def real_user_or_none(user):
"""
Convert anonymous user to None.
If user is anonymous, return None, otherwise return the user as is.
"""
assert (user is None or is_anonymous(user)
or isinstance(user, get_user_model()))
return user if (user and not is_anonymous(user)) else None
def test_login_with_email_2(client, regular_user, rf):
# Create user with same email as regular user to fail login
get_user_model().objects.create_user(username="******",
password="******",
email=regular_user.email)
get_default_shop()
prepare_user(regular_user)
redirect_target = "/redirect-success/"
client.post(
reverse("shuup:login"),
data={
"username": regular_user.email,
"password": REGULAR_USER_PASSWORD,
REDIRECT_FIELD_NAME: redirect_target
},
)
request = rf.get("/")
request.session = client.session
assert is_anonymous(get_user(request)), "User is still anonymous"
# Login with unknown email
client.post(
reverse("shuup:login"),
data={
"username": "******",
"password": REGULAR_USER_PASSWORD,
REDIRECT_FIELD_NAME: redirect_target,
},
)
request = rf.get("/")
request.session = client.session
assert is_anonymous(get_user(request)), "User is still anonymous"
# Login with username should work normally
response = client.post(
reverse("shuup:login"),
data={
"username": regular_user.username,
"password": REGULAR_USER_PASSWORD,
REDIRECT_FIELD_NAME: redirect_target,
},
)
assert response.get("location")
assert response.get("location").endswith(redirect_target)
request = rf.get("/")
request.session = client.session
assert get_user(request) == regular_user, "User is logged in"
def test_login_inactive_user_fails(client, regular_user, rf):
get_default_shop()
prepare_user(regular_user)
client.post(reverse("shuup:login"), data={
"username": regular_user.username,
"password": REGULAR_USER_PASSWORD,
})
request = rf.get("/")
request.session = client.session
assert get_user(request) == regular_user, "User is logged in"
request = rf.get("/")
request.session = client.session
logout(request)
user_contact = regular_user.contact
assert user_contact.is_active
user_contact.is_active = False
user_contact.save()
client.post(reverse("shuup:login"), data={
"username": regular_user.username,
"password": REGULAR_USER_PASSWORD,
})
request = rf.get("/")
request.session = client.session
assert is_anonymous(get_user(request)), "User is still anonymous"
def get_person_contact(user):
"""
Get PersonContact of given user.
If given user is non-zero (evaluates true as bool) and not
anonymous, return the PersonContact of the user. If there is no
PersonContact for the user yet, create it first. When this creation
happens, details (name, email, is_active) are copied from the user.
If given user is None (or otherwise evaluates as false) or
anonymous, return the AnonymousContact.
:param user: User object (or None) to get contact for
:type user: django.contrib.auth.models.User|None
:return: PersonContact of the user or AnonymousContact
:rtype: PersonContact|AnonymousContact
"""
if not (user and not is_anonymous(user)):
return AnonymousContact()
defaults = {
"is_active": user.is_active,
"first_name": getattr(user, "first_name", ""),
"last_name": getattr(user, "last_name", ""),
"email": getattr(user, "email", ""),
}
return PersonContact.objects.get_or_create(user=user, defaults=defaults)[0]
def get_shop_count(context):
"""
Return the number of shops accessible by the currently logged in user
"""
request = context["request"]
if not (request and not django_compat.is_anonymous(request.user)):
return 0
return Shop.objects.get_for_user(request.user).count()
def test_anon_cant_see_invisible_page(rf):
page = create_page(shop=get_default_shop(), available_from=None)
get_default_shop()
view_func = PageView.as_view()
request = apply_request_middleware(rf.get("/"))
assert is_anonymous(request.user)
with pytest.raises(Http404):
response = view_func(request, url=page.url)
def test_visible_page_has_right_content(rf):
page = create_page(available_from=datetime.date(1988, 1, 1), shop=get_default_shop())
view_func = PageView.as_view()
request = apply_request_middleware(rf.get("/"))
assert is_anonymous(request.user)
response = view_func(request, url=page.url)
