def test_update_injection():
shop = factories.get_default_shop()
client = SmartClient()
index_url = reverse("shuup:index")
page = ensure_gdpr_privacy_policy(shop)
shop_gdpr = GDPRSettings.get_for_shop(shop)
shop_gdpr.enabled = True
shop_gdpr.privacy_policy = page
shop_gdpr.save()
assert_update(client, index_url, False) # nothing consented in past, should not show
user = factories.create_random_user("en")
password = "******"
user.set_password(password)
user.save()
client.login(username=user.username, password=password)
assert_update(client, index_url, False) # no consent given, should not be visible
create_user_consent_for_all_documents(shop, user)
assert_update(client, index_url, False)
with reversion.create_revision():
page.save()
assert not is_documents_consent_in_sync(shop, user)
assert_update(client, index_url, True)
# consent
client.get(reverse("shuup:gdpr_policy_consent", kwargs=dict(page_id=page.pk)))
assert is_documents_consent_in_sync(shop, user)
assert_update(client, index_url, False)
def test_update_injection():
shop = factories.get_default_shop()
client = SmartClient()
index_url = reverse("shuup:index")
page = ensure_gdpr_privacy_policy(shop)
shop_gdpr = GDPRSettings.get_for_shop(shop)
shop_gdpr.enabled = True
shop_gdpr.privacy_policy = page
shop_gdpr.save()
assert_update(client, index_url, False) # nothing consented in past, should not show
user = factories.create_random_user("en")
password = "******"
user.set_password(password)
user.save()
client.login(username=user.username, password=password)
assert_update(client, index_url, False) # no consent given, should not be visible
create_user_consent_for_all_documents(shop, user)
assert_update(client, index_url, False)
with reversion.create_revision():
page.save()
assert not is_documents_consent_in_sync(shop, user)
assert_update(client, index_url, True)
# consent
client.get(reverse("shuup:gdpr_policy_consent", kwargs=dict(page_id=page.pk)))
assert is_documents_consent_in_sync(shop, user)
assert_update(client, index_url, False)
def test_page_form(rf, admin_user):
with override_settings(LANGUAGES=[("en", "en")]):
activate("en")
shop = get_default_shop()
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
original_gdpr_page = ensure_gdpr_privacy_policy(shop)
versions = Version.objects.get_for_object(original_gdpr_page)
assert len(versions) == 1
# consent to this with user
user = factories.create_random_user("en")
create_user_consent_for_all_documents(shop, user)
version = versions[0]
assert GDPRUserConsentDocument.objects.filter(
page=original_gdpr_page, version=version).exists()
assert is_documents_consent_in_sync(shop, user)
assert Page.objects.count() == 1
view = PageEditView.as_view()
# load the page
request = apply_request_middleware(rf.get("/"), user=admin_user)
response = view(request, pk=original_gdpr_page.pk)
assert 200 <= response.status_code < 300
# update the page
post_data = {
"content__en": "test_data",
"available_from": "",
"url__en": "test",
"title__en": "defa",
"available_to": "",
"page_type": PageType.REVISIONED.value
}
request = apply_request_middleware(rf.post("/", post_data),
user=admin_user)
response = view(request, pk=original_gdpr_page.pk)
assert response.status_code == 302
versions = Version.objects.get_for_object(original_gdpr_page)
assert len(versions) == 4 # saved 4 times in total
assert not is_documents_consent_in_sync(shop, user)
create_user_consent_for_all_documents(shop, user)
assert is_documents_consent_in_sync(shop, user)
def test_register_form(client):
activate("en")
shop = factories.get_default_shop()
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
# create privacy policy GDPR document
privacy_policy = ensure_gdpr_privacy_policy(shop)
redirect_target = "/index/"
client = SmartClient()
# user didn't checked the privacy policy agreement
response = client.post(
reverse("shuup:registration_register"),
data={
"username": "******",
"email": "*****@*****.**",
"password1": "1234",
"password2": "1234",
REDIRECT_FIELD_NAME: redirect_target,
},
)
assert response.status_code == 200
assert "You must accept this in order to register." in response.content.decode(
"utf-8")
response = client.post(
reverse("shuup:registration_register"),
data={
"username": "******",
"email": "*****@*****.**",
"password1": "1234",
"password2": "1234",
"accept_%d" % privacy_policy.id: "on",
REDIRECT_FIELD_NAME: redirect_target,
},
)
assert response.status_code == 302
assert response.get("location")
assert response.get("location").endswith(redirect_target)
user = User.objects.first()
assert is_documents_consent_in_sync(shop, user)
ensure_gdpr_privacy_policy(shop, force_update=True)
assert not is_documents_consent_in_sync(shop, user)
def test_policy_consent_view(rf, language):
activate(language)
shop = factories.get_default_shop()
user = factories.create_random_user("en")
page = ensure_gdpr_privacy_policy(shop)
view = GDPRPolicyConsentView.as_view()
# try without user
request = apply_request_middleware(rf.post("/"), shop=shop)
response = view(request, page_id=page.id)
assert response.status_code == 404
# try with anonymous user
anonymous_user = AnonymousUser()
request = apply_request_middleware(rf.post("/"),
shop=shop,
user=anonymous_user)
response = view(request, page_id=page.id)
assert response.status_code == 404
# try without correct page
incorrect_shop = Shop.objects.create(name="testing",
public_name="testing..")
