def test_whoami_disallowed_methods(client, api_settings, http_method):
"""HTTP methods other than GET are not allowed."""
url = reverse('api.v1.whoami')
response = getattr(client, http_method)(url,
HTTP_HOST=api_settings.BETA_HOST)
assert response.status_code == 405
assert_no_cache_header(response)
def test_doc_api_disallowed_methods(client, api_settings, http_method):
"""HTTP methods other than GET are not allowed."""
url = reverse('api.v1.doc', args=['en-US', 'Web/CSS'])
response = getattr(client, http_method)(url,
HTTP_HOST=api_settings.BETA_HOST)
assert response.status_code == 405
assert_no_cache_header(response)
def test_purge_get_no_log(deleted_doc, moderator_client):
url = reverse('wiki.purge_document', args=[deleted_doc.slug])
DocumentDeletionLog.objects.all().delete()
response = moderator_client.get(url)
assert response.status_code == 200
assert_no_cache_header(response)
assert 'deleted, for unknown reasons' in response.content.decode('utf-8')
def test_doc_api_for_redirect_to_non_doc(client, api_settings, redirect_to_home,
redirect_to_macros, case):
"""
Test the document API when we're requesting data for a document that
redirects to a non-document page (either the home page or another).
"""
if case == 'redirect-to-home':
doc = redirect_to_home
expected_redirect_url = '/en-US/'
else:
doc = redirect_to_macros
expected_redirect_url = absolutify('/en-US/dashboards/macros',
for_wiki_site=True)
url = reverse('api.v1.doc', args=[doc.locale, doc.slug])
response = client.get(url, HTTP_HOST=api_settings.BETA_HOST)
assert response.status_code == 200
assert_no_cache_header(response)
data = response.json()
assert data['documentData'] is None
assert data['redirectURL'] == expected_redirect_url
# Also ensure that we get exactly the same data by calling
# the document_api_data() function directly
assert data == document_api_data(redirect_url=expected_redirect_url)
def test_permissions(self, mock_analytics_upageviews):
"""A user with correct permissions is able to see the dashboard."""
self.client.login(username='******', password='******')
# Attempt to see spam dashboard as a logged-in user without permissions
response = self.client.get(reverse('dashboards.spam'))
assert response.status_code == 403
# Give testuser wiki.add_revisionakismetsubmission permission
perm_akismet = Permission.objects.get(codename='add_revisionakismetsubmission')
self.testuser.user_permissions.add(perm_akismet)
response = self.client.get(reverse('dashboards.spam'))
assert response.status_code == 403
# Give testuser wiki.add_documentspamattempt permission
perm_spam = Permission.objects.get(codename='add_documentspamattempt')
self.testuser.user_permissions.add(perm_spam)
response = self.client.get(reverse('dashboards.spam'))
assert response.status_code == 403
# Give testuser wiki.add_userban permission
perm_ban = Permission.objects.get(codename='add_userban')
self.testuser.user_permissions.add(perm_ban)
response = self.client.get(reverse('dashboards.spam'))
# With all correct permissions testuser is able to see the dashboard
assert response.status_code == 200
assert_no_cache_header(response)
assert 'text/html' in response['Content-Type']
assert 'dashboards/spam.html' in (template.name for template in response.templates)
def test_revisions_not_logged_in(root_doc, client):
"""A user who is not logged in can't see the revisions dashboard."""
url = reverse('dashboards.revisions')
response = client.get(url)
assert response.status_code == 302
assert response['Location'] == '/en-US/users/signin?next={}'.format(url)
assert_no_cache_header(response)
def test_spam_with_many_response(create_revision, akismet_wiki_user,
akismet_wiki_user_2, user_client,
enable_akismet_submissions,
akismet_mock_requests):
submission = RevisionAkismetSubmission(
type="ham",
sender=akismet_wiki_user_2,
revision=create_revision
)
submission.save()
# Check that one RevisionAkismetSubmission instance exists.
ras = RevisionAkismetSubmission.objects.filter(revision=create_revision)
assert ras.count() == 1
# Create another Akismet revision via the endpoint.
url = reverse('wiki.submit_akismet_spam')
response = user_client.post(url, data={'revision': create_revision.id})
assert response.status_code == 201
assert_no_cache_header(response)
data = json.loads(response.content)
assert len(data) == 2
assert data[0]['type'] == 'ham'
assert data[0]['sender'] == akismet_wiki_user_2.username
assert data[1]['type'] == 'spam'
assert data[1]['sender'] == akismet_wiki_user.username
# Check that the Akismet endpoints were called.
assert akismet_mock_requests.called
assert akismet_mock_requests.call_count == 2
def test_login(client):
"""Tests that login is required. The "client" fixture is not logged in."""
url = reverse('wiki.admin_bulk_purge')
response = client.get(url)
assert response.status_code == 302
assert 'en-US/users/signin?' in response['Location']
assert_no_cache_header(response)
def test_create_child_valid(root_doc, add_doc_client, slug):
"""Test creating a new child document with valid and invalid slugs."""
