class AdminTests(TestCase):
fixtures = ['micropages_test.json']
def setUp(self):
self.factory = RequestFactory()
self.site = AdminSite()
self.page = micropages.templates.Loader().find_page('/admin-page/')
def test_should_return_not_supportsed_on_non_post_preview(self):
request = self.factory.get('/admin/micropages/page/preview/')
response = micropages.admin.PageAdmin(self.page, self.site).preview(request)
self.assertEqual(response.status_code, 405)
def test_should_return_500_if_previews_page_missing(self):
request = self.factory.post('/admin/micropages/page/preview/')
response = micropages.admin.PageAdmin(self.page, self.site).preview(request)
self.assertEqual(response.status_code, 500)
def test_should_return_200_page_preview(self):
request = self.factory.post('/admin/micropages/page/preview/', {'page': 'admin'})
response = micropages.admin.PageAdmin(self.page, self.site).preview(request)
self.assertEqual(response.status_code, 200)
def test_should_process_template_on_page_preview(self):
request = self.factory.post('/admin/micropages/page/preview/', {'page': 'admin'})
response = micropages.admin.PageAdmin(self.page, self.site).preview(request)
self.assertEqual(response.content, 'admin')
class CoreFormTestCase(TestCase):
def setUp(self):
self.user = User.objects.create_user(
username='******', email='*****@*****.**', password='******')
self.factory = RequestFactory()
def test_valid_form(self):
request = self.factory.post(
'', {'username': '******', 'password': '******'})
form = LoginForm(request.POST)
self.assertTrue(form.is_valid())
def test_invalid_form(self):
request = self.factory.post(
'', {'username': '******', 'password': ''})
form = LoginForm(request.POST)
self.assertFalse(form.is_valid())
def test_form_login(self):
request = self.factory.post('', {'username': '******', 'password': '******'})
form = LoginForm(request.POST)
self.assertTrue(form.is_valid())
user = form.login(request)
self.assertTrue(user, self.user)
class TestGetAudience(TestCase):
def setUp(self):
self.factory = RequestFactory()
@patch_settings(SITE_URL='http://example.com')
def test_improperly_configured(self):
# Raise ImproperlyConfigured if SITE_URL doesn't match the request's
# URL.
request = self.factory.post('/', SERVER_NAME='www.blah.com')
with self.assertRaises(ImproperlyConfigured):
get_audience(request)
@patch_settings(SITE_URL='http://example.com')
def test_properly_configured(self):
# Return SITE_URL if it matches the request URL and DEBUG = True.
request = self.factory.post('/', SERVER_NAME='example.com')
self.assertEqual('http://example.com', get_audience(request))
@patch_settings(SITE_URL=['http://example1.com', 'http://example2.com'])
def test_iterable(self):
# Return correct url from iterable SITE_URL, if it contains request URL.
request = self.factory.post('/', SERVER_NAME='example2.com')
self.assertEqual('http://example2.com', get_audience(request))
@patch_settings(DEBUG=True)
def test_no_site_url(self):
# If SITE_URL isn't set, use the domain from the request.
request = self.factory.post('/', SERVER_NAME='www.blah.com')
self.assertEqual('http://www.blah.com', get_audience(request))
class ClientViews(TestCase):
def setUp(self):
self.factory = RequestFactory()
def test_home(self):
url = reverse('home')
request = self.factory.get(url)
response = home(request)
self.assertEqual(200, response.status_code)
self.assertIn("Tic Tac Toe by Jack Slingerland", response.content)
def test_make_move_with_invalid_parameters(self):
url = reverse('make-move')
request = self.factory.post(url)
response = make_move(request)
self.assertEqual(200, response.status_code)
self.assertEqual({
'error' : 'You are missing a required parameter.'
}, json.loads(response.content))
def test_make_move_with_valid_parameters(self):
game = Game(name='Test Game')
game.save()
url = reverse('make-move')
request = self.factory.post(url, {
'board' : ',O,X,,X,,,,',
'game' : game.id,
'x' : 2,
'y' : 1
})
response = make_move(request)
self.assertEqual(200, response.status_code)
self.assertNotIn('error', response.content)
self.assertEqual(None, json.loads(response.content)['state'])
self.assertNotEqual(None, json.loads(response.content)['coordinates'])
def test_new_game_with_invalid_parameters(self):
url = reverse('new-game')
request = self.factory.post(url)
response = new_game(request)
self.assertEqual(200, response.status_code)
self.assertEqual({
'error' : "'name' field is required."
}, json.loads(response.content))
def test_new_game_with_valid_parameters(self):
url = reverse('new-game')
request = self.factory.post(url, { 'name' : 'Jack' })
response = new_game(request)
self.assertEqual(200, response.status_code)
self.assertNotIn('error', response.content)
self.assertEqual(Game.objects.get(name='Jack').id, json.loads(response.content)['id'])
class RedeliverAdminActionTest(TestCase):
def setUp(self):
self.site = factories.make_world()
self.admin_site = AdminSite()
self.admin = DeferredMessageAdmin(DeferredMessage,
self.admin_site)
self.factory = RequestFactory()
self.user = User.objects.get(username='******')
self.user.is_superuser = True
def test_redeliver(self):
foireq = FoiRequest.objects.all()[0]
dm = factories.DeferredMessageFactory()
dm.save()
req = self.factory.post('/', {})
req.user = self.user
result = self.admin.redeliver(req,
DeferredMessage.objects.filter(
id__in=[dm.id]))
self.assertEqual(result.status_code, 200)
req = self.factory.post('/', {
'req_id': foireq.id
})
req.user = self.user
req._messages = default_storage(req)
result = self.admin.redeliver(req,
DeferredMessage.objects.filter(
id__in=[dm.id]))
self.assertIsNone(result)
dm = DeferredMessage.objects.get(id=dm.id)
self.assertEqual(dm.request, foireq)
class TestAuthentication(unittest.TestCase):
def setUp(self):
self.req_factory = RequestFactory()
@override_settings(API_KEY='test')
def test_valid_auth(self):
http_auth = 'Basic {0}'.format(
base64.encodestring(settings.API_KEY))
request = self.req_factory.post('/api/v1/metric/', {},
HTTP_AUTHORIZATION=http_auth)
auth = SettingsAuthentication()
auth_resp = auth.authenticate(request)
self.assertFalse(auth_resp is None, "Authentication failed")
@override_settings(API_KEY='test')
def test_invalid_auth(self):
http_auth = 'Basic {0}'.format(
base64.encodestring('wrongkey'))
request = self.req_factory.post('/api/v1/metric/', {},
HTTP_AUTHORIZATION=http_auth)
auth = SettingsAuthentication()
self.assertRaises(exceptions.AuthenticationFailed, auth.authenticate,
request)
@override_settings(API_KEY='test')
def test_no_auth(self):
request = self.req_factory.post('/api/v1/metric/', {})
auth = SettingsAuthentication()
auth_resp = auth.authenticate(request)
self.assertTrue(auth_resp is None, "Authentication succeeded")
class GetNextTests(TestCase):
def setUp(self):
self.factory = RequestFactory()
def test_no_param(self):
"""If next isn't in the POST params, return None."""
request = self.factory.post('/')
eq_(views._get_next(request), None)
def test_is_safe(self):
"""Return the value of next if it is considered safe."""
request = self.factory.post('/', {'next': '/asdf'})
request.get_host = lambda: 'myhost'
with patch.object(views, 'is_safe_url', return_value=True) as is_safe_url:
eq_(views._get_next(request), '/asdf')
is_safe_url.assert_called_with('/asdf', host='myhost')
def test_isnt_safe(self):
"""If next isn't safe, return None."""
request = self.factory.post('/', {'next': '/asdf'})
request.get_host = lambda: 'myhost'
with patch.object(views, 'is_safe_url', return_value=False) as is_safe_url:
eq_(views._get_next(request), None)
is_safe_url.assert_called_with('/asdf', host='myhost')
class ViewTests(TestCase):
def setUp(self):
self.factory = RequestFactory()
self.user = get_user()
def test_valid_new_vendor_redirects(self):
request = self.factory.post('/vendors/add',
{ 'name': 'test123',
'address': '123 Main st'})
request.user = self.user
response = views.new_vendor(request)
self.assertEqual(response.status_code, 302)
self.assertEqual(models.Vendor.objects.filter(name="test123").count(), 1)
def test_invalid_new_vendor_does_not_save(self):
request = self.factory.post('/vendors/add',
{ 'name': 'test123' })
request.user = self.user
response = views.new_vendor(request)
self.assertEqual(response.status_code, 200)
self.assertEqual(models.Vendor.objects.filter(name="test123").count(), 0)
class ProjectImageFormTestCase(ProjectBaseTestCase):
def setUp(self):
self.request_factory = RequestFactory()
self.project = self.create_project()
def test_valid_file_upload(self):
filename = self.get_random_string()
f = self.create_file(filename=filename)
request = self.request_factory.post('/', {'file': f})
request.is_ajax = True
form = ProjectImageForm(request.POST, request.FILES)
if form.is_valid():
instance = form.save()
self.assertEqual(instance.get_filename(), filename)
else:
self.fail('Form should be valid')
def test_invalid_upload(self):
request = self.request_factory.post('/', {'filez': self.create_file()})
request.is_ajax = True
form = ProjectImageForm(request.POST or None, request.FILES or None)
self.assertFalse(form.is_valid())
def test_no_file(self):
request = self.request_factory.post('/', {})
request.is_ajax = True
form = ProjectImageForm(request.POST or None, request.FILES or None)
self.assertFalse(form.is_valid())
class LogoutTests(TestCase):
def setUp(self):
self.factory = RequestFactory()
_get_next_patch = patch('django_browserid.views._get_next')
self._get_next = _get_next_patch.start()
self.addCleanup(_get_next_patch.stop)
def test_redirect(self):
"""Include LOGOUT_REDIRECT_URL in the response."""
request = self.factory.post('/')
logout = views.Logout.as_view()
self._get_next.return_value = None
with patch.object(views.Logout, 'redirect_url', '/test/foo'):
with patch('django_browserid.views.auth.logout') as auth_logout:
response = logout(request)
auth_logout.assert_called_with(request)
eq_(response.status_code, 200)
self.assert_json_equals(response.content, {'redirect': '/test/foo'})
def test_redirect_next(self):
"""
If _get_next returns a URL, use it for the redirect parameter.
"""
request = self.factory.post('/')
logout = views.Logout.as_view()
self._get_next.return_value = '/test/bar'
with patch.object(views.Logout, 'redirect_url', '/test/foo'):
with patch('django_browserid.views.auth.logout'):
response = logout(request)
self.assert_json_equals(response.content, {'redirect': '/test/bar'})
class TestConfirmToken(TestCase):
def setUp(self):
self.factory = RequestFactory()
self.uuid = 'f3a12ae7-4f05-4fce-8135-bc51a9522116'
self.undashified_uuid = 'f3a12ae74f054fce8135bc51a9522116'
self.username = '******'
self.ureporter = Ureporter(uuid=self.uuid, user=User.objects.create_user(self.username))
self.ureporter.token = 1234
self.ureporter.save()
@patch('requests.delete')
def tearDown(self, mock_requests_delete):
mock_requests_delete.side_effect = None
self.ureporter.delete()
def test_confirm_token_with_good_code(self):
request = self.factory.post('/confirm-token', {'phone': self.username, 'text': '1234'})
response = confirm_token(request)
self.assertEqual(json.loads(response.content)['token_ok'], 'true')
def test_confirm_token_with_bad_code(self):
request = self.factory.post('/confirm-token', {'phone': self.username, 'text': '8888'})
response = confirm_token(request)
self.assertEqual(json.loads(response.content)['token_ok'], 'false')
class MenuAdminTest(TestCase):
fixtures = ['simple_menus', 'simple_site']
def setUp(self):
self.factory = RequestFactory()
def test_delete_item(self):
request = self.factory.post('/admin/navigation/menu/1/delete_item', {'id': 11})
admin = MenuAdmin(Menu, None)
response = admin.delete_item_view(request, 1)
self.assertNotEqual(None, response)
def test_update_item(self):
request = self.factory.post('/admin/navigation/menu/1/update_item', {'id': 11, 'title': 'new title', 'parent' : ''})
admin = MenuAdmin(Menu, None)
response = admin.update_item_view(request, 1)
self.assertNotEqual(None, response)
def test_refresh_items(self):
from navigation.admin import refresh_items
queryset = Menu.objects.filter(id=1)
refresh_items(None, None, queryset)
def test_add_item_performance(self):
request = self.factory.post('/admin/navigation/menu/1/add_item', {})
admin = MenuAdmin(Menu, None)
for i in range(30):
admin.add_item_view(request, 1)
class MemberTests(TestCase):
def setUp(self):
self.factory = RequestFactory()
self.member = models.Member.objects.create(email="*****@*****.**")
def test_signing(self):
member_via_key = models.Member.objects.get_by_unsubscribe_key(
self.member.unsubscribe_key)
self.assertEqual(self.member.pk, member_via_key.pk)
def test_signup(self):
email = '*****@*****.**'
request = self.factory.post(reverse('launchpad_signup'),
{'email': email})
response = views.Signup.as_view()(request)
self.assertEqual(response.status_code, 302)
self.assertEqual(response['Location'], reverse('launchpad_success'))
member = models.Member.objects.get(email=email)
def test_good_unsubscribe(self):
key = self.member.unsubscribe_key
request = self.factory.post(reverse('launchpad_unsubscribe',
args=(key,)))
response = views.Unsubscribe.as_view()(request, key=key)
self.assertEqual(response.status_code, 200)
member = models.Member.objects.get(pk=self.member.pk)
self.assertFalse(member.is_subscribed)
def test_bad_unsubscribe(self):
bad_key = "notavalidkey9876543210"
request = self.factory.post(reverse('launchpad_unsubscribe',
args=(bad_key,)))
self.assertRaises(http.Http404, views.Unsubscribe.as_view(), request, key=bad_key)
class SignupViewTestCase(unittest.TestCase):
def setUp(self):
self.factory = RequestFactory()
def test_get(self):
request = self.factory.get(reverse("account_signup"))
request.user = AnonymousUser()
response = SignupEnabledView.as_view()(request)
self.assertEqual(response.status_code, 200)
def test_get_disabled(self):
request = self.factory.get(reverse("account_signup"))
request.user = AnonymousUser()
response = SignupDisabledView.as_view()(request)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.template_name, "account/signup_closed.html")
def test_post_disabled(self):
request = self.factory.post(reverse("account_signup"))
request.user = AnonymousUser()
response = SignupDisabledView.as_view()(request)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.template_name, "account/signup_closed.html")
def test_post_successful(self):
post = {"username": "******", "password": "******",
"password_confirm": "pwd", "email": "*****@*****.**"}
request = self.factory.post(reverse("account_signup"), post)
request.user = AnonymousUser()
response = SignupEnabledView.as_view()(request)
self.assertEqual(response.status_code, 302)
user = User.objects.get(username="******")
self.asserEqual(user.email, "*****@*****.**")
class SubscribeEmailValidationTest(TestCase):
email = '*****@*****.**'
data = {
'email': email,
'newsletters': 'os',
}
view = 'subscribe'
def setUp(self):
self.rf = RequestFactory()
@patch('news.views.validate_email')
def test_invalid_email(self, mock_validate):
"""Should return proper error for invalid email."""
