def process_request(self, request): data = request.COOKIES.get("messages") storage = CookieStorage(request) try: storage._decode(data) except IndexError: del request.COOKIES['messages']
def messages_from_response(response): """Returns a list of the messages from the django MessageMiddleware package contained within the given response. This is to be used during unit testing when trying to see if a message was set properly in a view. :param response: HttpResponse object, likely obtained through a test client.get() or client.post() call :returns: a list of tuples (message_string, message_level), one for each message in the response context """ messages = [] if hasattr(response, 'context') and response.context and \ 'messages' in response.context: messages = response.context['messages'] elif hasattr(response, 'cookies'): # no "context" set-up or no messages item, check for message info in # the cookies morsel = response.cookies.get('messages') if not morsel: return [] # use the decoder in the CookieStore to process and get a list of # messages from django.contrib.messages.storage.cookie import CookieStorage store = CookieStorage(FakeRequest()) messages = store._decode(morsel.value) else: return [] return [(m.message, m.level) for m in messages]
def assertLoginSuccess(self, resp, user): self.assertEqual( urlsplit(resp["Location"])[2], django_settings.LOGIN_REDIRECT_URL) msg = la_settings.MESSAGE_LOGIN_SWITCH.format( username=user.__dict__[la_settings.USERNAME_FIELD]) messages = CookieStorage(resp)._decode(resp.cookies["messages"].value) self.assertIn(msg, "".join([m.message for m in messages]))
def test_user_cant_change_own_group(self): """ User cant change a group he's a part of, even with can_change_permissions set to True. """ group = self._get_group() staff_user = self.get_staff_user_with_no_permissions() staff_user.groups.add(group) endpoint = self.get_admin_url(PageUserGroup, 'change', group.pk) redirect_to = admin_reverse('index') data = model_to_dict(group) data['_continue'] = '1' data['name'] = 'New test group' self.add_permission(staff_user, 'change_pageusergroup') self.add_page_permission( staff_user, self._permissions_page, can_change_permissions=True, ) with self.login_user_context(staff_user): response = self.client.post(endpoint, data) self.assertRedirects(response, redirect_to) msgs = CookieStorage(response)._decode( response.cookies['messages'].value) self.assertTrue(msgs[0], PageUserGroup._meta.verbose_name) self.assertTrue(msgs[0], 'ID "%s"' % group.pk) self.assertFalse(self._group_exists('New test group'))
def test_user_cant_change_others_group(self): """ User cant change a group created by another user, even with can_change_permissions set to True. """ admin = self.get_superuser() group = self._get_group(created_by=admin) staff_user = self.get_staff_user_with_no_permissions() endpoint = self.get_admin_url(PageUserGroup, 'change', group.pk) redirect_to = admin_reverse('index') data = model_to_dict(group) data['_continue'] = '1' data['name'] = 'New test group' self.add_permission(staff_user, 'change_pageusergroup') self.add_page_permission( staff_user, self._permissions_page, can_change_permissions=True, ) with self.login_user_context(staff_user): response = self.client.post(endpoint, data) # Since Django 1.11 404 results in redirect to the admin home if DJANGO_1_10: self.assertEqual(response.status_code, 404) else: self.assertRedirects(response, redirect_to) msgs = CookieStorage(response)._decode( response.cookies['messages'].value) self.assertTrue(msgs[0], PageUserGroup._meta.verbose_name) self.assertTrue(msgs[0], 'ID "%s"' % group.pk) self.assertFalse(self._group_exists('New test group'))
def test_user_cant_delete_others_group(self): """ User cant delete a group created by another user, even with can_change_permissions set to True. """ admin = self.get_superuser() group = self._get_group(created_by=admin) staff_user = self.get_staff_user_with_no_permissions() endpoint = self.get_admin_url(PageUserGroup, 'delete', group.pk) redirect_to = admin_reverse('index') data = {'post': 'yes'} self.add_permission(staff_user, 'delete_group') self.add_permission(staff_user, 'delete_pageusergroup') self.add_page_permission( staff_user, self._permissions_page, can_change_permissions=True, ) with self.login_user_context(staff_user): response = self.client.post(endpoint, data) self.assertRedirects(response, redirect_to) msgs = CookieStorage(response)._decode( response.cookies['messages'].value) self.assertTrue(msgs[0], PageUserGroup._meta.verbose_name) self.assertTrue(msgs[0], 'ID "%s"' % group.pk) self.assertTrue(self._group_exists())
