()
self.moderator = ModeratorFactory()
factory.create_batch(
ModeratorFactory,
10,
moderator=self.moderator,
)
def get_page(self):
return self.client.get(reverse(
'moderation:report-abuse',
kwargs={'user_id': self.accused_user.id}
))
def post_data(self, logged_against, comments):
return self.client.post(
reverse(
'moderation:report-abuse',
kwargs={'user_id': logged_against},
),
data={
'logged_by': self.reporting_user.id,
'logged_against': logged_against,
'comments': comments,
},
)
def report_standard_user(self):
return self.post_data(self.accused_user.id, 'User is a spam account')
def test_url(self):
url = '/moderation/{}/report-abuse/'.format(self.accused_user.id)
self.check_url(url, report_abuse)
def test_unauthenticated_users_cannot_report_abuse(self):
response = self.get_page()
# Unauthenticated user is redirected to login page
self.assertRedirects(
response,
'/accounts/login/?next=/moderation/{}/report-abuse/'.format(
self.accused_user.id
))
def test_authenticated_users_can_report_abuse(self):
self.client.login(username=self.reporting_user.email, password='******')
response = self.get_page()
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, 'moderation/report_abuse.html')
def test_report_abuse_form_called_in_view(self):
self.client.login(username=self.reporting_user.email, password='******')
response = self.get_page()
expected_html = ('<legend>Log an abuse report '
'against {}</legend>'.format(
self.accused_user.get_full_name()
))
self.assertInHTML(expected_html, response.content.decode())
def test_can_report_abuse(self):
self.client.login(username=self.reporting_user.email, password='******')
response = self.report_standard_user()
report = AbuseReport.objects.get(logged_against=self.accused_user)
self.assertIsInstance(report, AbuseReport)
self.assertEqual(report.logged_by, self.reporting_user)
self.assertEqual(report.logged_against, self.accused_user)
self.assertEqual(report.abuse_comment, 'User is a spam account')
def test_moderators_emailed_about_new_abuse_report(self):
self.client.login(username=self.reporting_user.email, password='******')
response = self.report_standard_user()
expected_subject = 'New abuse report at {}'.format(self.site.name)
expected_intro = 'Hi {},'.format('Hello')
expected_url = ('href="http://testserver/moderation/review-'
'abuse-reports/"')
expected_footer = 'you are a moderator at {}'.format(self.site.name)
email = mail.outbox[0]
recipients = [message.to[0] for message in mail.outbox]
self.assertEqual(len(mail.outbox), 11)
self.assertEqual(email.subject, expected_subject)
self.assertIn(self.moderator.email, recipients)
self.assertIn(expected_url, email.alternatives[0][0])
self.assertIn(expected_footer, email.body)
def test_moderator_not_sent_email_regarding_report_about_themself(self):
"""
Test that a moderator cannot receive an email regarding a report
made against themself.
"""
self.client.login(username=self.reporting_user.email, password='******')
response = self.post_data(self.moderator.id, 'This moderator is nasty')
recipients = []
for email in mail.outbox:
recipients.append(email.to[0])
self.assertEqual(len(mail.outbox), 10) # There are 10 other moderators
self.assertNotIn(self.moderator.email, recipients)
