class ReviewAbuseTest(TestCase): fixtures = ['group_perms'] def setUp(self): self.site = get_current_site(self.client.request) self.site.config = SiteConfigFactory(site=self.site) self.standard_user = UserFactory() self.reporting_user = UserFactory() self.accused_user = UserFactory() self.moderator = ModeratorFactory() self.abuse_report = AbuseReportFactory( logged_against=self.accused_user, logged_by=self.reporting_user ) self.abuse_warning = AbuseWarningFactory( logged_against=self.accused_user ) def post_data(self, decision, comments, report_id=''): if not report_id: report_id = self.abuse_report.id return self.client.post( reverse('moderation:review-abuse'), data={ 'report_id': report_id, 'decision': decision, 'comments': comments, }, ) def dismiss_report(self): return self.post_data(AbuseReport.DISMISS, 'Spam Report') def warn_user(self): return self.post_data(AbuseReport.WARN, 'This is a warning') def ban_user(self): return self.post_data(AbuseReport.BAN, 'You are banned') def test_review_abuse_url(self): self.check_url('/moderation/review-abuse-reports/', review_abuse) def test_unauthenticated_users_cannot_access_reports(self): response = self.client.get(reverse('moderation:review-abuse')) # Unauthenticated user is redirected to login page self.assertRedirects( response, '/accounts/login/?next=/moderation/review-abuse-reports/', status_code=302 ) def test_authenticated_standard_users_cannot_access_reports(self): self.client.login(username=self.standard_user.email, password='******') response = self.client.get(reverse('moderation:review-abuse')) # User lacking relevant permissions is redirected to login page self.assertRedirects( response, '/accounts/login/?next=/moderation/review-abuse-reports/') def test_authenticated_moderators_can_access_reports(self): self.client.login(username=self.moderator.email, password='******') response = self.client.get(reverse('moderation:review-abuse')) # User in moderation group can view the page self.assertEqual(response.status_code, 200) self.assertTemplateUsed(response, 'moderation/review_abuse.html') def test_only_undecided_abuse_reports_in_response(self): self.client.login(username=self.moderator.email, password='******') response = self.client.get(reverse('moderation:review-abuse')) context_reports = response.context['reports'] self.assertEqual(len(context_reports), 1) self.assertIn(self.abuse_report, context_reports) def test_previous_warnings_are_attached_to_abuse_report(self): self.client.login(username=self.moderator.email, password='******') response = self.client.get(reverse('moderation:review-abuse')) context_reports = response.context['reports'] self.assertEqual(len(context_reports), 1) context_report = context_reports[0] self.assertEqual(len(context_report.prior_warnings), 1) self.assertIn(self.abuse_warning, context_report.prior_warnings) def test_moderator_cannot_see_abuse_reports_about_themself(self): moderator_abuse_report = AbuseReportFactory( logged_against=self.moderator ) self.client.login(username=self.moderator.email, password='******') response = self.client.get(reverse('moderation:review-abuse')) # We should only see self.abuse_report - as this is the only undecided # abuse report that is not about the logged in moderator context_reports = response.context['reports'] self.assertEqual(len(context_reports), 1) self.assertIn(self.abuse_report, context_reports) def test_invalid_report_id_raises_404(self): self.client.login(username=self.moderator.email, password='******') response = self.post_data(AbuseReport.BAN, 'comment', report_id='7777777') self.assertEqual(response.status_code, 404) def test_can_dismiss_abuse_report(self): self.client.login(username=self.moderator.email, password='******') response = self.dismiss_report() report = AbuseReport.objects.get(id=self.abuse_report.id) self.assertEqual(report.moderator, self.moderator) self.assertEqual(report.moderator_decision, AbuseReport.DISMISS) self.assertEqual(report.moderator_comment, 'Spam Report') self.assertTrue(report.decision_datetime) def test_can_log_dismissal(self): self.client.login(username=self.moderator.email, password='******') response = self.dismiss_report() log = ModerationLogMsg.objects.get(comment='Spam Report') self.assertIsInstance(log, ModerationLogMsg) self.assertEqual(log.msg_type, ModerationLogMsg.DISMISSAL) self.assertEqual(log.pertains_to, self.accused_user) self.assertEqual(log.logged_by, self.moderator) def