incorrect_page = Page.objects.create(shop=incorrect_shop)
request = apply_request_middleware(rf.post("/"), shop=shop, user=user)
response = view(request, page_id=incorrect_page.id)
assert response.status_code == 404
assert is_documents_consent_in_sync(
shop, user) # returns true because no settings set
request = apply_request_middleware(rf.post("/"), shop=shop, user=user)
response = view(request, page_id=page.id)
assert response.status_code == 404 # gdpr settings not enabled
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.privacy_policy = page
gdpr_settings.save()
request = apply_request_middleware(rf.post("/"), shop=shop, user=user)
response = view(request, page_id=page.id)
assert response.status_code == 302 # all good!
assert is_documents_consent_in_sync(shop, user)
def test_register_form(client):
activate("en")
shop = factories.get_default_shop()
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
# create privacy policy GDPR document
privacy_policy = ensure_gdpr_privacy_policy(shop)
redirect_target = "/index/"
client = SmartClient()
# user didn't checked the privacy policy agreement
response = client.post(reverse("shuup:registration_register"), data={
"username": "******",
"email": "*****@*****.**",
"password1": "1234",
"password2": "1234",
REDIRECT_FIELD_NAME: redirect_target
})
assert response.status_code == 200
assert "You must accept to this to register." in response.content.decode("utf-8")
response = client.post(reverse("shuup:registration_register"), data={
"username": "******",
"email": "*****@*****.**",
"password1": "1234",
"password2": "1234",
"accept_%d" % privacy_policy.id: "on",
REDIRECT_FIELD_NAME: redirect_target
})
assert response.status_code == 302
assert response.get("location")
assert response.get("location").endswith(redirect_target)
user = User.objects.first()
assert is_documents_consent_in_sync(shop, user)
ensure_gdpr_privacy_policy(shop, force_update=True)
assert not is_documents_consent_in_sync(shop, user)
def test_policy_consent_view(rf, language):
activate(language)
shop = factories.get_default_shop()
user = factories.create_random_user("en")
page = ensure_gdpr_privacy_policy(shop)
view = GDPRPolicyConsentView.as_view()
# try without user
request = apply_request_middleware(rf.post("/"), shop=shop)
response = view(request, page_id=page.id)
assert response.status_code == 404
# try with anonymous user
anonymous_user = AnonymousUser()
request = apply_request_middleware(rf.post("/"), shop=shop, user=anonymous_user)
response = view(request, page_id=page.id)
assert response.status_code == 404
# try without correct page
incorrect_shop = Shop.objects.create(name="testing", public_name="testing..")
incorrect_page = Page.objects.create(shop=incorrect_shop)
request = apply_request_middleware(rf.post("/"), shop=shop, user=user)
response = view(request, page_id=incorrect_page.id)
assert response.status_code == 404
assert is_documents_consent_in_sync(shop, user) # returns true because no settings set
request = apply_request_middleware(rf.post("/"), shop=shop, user=user)
response = view(request, page_id=page.id)
assert response.status_code == 404 # gdpr settings not enabled
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.privacy_policy = page
gdpr_settings.save()
request = apply_request_middleware(rf.post("/"), shop=shop, user=user)
response = view(request, page_id=page.id)
assert response.status_code == 302 # all good!