mock_validate.side_effect = views.EmailValidationError('Invalid email')
view = getattr(views, self.view)
resp = view(self.rf.post('/', self.data))
resp_data = json.loads(resp.content)
self.assertEqual(resp.status_code, 400)
self.assertEqual(resp_data['status'], 'error')
self.assertEqual(resp_data['code'], errors.BASKET_INVALID_EMAIL)
self.assertNotIn('suggestion', resp_data)
@patch('news.views.validate_email')
def test_invalid_email_suggestion(self, mock_validate):
"""Should return proper error for invalid email."""
mock_validate.side_effect = views.EmailValidationError('Invalid email',
'*****@*****.**')
view = getattr(views, self.view)
resp = view(self.rf.post('/', self.data))
resp_data = json.loads(resp.content)
self.assertEqual(resp.status_code, 400)
self.assertEqual(resp_data['status'], 'error')
self.assertEqual(resp_data['code'], errors.BASKET_INVALID_EMAIL)
self.assertEqual(resp_data['suggestion'], '*****@*****.**')
class SignupViewTest(TestCase):
def setUp(self):
self.factory = RequestFactory()
self.request = self.factory.get('/')
self.response = Signup().get(self.request)
self.response_mock = Mock()
def test_signup_should_show_template(self):
self.assertEqual('auth/signup.html', self.response.template_name)
def test_context_should_contain_form(self):
form = self.response.context_data['signup_form']
self.assertIsInstance(form, SignupForm)
def test_should_validate_data_from_post(self):
data = {'email': '', 'password': '', 'same_password_again': ''}
request = self.factory.post('/signup', data)
response = Signup().post(request)
form = response.context_data['signup_form']
self.assertIn(u'This field is required.', form.errors['email'])
self.assertIn(u'This field is required.', form.errors['password'])
self.assertIn(u'This field is required.', form.errors['same_password_again'])
def test_post_with_data_should_send_request_post_to_tsuru_with_args_expected(self):
data = {'email': '*****@*****.**', 'password': '******', 'same_password_again': 'abc123'}
request = self.factory.post('/signup', data)
with patch('requests.post') as post:
Signup().post(request)
self.assertEqual(1, post.call_count)
post.assert_called_with('%s/users' % settings.TSURU_HOST, data='{"password": "******", "email": "*****@*****.**"}')
class AdminActionTest(TestCase):
def setUp(self):
self.site = factories.make_world()
self.admin_site = AdminSite()
self.user_admin = UserAdmin(User, self.admin_site)
self.factory = RequestFactory()
self.user = User.objects.get(username='******')
self.user.is_superuser = True
def test_send_mail(self):
users = User.objects.all()
req = self.factory.post('/', {})
req.user = self.user
result = self.user_admin.send_mail(req, users)
self.assertEqual(result.status_code, 200)
req = self.factory.post('/', {
'subject': 'Test',
'body': '^{name}|{first_name}|{last_name}|'
})
req.user = self.user
req._messages = default_storage(req)
mail.outbox = []
result = self.user_admin.send_mail(req, users)
self.assertIsNone(result)
self.assertEqual(len(mail.outbox), users.count())
message = mail.outbox[0]
user = users[0]
self.assertIn('|%s|' % user.first_name, message.body)
self.assertIn('|%s|' % user.last_name, message.body)
self.assertIn('^%s|' % user.get_full_name(), message.body)
class TeamViewTest(TestCase):
def setUp(self):
self.factory = RequestFactory()
self.request = self.factory.get('/')
self.response = Team().get(self.request)
self.request_post = self.factory.post('/team/', {'name': 'test-team'})
self.request_post.session = {}
self.response_mock = Mock()
def test_should_require_login_to_create_team(self):
assert issubclass(Team, LoginRequiredView)
def test_team_should_render_expected_template(self):
self.assertEqual('auth/team.html', self.response.template_name)
def test_context_should_contain_form(self):
self.assertIn('form', self.response.context_data.keys())
def test_form_in_context_should_has_a_instance_of_TeamForm(self):
form = self.response.context_data.get('form')
self.assertTrue(isinstance(form, TeamForm))
def test_get_request_team_url_should_return_200(self):
try:
self.client.get('/team/')
except Http404:
assert False
def test_post_with_name_should_send_request_post_to_tsuru_with_args_expected(self):
self.request_post.session = {'tsuru_token': 'tokentest'}
with patch('requests.post') as post:
Team().post(self.request_post)
self.assertEqual(1, post.call_count)
post.assert_called_with('%s/teams' % settings.TSURU_HOST,
data='{"name": "test-team"}',
headers={'authorization': self.request_post.session['tsuru_token']})
def test_post_with_valid_name_should_return_context_with_message_expected(self):
with patch('requests.post') as post:
self.response_mock.status_code = 200
post.side_effect = Mock(return_value=self.response_mock)
response = Team().post(self.request_post)
self.assertEqual("Team was successfully created", response.context_data.get('message'))
def test_post_with_invalid_name_should_return_500(self):
with patch('requests.post') as post:
self.response_mock.status_code = 500
self.response_mock.content = 'Error'
post.side_effect = Mock(return_value=self.response_mock)
response = Team().post(self.request_post)
self.assertEqual('Error', response.context_data.get('errors'))
def test_post_without_name_should_return_form_with_errors(self):
request = self.factory.post('/team/', {'name': ''})
request.session = {}
response = Team().post(request)
form = response.context_data.get('form')
self.assertIn('name', form.errors)
self.assertIn(u'This field is required.', form.errors.get('name'))
def test_valid_key(self):
"""Make sure the key is valid"""
actual_ip_plus_desc = actual_ip_plus_context(
lambda req: req.POST.get('description', 'no description')
)
url = reverse('feedback')
factory = RequestFactory(HTTP_X_CLUSTER_CLIENT_IP='192.168.100.101')
# create a request with this as the description
desc = u'\u5347\u7ea7\u4e86\u65b0\u7248\u672c\u4e4b\u540e' * 16
req = factory.post(url, {
'description': desc
})
key = actual_ip_plus_desc(req)
# Key can't exceed memcached 250 character max
length = len(key)
assert length < 250
# Key must be a string
assert isinstance(key, str)
# create a request with this as the description
second_desc = u'\u62e9\u201c\u5728\u65b0\u6807\u7b7e\u9875\u4e2d' * 16
second_req = factory.post(url, {
'description': second_desc
})
second_key = actual_ip_plus_desc(second_req)
# Two descriptions with the same ip address should produce
# different keys.
assert key != second_key
class QuestionFormTestCase(QandaBaseTestCase):
def setUp(self):
self.request_factory = RequestFactory()
self.question = self.create_question()
def test_edit_invalid(self):
request = self.request_factory.post('/', {})
form = QuestionForm(request.POST, instance=self.question)
self.assertFalse(form.is_valid())
self.assertEqual(form.errors['title'], ['This field is required.'])
self.assertEqual(form.errors['question'], ['This field is required.'])
self.assertEqual(Action.objects.count(), 0,
'Invalid form submission should not result in an action'
)
def test_create_invalid(self):
request = self.request_factory.post('/', {})
site = Site.objects.get(id=current_site_id)
question = Question(user=self.create_user(), site=site)
form = QuestionForm(request.POST, instance=question)
self.assertFalse(form.is_valid())
self.assertEqual(form.errors['title'], ['This field is required.'])
self.assertEqual(form.errors['question'], ['This field is required.'])