def test_user_cant_delete_others(self): """ User cant delete a user created by another user, even with can_change_permissions set to True. """ admin = self.get_superuser() staff_user = self.get_staff_user_with_no_permissions() staff_user_2 = self.get_staff_page_user(created_by=admin) endpoint = self.get_admin_url(PageUser, 'delete', staff_user_2.pk) redirect_to = admin_reverse('index') data = {'post': 'yes'} self.add_permission(staff_user, self._get_delete_perm()) self.add_permission(staff_user, 'delete_pageuser') self.add_page_permission( staff_user, self._permissions_page, can_change_permissions=True, ) with self.login_user_context(staff_user): username = getattr(staff_user_2, staff_user_2.USERNAME_FIELD) response = self.client.post(endpoint, data) self.assertRedirects(response, redirect_to) msgs = CookieStorage(response)._decode(response.cookies['messages'].value) self.assertTrue(msgs[0], PageUser._meta.verbose_name) self.assertTrue(msgs[0], 'ID "%s"' % staff_user_2.pk) self.assertTrue(self._user_exists(username))
def _setup_request_object(self): self.request = HttpRequest() self.request.user = User.objects.create_user( username="******", email="*****@*****.**" ) self.request._messages = CookieStorage(self.request) CrequestMiddleware.set_request(self.request)
def assertLoginError(self, resp): self.assertEqual(urlsplit(resp["Location"])[2], "/") messages = CookieStorage(resp)._decode(resp.cookies["messages"].value) self.assertIn( (40, "You do not have permission to do that."), [(m.level, m.message) for m in messages], )
def test_no_message_on_visit(self): """Clear out messages from django-allauth on sign up.""" user = self.make_user() self.client.cookies["messages"] = CookieStorage(request=None)._encode( [Message(messages.INFO, "Find me")]) with self.login(user): response = self.get("core:start") self.assertResponseNotContains("Find me", response) assert response.cookies["messages"].value == ""
def get_flash_messages(response, empty=True): if "messages" not in response.cookies: return [] # A RequestFactory will not run the messages middleware, and thus will # not delete the messages after retrieval. dummy_request = RequestFactory().get("/") dummy_request.COOKIES["messages"] = response.cookies["messages"].value msgs = list(CookieStorage(dummy_request)) if empty: del response.client.cookies["messages"] return msgs
def test_authenticate_wrong_counter(self): self.device.counter = 160 self.device.save() request = RequestFactory().get('/dummy/') request._messages = CookieStorage(request) self.assertRaisesMessage(PermissionDenied, "Counter didn't increase.", self.backend.authenticate, request, self.user, self.server, self.state, self.fido2_response) self.assertQuerysetEqual(Authenticator.objects.values_list( 'user', 'counter'), [(self.user.pk, 160)], transform=tuple)
def test_authenticate_wrong_counter(self): user = User.objects.create_user('kryten') U2fDevice.objects.create(user=user, version='U2F_V2', key_handle=self.key_handle, public_key=self.public_key, counter=42) request = RequestFactory().get('/dummy/') request._messages = CookieStorage(request) self.assertRaisesMessage(PermissionDenied, "Counter didn't increase.", self.backend.authenticate, request, user, self.u2f_request, self.u2f_response) self.assertQuerysetEqual(U2fDevice.objects.values_list( 'user', 'counter'), [(user.pk, 42)], transform=tuple)
def test_user_cant_change_others(self): """ User cant change a users created by another user, even with can_change_permissions set to True. """ admin = self.get_superuser() staff_user = self.get_staff_user_with_no_permissions() staff_user_2 = self.get_staff_page_user(created_by=admin) endpoint = self.get_admin_url(PageUser, 'change', staff_user_2.pk) redirect_to = admin_reverse('index') data = model_to_dict(staff_user_2, exclude=['date_joined']) data['_continue'] = '1' data['date_joined_0'] = '2016-06-21' data['date_joined_1'] = '15:00:00' self.add_permission(staff_user, 'change_pageuser') self.add_page_permission( staff_user, self._permissions_page, can_change_permissions=True, ) if staff_user_2.USERNAME_FIELD != "email": username = "******" else: username = "******" data[staff_user_2.USERNAME_FIELD] = username with self.login_user_context(staff_user): response = self.client.post(endpoint, data) if DJANGO_1_10: self.assertEqual(response.status_code, 404) else: self.assertRedirects(response, redirect_to) msgs = CookieStorage(response)._decode( response.cookies['messages'].value) self.assertTrue(msgs[0], PageUser._meta.verbose_name) self.assertTrue(msgs[0], 'ID "%s"' % staff_user_2.pk) self.assertFalse(self._user_exists(username))