data = dict(
title='A Child of the Root Document',
slug=slug,
tags='tag1, tag2',
review_tags=['editorial', 'technical'],
keywords='key1, key2',
summary='lipsum',
content='lorem ipsum dolor sit amet',
comment='This is foobar.',
toc_depth=1,
)
url = reverse('wiki.create')
url += '?parent={}'.format(root_doc.id)
full_slug = '{}/{}'.format(root_doc.slug, slug)
resp = add_doc_client.post(url, data)
assert resp.status_code == 302
assert resp['X-Robots-Tag'] == 'noindex'
assert_no_cache_header(resp)
assert resp['Location'].endswith(
reverse('wiki.document', args=(full_slug,)))
assert root_doc.children.count() == 1
doc = Document.objects.get(slug=full_slug, locale='en-US')
skip_keys = set(('tags', 'review_tags', 'parent_topic'))
for name in (set(data.keys()) - skip_keys):
expected = full_slug if name == 'slug' else data[name]
assert getattr(doc.current_revision, name) == expected
assert (sorted(doc.tags.all().values_list('name', flat=True)) ==
['tag1', 'tag2'])
review_tags = doc.current_revision.review_tags
assert (sorted(review_tags.all().values_list('name', flat=True)) ==
['editorial', 'technical'])
def test_create_child_invalid(root_doc, add_doc_client, slug):
"""Test creating a new child document with valid and invalid slugs."""
data = dict(
title='A Child of the Root Document',
slug=slug,
tags='tag1, tag2',
review_tags=['editorial', 'technical'],
keywords='key1, key2',
summary='lipsum',
content='lorem ipsum dolor sit amet',
comment='This is foobar.',
toc_depth=1,
)
url = reverse('wiki.create')
url += '?parent={}'.format(root_doc.id)
full_slug = '{}/{}'.format(root_doc.slug, slug)
resp = add_doc_client.post(url, data)
assert resp.status_code == 200
assert resp['X-Robots-Tag'] == 'noindex'
assert_no_cache_header(resp)
assert b'The slug provided is not valid.' in resp.content
with pytest.raises(Document.DoesNotExist):
Document.objects.get(slug=full_slug, locale='en-US')
page = pq(resp.content)
assert page.find('input[name=slug]')[0].value == slug
def test_create_valid(add_doc_client):
"""Test creating a new document with valid and invalid slugs."""
slug = 'Foobar'
data = dict(
title='A Foobar Document',
slug=slug,
tags='tag1, tag2',
review_tags=['editorial', 'technical'],
keywords='key1, key2',
summary='lipsum',
content='lorem ipsum dolor sit amet',
comment='This is foobar.',
toc_depth=1,
)
url = reverse('wiki.create')
resp = add_doc_client.post(url, data)
assert resp.status_code == 302
assert resp['X-Robots-Tag'] == 'noindex'
assert_no_cache_header(resp)
assert resp['Location'].endswith(reverse('wiki.document', args=(slug,)))
doc = Document.objects.get(slug=slug)
for name in (set(data.keys()) - set(('tags', 'review_tags'))):
assert getattr(doc.current_revision, name) == data[name]
assert (sorted(doc.tags.all().values_list('name', flat=True)) ==
['tag1', 'tag2'])
review_tags = doc.current_revision.review_tags
assert (sorted(review_tags.all().values_list('name', flat=True)) ==
['editorial', 'technical'])
def test_intermediate(self):
"""
Test that the intermediate DocumentAttachment gets created
correctly when adding an Attachment with a document_id.
"""
doc = document(locale='en-US',
slug='attachment-test-intermediate',
save=True)
revision(document=doc, is_approved=True, save=True)
file_for_upload = make_test_file(
content='A file for testing intermediate attachment model.')
post_data = {
'title': 'Intermediate test file',
'description': 'Intermediate test file',
'comment': 'Initial upload',
'file': file_for_upload,
}
files_url = reverse('attachments.edit_attachment',
kwargs={'document_path': doc.slug})
response = self.client.post(files_url, data=post_data)
assert response.status_code == 302
assert_no_cache_header(response)
assert doc.files.count() == 1
intermediates = DocumentAttachment.objects.filter(document__pk=doc.id)
assert intermediates.count() == 1
intermediate = intermediates[0]
assert intermediate.attached_by.username == 'admin'
assert intermediate.name == file_for_upload.name.split('/')[-1]
def test_key_history(self):
# Assemble some sample log lines
log_lines = []
for i in range(0, ITEMS_PER_PAGE * 2):
log_lines.append(('ping', self.user2, 'Number #%s' % i))
# Record the log lines for this key
for l in log_lines:
self.key1.log(*l)
# Reverse the lines for comparison.
log_lines.reverse()
# Iterate through 2 expected pages...
for qs, offset in (('', 0), ('?page=2', ITEMS_PER_PAGE)):
url = '%s%s' % (reverse('authkeys.history', args=(self.key1.pk,)),
qs)
resp = self.client.get(url)
assert resp.status_code == 200
assert_no_cache_header(resp)
page = pq(resp.content)
rows = page.find('.item')
for idx in range(0, ITEMS_PER_PAGE):
row = rows.eq(idx)
expected = log_lines[idx + offset]
line = (row.find('.action').text(),
row.find('.object').text(),
row.find('.notes').text())
assert line[0] == expected[0]
assert ('%s' % expected[1]) in line[1]
assert line[2] == expected[2]
def test_home_when_rate_limited(mock_render, client, db):
"""
Cloudfront CDN's don't cache 429's, but let's test this anyway.