self.assertEqual(Action.objects.count(), 0,
'Invalid form submission should not result in an action'
)
def test_edit_valid(self):
post_data = {
'title': self.get_random_string(),
'question': self.get_random_string(),
}
request = self.request_factory.post('/', post_data)
form = QuestionForm(request.POST, instance=self.question)
if form.is_valid():
form.save()
self.assertEqual(Action.objects.count(), 0,
'editting a question should not result in an action'
)
else:
self.fail('Form should be valid')
def test_create_valid(self):
post_data = {
'title': self.get_random_string(),
'question': self.get_random_string(),
}
request = self.request_factory.post('/', post_data)
site = Site.objects.get(id=current_site_id)
question = Question(user=self.create_user(), site=site)
form = QuestionForm(request.POST, instance=question)
if form.is_valid():
form.save()
self.assertEqual(Action.objects.count(), 1,
'Creating a question should result in an action'
)
else:
self.fail('Form should be valid')
class CRUDViewTest(TestCase):
names = ['John', 'Anne', 'Chris', 'Beatrice', 'Matt']
def setUp(self):
self.factory = RequestFactory()
for name in self.names:
DummyModel(name=name).save()
def test_ng_query(self):
request = self.factory.get('/crud/')
response = CRUDTestView.as_view()(request)
data = json.loads(response.content)
for obj in data:
db_obj = DummyModel.objects.get(pk=obj['pk'])
self.assertEqual(obj['name'], db_obj.name)
def test_ng_get(self):
request = self.factory.get('/crud/?pk=1')
response = CRUDTestView.as_view()(request)
data = json.loads(response.content)
self.assertEqual(self.names[0], data['name'])
def test_ng_save_create(self):
request = self.factory.post('/crud/',
data=json.dumps({'name': 'Leonard'}),
content_type='application/json')
response = CRUDTestView.as_view()(request)
data = json.loads(response.content)
pk = data['pk']
request2 = self.factory.get('/crud/?pk=%d' % pk)
response2 = CRUDTestView.as_view()(request2)
data2 = json.loads(response2.content)
self.assertEqual(data2['name'], 'Leonard')
def test_ng_save_update(self):
request = self.factory.post('/crud/?pk=1',
data=json.dumps({'pk': 1, 'name': 'John2'}),
content_type='application/json')
response = CRUDTestView.as_view()(request)
data = json.loads(response.content)
self.assertEqual(data['name'], 'John2')
request2 = self.factory.get('/crud/?pk=1')
response2 = CRUDTestView.as_view()(request2)
data2 = json.loads(response2.content)
self.assertEqual(data2['name'], 'John2')
def test_ng_delete(self):
request = self.factory.delete('/crud/?pk=1')
response = CRUDTestView.as_view()(request)
data = json.loads(response.content)
deleted_name = data['name']
request2 = self.factory.get('/crud/')
response2 = CRUDTestView.as_view()(request2)
data2 = json.loads(response2.content)
for obj in data2:
self.assertTrue(deleted_name != obj['name'])
class TestSendToken(TestCase):
def setUp(self):
self.factory = RequestFactory()
self.uuid = 'f3a12ae7-4f05-4fce-8135-bc51a9522116'
self.undashified_uuid = undashify_user(self.uuid)
self.ureporter = Ureporter.objects.create(uuid=self.uuid, user=User.objects.create_user('username'))
self.username = self.ureporter.urn_tel
self.ureporter.user.email = '*****@*****.**'
self.ureporter.save()
@patch('requests.delete')
def tearDown(self, mock_requests_delete):
mock_requests_delete.side_effect = None
self.ureporter.delete()
@patch('webparticipation.apps.send_token.tasks.send_verification_token.delay')
def test_send_token_does_not_accept_get(self, mock_send_verification_token):
mock_send_verification_token.return_value = None
request = self.factory.get('/send-token', {'phone': self.undashified_uuid, 'text': '*****@*****.**'})
response = send_token(request)
self.assertEqual(response, None)
@patch('webparticipation.apps.send_token.tasks.send_verification_token.delay')
def test_send_token_to_new_user(self, mock_send_verification_token):
mock_send_verification_token.return_value = None
request = self.factory.post('/send-token', {'phone': self.username, 'text': '*****@*****.**'})
response = send_token(request)
self.assertEqual(response.status_code, 200)
self.assertEqual(json.loads(response.content)['send_token'], 'send')
@patch('requests.delete')
@patch('webparticipation.apps.send_token.tasks.send_verification_token.delay')
def test_send_token_to_user_that_has_not_finished_registration(
self, mock_send_verification_token, mock_requests_delete):
mock_send_verification_token.return_value = None
mock_requests_delete.side_effect = None
request = self.factory.post('/send-token', {'phone': self.username, 'text': '*****@*****.**'})
response = send_token(request)
self.assertEqual(response.status_code, 200)
self.assertEqual(json.loads(response.content)['send_token'], 'send')
@patch('requests.delete')
@patch('webparticipation.apps.send_token.tasks.send_verification_token.delay')
def test_do_not_send_token_to_existing_user(self, mock_send_verification_token, mock_requests_delete):
mock_send_verification_token.return_value = None
mock_requests_delete.side_effect = None
self.ureporter.token = 0
self.ureporter.save()
request = self.factory.post('/send-token', {'phone': self.username, 'text': '*****@*****.**'})
response = send_token(request)
self.assertEqual(response.status_code, 200)
self.assertEqual(json.loads(response.content)['send_token'], 'exists')
@patch('django.core.mail.EmailMessage.send')
def test_task_send_verification_message_sent(self, mock_email_send):
send_verification_token(self.ureporter)
mock_email_send.assert_called_with()
class ViewTestCase(TestCase):
def setUp(self):
self.factory = RequestFactory()
def add_session(self, request):
SessionMiddleware().process_request(request)
def test_set_timezone(self):
from .views import TimezoneView
from pytz import timezone as tz
request = self.factory.post("/abc", {"timezone": "America/Denver"})
self.add_session(request)
response = TimezoneView.as_view()(request)
self.assertEqual(response.status_code, 200)
self.assertIn("detected_timezone", request.session)
self.assertTrue(tz(request.session["detected_timezone"]))
temp = tz(request.session["detected_timezone"])
self.assertIsInstance(temp, BaseTzInfo)
def test_get_timezone(self):
from .views import TimezoneView
request = self.factory.get("/abc")
self.add_session(request)
response = TimezoneView.as_view()(request)
self.assertEqual(response.status_code, 200)
self.assertContains(response, "Your Timezone is:")
def test_no_timezone(self):
from .views import TimezoneView
request = self.factory.post("/abc")
self.add_session(request)
response = TimezoneView.as_view()(request)
self.assertEqual(response.status_code, 400)
def test_none_timezone(self):
from .views import TimezoneView
request = self.factory.post("/abc", {"timezone": "None"})
self.add_session(request)
response = TimezoneView.as_view()(request)
self.assertContains(response, "America/Chicago")
self.assertEqual(response.status_code, 200)
def test_bad_timezone(self):
from .views import TimezoneView
request = self.factory.post("/abc", {"timezone": "12foo34"})
self.add_session(request)
response = TimezoneView.as_view()(request)
self.assertEqual(response.status_code, 400)
class LoginUserTest(MockedCloudTestCase):
def setUp(self):
super(LoginUserTest, self).setUp()
self.factory = RequestFactory()
# Create an user to check login attempts against
self.existing_user = User.objects.create_user(username='******', cloud_fqdn='existingserver')
def tearDown(self):
self.existing_user.delete()
def test_login_good_credentials(self):
good_creds={'username': '******',
'password': '******',
'cloud_fqdn': 'existingserver',}
request = self.factory.post(reverse(login_user), data=good_creds)
self.do_session_middleware_stuff(request)
resp = login_user(request)
self.assertEqual(resp.status_code, 200)
def test_login_bad_credentials(self):
bad_creds={'username': '******',
'password': '******',
'cloud_fqdn': 'existingserver',}
request = self.factory.post(reverse(login_user), data=bad_creds)
self.do_session_middleware_stuff(request)
# Set mocked backend to fail authentication
self.set_auth_result(False)
resp = login_user(request)
self.assertEqual(resp.status_code, 401)
def test_login_missing_credentials(self):
missing_creds={'username': '******',
'cloud_fqdn': 'existingserver',}
request = self.factory.post(reverse(login_user), data=missing_creds)
resp = login_user(request)
self.assertEqual(resp.status_code, 400)
def test_login_bad_methods(self):
get_request = self.factory.get(reverse(login_user))
resp = login_user(get_request)
self.assertEqual(resp.status_code, 405)
put_request = self.factory.put(reverse(login_user))
resp = login_user(put_request)
self.assertEqual(resp.status_code, 405)
delete_request = self.factory.delete(reverse(login_user))
resp = login_user(delete_request)
self.assertEqual(resp.status_code, 405)
def test_login_no_persistent_session(self):
good_creds={'username': '******',
'password': '******',
'cloud_fqdn': 'existingserver',
'persistent_session': 'False'}
resp = self.client.post(reverse(login_user), good_creds)
self.assertEqual(resp.status_code, 200)
session_cookie = self.client.cookies['sessionid']
self.assertEqual(session_cookie['expires'], "")
class CRUDViewTest(TestCase):
names = ["John", "Anne", "Chris", "Beatrice", "Matt"]
def setUp(self):
self.factory = RequestFactory()
for name in self.names:
DummyModel(name=name).save()
def test_ng_query(self):
request = self.factory.get("/crud/")
response = CRUDTestView.as_view()(request)
data = json.loads(response.content)
for obj in data:
db_obj = DummyModel.objects.get(pk=obj["pk"])
self.assertEqual(obj["name"], db_obj.name)
def test_ng_get(self):
request = self.factory.get("/crud/?pk=1")
response = CRUDTestView.as_view()(request)
data = json.loads(response.content)
self.assertEqual(self.names[0], data["name"])
def test_ng_save_create(self):
request = self.factory.post("/crud/", data=json.dumps({"name": "Leonard"}), content_type="application/json")
response = CRUDTestView.as_view()(request)
data = json.loads(response.content)
pk = data["pk"]
request2 = self.factory.get("/crud/?pk=%d" % pk)
response2 = CRUDTestView.as_view()(request2)
data2 = json.loads(response2.content)
self.assertEqual(data2["name"], "Leonard")
def test_ng_save_update(self):
request = self.factory.post(
"/crud/?pk=1", data=json.dumps({"pk": 1, "name": "John2"}), content_type="application/json"
)
response = CRUDTestView.as_view()(request)
data = json.loads(response.content)
self.assertEqual(data["name"], "John2")
request2 = self.factory.get("/crud/?pk=1")
response2 = CRUDTestView.as_view()(request2)
data2 = json.loads(response2.content)
self.assertEqual(data2["name"], "John2")
def test_ng_delete(self):
request = self.factory.delete("/crud/?pk=1")
response = CRUDTestView.as_view()(request)
data = json.loads(response.content)
deleted_name = data["name"]
request2 = self.factory.get("/crud/")
response2 = CRUDTestView.as_view()(request2)
data2 = json.loads(response2.content)
for obj in data2:
self.assertTrue(deleted_name != obj["name"])
class TeamViewTest(TestCase):
def setUp(self):
self.factory = RequestFactory()
self.request = self.factory.get('/')
self.request.session = {"tsuru_token": "admin"}
self.response = Add.as_view()(self.request)
self.request_post = self.factory.post('/team/', {'name': 'test-team'})
self.request_post.session = {"tsuru_token": "admin"}
def test_should_require_login_to_create_team(self):
assert issubclass(Add, LoginRequiredView)
def test_team_should_render_expected_template(self):
self.assertEqual('auth/team.html', self.response.template_name)
def test_context_should_contain_form(self):
self.assertIn('form', self.response.context_data.keys())
def test_form_in_context_should_has_a_instance_of_TeamForm(self):
form = self.response.context_data.get('form')
self.assertTrue(isinstance(form, TeamForm))
def test_get_request_team_url_should_not_return_404(self):
response = self.client.get(reverse('team-add'))
self.assertNotEqual(404, response.status_code)
@patch('requests.post')
def test_post_sends_request_to_tsuru(self, post):
self.request_post.session = {'tsuru_token': 'tokentest'}
Add.as_view()(self.request_post)
self.assertEqual(1, post.call_count)
post.assert_called_with(
'%s/teams' % settings.TSURU_HOST,
data='{"name": "test-team"}',
headers={'authorization':
self.request_post.session['tsuru_token']})
@patch('requests.post')
def test_valid_post_redirect_to_team_list(self, post):
post.return_value = Mock(status_code=200)
response = Add.as_view()(self.request_post)
self.assertEqual(302, response.status_code)
self.assertEqual(reverse('team-list'), response.items()[1][1])
@patch('requests.post')
def test_post_with_invalid_name_should_return_500(self, post):
post.return_value = Mock(status_code=500, content='Error')
response = Add.as_view()(self.request_post)
self.assertEqual('Error', response.context_data.get('errors'))
def test_post_without_name_should_return_form_with_errors(self):
request = self.factory.post('/team/', {'name': ''})
request.session = {"tsuru_token": "admin"}
response = Add.as_view()(request)
form = response.context_data.get('form')
self.assertIn('name', form.errors)
self.assertIn(u'This field is required.', form.errors.get('name'))
def test_params(self):
factory = RequestFactory()
request = factory.post('/', {'post': 'data'})
params = self.lti._params(request)
self.assertTrue('post' in params)
request = factory.post('/', {'get': 'data'})
params = self.lti._params(request)
self.assertTrue('get' in params)
class TestAdministrarProjectos(TestCase):
"""
*Test para Administración de usuarios, pruebas realizadas:*
+ *ChangeProject*: Test de vista y modificación de los atributos de un proyecto en el sistema.
+ *CreateProject*: Test de Vista y creación de un nuevo proyecto en el sistema.
"""
un_admin = 'admin'
pw_admin = 'admin'
def setUp(self):
"""
*Crea el usuario 'admin' con contraseña 'admin' para las pruebas.*
"""
UsuarioFactory.create()
self.factory = RequestFactory()
def test_createProject_response(self):
"""
*Test para la vista de creacion de proyectos en el sistema*
"""
print '\nInicio - Prueba: createProject'
self.user = Usuario.objects.get(username='******')
dato = {'nombre': 'Proyecto1', 'lider_proyecto': '2', 'descripcion': 'Test:CreacionProyecto'}
login = self.client.login(username='******', password='******')
self.assertTrue(login)
request = self.factory.post('createproject/', dato)
request.user = self.user
response = createProject(request)
self.assertEqual(response.status_code, 302, 'Error al crear el Proyecto')
print 'Proyecto creado exitosamente'
print Proyecto.objects.all()
print 'Fin - Prueba: createProject\n'
def test_changeProject_response(self):
"""
*Test para la vista de modificacion de proyectos en el sistema*
"""
print '\nInicio - Prueba: changeProject'
self.user = Usuario.objects.get(username='******')
dato1 = {'nombre': 'Proyecto', 'lider_proyecto': '1', 'estado': 'PEN', 'descripcion': 'Test:CreadoProyecto'}
login = self.client.login(username='******', password='******')
self.assertTrue(login)
form = NewProjectForm(dato1)
if form.is_valid():
form.save()
print 'Proyecto: '+form['nombre'].value()+' creado exitosamente en la Base de Datos'
else:
print 'Error en los datos del formulario de creación'
dato2 = {'nombre': 'ProyectoModificado', 'lider_proyecto': '1', 'estado': 'PEN', 'descripcion': 'Test:ModificadoProyecto'}
request = self.factory.post('changeproject/', dato2)
request.user = self.user
request.session = {}
response = changeProject(request, '1')
self.assertEqual(response.status_code, 302, 'Error al modificar el Proyecto')
print 'Proyecto Modificado Exitosamente'
print Proyecto.objects.all()
print 'Fin - Prueba: changeProject'
class UserRepoSyncTest(TestCase):