response.render()
assert "<h1>Bacon ipsum" in response.rendered_content
def login(request, **kwargs):
if not is_anonymous(
request.user
) and request.method == "POST": # We're logging in, so log out first
do_logout(request)
kwargs.setdefault("extra_context", {})["error"] = request.GET.get("error")
return LoginView.as_view(**kwargs)(request)
def test_login_fails_without_valid_password(client, regular_user, rf):
prepare_user(regular_user)
get_default_shop()
client.post(reverse("shuup:login"), data={
"username": regular_user.username,
"password": "******" % REGULAR_USER_PASSWORD,
})
request = rf.get("/")
request.session = client.session
assert is_anonymous(get_user(request)), "User is still anonymous"
def add_gdpr_consent_resources(context, content):
if not valid_view(context):
return
request = context["request"]
shop = get_shop(request)
gdpr_settings = GDPRSettings.get_for_shop(shop)
# GDPR not enabled, nothing to do
if not gdpr_settings.enabled:
return
# always add styles
add_resource(context, "head_end", get_shuup_static_url("shuup-gdpr.css"))
user = request.user
if not is_anonymous(user) and should_reconsent_privacy_policy(shop, user):
consent_page = get_privacy_policy_page(shop)
render_context = {
"request":
request,
"csrf_token":
context["csrf_token"],
"url":
"/%s" % consent_page.url,
"accept_url":
reverse("shuup:gdpr_policy_consent",
kwargs=dict(page_id=consent_page.id))
}
update_resource = InlineMarkupResource(
loader.render_to_string("shuup/gdpr/privacy_policy_update.jinja",
context=render_context))
add_resource(context, "body_end", update_resource)
# consent already added
if settings.SHUUP_GDPR_CONSENT_COOKIE_NAME in request.COOKIES:
return
gdpr_documents = []
if has_installed("shuup.simple_cms"):
gdpr_documents = get_active_consent_pages(shop)
render_context = {
"request": request,
"csrf_token": context["csrf_token"],
"gdpr_settings": gdpr_settings,
"gdpr_documents": gdpr_documents,
"gdpr_cookie_categories": GDPRCookieCategory.objects.filter(shop=shop)
}
html_resource = InlineMarkupResource(
loader.render_to_string("shuup/gdpr/gdpr_consent.jinja",
context=render_context))
add_resource(context, "body_end", html_resource)
add_resource(context, "body_end", get_shuup_static_url("shuup-gdpr.js"))
def for_user(self, user):
"""
:type user: django.contrib.auth.models.AbstractUser
"""
if not (user and not is_anonymous(user)):
return self.none()
q = Q(recipient_type=RecipientType.SPECIFIC_USER) & Q(recipient=user)
if getattr(user, "is_superuser", False):
q |= Q(recipient_type=RecipientType.ADMINS)
return self.filter(q)
def test_login_with_invalid_password(client, regular_user, rf):
get_default_shop()
prepare_user(regular_user)
redirect_target = "/redirect-success/"
response = client.post(
reverse("shuup_admin:login"),
data={"username": regular_user.email, "password": "******", REDIRECT_FIELD_NAME: redirect_target},
)
assert not response.get("location") # No redirect since errors
request = rf.get("/")
request.session = client.session
assert is_anonymous(get_user(request)), "User is still anonymous"
def dispatch(self, request, *args, **kwargs):
user = request.user
if is_anonymous(request.user):
return HttpResponseNotFound()
shop = request.shop
page = Page.objects.filter(pk=kwargs["page_id"], shop=shop).first()
if not page:
return HttpResponseNotFound()
document = create_user_consent_for_all_documents(shop, user)
if document:
if not is_documents_consent_in_sync(shop, user):
return HttpResponseNotFound()
return HttpResponseRedirect(request.META.get("HTTP_REFERER", "/"))
return HttpResponseNotFound()
def login(request, **kwargs):
if not is_anonymous(request.user) and request.method == "POST": # We're logging in, so log out first
do_logout(request)
kwargs.setdefault("extra_context", {})["error"] = request.GET.get("error")
if django.VERSION < (2, 0):
return auth_views.login(
request=request,
authentication_form=cached_load("SHUUP_ADMIN_AUTH_FORM_SPEC"),
**kwargs
)
else:
return auth_views.LoginView.as_view(
form_class=cached_load("SHUUP_ADMIN_AUTH_FORM_SPEC"),
**kwargs
)(request)
def for_user(self, user):
"""
Get pages that should be visible for the given user.