"""
mock_render.side_effect = Ratelimited()
response = client.get(reverse('home'))
assert response.status_code == 429
assert_no_cache_header(response)
def test_read_only_mode(root_doc, user_client, endpoint):
args = [root_doc.slug]
if endpoint == 'revert_document':
args.append(root_doc.current_revision.id)
url = reverse('wiki.{}'.format(endpoint), args=args)
response = user_client.get(url)
assert response.status_code == 403
assert_no_cache_header(response)
def test_revision_hash(client, db, method, settings):
settings.REVISION_HASH = 'the_revision_hash'
response = getattr(client, method)(reverse('version.kuma'))
assert response.status_code == 200
assert response['Content-Type'] == 'text/plain; charset=utf-8'
assert_no_cache_header(response)
if method == 'get':
assert response.content.decode('utf-8') == 'the_revision_hash'
def test_recurring_payment_management_customer_id(enabled_, get, user_client, stripe_user):
"""The recurring payments page shows there are active subscriptions."""
response = user_client.get(reverse('recurring_payment_management'))
assert response.status_code == 200
content = response.content.decode(response.charset)
assert ('<button id="id_stripe_cancel_subscription"'
' name="stripe_cancel_subscription"') in content
assert_no_cache_header(response)
def test_watch_login_required(client, root_doc, endpoint):
"""User must be logged-in to subscribe to a document."""
url = reverse(endpoint, args=[root_doc.slug])
response = client.post(url)
assert response.status_code == 302
assert_no_cache_header(response)
assert response['Location'].endswith(
reverse('account_login') + '?next=' + quote(url))
def test_mime_type_filtering(self):
"""
Don't allow uploads outside of the explicitly-permitted
mime-types.
"""
_file = make_test_file(content='plain and text', suffix='.txt')
post_data = {
'title': 'Test disallowed file type',
'description': 'A file kuma should disallow on type.',
'comment': 'Initial upload',
'file': _file,
}
response = self.client.post(self.files_url, data=post_data)
assert response.status_code == 200
assert_no_cache_header(response)
self.assertContains(response, 'Files of this type are not permitted.')
_file.close()
def test_get(add_doc_client):
response = add_doc_client.get(reverse("wiki.create"), HTTP_HOST=settings.WIKI_HOST)
assert response.status_code == 200
assert response["X-Robots-Tag"] == "noindex"
assert_no_cache_header(response)
page = pq(response.content)
toc_select = page.find("#id_toc_depth")
toc_options = toc_select.find("option")
found_selected = False
for option in toc_options:
opt_element = pq(option)
if opt_element.attr("selected"):
found_selected = True
assert opt_element.attr("value") == str(Revision.TOC_DEPTH_H4)
assert found_selected, "No ToC depth initially selected."
# Check discard button.
assert page.find(".btn-discard").attr("href") == reverse("wiki.create")
def test_revert_post(edit_revision, delete_client):
root_doc = edit_revision.document
assert len(root_doc.revisions.all()) == 2
first_revision = root_doc.revisions.first()
url = reverse('wiki.revert_document',
locale='en-US',
args=[root_doc.slug, first_revision.id])
response = delete_client.post(url, data=dict(comment='test'))
assert response.status_code == 302
assert response['Location'].endswith(
reverse('wiki.document_revisions', args=[root_doc.slug]))
assert_no_cache_header(response)
assert len(root_doc.revisions.all()) == 3
root_doc.refresh_from_db()
assert root_doc.current_revision.id != edit_revision.id
assert root_doc.current_revision.id != first_revision.id
assert root_doc.current_revision.id == root_doc.revisions.last().id
def test_revision_api_get(doc_with_macros, client, constance_config, qs, expected):
"""
The wiki.revision_api endpoint returns revised raw HTML for GET requests.
"""
constance_config.KUMASCRIPT_TIMEOUT = 1
url = reverse(
"wiki.revision_api", args=[doc_with_macros.slug], locale=doc_with_macros.locale
)
response = client.get(url + qs, HTTP_HOST=settings.WIKI_HOST)
assert response.status_code == 200
assert response.content.decode() == expected
assert_no_cache_header(response)
assert response["X-Frame-Options"] == "deny"
assert response["X-Robots-Tag"] == "noindex"
assert response["Last-Modified"] == get_last_modified_header(
doc_with_macros.current_revision.created
)
def test_spam_revision_does_not_exist(create_revision, akismet_wiki_user,
user_client, enable_akismet_submissions,
akismet_mock_requests):
revision_id = create_revision.id
create_revision.delete()
url = reverse('wiki.submit_akismet_spam')
response = user_client.post(url, data={'revision': revision_id})
assert response.status_code == 400
assert_no_cache_header(response)