#
# These are kind of terrible now. They test for a forbidden response is
# legit, but we're short circuiting the POST to sync as to not make
# an external request to GitHub.
#
fixtures = ['gitspatial/fixtures/test_data.json']
def setUp(self):
self.sal = User.objects.get(id=6)
self.jason = User.objects.get(id=5)
self.factory = RequestFactory()
def test_user_can_sync_own_repo(self):
request = self.factory.post('/user/repo/22/sync?testing=1')
request.user = self.jason
response = user_repo_sync(request, repo_id=22)
self.assertEqual(response.status_code, 201)
def test_user_cannot_sync_others_repo(self):
request = self.factory.post('/user/repo/22/sync')
request.user = self.sal
response = user_repo_sync(request, repo_id=22)
self.assertEqual(response.status_code, 403)
def test_user_can_unsync_own_repo(self):
request = self.factory.delete('/user/repo/22/sync?testing=1')
request.user = self.jason
response = user_repo_sync(request, repo_id=22)
self.assertEqual(response.status_code, 204)
def test_user_cannot_unsync_others_repo(self):
request = self.factory.delete('/user/repo/22/sync')
request.user = self.sal
response = user_repo_sync(request, repo_id=22)
self.assertEqual(response.status_code, 403)
def test_invalid_method_put(self):
request = self.factory.put('/user/repo/22/sync?testing=1')
request.user = self.jason
response = user_repo_sync(request, repo_id=22)
self.assertEqual(response.status_code, 405)
def test_invalid_method_get(self):
request = self.factory.get('/user/repo/22/sync?testing=1')
request.user = self.jason
response = user_repo_sync(request, repo_id=22)
self.assertEqual(response.status_code, 405)
def test_user_repo_sync_dne(self):
request = self.factory.post('/user/repo/99999/sync')
request.user = self.jason
try:
response = user_repo_sync(request, repo_id=99999)
except Exception as exc:
pass
self.assertTrue(isinstance(exc, Http404))
class UtilsGetVotedObjectsTest(TestCase):
def setUp(self):
self.request_factory = RequestFactory()
self.user = UserFactory()
self.ideas = (
IdeaFactory(),
IdeaFactory(),
)
idea_content_type = ContentType.objects.get_for_model(Idea)
self.comments = (
CustomComment.objects.create(
content_type=idea_content_type,
object_pk=self.ideas[0].pk,
user_name="A Person",
comment="Comment #1",
site_id=1
),
CustomComment.objects.create(
content_type=idea_content_type,
object_pk=self.ideas[1].pk,
user_name="Someone",
comment="Comment #2",
site_id=1
),
)
def test_ideas(self):
request = self.request_factory.post(
"/fi/ideat/{}/kannata/".format(self.ideas[0].id), **HEADERS
)
request.user = AnonymousUser()
vote_object = vote(request, Idea, self.ideas[0].pk, Vote.VOTE_UP)
self.assertNotEqual(vote_object, False)
request.COOKIES[Voter.VOTER_COOKIE] = vote_object.voter.voter_id
voted_ids = get_voted_objects(request, [self.ideas[0], self.ideas[1]], Idea)
# Expect only the voted idea 0 to be returned.
self.assertListEqual(voted_ids, [self.ideas[0].id])
def test_comments(self):
request = self.request_factory.post(
"/fi/kommentit/{}/kannata".format(self.comments[0].pk), **HEADERS
)
request.user = AnonymousUser()
vote_object = vote(request, CustomComment, self.comments[0].pk, Vote.VOTE_UP)
self.assertNotEqual(vote_object, False)
request.COOKIES[Voter.VOTER_COOKIE] = vote_object.voter.voter_id
voted_ids = get_voted_objects(request, self.comments, CustomComment)
# Expect only the voted comment 0 to be returned.
self.assertListEqual(voted_ids, [self.comments[0].pk])
class FolditTestCase(TestCase):
def setUp(self):
self.factory = RequestFactory()
self.url = reverse('foldit_ops')
self.course_id = 'course/id/1'
self.course_id2 = 'course/id/2'
self.user = UserFactory.create()
self.user2 = UserFactory.create()
self.course_enrollment = CourseEnrollmentFactory.create(
user=self.user, course_id=self.course_id)
self.course_enrollment2 = CourseEnrollmentFactory.create(
user=self.user2, course_id=self.course_id2)
now = datetime.now(UTC)
self.tomorrow = now + timedelta(days=1)
self.yesterday = now - timedelta(days=1)
self.user.profile
self.user2.profile
def make_request(self, post_data, user=None):
request = self.factory.post(self.url, post_data)
request.user = self.user if not user else user
return request
def make_puzzle_score_request(self, puzzle_ids, best_scores, user=None):
"""
Given lists of puzzle_ids and best_scores (must have same length), make a
SetPlayerPuzzleScores request and return the response.
"""
if not (type(best_scores) == list):
best_scores = [best_scores]
if not (type(puzzle_ids) == list):
puzzle_ids = [puzzle_ids]
user = self.user if not user else user
def score_dict(puzzle_id, best_score):
return {
"PuzzleID": puzzle_id,
"ScoreType": "score",
"BestScore": best_score,
# current scores don't actually matter
"CurrentScore": best_score + 0.01,
"ScoreVersion": 23
}
scores = [
score_dict(pid, bs) for pid, bs in zip(puzzle_ids, best_scores)
]
scores_str = json.dumps(scores)
verify = {
"Verify": verify_code(user.email, scores_str),
"VerifyMethod": "FoldItVerify"
}
data = {
'SetPlayerPuzzleScoresVerify': json.dumps(verify),
'SetPlayerPuzzleScores': scores_str
}
request = self.make_request(data, user)
response = foldit_ops(request)
self.assertEqual(response.status_code, 200)
return response
def test_SetPlayerPuzzleScores(self):
puzzle_id = 994391
best_score = 0.078034
response = self.make_puzzle_score_request(puzzle_id, [best_score])
self.assertEqual(
response.content,
json.dumps([{
"OperationID": "SetPlayerPuzzleScores",
"Value": [{
"PuzzleID": puzzle_id,
"Status": "Success"
}]
}]))
# There should now be a score in the db.
top_10 = Score.get_tops_n(10, puzzle_id)
self.assertEqual(len(top_10), 1)
self.assertEqual(top_10[0]['score'], Score.display_score(best_score))
def test_SetPlayerPuzzleScores_many(self):
response = self.make_puzzle_score_request([1, 2], [0.078034, 0.080000])
self.assertEqual(
response.content,
json.dumps([{
"OperationID":
"SetPlayerPuzzleScores",
"Value": [{
"PuzzleID": 1,
"Status": "Success"
}, {
"PuzzleID": 2,
"Status": "Success"
}]
}]))
def test_SetPlayerPuzzleScores_multiple(self):
"""
Check that multiple posts with the same id are handled properly
(keep latest for each user, have multiple users work properly)
"""
orig_score = 0.07
puzzle_id = '1'
response = self.make_puzzle_score_request([puzzle_id], [orig_score])
# There should now be a score in the db.
top_10 = Score.get_tops_n(10, puzzle_id)
self.assertEqual(len(top_10), 1)
self.assertEqual(top_10[0]['score'], Score.display_score(orig_score))
# Reporting a better score should overwrite
better_score = 0.06
response = self.make_puzzle_score_request([1], [better_score])
top_10 = Score.get_tops_n(10, puzzle_id)
self.assertEqual(len(top_10), 1)
# Floats always get in the way, so do almostequal
self.assertAlmostEqual(top_10[0]['score'],
Score.display_score(better_score),
delta=0.5)
# reporting a worse score shouldn't
worse_score = 0.065
response = self.make_puzzle_score_request([1], [worse_score])
top_10 = Score.get_tops_n(10, puzzle_id)
self.assertEqual(len(top_10), 1)
# should still be the better score
self.assertAlmostEqual(top_10[0]['score'],
Score.display_score(better_score),
delta=0.5)
def test_SetPlayerPuzzleScores_multiplecourses(self):
puzzle_id = "1"
player1_score = 0.05
player2_score = 0.06
course_list_1 = [self.course_id]
course_list_2 = [self.course_id2]
response1 = self.make_puzzle_score_request(puzzle_id, player1_score,
self.user)
course_1_top_10 = Score.get_tops_n(10, puzzle_id, course_list_1)
course_2_top_10 = Score.get_tops_n(10, puzzle_id, course_list_2)
total_top_10 = Score.get_tops_n(10, puzzle_id)
# player1 should now be in the top 10 of course 1 and not in course 2
self.assertEqual(len(course_1_top_10), 1)
self.assertEqual(len(course_2_top_10), 0)
self.assertEqual(len(total_top_10), 1)
response2 = self.make_puzzle_score_request(puzzle_id, player2_score,
self.user2)
course_2_top_10 = Score.get_tops_n(10, puzzle_id, course_list_2)
total_top_10 = Score.get_tops_n(10, puzzle_id)
# player2 should now be in the top 10 of course 2 and not in course 1
self.assertEqual(len(course_1_top_10), 1)
self.assertEqual(len(course_2_top_10), 1)
self.assertEqual(len(total_top_10), 2)
def test_SetPlayerPuzzleScores_manyplayers(self):
"""
Check that when we send scores from multiple users, the correct order
of scores is displayed. Note that, before being processed by
display_score, lower scores are better.
"""
puzzle_id = ['1']
player1_score = 0.08
player2_score = 0.02
response1 = self.make_puzzle_score_request(puzzle_id, player1_score,
self.user)
# There should now be a score in the db.
top_10 = Score.get_tops_n(10, puzzle_id)
self.assertEqual(len(top_10), 1)
self.assertEqual(top_10[0]['score'],
Score.display_score(player1_score))
response2 = self.make_puzzle_score_request(puzzle_id, player2_score,
self.user2)
# There should now be two scores in the db
top_10 = Score.get_tops_n(10, puzzle_id)
self.assertEqual(len(top_10), 2)
# Top score should be player2_score. Second should be player1_score
self.assertAlmostEqual(top_10[0]['score'],
Score.display_score(player2_score),
delta=0.5)
self.assertAlmostEqual(top_10[1]['score'],
Score.display_score(player1_score),
delta=0.5)
# Top score user should be self.user2.username
self.assertEqual(top_10[0]['username'], self.user2.username)
def test_SetPlayerPuzzleScores_error(self):
scores = [{
"PuzzleID": 994391,
"ScoreType": "score",
"BestScore": 0.078034,
"CurrentScore": 0.080035,
"ScoreVersion": 23
}]
validation_str = json.dumps(scores)
verify = {
"Verify": verify_code(self.user.email, validation_str),
"VerifyMethod": "FoldItVerify"
}
# change the real string -- should get an error
scores[0]['ScoreVersion'] = 22
scores_str = json.dumps(scores)
data = {
'SetPlayerPuzzleScoresVerify': json.dumps(verify),
'SetPlayerPuzzleScores': scores_str
}
request = self.make_request(data)
response = foldit_ops(request)
self.assertEqual(response.status_code, 200)
response_data = json.loads(response.content)
self.assertEqual(
response.content,
json.dumps([{
"OperationID": "SetPlayerPuzzleScores",
"Success": "false",
"ErrorString": "Verification failed",
"ErrorCode": "VerifyFailed"
}]))
def make_puzzles_complete_request(self, puzzles):
"""
Make a puzzles complete request, given an array of
puzzles. E.g.