test_can_send_dismissal_email_to_reporting_user(self): self.client.login(username=self.moderator.email, password='******') response = self.dismiss_report() expected_subject = ('Your {} Abuse Report has' ' been dismissed'.format(self.site.name)) expected_intro = 'Hi {},'.format('Hello') expected_content = 'against {} at {}'.format( self.accused_user.get_full_name(), self.site.name ) expected_email = self.site.config.email expected_footer = 'logged an abuse report at {}'.format(self.site.name) email = mail.outbox[0] self.assertEqual(len(mail.outbox), 1) self.assertEqual(email.subject, expected_subject) self.assertEqual(email.to[0], self.reporting_user.email) self.assertIn(expected_content, email.body) self.assertIn('Spam Report', email.body) self.assertIn(expected_email, email.body) self.assertIn(expected_footer, email.body) def test_can_issue_warning(self): self.client.login(username=self.moderator.email, password='******') response = self.warn_user() report = AbuseReport.objects.get(id=self.abuse_report.id) self.assertEqual(report.moderator, self.moderator) self.assertEqual(report.moderator_decision, AbuseReport.WARN) self.assertEqual(report.moderator_comment, 'This is a warning') self.assertTrue(report.decision_datetime) def test_can_log_warning(self): self.client.login(username=self.moderator.email, password='******') response = self.warn_user() log = ModerationLogMsg.objects.get(comment='This is a warning') self.assertIsInstance(log, ModerationLogMsg) self.assertEqual(log.msg_type, ModerationLogMsg.WARNING) self.assertEqual(log.pertains_to, self.accused_user) self.assertEqual(log.logged_by, self.moderator) def test_can_send_warning_emails(self): """ Test that both the accused user and user who made the report receive an email. """ self.client.login(username=self.moderator.email, password='******') response = self.warn_user() self.assertEqual(len(mail.outbox), 2) # Reporting user's email reporting_subject = ('{} has been issued a formal ' 'warning from {}'.format( self.accused_user.get_full_name(), self.site.name, )) reporting_intro = 'Hi {},'.format( self.reporting_user.first_name, ) reporting_content = 'against {} at {}'.format( self.accused_user.get_full_name(), self.site.name ) reporting_content_2 = "{}'s profile and will be flagged".format( self.accused_user.get_full_name() ) reporting_footer = 'an abuse report at {}'.format(self.site.name) email = mail.outbox[0] self.assertEqual(email.subject, reporting_subject) self.assertEqual(email.to[0], self.reporting_user.email) self.assertIn(reporting_content, email.body) self.assertIn(reporting_content_2, email.body) self.assertIn(reporting_footer, email.body) # Offending user's email offending_subject = 'A formal warning from {}'.format(self.site.name) offending_intro = 'Hi {},'.format( self.accused_user.first_name, ) offending_content = 'against you at {}'.format(self.site.name) offending_url = self.site.config.email offending_footer = 'logged against you at {}'.format(self.site.name) email = mail.outbox[1] self.assertEqual(email.subject, offending_subject) self.assertEqual(email.to[0], self.accused_user.email) self.assertIn(offending_content, email.body) self.assertIn('This is a warning', email.body) self.assertIn(offending_url, email.body) self.assertIn(offending_footer, email.body) def test_can_ban_user(self): self.client.login(username=self.moderator.email, password='******') response = self.ban_user() report = AbuseReport.objects.get(id=self.abuse_report.id) user = report.logged_against self.assertEqual(report.moderator, self.moderator) self.assertEqual(report.moderator_decision, AbuseReport.BAN) self.assertEqual(report.moderator_comment, 'You are banned') self.assertTrue(report.decision_datetime) self.assertFalse(user.is_active) def test_can_log_ban(self): self.client.login(username=self.moderator.email, password='******') response = self.ban_user() log = ModerationLogMsg.objects.get(comment='You are banned') self.assertIsInstance(log, ModerationLogMsg) self.assertEqual(log.msg_type, ModerationLogMsg.BANNING) self.assertEqual(log.pertains_to, self.accused_user) self.assertEqual(log.logged_by, self.moderator) def test_can_send_ban_emails(self): """ Test that both the accused user and user who made the report receive an email. """ self.client.login(username=self.moderator.email, password='******') response = self.ban_user() self.assertEqual(len(mail.outbox), 2) # Reporting user's email reporting_subject = '{} has been banned from {}'.format( self.accused_user.get_full_name(), self.site.name ) reporting_intro = 'Hi {},'.format( self.reporting_user.first_name, ) reporting_content = 'against {} at {}'.format( self.accused_user.get_full_name(), self.site.name ) reporting_content_2 = "decision to ban {}".format( self.accused_user.get_full_name() ) reporting_footer = 'an abuse report at {}'.format(self.site.name) email = mail.outbox[0] self.assertEqual(email.subject, reporting_subject) self.assertEqual(email.to[0], self.reporting_user.email) self.assertIn(reporting_content, email.body) self.assertIn(reporting_content_2, email.body) self.assertIn('You are banned', email.body) self.assertIn(reporting_footer, email.body) # Offending user's email offending_subject = ('Your {} account has been terminated' .format(self.site.name)) offending_intro = 'Hi {},'.format( self.accused_user.first_name, ) offending_content = 'against you at {}'.format(self.site.name) offending_content_2 = "ban you from future use of {}".format( self.site.name ) offending_url = self.site.config.email offending_footer = 'logged against you at {}'.format(self.site.name) email = mail.outbox[1] self.assertEqual(email.subject, offending_subject) self.assertEqual(email.to[0], self.accused_user.email) self.assertIn(offending_content, email.body) self.assertIn(offending_content_2, email.body) self.assertIn('You are banned', email.body) self.assertIn(offending_url, email.body) self.assertIn(offending_footer, email.body)
class UserModelTest(TestCase): fixtures = ['group_perms'] def setUp(self): self.moderator = ModeratorFactory() self.standard_user = UserFactory( first_name='Firsto', last_name='Namo', ) self.invited_pending = InvitedPendingFactory() self.requested_pending = RequestedPendingFactory() def test_string_method(self): self.assertEqual(self.standard_user.__str__(), 'Firsto Namo') def test_get_full_name(self): full_name = self.standard_user.get_full_name() self.assertEqual(full_name, 'Firsto Namo') def test_get_short_name(self): short_name = self.standard_user.get_short_name() self.assertEqual(short_name, 'Firsto') def test_is_pending_activation(self): self.assertFalse(self.standard_user.is_pending_activation()) self.assertTrue(self.invited_pending.is_pending_activation()) def test_is_invited_pending_activation(self): self.assertFalse(self.standard_user.is_invited_pending_activation()) self.assertTrue(self.invited_pending.is_invited_pending_activation()) def test_is_pending_approval(self): self.assertFalse(self.standard_user.is_pending_approval()) self.assertTrue(self.requested_pending.is_pending_approval()) def test_moderator_can_invite_new_user(self): user = self.moderator.invite_new_user(email='*****@*****.**', first_name='standard_user', last_name='user') self.assertEqual(user.email,'*****@*****.**') self.assertEqual(user.first_name, 'standard_user') self.assertEqual(user.last_name, 'user') self.assertEqual(user.registration_method, CustomUser.INVITED) self.assertEqual(user.moderator, self.moderator) self.assertEqual(user.moderator_decision, CustomUser.PRE_APPROVED) self.assertIsNotNone(user.decision_datetime) self.assertIsNotNone(user.auth_token) def test_standard_user_user_cannot_invite_new_user(self): with self.assertRaises(PermissionDenied): user = self.standard_user.invite_new_user( email='*****@*****.**', first_name='standard_user', last_name='user' ) def test_moderator_can_reinvite_user(self): decision_datetime = self.invited_pending.decision_datetime auth_token = self.invited_pending.auth_token self.moderator.reinvite_user(user=self.invited_pending, email='*****@*****.**') self.assertEqual(self.invited_pending.email, '*****@*****.**') self.assertNotEqual(self.invited_pending.decision_datetime, decision_datetime) self.assertNotEqual(self.invited_pending.auth_token, auth_token) def test_standard_user_user_cannot_reinvite_user(self): decision_datetime = self.invited_pending.decision_datetime auth_token = self.invited_pending.auth_token with self.assertRaises(PermissionDenied): self.standard_user.reinvite_user(user=self.invited_pending, email='*****@*****.