# No RevisionAkismetSubmission record should exist.
ras = RevisionAkismetSubmission.objects.filter(revision_id=revision_id)
assert ras.count() == 0
# Check that the Akismet endpoints were not called.
assert not akismet_mock_requests.called
def test_get(add_doc_client):
response = add_doc_client.get(reverse('wiki.create'))
assert response.status_code == 200
assert response['X-Robots-Tag'] == 'noindex'
assert_no_cache_header(response)
page = pq(response.content)
toc_select = page.find('#id_toc_depth')
toc_options = toc_select.find('option')
found_selected = False
for option in toc_options:
opt_element = pq(option)
if opt_element.attr('selected'):
found_selected = True
assert opt_element.attr('value') == str(Revision.TOC_DEPTH_H4)
assert found_selected, 'No ToC depth initially selected.'
# Check discard button.
assert (page.find('.btn-discard').attr('href') == reverse('wiki.create'))
def test_json(doc_hierarchy_with_zones, client, params_case):
"""Test the wiki.json endpoint."""
Switch.objects.create(name='application_ACAO', active=True)
top_doc = doc_hierarchy_with_zones.top
bottom_doc = doc_hierarchy_with_zones.bottom
expected_tags = sorted(['foo', 'bar', 'baz'])
expected_review_tags = sorted(['tech', 'editorial'])
for doc in (top_doc, bottom_doc):
doc.tags.set(*expected_tags)
doc.current_revision.review_tags.set(*expected_review_tags)
params = None
expected_slug = None
expected_status_code = 200
if params_case == 'nothing':
expected_status_code = 400
elif params_case == 'title-only':
expected_slug = top_doc.slug
params = dict(title=top_doc.title)
elif params_case == 'slug-only':
expected_slug = bottom_doc.slug
params = dict(slug=bottom_doc.slug)
elif params_case == 'title-and-slug':
expected_slug = top_doc.slug
params = dict(title=top_doc.title, slug=bottom_doc.slug)
else: # missing title
expected_status_code = 404
params = dict(title='nonexistent document title')
url = reverse('wiki.json', locale='en-US')
response = client.get(url, params)
assert response.status_code == expected_status_code
if response.status_code == 404:
assert_no_cache_header(response)
else:
assert_shared_cache_header(response)
assert response['Access-Control-Allow-Origin'] == '*'
if response.status_code == 200:
data = json.loads(response.content)
assert data['slug'] == expected_slug
assert sorted(data['tags']) == expected_tags
assert sorted(data['review_tags']) == expected_review_tags
def test_revision_api_post_400(doc_with_macros, wiki_user_2_token, client):
"""The wiki.revision_api endpoint returns 400 for bad POST requests."""
url = reverse(
"wiki.revision_api", args=[doc_with_macros.slug], locale=doc_with_macros.locale
)
response = client.post(
url,
content_type="text/plain",
HTTP_HOST=settings.WIKI_HOST,
HTTP_AUTHORIZATION=f"Token {wiki_user_2_token.key}",
)
assert response.status_code == 400
assert response.content.decode() == (
'POST body must be of type "application/json", '
'"application/x-www-form-urlencoded", or "multipart/form-data".'
)
assert_no_cache_header(response)
def test_doc_api_for_redirect_to_doc(client, api_settings, root_doc,
redirect_doc, cleared_cacheback_cache,
ensure_contributors):
"""
Test the document API when we're requesting data for a document that
redirects to another document.
"""
if ensure_contributors:
# Pre-populate the cache for the call to document_api_data()
# made within the view that serves the "api.v1.doc" endpoint.
DocumentContributorsJob().refresh(root_doc.pk)
url = reverse('api.v1.doc', args=[redirect_doc.locale, redirect_doc.slug])
response = client.get(url, HTTP_HOST=api_settings.BETA_HOST, follow=True)
assert response.status_code == 200
assert_no_cache_header(response)
data = response.json()
assert data['documentData']
assert data['redirectURL'] is None
doc_data = data['documentData']
assert doc_data['locale'] == root_doc.locale
assert doc_data['slug'] == root_doc.slug
assert doc_data['id'] == root_doc.id
assert doc_data['title'] == root_doc.title
assert doc_data['language'] == root_doc.language
assert doc_data['hrefLang'] == 'en'
assert doc_data['absoluteURL'] == root_doc.get_absolute_url()
assert doc_data['editURL'] == absolutify(root_doc.get_edit_url(),
for_wiki_site=True)
assert doc_data['bodyHTML'] == root_doc.get_body_html()
assert doc_data['quickLinksHTML'] == root_doc.get_quick_links_html()
assert doc_data['tocHTML'] == root_doc.get_toc_html()
assert doc_data['translations'] == []
assert doc_data['contributors'] == (['wiki_user']
if ensure_contributors else [])
assert doc_data['lastModified'] == '2017-04-14T12:15:00'
assert doc_data['lastModifiedBy'] == 'wiki_user'
# Clear the cache for a clean slate when calling document_api_data().
DocumentContributorsJob().delete(root_doc.pk)
# Also ensure that we get exactly the same data by calling
# the document_api_data() function directly
assert data == document_api_data(root_doc,
ensure_contributors=ensure_contributors)
def test_json(doc_hierarchy, client, params_case):
"""Test the wiki.json endpoint."""