[ {"PuzzleID": 13, "Set": 1, "SubSet": 2},
{"PuzzleID": 53524, "Set": 1, "SubSet": 1} ]
"""
puzzles_str = json.dumps(puzzles)
verify = {
"Verify": verify_code(self.user.email, puzzles_str),
"VerifyMethod": "FoldItVerify"
}
data = {
'SetPuzzlesCompleteVerify': json.dumps(verify),
'SetPuzzlesComplete': puzzles_str
}
request = self.make_request(data)
response = foldit_ops(request)
self.assertEqual(response.status_code, 200)
return response
@staticmethod
def set_puzzle_complete_response(values):
return json.dumps([{
"OperationID": "SetPuzzlesComplete",
"Value": values
}])
def test_SetPlayerPuzzlesComplete(self):
puzzles = [{
"PuzzleID": 13,
"Set": 1,
"SubSet": 2
}, {
"PuzzleID": 53524,
"Set": 1,
"SubSet": 1
}]
response = self.make_puzzles_complete_request(puzzles)
self.assertEqual(response.content,
self.set_puzzle_complete_response([13, 53524]))
def test_SetPlayerPuzzlesComplete_multiple(self):
"""Check that state is stored properly"""
puzzles = [{
"PuzzleID": 13,
"Set": 1,
"SubSet": 2
}, {
"PuzzleID": 53524,
"Set": 1,
"SubSet": 1
}]
response = self.make_puzzles_complete_request(puzzles)
self.assertEqual(response.content,
self.set_puzzle_complete_response([13, 53524]))
puzzles = [{
"PuzzleID": 14,
"Set": 1,
"SubSet": 3
}, {
"PuzzleID": 15,
"Set": 1,
"SubSet": 1
}]
response = self.make_puzzles_complete_request(puzzles)
self.assertEqual(
response.content,
self.set_puzzle_complete_response([13, 14, 15, 53524]))
def test_SetPlayerPuzzlesComplete_level_complete(self):
"""Check that the level complete function works"""
puzzles = [{
"PuzzleID": 13,
"Set": 1,
"SubSet": 2
}, {
"PuzzleID": 53524,
"Set": 1,
"SubSet": 1
}]
response = self.make_puzzles_complete_request(puzzles)
self.assertEqual(response.content,
self.set_puzzle_complete_response([13, 53524]))
puzzles = [{
"PuzzleID": 14,
"Set": 1,
"SubSet": 3
}, {
"PuzzleID": 15,
"Set": 1,
"SubSet": 1
}]
response = self.make_puzzles_complete_request(puzzles)
self.assertEqual(
response.content,
self.set_puzzle_complete_response([13, 14, 15, 53524]))
is_complete = partial(PuzzleComplete.is_level_complete,
unique_id_for_user(self.user))
self.assertTrue(is_complete(1, 1))
self.assertTrue(is_complete(1, 3))
self.assertTrue(is_complete(1, 2))
self.assertFalse(is_complete(4, 5))
puzzles = [{"PuzzleID": 74, "Set": 4, "SubSet": 5}]
response = self.make_puzzles_complete_request(puzzles)
self.assertTrue(is_complete(4, 5))
# Now check due dates
self.assertTrue(is_complete(1, 1, due=self.tomorrow))
self.assertFalse(is_complete(1, 1, due=self.yesterday))
def test_SetPlayerPuzzlesComplete_error(self):
puzzles = [{
"PuzzleID": 13,
"Set": 1,
"SubSet": 2
}, {
"PuzzleID": 53524,
"Set": 1,
"SubSet": 1
}]
puzzles_str = json.dumps(puzzles)
verify = {
"Verify": verify_code(self.user.email, puzzles_str + "x"),
"VerifyMethod": "FoldItVerify"
}
data = {
'SetPuzzlesCompleteVerify': json.dumps(verify),
'SetPuzzlesComplete': puzzles_str
}
request = self.make_request(data)
response = foldit_ops(request)
self.assertEqual(response.status_code, 200)
response_data = json.loads(response.content)
self.assertEqual(
response.content,
json.dumps([{
"OperationID": "SetPuzzlesComplete",
"Success": "false",
"ErrorString": "Verification failed",
"ErrorCode": "VerifyFailed"
}]))
class CdrAlertCustomerInterfaceTestCase(BaseAuthenticatedClient):
"""Test cases for Cdr-Stats Admin Interface."""
fixtures = [
'auth_user.json', 'country_dialcode.json', 'alarm.json',
'blacklist_prefix.json', 'whitelist_prefix.json'
]
def test_mgt_command(self):
# Test mgt command
call_command('send_daily_report')
def test_alarm_list(self):
"""Test Function to check alarm list"""
response = self.client.get('/alert/')
self.failUnlessEqual(response.status_code, 200)
request = self.factory.get('/alert/')
request.user = self.user
request.session = {}
response = alarm_list(request)
self.assertEqual(response.status_code, 200)
def test_alarm_add(self):
"""Test Function to check add alarm"""
request = self.factory.post('/alert/add/',
data={
'name':
'My alarm',
'value':
'10',
'email_to_send_alarm':
'*****@*****.**'
},
follow=True)
request.user = self.user
request.session = {}
response = alarm_add(request)
self.assertEqual(response.status_code, 200)
resp = self.client.post('/alert/add/',
data={
'name': '',
'email_to_send_alarm': '',
})
self.assertEqual(resp.status_code, 200)
self.assertEqual(resp.context['form']['name'].errors,
[u'This field is required.'])
def test_alarm_view_update(self):
"""Test Function to check update alarm"""
response = self.client.get('/alert/1/')
self.assertEqual(response.context['action'], 'update')
self.assertEqual(response.status_code, 200)
request = self.factory.post('/alert/1/',
data={
'name': 'test',
},
follow=True)
request.user = self.user
request.session = {}
response = alarm_change(request, 1)
self.assertEqual(response.status_code, 200)
# delete alarm through alarm_change
request = self.factory.post('/alert/2/',
data={'delete': True},
follow=True)
request.user = self.user
request.session = {}
response = alarm_change(request, 2)
self.assertEqual(response['Location'], '/alert/')
self.assertEqual(response.status_code, 302)
def test_alarm_view_delete(self):
"""Test Function to check delete alarm"""
request = self.factory.post('/alert/del/1/')
request.user = self.user
request.session = {}
response = alarm_del(request, 1)
self.assertEqual(response['Location'], '/alert/')
self.assertEqual(response.status_code, 302)
request = self.factory.post('/alert/del/', {'select': '1'})
request.user = self.user
request.session = {}
response = alarm_del(request, 0)
self.assertEqual(response.status_code, 302)
def test_trust_control_view(self):
"""Test Function to check trust_control"""
request = self.factory.get('/trust_control/')
request.user = self.user
request.session = {}
response = trust_control(request)
self.assertEqual(response.status_code, 200)
def test_trust_control_ajax(self):
from django.test.client import RequestFactory
self.factory = RequestFactory(HTTP_X_REQUESTED_WITH='XMLHttpRequest')
request = self.factory.get('/trust_control/')
request.user = self.user
#request.session = {}
#response = add_whitelist_country(request, 198)
#self.assertTrue(response)
#response = get_html_table(request)
#self.assertTrue(response)
#response = get_html_table(request, 'whitelist')
#self.assertTrue(response)
def test_alert_report(self):
"""To test alarm report"""
call_command('generate_alert', '--alert-no=10', '--delta-day=1')
call_command('generate_alert', '--alert-no=10')
request = self.factory.get('/alert_report/')
request.user = self.user
request.session = {}
response = alert_report(request)
self.assertEqual(response.status_code, 200)
request = self.factory.post('/alert_report/', {'alarm': 1})
request.user = self.user
request.session = {}
response = alert_report(request)
self.assertEqual(response.status_code, 200)
class OfferingCollectionTestCase(TestCase):
tags = ('offering-api', )
@classmethod
def setUpClass(cls):
super(OfferingCollectionTestCase, cls).setUpClass()
@classmethod
def tearDownClass(cls):
from wstore.offerings import offerings_management
reload(offerings_management)
reload(views)
super(OfferingCollectionTestCase, cls).tearDownClass()
def setUp(self):
# Create request factory
self.factory = RequestFactory()
# Create testing user
self.user = User.objects.create_user(username='******',
email='',
password='******')
self.user.userprofile.get_current_roles = MagicMock(
name='get_current_roles')
self.user.userprofile.get_current_roles.return_value = [
'provider', 'customer'
]
self.user.userprofile.save()
@parameterized.expand([('published', 'published'),
('provided', 'provided', '?filter=provided'),
('purchased', 'purchased', '?filter=purchased')])
def test_get_offerings_request(self, name, filter, qstring=''):
return_value = [{
'name': 'test_offering1',
'owner_organization': 'test_organization1',
'owner_admin_user_id': 'test_user',
'version': '1.0',
'state': 'published',
'description_url': 'http://repository.com/collection/usdl',
'rating': 0,
'comments': [],
'tags': [],
'image_url': 'media/image.png',
'related_images': [],
'creation_date': '2013-05-01 10:00:00',
'publication_date': '2013-06-03 10:00:00',
'resources': []
}]
# Mock get offerings method
offering_collection = views.OfferingCollection(
permitted_methods=('GET', 'POST'))
views.get_offerings = MagicMock(name='get_offering')
views.get_offerings.return_value = return_value
request = self.factory.get('/api/offering/offerings' + qstring)
request.user = self.user
# Call the view
response = offering_collection.read(request)
# Check correct call
views.get_offerings.assert_called_once_with(self.user,
filter,
None,
sort=None,
pagination=None)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.get('Content-type'),
'application/JSON; charset=UTF-8')
body_response = json.loads(response.content)
self.assertEqual(type(body_response), list)
self.assertEqual(len(body_response), 1)
value = body_response[0]
self.assertEqual(value['name'], 'test_offering1')
self.assertEqual(value['owner_organization'], 'test_organization1')
self.assertEqual(value['owner_admin_user_id'], 'test_user')
@parameterized.expand([('published', 'published'),
('provided', 'provided', '&filter=provided'),
('purchased', 'purchased', '&filter=purchased')])
def test_count_offering_request(self, name, filter, qstring=''):
views.count_offerings = MagicMock(name='count_offerings')
views.count_offerings.return_value = {'number': 3}
request = self.factory.get('/api/offering/offerings?action=count' +
qstring)
request.user = self.user
# Call the view
offering_collection = views.OfferingCollection(
permitted_methods=('GET', 'POST'))
response = offering_collection.read(request)
# Check correct call
views.count_offerings.assert_called_once_with(self.user, filter, None)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.get('Content-type'),
'application/JSON; charset=UTF-8')
body_response = json.loads(response.content)
self.assertEqual(type(body_response), dict)
self.assertEqual(body_response['number'], 3)
def _no_provider(self):
self.user.userprofile.get_current_roles.return_value = ['customer']
def _bad_gateway(self):
views.create_offering.side_effect = RepositoryError('Bad Gateway')
def _exception(self):
views.create_offering.side_effect = Exception('Error in creation')
@parameterized.expand([('basic', {
'code': 201,
'message': 'Created',
'result': 'correct'
}),
('no_provider', {
'code': 403,
'message': 'Forbidden',
'result': 'error'
}, False, _no_provider),
('bad_gateway', {
'code': 502,
'message': 'Bad Gateway',
'result': 'error'
}, True, _bad_gateway),
('exception', {
'code': 400,
'message': 'Error in creation',
'result': 'error'
}, True, _exception)])
def test_create_offering_request(self,
name,
expected_response,
called=True,
side_effect=None):
data = {
'name': 'test_offering',
'version': 1.0,
'description': 'test offering'
}
views.create_offering = MagicMock(name='create_offering')
offering_collection = views.OfferingCollection(
permitted_methods=('GET', 'POST'))
if side_effect is not None:
side_effect(self)
request = self.factory.post(
'/api/offering/offerings',
json.dumps(data),
HTTP_ACCEPT='application/json; charset=utf-8',
content_type='application/json; charset=utf-8')
request.user = self.user
# Call the view
response = offering_collection.create(request)
# Check correct call
if called:
views.create_offering.assert_called_once_with(self.user, data)
else:
self.assertFalse(views.create_offering.called)
self.assertEqual(response.status_code, expected_response['code'])
content = json.loads(response.content)
self.assertEqual(content['message'], expected_response['message'])
self.assertEqual(content['result'], expected_response['result'])
class TestFraudReport(TestCase):
def setUp(self):
self.factory = RequestFactory()
with self.activate('en-US'):
self.url = reverse('legal.fraud-report')
self.data = {
'input_url': 'http://www.test.com',
'input_category': 'Charging for software',
'input_product': 'Firefox',
'input_specific_product': '',
'input_details': 'test details',
'input_attachment_desc': 'test attachment',
'input_email': '*****@*****.**',
}
def tearDown(self):
mail.outbox = []
def test_view_post_valid_data(self):
"""
A valid POST should 302 redirect.
"""
request = self.factory.post(self.url, self.data)
# make sure CSRF doesn't hold us up
request._dont_enforce_csrf_checks = True
response = legal_views.fraud_report(request)
eq_(response.status_code, 302)
eq_(response['Location'],
'/en-US/about/legal/fraud-report/?submitted=True')
def test_view_post_missing_data(self):
"""
POST with missing data should return 200 and contain form
errors in the template.
"""
self.data.update(input_url='') # remove required url
request = self.factory.post(self.url, self.data)
# make sure CSRF doesn't hold us up
request._dont_enforce_csrf_checks = True
response = legal_views.fraud_report(request)
eq_(response.status_code, 200)
self.assertIn('Please enter a URL.', response.content)
def test_view_post_honeypot(self):
"""
POST with honeypot text box filled should return 200 and
contain general form error message.
"""
self.data['office_fax'] = 'spammer'
request = self.factory.post(self.url, self.data)
# make sure CSRF doesn't hold us up
request._dont_enforce_csrf_checks = True
response = legal_views.fraud_report(request)
eq_(response.status_code, 200)
self.assertIn('An error has occurred', response.content)
def test_form_valid_data(self):
"""
Form should be valid.
"""
form = FraudReportForm(self.data)
# make sure form is valid
ok_(form.is_valid())
def test_form_invalid_data(self):
"""
With incorrect data (missing url), form should not be valid and should
have url in the errors hash.