"""
if user and not is_anonymous(user):
# superuser can see everything
if user.is_superuser:
user_filter = Q()
else:
user_filter = Q(
Q(available_permission_groups__in=user.groups.all()) | Q(created_by=user)
)
else:
user_filter = Q(available_permission_groups__isnull=True)
return self.filter(user_filter).distinct()
def test_visible_children(rf):
shop = get_default_shop()
request = apply_request_middleware(rf.get("/"))
assert is_anonymous(request.user)
parent_content = "Parent content"
page = create_page(available_from=datetime.date(1988, 1, 1),
content=parent_content,
shop=shop,
url="test")
children_content = "Children content"
# Visible child
create_page(available_from=datetime.date(2000, 1, 1),
content=children_content,
parent=page,
shop=shop)
assert page.list_children_on_page == False
check_children_content(request, page, children_content, False)
page.list_children_on_page = True
page.save()
check_children_content(request, page, children_content, True)
# check timestamps
page.show_child_timestamps = True
page.save()
page.refresh_from_db()
view = PageView.as_view()
response = view(request=request, pk=page.pk, url="test")
response.render()
content = force_text(response.content)
assert "Children content" in content
assert "Jan 1, 2000, 12:00:00 AM" in content
page.show_child_timestamps = False
page.save()
page.refresh_from_db()
view = PageView.as_view()
response = view(request=request, pk=page.pk, url="test")
response.render()
content = force_text(response.content)
assert "Children content" in content
assert "Jan 1, 2000, 12:00:00 AM" not in content
def visible(self, shop, dt=None, user=None):
"""
Get pages that should be publicly visible.
This does not do permission checking.
:param dt: Datetime for visibility check.
:type dt: datetime.datetime
:return: QuerySet of pages.
:rtype: QuerySet[Page]
"""
if not dt:
dt = now()
q = Q(
Q(available_from__lte=dt)
& (Q(available_to__gte=dt) | Q(available_to__isnull=True)))
if user and not is_anonymous(user):
q |= Q(created_by=user)
qs = self.not_deleted().for_shop(shop).filter(q)
return qs
def _filer_file_from_upload(model, request, path, upload_data, sha1=None):
"""
Create some sort of Filer file (either File or Image, really) from the given
upload data (ContentFile or UploadFile).
:param model: Model class.
:param request: Request, to figure out the owner for this file.
:type request: django.http.request.HttpRequest|None
:param path: Pathname string (see `filer_folder_from_path`) or a Filer Folder.
:type path: basestring|filer.models.Folder
:param upload_data: Upload data.
:type upload_data: django.core.files.base.File
:param sha1: SHA1 checksum. If given and a matching `model` with the SHA1 is found, it is returned instead.
:type sha1: basestring
:return: Filer file.