top_doc = doc_hierarchy.top
bottom_doc = doc_hierarchy.bottom
expected_tags = sorted(["foo", "bar", "baz"])
expected_review_tags = sorted(["tech", "editorial"])
for doc in (top_doc, bottom_doc):
doc.tags.set(*expected_tags)
doc.current_revision.review_tags.set(*expected_review_tags)
params = None
expected_slug = None
expected_status_code = 200
if params_case == "nothing":
expected_status_code = 400
elif params_case == "title-only":
expected_slug = top_doc.slug
params = dict(title=top_doc.title)
elif params_case == "slug-only":
expected_slug = bottom_doc.slug
params = dict(slug=bottom_doc.slug)
elif params_case == "title-and-slug":
expected_slug = top_doc.slug
params = dict(title=top_doc.title, slug=bottom_doc.slug)
else: # missing title
expected_status_code = 404
params = dict(title="nonexistent document title")
url = reverse("wiki.json")
with override_switch("application_ACAO", True):
response = client.get(url, params)
assert response.status_code == expected_status_code
if response.status_code == 404:
assert_no_cache_header(response)
else:
assert_shared_cache_header(response)
assert response["Access-Control-Allow-Origin"] == "*"
if response.status_code == 200:
data = json.loads(response.content)
assert data["slug"] == expected_slug
assert sorted(data["tags"]) == expected_tags
assert sorted(data["review_tags"]) == expected_review_tags
def test_doc_api(client, api_settings, trans_doc, cleared_cacheback_cache,
ensure_contributors):
"""On success we get document details in a JSON response."""
if ensure_contributors:
# Pre-populate the cache for the call to document_api_data()
# made within the view that serves the "api.v1.doc" endpoint.
DocumentContributorsJob().refresh(trans_doc.pk)
url = reverse('api.v1.doc', args=[trans_doc.locale, trans_doc.slug])
response = client.get(url, HTTP_HOST=api_settings.BETA_HOST)
assert response.status_code == 200
assert_no_cache_header(response)
data = response.json()
assert data['locale'] == trans_doc.locale
assert data['slug'] == trans_doc.slug
assert data['id'] == trans_doc.id
assert data['title'] == trans_doc.title
assert data['language'] == trans_doc.language
assert data['absoluteURL'] == trans_doc.get_absolute_url()
assert data['redirectURL'] is None
assert data['editURL'] == absolutify(trans_doc.get_edit_url(),
for_wiki_site=True)
assert data['bodyHTML'] == trans_doc.get_body_html()
assert data['quickLinksHTML'] == trans_doc.get_quick_links_html()
assert data['tocHTML'] == trans_doc.get_toc_html()
assert data['translations'] == [{
'locale': 'en-US',
'language': 'English (US)',
'localizedLanguage': u'Anglais am\u00e9ricain',
'title': 'Root Document',
'url': '/en-US/docs/Root'
}]
assert data['contributors'] == (['wiki_user']
if ensure_contributors else [])
assert data['lastModified'] == '2017-04-14T12:20:00'
assert data['lastModifiedBy'] == 'wiki_user'
# Clear the cache for a clean slate when calling document_api_data().
DocumentContributorsJob().delete(trans_doc.pk)
# Also ensure that we get exactly the same data by calling
# the document_api_data() function directly
assert data == document_api_data(trans_doc,
ensure_contributors=ensure_contributors)
def test_whoami_anonymous(client, settings, timezone):
"""Test response for anonymous users."""