"""
self.data.update(input_url='') # remove required url
form = FraudReportForm(self.data)
# make sure form is invalid
eq_(False, form.is_valid())
# make sure url errors are in form
self.assertIn('input_url', form.errors)
def test_form_honeypot(self):
"""
Form with honeypot text box filled should not be valid.
"""
self.data['office_fax'] = 'spammer!'
form = FraudReportForm(self.data)
eq_(False, form.is_valid())
def test_form_valid_attachement(self):
"""
Form should be valid when attachment under/at size limit.
"""
# attachment within size limit
mock_attachment = Mock(_size=legal_forms.FRAUD_REPORT_FILE_SIZE_LIMIT)
form = FraudReportForm(self.data,
{'input_attachment': mock_attachment})
# make sure form is valid
ok_(form.is_valid())
def test_form_invalid_attachement(self):
"""
Form should be invalid and contain attachment errors when attachment
over size limit.
"""
# attachment within size limit
mock_attachment = Mock(
_size=(legal_forms.FRAUD_REPORT_FILE_SIZE_LIMIT + 1))
form = FraudReportForm(self.data,
{'input_attachment': mock_attachment})
# make sure form is not valid
eq_(False, form.is_valid())
# make sure attachment errors are in form
self.assertIn('input_attachment', form.errors)
@patch('bedrock.legal.views.jingo.render_to_string',
return_value='jingo rendered')
@patch('bedrock.legal.views.EmailMessage')
def test_email(self, mock_email_message, mock_render_to_string):
"""
Make sure email is sent with expected values.
"""
mock_send = Mock()
mock_email_message.return_value = Mock(send=mock_send)
form = FraudReportForm(self.data)
# submit form
request = self.factory.get('/')
submit_form(request, form)
# make sure email was sent
mock_send.assert_called_once_with()
# make sure email values are correct
mock_email_message.assert_called_once_with(
legal_views.FRAUD_REPORT_EMAIL_SUBJECT, 'jingo rendered',
legal_views.FRAUD_REPORT_EMAIL_FROM,
legal_views.FRAUD_REPORT_EMAIL_TO)
@patch('bedrock.legal.views.jingo.render_to_string',
return_value='jingo rendered')
@patch('bedrock.legal.views.EmailMessage')
def test_email_with_attachement(self, mock_email_message,
mock_render_to_string):
"""
Make sure email is sent with attachment.
"""
mock_attachment = Mock(
content_type='text/plain',
_size=(legal_forms.FRAUD_REPORT_FILE_SIZE_LIMIT))
# make sure name attribute is treated as string
mock_attachment.name = 'img.jpg'
form = FraudReportForm(self.data,
{'input_attachment': mock_attachment})
# submit form
request = self.factory.get('/')
submit_form(request, form)
# make sure attachment was attached
mock_email_message.return_value.attach.assert_called_once_with(
'img.jpg', mock_attachment.read.return_value, 'text/plain')
mock_attachment.read.assert_called_once_with()
# make sure email was sent
mock_email_message.return_value.send.assert_called_once_with()
# make sure email values are correct
mock_email_message.assert_called_once_with(
legal_views.FRAUD_REPORT_EMAIL_SUBJECT, 'jingo rendered',
legal_views.FRAUD_REPORT_EMAIL_FROM,
legal_views.FRAUD_REPORT_EMAIL_TO)
def test_emails_not_escaped(self):
"""
Strings in the fraud report form should not be HTML escaped
when inserted into the email, which is just text.
E.g. if they entered
J'adore le ''Renard de feu''
the email should not contain
J'adore le ''Renard de feu''
Tags are still stripped, though.
"""
STRING1 = u"<em>J'adore Citröns</em> & <Piñatas> so there"
EXPECTED1 = u"J'adore Citröns & so there"
STRING2 = u"<em>J'adore Piñatas</em> & <fromage> so here"
EXPECTED2 = u"J'adore Piñatas & so here"
STRING3 = u"J'adore <coffee>el café</coffee> también"
EXPECTED3 = u"J'adore el café también"
self.data.update(input_specific_product=STRING1,
input_details=STRING2,
input_attachment_desc=STRING3)
request = self.factory.post(self.url, self.data)
# make sure CSRF doesn't hold us up
request._dont_enforce_csrf_checks = True
legal_views.fraud_report(request)
eq_(len(mail.outbox), 1)
m = mail.outbox[0]
self.assertIn(EXPECTED1, m.body)
self.assertIn(EXPECTED2, m.body)
self.assertIn(EXPECTED3, m.body)
class ModuleRenderTestCase(ModuleStoreTestCase, LoginEnrollmentTestCase):
def setUp(self):
self.location = ['i4x', 'edX', 'toy', 'chapter', 'Overview']
self.course_id = 'edX/toy/2012_Fall'
self.toy_course = modulestore().get_course(self.course_id)
self.mock_user = UserFactory()
self.mock_user.id = 1
self.request_factory = RequestFactory()
# Construct a mock module for the modulestore to return
self.mock_module = MagicMock()
self.mock_module.id = 1
self.dispatch = 'score_update'
# Construct a 'standard' xqueue_callback url
self.callback_url = reverse('xqueue_callback',
kwargs=dict(course_id=self.course_id,
userid=str(self.mock_user.id),
mod_id=self.mock_module.id,
dispatch=self.dispatch))
def test_get_module(self):
self.assertEqual(
None,
render.get_module('dummyuser', None, 'invalid location', None,
None))
def test_module_render_with_jump_to_id(self):
"""
This test validates that the /jump_to_id/<id> shorthand for intracourse linking works assertIn
expected. Note there's a HTML element in the 'toy' course with the url_name 'toyjumpto' which
defines this linkage
"""
mock_request = MagicMock()
mock_request.user = self.mock_user
course = get_course_with_access(self.mock_user, self.course_id, 'load')
model_data_cache = ModelDataCache.cache_for_descriptor_descendents(
self.course_id, self.mock_user, course, depth=2)
module = render.get_module(self.mock_user, mock_request,
['i4x', 'edX', 'toy', 'html', 'toyjumpto'],
model_data_cache, self.course_id)
# get the rendered HTML output which should have the rewritten link
html = module.get_html()
# See if the url got rewritten to the target link
# note if the URL mapping changes then this assertion will break
self.assertIn(
'/courses/' + self.course_id + '/jump_to_id/vertical_test', html)
def test_modx_dispatch(self):
self.assertRaises(Http404, render.modx_dispatch, 'dummy', 'dummy',
'invalid Location', 'dummy')
mock_request = MagicMock()
mock_request.FILES.keys.return_value = ['file_id']
mock_request.FILES.getlist.return_value = ['file'] * (
settings.MAX_FILEUPLOADS_PER_INPUT + 1)
self.assertEquals(
render.modx_dispatch(mock_request, 'dummy', self.location,
'dummy').content,
json.dumps({
'success':
'Submission aborted! Maximum %d files may be submitted at once'
% settings.MAX_FILEUPLOADS_PER_INPUT
}))
mock_request_2 = MagicMock()
mock_request_2.FILES.keys.return_value = ['file_id']
inputfile = MagicMock()
inputfile.size = 1 + settings.STUDENT_FILEUPLOAD_MAX_SIZE
inputfile.name = 'name'
filelist = [inputfile]
mock_request_2.FILES.getlist.return_value = filelist
self.assertEquals(
render.modx_dispatch(mock_request_2, 'dummy', self.location,
'dummy').content,
json.dumps({
'success':
'Submission aborted! Your file "%s" is too large (max size: %d MB)'
% (inputfile.name, settings.STUDENT_FILEUPLOAD_MAX_SIZE /
(1000**2))
}))
mock_request_3 = MagicMock()
mock_request_3.POST.copy.return_value = {'position': 1}
mock_request_3.FILES = False
mock_request_3.user = self.mock_user
inputfile_2 = MagicMock()
inputfile_2.size = 1
inputfile_2.name = 'name'
self.assertIsInstance(
render.modx_dispatch(mock_request_3, 'goto_position',
self.location, self.course_id), HttpResponse)
self.assertRaises(Http404, render.modx_dispatch, mock_request_3,
'goto_position', self.location, 'bad_course_id')
self.assertRaises(Http404, render.modx_dispatch, mock_request_3,
'goto_position',
['i4x', 'edX', 'toy', 'chapter', 'bad_location'],
self.course_id)
self.assertRaises(Http404, render.modx_dispatch, mock_request_3,
'bad_dispatch', self.location, self.course_id)
def test_xqueue_callback_success(self):
"""
Test for happy-path xqueue_callback
"""
fake_key = 'fake key'
xqueue_header = json.dumps({'lms_key': fake_key})
data = {
'xqueue_header': xqueue_header,
'xqueue_body': 'hello world',
}
# Patch getmodule to return our mock module
with patch('courseware.module_render.find_target_student_module'
) as get_fake_module:
get_fake_module.return_value = self.mock_module
# call xqueue_callback with our mocked information
request = self.request_factory.post(self.callback_url, data)
render.xqueue_callback(request, self.course_id, self.mock_user.id,
self.mock_module.id, self.dispatch)
# Verify that handle ajax is called with the correct data
request.POST['queuekey'] = fake_key
self.mock_module.handle_ajax.assert_called_once_with(
self.dispatch, request.POST)
def test_xqueue_callback_missing_header_info(self):
data = {
'xqueue_header': '{}',
'xqueue_body': 'hello world',
}
with patch('courseware.module_render.find_target_student_module'
) as get_fake_module:
get_fake_module.return_value = self.mock_module
# Test with missing xqueue data
with self.assertRaises(Http404):
request = self.request_factory.post(self.callback_url, {})
render.xqueue_callback(request, self.course_id,
self.mock_user.id, self.mock_module.id,
self.dispatch)
# Test with missing xqueue_header
with self.assertRaises(Http404):
request = self.request_factory.post(self.callback_url, data)
render.xqueue_callback(request, self.course_id,
self.mock_user.id, self.mock_module.id,
self.dispatch)
def test_get_score_bucket(self):
self.assertEquals(render.get_score_bucket(0, 10), 'incorrect')
self.assertEquals(render.get_score_bucket(1, 10), 'partial')
self.assertEquals(render.get_score_bucket(10, 10), 'correct')
# get_score_bucket calls error cases 'incorrect'
self.assertEquals(render.get_score_bucket(11, 10), 'incorrect')
self.assertEquals(render.get_score_bucket(-1, 10), 'incorrect')
def test_anonymous_modx_dispatch(self):
dispatch_url = reverse('modx_dispatch',
args=[
'edX/toy/2012_Fall',
'i4x://edX/toy/videosequence/Toy_Videos',
'goto_position'
])
response = self.client.post(dispatch_url, {'position': 2})
self.assertEquals(403, response.status_code)
class TestPasswordPolicy(TestCase):
"""
Go through some password policy tests to make sure things are properly working
"""
def setUp(self):
super(TestPasswordPolicy, self).setUp()
self.url = reverse('create_account')
self.request_factory = RequestFactory()
self.url_params = {
'username': '******',
'email': '*****@*****.**',
'name': 'username',
'terms_of_service': 'true',
'honor_code': 'true',
}
@override_settings(PASSWORD_MIN_LENGTH=6)
def test_password_length_too_short(self):
self.url_params['password'] = '******'
response = self.client.post(self.url, self.url_params)
self.assertEqual(response.status_code, 400)
obj = json.loads(response.content)
self.assertEqual(
obj['value'],
"Password: Invalid Length (must be 6 characters or more)",
)
@override_settings(PASSWORD_MIN_LENGTH=6)
def test_password_length_long_enough(self):
self.url_params['password'] = '******'
response = self.client.post(self.url, self.url_params)
self.assertEqual(response.status_code, 200)
obj = json.loads(response.content)
self.assertTrue(obj['success'])
@override_settings(PASSWORD_MAX_LENGTH=12)
def test_password_length_too_long(self):
self.url_params['password'] = '******'
response = self.client.post(self.url, self.url_params)
self.assertEqual(response.status_code, 400)
obj = json.loads(response.content)
self.assertEqual(
obj['value'],
"Password: Invalid Length (must be 12 characters or fewer)",
)
@patch.dict("django.conf.settings.PASSWORD_COMPLEXITY", {'UPPER': 3})
def test_password_not_enough_uppercase(self):
self.url_params['password'] = '******'
response = self.client.post(self.url, self.url_params)
self.assertEqual(response.status_code, 400)
obj = json.loads(response.content)
self.assertEqual(
obj['value'],
"Password: Must be more complex (must contain 3 or more uppercase characters)",
)
@patch.dict("django.conf.settings.PASSWORD_COMPLEXITY", {'UPPER': 3})
def test_password_enough_uppercase(self):
self.url_params['password'] = '******'
response = self.client.post(self.url, self.url_params)
self.assertEqual(response.status_code, 200)
obj = json.loads(response.content)
self.assertTrue(obj['success'])
@patch.dict("django.conf.settings.PASSWORD_COMPLEXITY", {'LOWER': 3})
def test_password_not_enough_lowercase(self):
self.url_params['password'] = '******'
response = self.client.post(self.url, self.url_params)