assert is_documents_consent_in_sync(shop, user)
def dispatch(self, request, *args, **kwargs):
user = request.user
if is_anonymous(request.user):
return HttpResponseNotFound()
shop = request.shop
page = Page.objects.filter(pk=kwargs["page_id"], shop=shop).first()
if not page:
return HttpResponseNotFound()
document = create_user_consent_for_all_documents(shop, user)
if document:
if not is_documents_consent_in_sync(shop, user):
return HttpResponseNotFound()
return HttpResponseRedirect(request.META.get("HTTP_REFERER", "/"))
return HttpResponseNotFound()
def dispatch(self, request, *args, **kwargs):
user = request.user
if request.user.is_anonymous():
return HttpResponseNotFound()
shop = request.shop
page = Page.objects.filter(pk=kwargs["page_id"], shop=shop).first()
if not page:
return HttpResponseNotFound()
document = create_user_consent_for_all_documents(shop, user)
if document:
if not is_documents_consent_in_sync(shop, user):
return HttpResponseNotFound()
return HttpResponseRedirect(request.META.get('HTTP_REFERER', "/"))
return HttpResponseNotFound()
def test_consent_required(rf):
activate("en")
shop = factories.get_default_shop()
user = factories.create_random_user()
page = ensure_gdpr_privacy_policy(shop)
assert page
gdpr_settings = GDPRSettings.get_for_shop(shop)
assert not gdpr_settings.enabled
assert gdpr_settings.privacy_policy_page == page
assert not should_reconsent_privacy_policy(shop, user)
assert is_documents_consent_in_sync(shop, user) # settings not enabled
assert page in get_possible_consent_pages(shop)
# enable gpdr
gdpr_settings.enabled = True
gdpr_settings.save()
assert gdpr_settings.privacy_policy_page == get_privacy_policy_page(shop)
assert not is_documents_consent_in_sync(shop, user)
# create revisioned page
hidden_page = Page.objects.create(shop=shop, available_from=None)
assert hidden_page not in Page.objects.visible(shop=shop)
assert gdpr_settings.privacy_policy_page == get_privacy_policy_page(shop)
assert hidden_page in get_possible_consent_pages(shop)
with reversion.create_revision():
page.save()
create_user_consent_for_all_documents(shop, user)
assert GDPRUserConsent.objects.filter(user=user, shop=shop).count() == 1
consent = GDPRUserConsent.objects.get(user=user, shop=shop)
pages = [c.page for c in consent.documents.all()]
assert page in pages
assert hidden_page not in pages # not there due not visible
with reversion.create_revision():
page.save()
# add a new (visible) page
available_page = Page.objects.create(shop=shop, available_from=now())
assert available_page in Page.objects.visible(shop=shop)
create_user_consent_for_all_documents(shop, user)
consent = GDPRUserConsent.objects.get(user=user, shop=shop)
pages = [c.page for c in consent.documents.all()]
assert page in pages
assert hidden_page not in pages # not there due not visible
assert available_page not in pages # not there due defined in settings
assert available_page in get_possible_consent_pages(shop)
assert available_page not in get_active_consent_pages(shop)
gdpr_settings.consent_pages.add(available_page)
gdpr_settings.refresh_from_db()
assert gdpr_settings.privacy_policy_page
assert gdpr_settings.consent_pages.count() == 1
assert available_page in get_active_consent_pages(shop)
assert consent.documents.count() == 1
create_user_consent_for_all_documents(shop, user)
consent = GDPRUserConsent.objects.get(user=user, shop=shop)
assert consent.documents.count() == 2
assert is_documents_consent_in_sync(shop, user)
pages = [c.page for c in consent.documents.all()]
assert page in pages
assert hidden_page not in pages # not there due not visible
assert available_page in pages
def test_page_form(rf, admin_user):
with override_settings(LANGUAGES=[("en", "en")]):
activate("en")
shop = get_default_shop()
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
original_gdpr_page = ensure_gdpr_privacy_policy(shop)
versions = Version.objects.get_for_object(original_gdpr_page)
assert len(versions) == 1
# consent to this with user
user = factories.create_random_user("en")
assert not GDPRUserConsent.objects.filter(shop=shop,
user=user).exists()
original_consent = create_user_consent_for_all_documents(shop, user)
assert GDPRUserConsent.objects.filter(shop=shop,
user=user).count() == 1
# create one outside the usual flow
GDPRUserConsent.objects.create(user=user, shop=shop)
assert GDPRUserConsent.objects.filter(shop=shop,
user=user).count() == 2
# consent again
new_consent = create_user_consent_for_all_documents(shop, user)
assert GDPRUserConsent.objects.filter(shop=shop,
user=user).count() == 1
assert original_consent.pk == new_consent.pk
version = versions[0]
assert GDPRUserConsentDocument.objects.filter(
page=original_gdpr_page, version=version).exists()
assert is_documents_consent_in_sync(shop, user)
assert Page.objects.count() == 1
view = PageEditView.as_view()
# load the page
request = apply_request_middleware(rf.get("/"), user=admin_user)
response = view(request, pk=original_gdpr_page.pk)
assert 200 <= response.status_code < 300
# update the page
post_data = {
"base-content__en": "test_data",
"base-available_from": "",
"base-url__en": "test",
"base-title__en": "defa",