# Create some fake waffle objects
Flag.objects.create(name="section_edit", authenticated=True)
Flag.objects.create(name="flag_all", everyone=True)
Flag.objects.create(name="flag_none", percent=0)
Switch.objects.create(name="switch_on", active=True)
Switch.objects.create(name="switch_off", active=False)
Sample.objects.create(name="sample_never", percent=0)
Sample.objects.create(name="sample_always", percent=100)
settings.TIME_ZONE = timezone
url = reverse("api.v1.whoami")
response = client.get(url)
assert response.status_code == 200
assert response["content-type"] == "application/json"
assert response.json() == {
"username": None,
"timezone": timezone,
"is_authenticated": False,
"is_staff": False,
"is_superuser": False,
"is_beta_tester": False,
"avatar_url": None,
"waffle": {
"flags": {
"section_edit": False,
"flag_all": True,
"flag_none": False,
"subscription": False,
"subscription_banner": False,
},
"switches": {
"switch_on": True,
"switch_off": False
},
"samples": {
"sample_always": True,
"sample_never": False
},
},
"is_subscriber": False,
"email": None,
}
assert_no_cache_header(response)
def test_delete_post(root_doc, moderator_client):
url = reverse('wiki.delete_document', args=[root_doc.slug])
response = moderator_client.post(url,
data=dict(reason='test'),
HTTP_HOST=settings.WIKI_HOST)
assert response.status_code == 302
assert response['Location'].endswith(root_doc.get_absolute_url())
assert_no_cache_header(response)
assert len(
Document.admin_objects.filter(slug=root_doc.slug,
locale=root_doc.locale,
deleted=True)) == 1
with pytest.raises(Document.DoesNotExist):
Document.objects.get(slug=root_doc.slug, locale=root_doc.locale)
assert len(
DocumentDeletionLog.objects.filter(locale=root_doc.locale,
slug=root_doc.slug,
reason='test')) == 1
def test_revert_post(edit_revision, moderator_client):
root_doc = edit_revision.document
assert len(root_doc.revisions.all()) == 2
first_revision = root_doc.revisions.first()
url = reverse("wiki.revert_document",
args=[root_doc.slug, first_revision.id])
response = moderator_client.post(url,
data=dict(comment="test"),
HTTP_HOST=settings.WIKI_HOST)
assert response.status_code == 302
assert response["Location"].endswith(
reverse("wiki.document_revisions", args=[root_doc.slug]))
assert_no_cache_header(response)
assert len(root_doc.revisions.all()) == 3
root_doc.refresh_from_db()
assert root_doc.current_revision.id != edit_revision.id
assert root_doc.current_revision.id != first_revision.id
assert root_doc.current_revision.id == root_doc.revisions.last().id
def test_whoami_anonymous(client, api_settings, timezone):
"""Test response for anonymous users."""
# Create some fake waffle objects
Flag.objects.create(name='section_edit', authenticated=True)
Flag.objects.create(name='flag_all', everyone=True)
Flag.objects.create(name='flag_none', percent=0)
Switch.objects.create(name="switch_on", active=True)
Switch.objects.create(name="switch_off", active=False)
Sample.objects.create(name="sample_never", percent=0)
Sample.objects.create(name="sample_always", percent=100)
api_settings.TIME_ZONE = timezone
url = reverse('api.v1.whoami')
response = client.get(url, HTTP_HOST=api_settings.BETA_HOST)
assert response.status_code == 200
assert response['content-type'] == 'application/json'
assert response.json() == {
'username': None,
'timezone': timezone,
'is_authenticated': False,
'is_staff': False,
'is_superuser': False,
'is_beta_tester': False,
'gravatar_url': {
'small': None,
'large': None,
},
'waffle': {
'flags': {
'section_edit': False,
'flag_all': True,
'flag_none': False,
},
'switches': {
'switch_on': True,
'switch_off': False
},
'samples': {
'sample_always': True,
'sample_never': False
}
}
}
assert_no_cache_header(response)
def test_mime_type_filtering(self):
"""
Don't allow uploads outside of the explicitly-permitted
mime-types.
"""
_file = make_test_file(content="plain and text", suffix=".txt")
post_data = {
"title": "Test disallowed file type",
"description": "A file kuma should disallow on type.",
"comment": "Initial upload",
"file": _file,
}
response = self.client.post(self.files_url,
data=post_data,
HTTP_HOST=settings.WIKI_HOST)
assert response.status_code == 200
assert_no_cache_header(response)
self.assertContains(response, "Files of this type are not permitted.")
_file.close()
def test_watch_unwatch(user_client, wiki_user, root_doc, endpoint, event):
"""Watch and unwatch a document."""
url = reverse(endpoint, args=[root_doc.slug])
# Subscribe
response = user_client.post(url)
assert response.status_code == 302
assert_no_cache_header(response)
assert response['Location'].endswith(
reverse('wiki.document', args=[root_doc.slug]))
assert event.is_notifying(wiki_user, root_doc), 'Watch was not created'
# Unsubscribe
response = user_client.post(url)
assert response.status_code == 302
assert_no_cache_header(response)
assert response['Location'].endswith(
reverse('wiki.document', args=[root_doc.slug]))
assert not event.is_notifying(wiki_user, root_doc), \
'Watch was not destroyed'
def test_get_existing_user(client, wiki_user, wiki_user_github_account,
http_method, case):
"""
Test GET and HEAD on the api.v1.get_user endpoint for an existing user, and
also that the username is case insensitive.