self.assertEqual(response.status_code, 400)
obj = json.loads(response.content)
self.assertEqual(
obj['value'],
"Password: Must be more complex (must contain 3 or more lowercase characters)",
)
@patch.dict("django.conf.settings.PASSWORD_COMPLEXITY", {'LOWER': 3})
def test_password_enough_lowercase(self):
self.url_params['password'] = '******'
response = self.client.post(self.url, self.url_params)
self.assertEqual(response.status_code, 200)
obj = json.loads(response.content)
self.assertTrue(obj['success'])
@patch.dict("django.conf.settings.PASSWORD_COMPLEXITY", {'DIGITS': 3})
def test_not_enough_digits(self):
self.url_params['password'] = '******'
response = self.client.post(self.url, self.url_params)
self.assertEqual(response.status_code, 400)
obj = json.loads(response.content)
self.assertEqual(
obj['value'],
"Password: Must be more complex (must contain 3 or more digits)",
)
@patch.dict("django.conf.settings.PASSWORD_COMPLEXITY", {'DIGITS': 3})
def test_enough_digits(self):
self.url_params['password'] = '******'
response = self.client.post(self.url, self.url_params)
self.assertEqual(response.status_code, 200)
obj = json.loads(response.content)
self.assertTrue(obj['success'])
@patch.dict("django.conf.settings.PASSWORD_COMPLEXITY", {'PUNCTUATION': 3})
def test_not_enough_punctuations(self):
self.url_params['password'] = '******'
response = self.client.post(self.url, self.url_params)
self.assertEqual(response.status_code, 400)
obj = json.loads(response.content)
self.assertEqual(
obj['value'],
"Password: Must be more complex (must contain 3 or more punctuation characters)",
)
@patch.dict("django.conf.settings.PASSWORD_COMPLEXITY", {'PUNCTUATION': 3})
def test_enough_punctuations(self):
self.url_params['password'] = '******'
response = self.client.post(self.url, self.url_params)
self.assertEqual(response.status_code, 200)
obj = json.loads(response.content)
self.assertTrue(obj['success'])
@patch.dict("django.conf.settings.PASSWORD_COMPLEXITY", {'WORDS': 3})
def test_not_enough_words(self):
self.url_params['password'] = '******'
response = self.client.post(self.url, self.url_params)
self.assertEqual(response.status_code, 400)
obj = json.loads(response.content)
self.assertEqual(
obj['value'],
"Password: Must be more complex (must contain 3 or more unique words)",
)
@patch.dict("django.conf.settings.PASSWORD_COMPLEXITY", {'WORDS': 3})
def test_enough_wordss(self):
self.url_params['password'] = u'this should pass'
response = self.client.post(self.url, self.url_params)
self.assertEqual(response.status_code, 200)
obj = json.loads(response.content)
self.assertTrue(obj['success'])
@patch.dict("django.conf.settings.PASSWORD_COMPLEXITY", {
'PUNCTUATION': 3,
'WORDS': 3,
'DIGITS': 3,
'LOWER': 3,
'UPPER': 3,
})
def test_multiple_errors_fail(self):
self.url_params['password'] = '******'
response = self.client.post(self.url, self.url_params)
self.assertEqual(response.status_code, 400)
obj = json.loads(response.content)
errstring = (
"Password: Must be more complex ("
"must contain 3 or more uppercase characters, "
"must contain 3 or more digits, "
"must contain 3 or more punctuation characters, "
"must contain 3 or more unique words"
")"
)
self.assertEqual(obj['value'], errstring)
@patch.dict("django.conf.settings.PASSWORD_COMPLEXITY", {
'PUNCTUATION': 3,
'WORDS': 3,
'DIGITS': 3,
'LOWER': 3,
'UPPER': 3,
})
def test_multiple_errors_pass(self):
self.url_params['password'] = u'tH1s Sh0u!d P3#$'
response = self.client.post(self.url, self.url_params)
self.assertEqual(response.status_code, 200)
obj = json.loads(response.content)
self.assertTrue(obj['success'])
@override_settings(PASSWORD_DICTIONARY=['foo', 'bar'])
@override_settings(PASSWORD_DICTIONARY_EDIT_DISTANCE_THRESHOLD=1)
def test_dictionary_similarity_fail1(self):
self.url_params['password'] = '******'
response = self.client.post(self.url, self.url_params)
self.assertEqual(response.status_code, 400)
obj = json.loads(response.content)
self.assertEqual(
obj['value'],
"Password: Too similar to a restricted dictionary word.",
)
@override_settings(PASSWORD_DICTIONARY=['foo', 'bar'])
@override_settings(PASSWORD_DICTIONARY_EDIT_DISTANCE_THRESHOLD=1)
def test_dictionary_similarity_fail2(self):
self.url_params['password'] = '******'
response = self.client.post(self.url, self.url_params)
self.assertEqual(response.status_code, 400)
obj = json.loads(response.content)
self.assertEqual(
obj['value'],
"Password: Too similar to a restricted dictionary word.",
)
@override_settings(PASSWORD_DICTIONARY=['foo', 'bar'])
@override_settings(PASSWORD_DICTIONARY_EDIT_DISTANCE_THRESHOLD=1)
def test_dictionary_similarity_fail3(self):
self.url_params['password'] = '******'
response = self.client.post(self.url, self.url_params)
self.assertEqual(response.status_code, 400)
obj = json.loads(response.content)
self.assertEqual(
obj['value'],
"Password: Too similar to a restricted dictionary word.",
)
@override_settings(PASSWORD_DICTIONARY=['foo', 'bar'])
@override_settings(PASSWORD_DICTIONARY_EDIT_DISTANCE_THRESHOLD=1)
def test_dictionary_similarity_pass(self):
self.url_params['password'] = '******'
response = self.client.post(self.url, self.url_params)
self.assertEqual(response.status_code, 200)
obj = json.loads(response.content)
self.assertTrue(obj['success'])
def test_with_unicode(self):
self.url_params['password'] = u'四節比分和七年前'
response = self.client.post(self.url, self.url_params)
self.assertEqual(response.status_code, 200)
obj = json.loads(response.content)
self.assertTrue(obj['success'])
@override_settings(PASSWORD_MIN_LENGTH=6, SESSION_ENGINE='django.contrib.sessions.backends.cache')
def test_ext_auth_password_length_too_short(self):
"""
Tests that even if password policy is enforced, ext_auth registrations aren't subject to it
"""
self.url_params['password'] = '******' # shouldn't pass validation
request = self.request_factory.post(self.url, self.url_params)
request.site = SiteFactory.create()
# now indicate we are doing ext_auth by setting 'ExternalAuthMap' in the session.
request.session = import_module(settings.SESSION_ENGINE).SessionStore() # empty session
extauth = ExternalAuthMap(external_id='*****@*****.**',
external_email='*****@*****.**',
internal_password=self.url_params['password'],
external_domain='shib:https://idp.stanford.edu/')
request.session['ExternalAuthMap'] = extauth
request.user = AnonymousUser()
with patch('edxmako.request_context.get_current_request', return_value=request):
response = create_account(request)
self.assertEqual(response.status_code, 200)
obj = json.loads(response.content)
self.assertTrue(obj['success'])
class DRYRestPermissionsTests(TestCase):
def setUp(self):
self.action_set = ['retrieve', 'list', 'create', 'destroy', 'update', 'partial_update', 'custom_action1', 'custom_action2']
self.factory = RequestFactory()
self.request_retrieve = Request(self.factory.get('/dummy/1'))
self.request_list = Request(self.factory.get('/dummy'))
self.request_create = Request(self.factory.post('/dummy'), {})
self.request_destroy = Request(self.factory.delete('/dummy/1'))
self.request_update = Request(self.factory.put('/dummy/1', {}))
self.request_partial_update = Request(self.factory.patch('/dummy/1', {}))
self.request_custom_action1 = Request(self.factory.get('/dummy/custom_action1'))
self.request_custom_action2 = Request(self.factory.post('/dummy/custom_action2', {}))
def _run_permission_checks(self, view, obj, assert_value):
for action in self.action_set:
view.action = action
request_name = "request_{action}".format(action=action)
result = view.dummy_check_permission(getattr(self, request_name), obj)
self.assertEqual(result, assert_value)
def _run_dry_permission_field_checks(self, view, obj, assert_specific, assert_base):
serializer = view.get_serializer_class()()
# dummy request
serializer.context['request'] = self.request_retrieve
representation = serializer.to_representation(obj)
for action in [action for action in self.action_set if action not in ['partial_update', 'list']]:
has_permission = representation['permissions'].get(action, None)
self.assertEqual(has_permission, assert_specific, "Action '%s' %s != %s" % (action, has_permission, assert_specific))
for action in ['read', 'write']:
has_permission = representation['permissions'].get(action, None)
self.assertEqual(has_permission, assert_base, "Action '%s' %s != %s" % (action, has_permission, assert_base))
def test_true_base_permissions(self):
class TestModel(DummyModel, BaseObjectMixin, BaseGlobalMixin):
pass
class TestSerializer(DummySerializer):
class Meta:
model = TestModel
fields = '__all__'
class TestViewSet(DummyViewSet):
serializer_class = TestSerializer
view = TestViewSet()
self._run_permission_checks(view, TestModel(), True)
self._run_dry_permission_field_checks(view, TestModel(), None, True)
def test_false_base_object_permissions(self):
class TestModel(DummyModel, BaseObjectMixin, BaseGlobalMixin):
base_object_allowed = False
class TestSerializer(DummySerializer):
class Meta:
model = TestModel
fields = '__all__'
class TestViewSet(DummyViewSet):
serializer_class = TestSerializer
view = TestViewSet()
self._run_permission_checks(view, TestModel(), False)
self._run_dry_permission_field_checks(view, TestModel(), None, False)
def test_false_base_global_permissions(self):
class TestModel(DummyModel, BaseObjectMixin, BaseGlobalMixin):
base_global_allowed = False
class TestSerializer(DummySerializer):
class Meta:
model = TestModel
fields = '__all__'
class TestViewSet(DummyViewSet):
serializer_class = TestSerializer
view = TestViewSet()
self._run_permission_checks(view, TestModel(), False)
self._run_dry_permission_field_checks(view, TestModel(), None, False)
def test_true_specific_permissions(self):
class TestModel(
DummyModel, BaseObjectMixin, BaseGlobalMixin,
SpecificObjectMixin, SpecificGlobalMixin):
base_global_allowed = False
base_object_allowed = False
class TestSerializer(DummySerializer):
class Meta:
model = TestModel
fields = '__all__'
class TestViewSet(DummyViewSet):
serializer_class = TestSerializer
view = TestViewSet()
self._run_permission_checks(view, TestModel(), True)
self._run_dry_permission_field_checks(view, TestModel(), True, False)
def test_true_base_not_defined_permissions(self):
class TestModel(DummyModel, SpecificObjectMixin, SpecificGlobalMixin):
pass
class TestSerializer(DummySerializer):
class Meta:
model = TestModel
fields = '__all__'
class TestViewSet(DummyViewSet):
serializer_class = TestSerializer
view = TestViewSet()
self._run_permission_checks(view, TestModel(), True)
self._run_dry_permission_field_checks(view, TestModel(), True, None)
def test_false_specific_object_permissions(self):
class TestModel(
DummyModel, BaseObjectMixin, BaseGlobalMixin,
SpecificObjectMixin, SpecificGlobalMixin):
specific_object_allowed = False
class TestSerializer(DummySerializer):
class Meta:
model = TestModel
fields = '__all__'
class TestViewSet(DummyViewSet):
serializer_class = TestSerializer
view = TestViewSet()
self._run_permission_checks(view, TestModel(), False)
self._run_dry_permission_field_checks(view, TestModel(), False, True)
def test_false_specific_global_permissions(self):
class TestModel(
DummyModel, BaseObjectMixin, BaseGlobalMixin,
SpecificObjectMixin, SpecificGlobalMixin):
specific_global_allowed = False
class TestSerializer(DummySerializer):
class Meta:
model = TestModel
fields = '__all__'
class TestViewSet(DummyViewSet):
serializer_class = TestSerializer
view = TestViewSet()
self._run_permission_checks(view, TestModel(), False)
self._run_dry_permission_field_checks(view, TestModel(), False, True)
def test_true_no_global_permissions(self):
class TestModel(
DummyModel, BaseObjectMixin, BaseGlobalMixin,
SpecificObjectMixin, SpecificGlobalMixin):
base_global_allowed = False
specific_global_allowed = False
class TestSerializer(DummySerializer):
permissions = DRYPermissionsField(object_only=True, additional_actions=['custom_action1', 'custom_action2'])
class Meta:
model = TestModel
fields = '__all__'
class TestViewSet(DummyViewSet):
serializer_class = TestSerializer