"""
if sha1:
upload = model.objects.filter(sha1=sha1).first()
if upload:
return upload
file_form_cls = modelform_factory(model=model,
fields=('original_filename', 'owner',
'file'))
upload_form = file_form_cls(data={
'original_filename':
upload_data.name,
'owner': (request.user.pk if
(request and not is_anonymous(request.user)) else None)
},
files={'file': upload_data})
upload = upload_form.save(commit=False)
upload.is_public = True
if isinstance(path, Folder):
upload.folder = path
else:
upload.folder = filer_folder_from_path(path)
upload.save()
return upload
def test_multishop(rf):
shop1 = get_default_shop()
shop2 = get_shop()
assert shop1.pk != shop2.pk
request = apply_request_middleware(rf.get("/"))
assert is_anonymous(request.user)
user = request.user
contact = get_person_contact(user)
assert contact == AnonymousContact()
# both shops have anonymous groups
group = contact.get_default_group() # ensure default group exists
grp1 = group.set_price_display_options(shop=shop1, hide_prices=False)
assert grp1
assert isinstance(grp1, ContactGroup)
dspl1 = get_price_display_for_group_and_shop(group, shop1)
assert isinstance(dspl1, ContactGroupPriceDisplay)
assert not get_price_display_for_group_and_shop(group, shop2)
# shop 2 decides to setup options
grp2 = group.set_price_display_options(shop=shop2, hide_prices=True)
assert grp1 == grp2 # returns same group
assert isinstance(grp2, ContactGroup)
dspl2 = get_price_display_for_group_and_shop(group, shop2)
assert isinstance(dspl2, ContactGroupPriceDisplay)
# get returns proper values
opts11 = contact.get_price_display_options(shop=shop1)
assert isinstance(opts11, PriceDisplayOptions)
opts12 = contact.get_price_display_options(shop=shop2)
assert isinstance(opts12, PriceDisplayOptions)
assert opts11 != opts12
assert opts11.show_prices != opts12.show_prices
def test_contact_groups(rf, regular_user):
shop = get_default_shop()
assert ContactGroupPriceDisplay.objects.count() == 0
request = apply_request_middleware(rf.get("/"))
# default groups created for non shop and shop
assert ContactGroupPriceDisplay.objects.count() == 2
assert is_anonymous(request.user)
user = request.user
contact = get_person_contact(user)
assert contact == AnonymousContact()
group = contact.get_default_group()
assert group.is_protected
groups = ContactGroup.objects.all()
assert groups.count() == 1
assert not groups.filter(shop=shop).exists()
assert groups.filter(shop__isnull=True).exists()
group = groups.first()
assert group.identifier == AnonymousContact.default_contact_group_identifier
assert ContactGroupPriceDisplay.objects.count() == 2
g1 = ContactGroupPriceDisplay.objects.first()
assert g1.group == group
assert not g1.shop
assert group.price_display_options.exists()
assert group.price_display_options.for_group_and_shop(group, shop) != group.price_display_options.first()
assert ContactGroupPriceDisplay.objects.count() == 2 # new one was created (shop + anonymous)
g2 = ContactGroupPriceDisplay.objects.exclude(id=g1.id).first()
assert g2.group == group # same group as before
assert g2.shop == shop
assert group.price_display_options.count() == 2
for cgpd in ContactGroupPriceDisplay.objects.all():
assert not cgpd.group.members.count()
options = group.get_price_display_options()
assert options
# create real contact
contact = get_person_contact(regular_user)
assert contact.groups.count() # contact was added to default group
contact.add_to_shop(shop)
group_with_shop = contact.get_default_group()
assert contact.groups.first() == group_with_shop
assert group_with_shop.identifier == PersonContact.default_contact_group_identifier
assert ContactGroupPriceDisplay.objects.count() == 3 # new one was created
g3 = ContactGroupPriceDisplay.objects.exclude(id__in=[g1.id, g2.id]).first()
assert g3.group != group # same group as before
assert g3.group == group_with_shop
assert not g3.shop # no group as it's the default group
groups = ContactGroup.objects.all()
assert groups.count() == 2 # two groups
assert not groups.filter(shop=shop).exists() # still not exists as we are using defaults
assert groups.filter(shop__isnull=True).count() == 2
assert groups.filter(identifier__in=[AnonymousContact.default_contact_group_identifier, PersonContact.default_contact_group_identifier]).count() == 2
assert ContactGroupPriceDisplay.objects.count() == 3 # no new ones created
assert group.price_display_options.count() == 2 # all in same group
assert group.price_display_options.for_group_and_shop(group_with_shop, shop) not in group.price_display_options.all()
assert ContactGroupPriceDisplay.objects.count() == 4 # new was created