"""
username = getattr(str, case)(wiki_user.username)
url = reverse('api.v1.get_user', args=(username,))
response = getattr(client, http_method)(url)
assert response.status_code == 200
assert response['content-type'] == 'application/json'
assert_no_cache_header(response)
if http_method == 'get':
data = response.json()
assert data['username'] == wiki_user.username
assert data['avatar_url'] == wiki_user_github_account.get_avatar_url()
for field in ('title', 'fullname', 'organization', 'location',
'timezone', 'locale'):
assert data[field] == getattr(wiki_user, field)
def test_watch_unwatch(user_client, wiki_user, root_doc, endpoint, event):
"""Watch and unwatch a document."""
url = reverse(endpoint, args=[root_doc.slug])
# Subscribe
response = user_client.post(url, HTTP_HOST=settings.WIKI_HOST)
assert response.status_code == 302
assert_no_cache_header(response)
assert response["Location"].endswith(
reverse("wiki.document", args=[root_doc.slug]))
assert event.is_notifying(wiki_user, root_doc), "Watch was not created"
# Unsubscribe
response = user_client.post(url, HTTP_HOST=settings.WIKI_HOST)
assert response.status_code == 302
assert_no_cache_header(response)
assert response["Location"].endswith(
reverse("wiki.document", args=[root_doc.slug]))
assert not event.is_notifying(wiki_user,
root_doc), "Watch was not destroyed"
def test_whoami_anonymous(client, api_settings, timezone):
"""Test response for anonymous users."""
api_settings.TIME_ZONE = timezone
url = reverse('api.v1.whoami')
response = client.get(url, HTTP_HOST=api_settings.BETA_HOST)
assert response.status_code == 200
assert response['content-type'] == 'application/json'
assert response.json() == {
'username': None,
'timezone': timezone,
'is_authenticated': False,
'is_staff': False,
'is_superuser': False,
'is_beta_tester': False,
'gravatar_url': {
'small': None,
'large': None,
}
}
assert_no_cache_header(response)
def test_whoami_anonymous(client, settings):
"""Test response for anonymous users."""
# Create some fake waffle objects
Flag.objects.create(name="vip_only", authenticated=True)
Flag.objects.create(name="flag_all", everyone=True)
Flag.objects.create(name="flag_none", percent=0)
Switch.objects.create(name="switch_on", active=True)
Switch.objects.create(name="switch_off", active=False)
url = reverse("api.v1.whoami")
response = client.get(url)
assert response.status_code == 200
assert response["content-type"] == "application/json"
assert response.json() == {
"waffle": {
"flags": {"flag_all": True},
"switches": {"switch_on": True},
},
}
assert_no_cache_header(response)
def test_spam_valid_response(create_revision, akismet_wiki_user, user_client,
enable_akismet_submissions,
akismet_mock_requests):
url = reverse('wiki.submit_akismet_spam', locale='en-US')
response = user_client.post(url, data={'revision': create_revision.id})
assert response.status_code == 201
assert_no_cache_header(response)
# One RevisionAkismetSubmission record should exist for this revision.
ras = RevisionAkismetSubmission.objects.get(revision=create_revision)
assert ras.type == u'spam'
# Check that the Akismet endpoints were called.
assert akismet_mock_requests.called
assert akismet_mock_requests.call_count == 2
data = json.loads(response.content)
assert len(data) == 1
assert data[0]['sender'] == akismet_wiki_user.username
assert data[0]['type'] == u'spam'
def test_get_and_set_settings_happy_path(user_client, wiki_user):
url = reverse("api.v1.settings")
response = user_client.get(url)
assert response.status_code == 200
assert_no_cache_header(response)
assert response.json()["locale"] == "en-US"
response = user_client.post(url, {"locale": "zh-CN"})
assert response.status_code == 200
response = user_client.get(url)
assert response.status_code == 200
assert response.json()["locale"] == "zh-CN"
# You can also omit certain things and things won't be set
response = user_client.post(url, {})
assert response.status_code == 200
response = user_client.get(url)
assert response.status_code == 200
assert response.json()["locale"] == "zh-CN"
def test_svg_mime_type_non_staff(self):
"""
Regular users are not allowed to upload SVG images.
"""
_file = make_test_file(content='<svg viewBox="0 0 841.9 595.3"></svg>',
suffix=".svg")
post_data = {
"title": "Test Svg upload",
"description": "Mime type only allowed for some users.",
"comment": "Initial upload",
"file": _file,
}
self.client.login(username="******", password="******")
response = self.client.post(self.files_url,
data=post_data,
HTTP_HOST=settings.WIKI_HOST)
assert response.status_code == 200 # means it didn't upload
assert_no_cache_header(response)
self.assertContains(response, "Files of this type are not permitted.")
_file.close()
def test_svg_mime_type_staff_override(self):
"""
Staff users are allowed to upload SVG images. Only.
"""
_file = make_test_file(content='<svg viewBox="0 0 841.9 595.3"></svg>',
suffix=".svg")
post_data = {
"title": "Test Svg upload",
"description": "Mime type only allowed for some users.",
"comment": "Initial upload",
"file": _file,
}
# Remember, self.client use logged in as user 'admin'
response = self.client.post(self.files_url,
data=post_data,
HTTP_HOST=settings.WIKI_HOST)
assert response.status_code == 302 # means it worked
assert_no_cache_header(response)
_file.close()
(attachment_revision, ) = AttachmentRevision.objects.all()
assert attachment_revision.mime_type == "image/svg+xml"
def test_doc_api(client, api_settings, trans_doc, cleared_cacheback_cache):
"""On success we get document details in a JSON response."""