def test_successful_comment(self, mock_submit): mock_submit.return_value.status_code = 201 mock_submit.return_value.text = '{"trackingNumber": "FAKE_TRACK_NUM"}' data = { 'comment_on': 'FAKE_DOC_NUM', 'general_comment': 'FAKE_COMMENT', 'first_name': 'FAKE_FIRST', 'last_name': 'FAKE_LAST' } response = self.client.post(reverse('reg_comment'), data) mock_submit.assert_called_with(QueryDict(urlencode(data))) self.assertEquals( urlparse(response['Location']).path, reverse('reg_comment:success')) # TODO: There may be a better way to get messages_list, # fix if possible messages_list = CookieStorage(response)._decode( response.cookies['messages'].value) self.assertEqual(len(messages_list), 1) self.assertEqual(messages_list[0].message, 'FAKE_TRACK_NUM') self.assertEqual(messages_list[0].level, SUCCESS)
def test_user_cant_delete_others(self): """ User cant delete a user created by another user, even with can_change_permissions set to True. """ admin = self.get_superuser() staff_user = self.get_staff_user_with_no_permissions() staff_user_2 = self.get_staff_page_user(created_by=admin) endpoint = self.get_admin_url(PageUser, 'delete', staff_user_2.pk) redirect_to = admin_reverse('index') data = {'post': 'yes'} self.add_permission(staff_user, self._get_delete_perm()) self.add_permission(staff_user, 'delete_pageuser') self.add_page_permission( staff_user, self._permissions_page, can_change_permissions=True, ) with self.login_user_context(staff_user): username = getattr(staff_user_2, staff_user_2.USERNAME_FIELD) response = self.client.post(endpoint, data) # The response is a 404 instead of a 403 # because the queryset is limited to objects # that the user has permissions for. # This queryset is used to fetch the object # from the request, resulting in a 404. # Since Django 1.11 404 results in redirect to the admin home if DJANGO_1_10: self.assertEqual(response.status_code, 404) else: self.assertRedirects(response, redirect_to) msgs = CookieStorage(response)._decode( response.cookies['messages'].value) self.assertTrue(msgs[0], PageUser._meta.verbose_name) self.assertTrue(msgs[0], 'ID "%s"' % staff_user_2.pk) self.assertTrue(self._user_exists(username))
def test_user_cant_delete_own_group(self): """ User cant delete a group he's a part of, even with can_change_permissions set to True. """ group = self._get_group() staff_user = self.get_staff_user_with_no_permissions() staff_user.groups.add(group) endpoint = self.get_admin_url(PageUserGroup, 'delete', group.pk) redirect_to = admin_reverse('index') data = {'post': 'yes'} self.add_permission(staff_user, 'delete_group') self.add_permission(staff_user, 'delete_pageusergroup') self.add_page_permission( staff_user, self._permissions_page, can_change_permissions=True, ) with self.login_user_context(staff_user): response = self.client.post(endpoint, data) # The response is a 404 instead of a 403 # because the queryset is limited to objects # that the user has permissions for. # This queryset is used to fetch the object # from the request, resulting in a 404. # Since Django 1.11 404 results in redirect to the admin home if DJANGO_1_10: self.assertEqual(response.status_code, 404) else: self.assertRedirects(response, redirect_to) msgs = CookieStorage(response)._decode( response.cookies['messages'].value) self.assertTrue(msgs[0], PageUserGroup._meta.verbose_name) self.assertTrue(msgs[0], 'ID "%s"' % group.pk) self.assertTrue(self._group_exists())
def assertLoginError(self, resp): messages = CookieStorage(resp)._decode(resp.cookies['messages'].value) self.assertEqual([(m.level, m.message) for m in messages], [(40, "Permision denied.")])
def assertLoginError(self, resp): messages = CookieStorage(resp)._decode(resp.cookies['messages'].value) self.assertIn((40, u"You do not have permission to do that."), [(m.level, m.message) for m in messages])
def get_messages_as_list(response): return CookieStorage(response)._decode(response.cookies['messages'].value)
def get_messages_from_cookie(cookies): request = HttpRequest() request.COOKIES = {CookieStorage.cookie_name: cookies.get( CookieStorage.cookie_name).value} return CookieStorage(request)
def assertLoginSuccess(self, resp, user): self.assertEqual( urlsplit(resp['Location'])[2], django_settings.LOGIN_REDIRECT_URL) msg = la_settings.MESSAGE_LOGIN_SWITCH.format(username=user.username) messages = CookieStorage(resp)._decode(resp.cookies['messages'].value) self.assertIn(msg, "".join([m.message for m in messages]))