**') def test_moderator_can_approve_user_application(self): self.moderator.approve_user_application(self.requested_pending) self.assertEqual(self.requested_pending.moderator, self.moderator) self.assertEqual(self.requested_pending.moderator_decision, CustomUser.APPROVED) self.assertIsNotNone(self.requested_pending.decision_datetime) self.assertIsNotNone(self.requested_pending.auth_token) def test_standard_user_user_cannot_approve_user_application(self): with self.assertRaises(PermissionDenied): self.standard_user.approve_user_application(self.requested_pending) def test_moderator_can_reject_user_application(self): self.moderator.reject_user_application(self.requested_pending) self.assertEqual(self.requested_pending.moderator, self.moderator) self.assertEqual(self.requested_pending.moderator_decision, CustomUser.REJECTED) self.assertIsNotNone(self.requested_pending.decision_datetime) self.assertIsNotNone(self.requested_pending.auth_token) def test_standard_user_user_cannot_reject_user_application(self): with self.assertRaises(PermissionDenied): self.standard_user.reject_user_application(self.requested_pending)
class ReportAbuseTest(TestCase): fixtures = ['group_perms'] def setUp(self): self.site = get_current_site(self.client.request) self.site.config = SiteConfigFactory(site=self.site) self.reporting_user = UserFactory() self.accused_user = UserFactory() self.moderator = ModeratorFactory() factory.create_batch( ModeratorFactory, 10, moderator=self.moderator, ) def get_page(self): return self.client.get(reverse( 'moderation:report-abuse', kwargs={'user_id': self.accused_user.id} )) def post_data(self, logged_against, comments): return self.client.post( reverse( 'moderation:report-abuse', kwargs={'user_id': logged_against}, ), data={ 'logged_by': self.reporting_user.id, 'logged_against': logged_against, 'comments': comments, }, ) def report_standard_user(self): return self.post_data(self.accused_user.id, 'User is a spam account') def test_url(self): url = '/moderation/{}/report-abuse/'.format(self.accused_user.id) self.check_url(url, report_abuse) def test_unauthenticated_users_cannot_report_abuse(self): response = self.get_page() # Unauthenticated user is redirected to login page self.assertRedirects( response, '/accounts/login/?next=/moderation/{}/report-abuse/'.format( self.accused_user.id )) def test_authenticated_users_can_report_abuse(self): self.client.login(username=self.reporting_user.email, password='******') response = self.get_page() self.assertEqual(response.status_code, 200) self.assertTemplateUsed(response, 'moderation/report_abuse.html') def test_report_abuse_form_called_in_view(self): self.client.login(username=self.reporting_user.email, password='******') response = self.get_page() expected_html = ('<legend>Log an abuse report ' 'against {}</legend>'.format( self.accused_user.get_full_name() )) self.assertInHTML(expected_html, response.content.decode()) def test_can_report_abuse(self): self.client.login(username=self.reporting_user.email, password='******') response = self.report_standard_user() report = AbuseReport.objects.get(logged_against=self.accused_user) self.assertIsInstance(report, AbuseReport) self.assertEqual(report.logged_by, self.reporting_user) self.assertEqual(report.logged_against, self.accused_user) self.assertEqual(report.abuse_comment, 'User is a spam account') def test_moderators_emailed_about_new_abuse_report(self): self.client.login(username=self.reporting_user.email, password='******') response = self.report_standard_user() expected_subject = 'New abuse report at {}'.format(self.site.name) expected_intro = 'Hi {},'.format('Hello') expected_url = ('href="http://testserver/moderation/review-' 'abuse-reports/"') expected_footer = 'you are a moderator at {}'.format(self.site.name) email = mail.outbox[0] recipients = [message.to[0] for message in mail.outbox] self.assertEqual(len(mail.outbox), 11) self.assertEqual(email.subject, expected_subject) self.assertIn(self.moderator.email, recipients) self.assertIn(expected_url, email.alternatives[0][0]) self.assertIn(expected_footer, email.body) def test_moderator_not_sent_email_regarding_report_about_themself(self): """ Test that a moderator cannot receive an email regarding a report made against themself. """ self.client.login(username=self.reporting_user.email, password='******') response = self.post_data(self.moderator.id, 'This moderator is nasty') recipients = [] for email in mail.outbox: recipients.append(email.to[0]) self.assertEqual(len(mail.outbox), 10) # There are 10 other moderators self.assertNotIn(self.moderator.email, recipients)