# The fetch_on_miss mock and the cleared_cacheback_cache fixture
# are here to ensure that we don't get an old cached value for
# the contributors property, and also that we don't use []
# while a celery job is running.
url = reverse('api.v1.doc', args=[trans_doc.locale, trans_doc.slug])
response = client.get(url, HTTP_HOST=api_settings.BETA_HOST)
assert response.status_code == 200
assert_no_cache_header(response)
data = response.json()
assert data['locale'] == trans_doc.locale
assert data['slug'] == trans_doc.slug
assert data['id'] == trans_doc.id
assert data['title'] == trans_doc.title
assert data['language'] == trans_doc.language
assert data['absoluteURL'] == trans_doc.get_absolute_url()
assert data['redirectURL'] == trans_doc.get_redirect_url()
assert data['editURL'] == absolutify(trans_doc.get_edit_url(),
for_wiki_site=True)
assert data['bodyHTML'] == trans_doc.get_body_html()
assert data['quickLinksHTML'] == trans_doc.get_quick_links_html()
assert data['tocHTML'] == trans_doc.get_toc_html()
assert data['translations'] == [{
'locale': 'en-US',
'language': 'English (US)',
'localizedLanguage': u'Anglais am\u00e9ricain',
'title': 'Root Document',
'url': '/en-US/docs/Root'
}]
assert data['contributors'] == ['wiki_user']
assert data['lastModified'] == '2017-04-14T12:20:00'
assert data['lastModifiedBy'] == 'wiki_user'
# Also ensure that we get exactly the same data by calling
# the document_api_data() function directly
data2 = document_api_data(trans_doc)
assert data == data2
def test_create_invalid(add_doc_client, slug):
"""Test creating a new document with valid and invalid slugs."""
data = dict(
title='A Foobar Document',
slug=slug,
tags='tag1, tag2',
review_tags=['editorial', 'technical'],
keywords='key1, key2',
summary='lipsum',
content='lorem ipsum dolor sit amet',
comment='This is foobar.',
toc_depth=1,
)
url = reverse('wiki.create')
resp = add_doc_client.post(url, data)
assert resp.status_code == 200
assert resp['X-Robots-Tag'] == 'noindex'
assert_no_cache_header(resp)
assert b'The slug provided is not valid.' in resp.content
with pytest.raises(Document.DoesNotExist):
Document.objects.get(slug=slug, locale='en-US')
assert pq(resp.content).find('input[name=slug]')[0].value == slug
def test_create_invalid(add_doc_client, slug):
"""Test creating a new document with valid and invalid slugs."""
data = dict(
title="A Foobar Document",
slug=slug,
tags="tag1, tag2",
review_tags=["editorial", "technical"],
keywords="key1, key2",
summary="lipsum",
content="lorem ipsum dolor sit amet",
comment="This is foobar.",
toc_depth=1,
)
url = reverse("wiki.create")
resp = add_doc_client.post(url, data, HTTP_HOST=settings.WIKI_HOST)
assert resp.status_code == 200
assert resp["X-Robots-Tag"] == "noindex"
assert_no_cache_header(resp)
assert b"The slug provided is not valid." in resp.content
with pytest.raises(Document.DoesNotExist):
Document.objects.get(slug=slug, locale="en-US")
assert pq(resp.content).find("input[name=slug]")[0].value == slug
def test_spam_no_permission(
create_revision,
wiki_user,
user_client,
enable_akismet_submissions,
akismet_mock_requests,
):
url = reverse("wiki.submit_akismet_spam")
response = user_client.post(url,
data={"revision": create_revision.id},
HTTP_HOST=settings.WIKI_HOST)
# Redirects to login page when without permission.
assert response.status_code == 302
assert response["Location"].endswith("users/signin?next={}".format(url))
assert_no_cache_header(response)
# No RevisionAkismetSubmission record should exist.
ras = RevisionAkismetSubmission.objects.filter(revision=create_revision)
assert ras.count() == 0
# Check that the Akismet endpoints were not called.
assert not akismet_mock_requests.called
def test_new_key(self):
data = {"description": "This is meant for a test app"}
url = reverse("authkeys.new")
# Check out the creation page, look for the form.
resp = self.client.get(url, HTTP_HOST=settings.WIKI_HOST)
assert resp.status_code == 200
assert_no_cache_header(resp)
page = pq(resp.content)
assert page.find("form.key").length == 1
# We don't have this key yet, right?
keys = Key.objects.filter(description=data["description"])
assert keys.count() == 0
# Okay, create it.
resp = self.client.post(url,
data,
follow=False,
HTTP_HOST=settings.WIKI_HOST)
assert resp.status_code == 200
assert_no_cache_header(resp)
# We have the key now, right?
keys = Key.objects.filter(description=data["description"])
assert keys.count() == 1
# Okay, and it should belong to the logged-in user
key = keys[0]
assert key.user == self.user
# Take a look at the description and key shown on the result page.
page = pq(resp.content)
assert page.find(".key .description").text() == data["description"]
assert page.find(".key .key").text() == key.key
# Ensure the secret on the page checks out.
secret = page.find(".key .secret").text()
assert key.check_secret(secret)