"base-available_to": "",
}
request = apply_request_middleware(rf.post("/", post_data),
user=admin_user)
response = view(request, pk=original_gdpr_page.pk)
if hasattr(response, "render"):
content = response.render()
assert response.status_code in [200, 302]
versions = Version.objects.get_for_object(original_gdpr_page)
assert len(versions) == 4 # saved 4 times in total
assert not is_documents_consent_in_sync(shop, user)
create_user_consent_for_all_documents(shop, user)
assert is_documents_consent_in_sync(shop, user)
def test_page_form(rf, admin_user):
with override_settings(LANGUAGES=[("en", "en")]):
activate("en")
shop = get_default_shop()
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.save()
original_gdpr_page = ensure_gdpr_privacy_policy(shop)
versions = Version.objects.get_for_object(original_gdpr_page)
assert len(versions) == 1
# consent to this with user
user = factories.create_random_user("en")
assert not GDPRUserConsent.objects.filter(shop=shop, user=user).exists()
original_consent = create_user_consent_for_all_documents(shop, user)
assert GDPRUserConsent.objects.filter(shop=shop, user=user).count() == 1
# create one outside the usual flow
GDPRUserConsent.objects.create(user=user, shop=shop)
assert GDPRUserConsent.objects.filter(shop=shop, user=user).count() == 2
# consent again
new_consent = create_user_consent_for_all_documents(shop, user)
assert GDPRUserConsent.objects.filter(shop=shop, user=user).count() == 1
assert original_consent.pk == new_consent.pk
version = versions[0]
assert GDPRUserConsentDocument.objects.filter(page=original_gdpr_page, version=version).exists()
assert is_documents_consent_in_sync(shop, user)
assert Page.objects.count() == 1
view = PageEditView.as_view()
# load the page
request = apply_request_middleware(rf.get("/"), user=admin_user)
response = view(request, pk=original_gdpr_page.pk)
assert 200 <= response.status_code < 300
# update the page
post_data = {
"base-content__en": "test_data",
"base-available_from": "",
"base-url__en": "test",
"base-title__en": "defa",
"base-available_to": "",
}
request = apply_request_middleware(rf.post("/", post_data), user=admin_user)
response = view(request, pk=original_gdpr_page.pk)
if hasattr(response, "render"):
content = response.render()
assert response.status_code in [200, 302]
versions = Version.objects.get_for_object(original_gdpr_page)
assert len(versions) == 4 # saved 4 times in total
assert not is_documents_consent_in_sync(shop, user)
create_user_consent_for_all_documents(shop, user)
assert is_documents_consent_in_sync(shop, user)
def test_consent_required(rf):
activate("en")
shop = factories.get_default_shop()
user = factories.create_random_user()
page = ensure_gdpr_privacy_policy(shop)
assert page
gdpr_settings = GDPRSettings.get_for_shop(shop)
assert not gdpr_settings.enabled
assert gdpr_settings.privacy_policy_page == page
assert not should_reconsent_privacy_policy(shop, user)
assert is_documents_consent_in_sync(shop, user) # settings not enabled
assert page in get_possible_consent_pages(shop)
# enable gpdr
gdpr_settings.enabled = True
gdpr_settings.save()
assert gdpr_settings.privacy_policy_page == get_privacy_policy_page(shop)
assert not is_documents_consent_in_sync(shop, user)
# create revisioned page
hidden_page = Page.objects.create(shop=shop, available_from=None)
assert hidden_page not in Page.objects.visible(shop=shop)
assert gdpr_settings.privacy_policy_page == get_privacy_policy_page(shop)
assert hidden_page in get_possible_consent_pages(shop)
with reversion.create_revision():
page.save()
create_user_consent_for_all_documents(shop, user)
assert GDPRUserConsent.objects.filter(user=user, shop=shop).count() == 1
consent = GDPRUserConsent.objects.get(user=user, shop=shop)
pages = [c.page for c in consent.documents.all()]
assert page in pages
assert hidden_page not in pages # not there due not visible
with reversion.create_revision():
page.save()
# add a new (visible) page
available_page = Page.objects.create(shop=shop, available_from=now())
assert available_page in Page.objects.visible(shop=shop)
create_user_consent_for_all_documents(shop, user)
consent = GDPRUserConsent.objects.get(user=user, shop=shop)
pages = [c.page for c in consent.documents.all()]
assert page in pages
assert hidden_page not in pages # not there due not visible
assert available_page not in pages # not there due defined in settings
assert available_page in get_possible_consent_pages(shop)
assert available_page not in get_active_consent_pages(shop)
gdpr_settings.consent_pages.add(available_page)
gdpr_settings.refresh_from_db()
assert gdpr_settings.privacy_policy_page
assert gdpr_settings.consent_pages.count() == 1
assert available_page in get_active_consent_pages(shop)
assert consent.documents.count() == 1
create_user_consent_for_all_documents(shop, user)
consent = GDPRUserConsent.objects.get(user=user, shop=shop)
assert consent.documents.count() == 2
assert is_documents_consent_in_sync(shop, user)
pages = [c.page for c in consent.documents.all()]
assert page in pages
assert hidden_page not in pages # not there due not visible
assert available_page in pages