permission_classes = (DRYObjectPermissions, )
view = TestViewSet()
self._run_permission_checks(view, TestModel(), True)
self._run_dry_permission_field_checks(view, TestModel(), True, True)
def test_true_no_object_permissions(self):
class TestModel(
DummyModel, BaseObjectMixin, BaseGlobalMixin,
SpecificObjectMixin, SpecificGlobalMixin):
base_object_allowed = False
specific_object_allowed = False
class TestSerializer(DummySerializer):
permissions = DRYPermissionsField(global_only=True, additional_actions=['custom_action1', 'custom_action2'])
class Meta:
model = TestModel
fields = '__all__'
class TestViewSet(DummyViewSet):
serializer_class = TestSerializer
permission_classes = (DRYGlobalPermissions, )
view = TestViewSet()
self._run_permission_checks(view, TestModel(), True)
self._run_dry_permission_field_checks(view, TestModel(), True, True)
def test_list_filter_backend(self):
class DummyFilter(object):
pass
class TestModel(DummyModel):
pass
class TestSerializer(DummySerializer):
class Meta:
model = TestModel
class TestFilterBackend(DRYPermissionFiltersBase):
def filter_list_queryset(self, request, queryset, view):
return DummyFilter()
class TestViewSet(DummyViewSet):
serializer_class = TestSerializer
queryset = TestModel.objects.all()
filter_backends = (TestFilterBackend,)
view = TestViewSet()
view.request = self.request_list
view.action = 'list'
view.kwargs = []
query_set = view.filter_queryset(view.get_queryset())
self.assertEqual(query_set.__class__, DummyFilter)
def test_action_filter_backend(self):
class DummyFilter(object):
pass
class TestModel(DummyModel):
pass
class TestSerializer(DummySerializer):
class Meta:
model = TestModel
fields = '__all__'
class TestFilterBackend(DRYPermissionFiltersBase):
action_routing = True
def filter_list_queryset(self, request, queryset, view):
return None
def filter_custom_action1_queryset(self, request, queryset, view):
return DummyFilter()
class TestViewSet(DummyViewSet):
serializer_class = TestSerializer
queryset = TestModel.objects.all()
filter_backends = (TestFilterBackend,)
view = TestViewSet()
view.request = self.request_custom_action1
view.action = 'custom_action1'
view.kwargs = []
query_set = view.filter_queryset(view.get_queryset())
self.assertEqual(query_set.__class__, DummyFilter)
class TestCFGOVPage(TestCase):
def setUp(self):
self.page = CFGOVPage(title='Test', slug='test')
self.factory = RequestFactory()
self.request = self.factory.get('/')
def test_post_preview_cache_key_contains_page_id(self):
save_new_page(self.page)
key = self.page.post_preview_cache_key
self.assertIn(str(self.page.id), key)
@mock.patch('six.moves.builtins.super')
@mock.patch('v1.models.base.hooks')
def test_get_context_calls_get_context(self, mock_hooks, mock_super):
self.page.get_context(self.request)
mock_super.assert_called_with(CFGOVPage, self.page)
mock_super().get_context.assert_called_with(self.request)
@mock.patch('six.moves.builtins.super')
@mock.patch('v1.models.base.hooks')
def test_get_context_calls_get_hooks(self, mock_hooks, mock_super):
self.page.get_context(self.request)
mock_hooks.get_hooks.assert_called_with('cfgovpage_context_handlers')
@mock.patch('six.moves.builtins.super')
@mock.patch('v1.models.base.hooks')
def test_get_context_calls_hook_functions(self, mock_hooks, mock_super):
fn = mock.Mock()
mock_hooks.get_hooks.return_value = [fn]
self.page.get_context(self.request)
fn.assert_called_with(self.page, self.request,
mock_super().get_context())
@mock.patch('six.moves.builtins.super')
@mock.patch('v1.models.base.hooks')
def test_get_context_returns_context(self, mock_hooks, mock_super):
result = self.page.get_context(self.request)
self.assertEqual(result, mock_super().get_context())
@mock.patch('six.moves.builtins.super')
def test_serve_calls_super_on_non_ajax_request(self, mock_super):
self.page.serve(self.request)
mock_super.assert_called_with(CFGOVPage, self.page)
mock_super().serve.assert_called_with(self.request)
@mock.patch('six.moves.builtins.super')
@mock.patch('v1.models.base.CFGOVPage.serve_post')
def test_serve_calls_serve_post_on_post_request(self, mock_serve_post,
mock_super):
self.request = self.factory.post('/')
self.page.serve(self.request)
mock_serve_post.assert_called_with(self.request)
def test_serve_post_returns_400_for_no_form_id(self):
request = self.factory.post('/')
response = self.page.serve_post(request)
self.assertIsInstance(response, HttpResponseBadRequest)
def test_serve_post_returns_json_400_for_no_form_id(self):
request = self.factory.post('/',
HTTP_X_REQUESTED_WITH='XMLHttpRequest')
response = self.page.serve_post(request)
self.assertEqual(response.content, b'{"result": "error"}')
self.assertEqual(response.status_code, 400)
def test_serve_post_returns_400_for_invalid_form_id_wrong_parts(self):
request = self.factory.post('/', {'form_id': 'foo'})
response = self.page.serve_post(request)
self.assertIsInstance(response, HttpResponseBadRequest)
def test_serve_post_returns_400_for_invalid_form_id_invalid_field(self):
request = self.factory.post('/', {'form_id': 'form-foo-2'})
response = self.page.serve_post(request)
self.assertIsInstance(response, HttpResponseBadRequest)
def test_serve_post_returns_400_for_invalid_form_id_invalid_index(self):
page = BrowsePage(title='test', slug='test')
request = self.factory.post('/', {'form_id': 'form-content-99'})
response = page.serve_post(request)
self.assertIsInstance(response, HttpResponseBadRequest)
def test_serve_post_valid_calls_feedback_block_handler(self):
"""A valid post should call the feedback block handler.
This returns a redirect to the calling page and also uses the
Django messages framework to set a message.
"""
page = BrowsePage(title='test', slug='test')
page.content = blocks.StreamValue(page.content.stream_block,
[{
'type': 'feedback',
'value': 'something'
}], True)
save_new_page(page)
request = self.factory.post('/', {'form_id': 'form-content-0'})
SessionMiddleware().process_request(request)
MessageMiddleware().process_request(request)
response = page.serve_post(request)
self.assertEqual((response.status_code, response['Location']),
(302, request.path))
@mock.patch('v1.models.base.TemplateResponse')
@mock.patch('v1.models.base.CFGOVPage.get_template')
@mock.patch('v1.models.base.CFGOVPage.get_context')
@mock.patch('v1.models.base.getattr')
def test_serve_post_gets_streamfield_from_page_using_form_id(
self, mock_getattr, mock_get_context, mock_get_template,
mock_response):
mock_getattr.return_value = mock.MagicMock()
mock_get_context.return_value = mock.MagicMock()
self.request = self.factory.post(
'/', {'form_id': 'form-content-0'},
HTTP_X_REQUESTED_WITH='XMLHttpRequest')
self.page.serve_post(self.request)
mock_getattr.assert_called_with(self.page, 'content', None)
@mock.patch('v1.models.base.TemplateResponse')
@mock.patch('v1.models.base.CFGOVPage.get_template')
@mock.patch('v1.models.base.CFGOVPage.get_context')
@mock.patch('v1.models.base.getattr')
def test_serve_post_calls_module_get_result(self, mock_getattr,
mock_get_context,
mock_get_template,
mock_response):
self.request = self.factory.post(
'/', {'form_id': 'form-content-0'},
HTTP_X_REQUESTED_WITH='XMLHttpRequest')
self.page.serve_post(self.request)
module = mock_getattr()[0]
module.block.get_result.assert_called_with(self.page, self.request,
module.value, True)
@mock.patch('v1.models.base.isinstance')
@mock.patch('v1.models.base.TemplateResponse')
@mock.patch('v1.models.base.CFGOVPage.get_template')
@mock.patch('v1.models.base.CFGOVPage.get_context')
@mock.patch('v1.models.base.getattr')
def test_serve_post_returns_result_if_response(self, mock_getattr,
mock_get_context,
mock_get_template,
mock_response,
mock_isinstance):
mock_getattr.return_value = mock.MagicMock()
mock_get_context.return_value = mock.MagicMock()
self.request = self.factory.post(
'/', {'form_id': 'form-content-0'},
HTTP_X_REQUESTED_WITH='XMLHttpRequest')
result = self.page.serve_post(self.request)
module = mock_getattr()[0]
self.assertEqual(result, module.block.get_result())
@mock.patch('v1.models.base.TemplateResponse')
@mock.patch('v1.models.base.CFGOVPage.get_template')
@mock.patch('v1.models.base.CFGOVPage.get_context')
@mock.patch('v1.models.base.getattr')
def test_serve_post_calls_get_context(self, mock_getattr, mock_get_context,
mock_get_template, mock_response):
mock_getattr.return_value = mock.MagicMock()
mock_get_context.return_value = mock.MagicMock()
self.request = self.factory.post(
'/', {'form_id': 'form-content-0'},
HTTP_X_REQUESTED_WITH='XMLHttpRequest')
self.page.serve_post(self.request)
self.assertTrue(mock_get_context.called)
@mock.patch('v1.models.base.TemplateResponse')
@mock.patch('v1.models.base.CFGOVPage.get_template')
@mock.patch('v1.models.base.CFGOVPage.get_context')
@mock.patch('v1.models.base.getattr')
def test_serve_post_sets_context(self, mock_getattr, mock_get_context,
mock_get_template, mock_response):
context = {'form_modules': {'content': {}}}
mock_getattr.return_value = mock.MagicMock()
mock_get_context.return_value = context
self.request = self.factory.post(
'/', {'form_id': 'form-content-0'},
HTTP_X_REQUESTED_WITH='XMLHttpRequest')
self.page.serve_post(self.request)
module = mock_getattr()[0]
self.assertIn(0, context['form_modules']['content'])
self.assertEqual(module.block.get_result(),
context['form_modules']['content'][0])
@mock.patch('v1.models.base.TemplateResponse')
@mock.patch('v1.models.base.CFGOVPage.get_template')
@mock.patch('v1.models.base.CFGOVPage.get_context')
@mock.patch('v1.models.base.getattr')
def test_serve_post_returns_template_response_if_result_not_response(
self, mock_getattr, mock_get_context, mock_get_template,
mock_response):
mock_getattr.return_value = mock.MagicMock()
mock_get_context.return_value = mock.MagicMock()
self.request = self.factory.post(
'/', {'form_id': 'form-content-0'},
HTTP_X_REQUESTED_WITH='XMLHttpRequest')
result = self.page.serve_post(self.request)
mock_response.assert_called_with(self.request, mock_get_template(),
mock_get_context())
self.assertEqual(result, mock_response())
class EmailChangeRequestTests(EventTestMixin, EmailTemplateTagMixin, CacheIsolationTestCase):
"""
Test changing a user's email address
"""
def setUp(self, tracker='common.djangoapps.student.views.management.tracker'):
super().setUp(tracker)
self.user = UserFactory.create()
self.new_email = '*****@*****.**'
self.req_factory = RequestFactory()
self.request = self.req_factory.post('unused_url', data={
'password': '******',
'new_email': self.new_email
})
self.request.user = self.user
self.user.email_user = Mock()
def do_email_validation(self, email):
"""
Executes validate_new_email, returning any resulting error message.
"""
try:
validate_new_email(self.request.user, email)
except ValueError as err:
return str(err)
def do_email_change(self, user, email, activation_key=None):
"""
Executes do_email_change_request, returning any resulting error message.
"""
with patch('crum.get_current_request', return_value=self.fake_request):
do_email_change_request(user, email, activation_key)
def assertFailedRequest(self, response_data, expected_error):
"""
Assert that `response_data` indicates a failed request that returns `expected_error`
"""
assert response_data['success'] is False
assert expected_error == response_data['error']
assert self.user.email_user.called is False
@patch('common.djangoapps.student.views.management.render_to_string',
Mock(side_effect=mock_render_to_string, autospec=True)) # lint-amnesty, pylint: disable=line-too-long
def test_duplicate_activation_key(self):
"""
Assert that if two users change Email address simultaneously, no error is thrown
"""
# New emails for the users
user1_new_email = "*****@*****.**"
user2_new_email = "*****@*****.**"
# Create a another user 'user2' & make request for change email
user2 = UserFactory.create(email=self.new_email, password="******")
# Send requests & ensure no error was thrown
self.do_email_change(self.user, user1_new_email)
self.do_email_change(user2, user2_new_email)
def test_invalid_emails(self):
"""
Assert the expected error message from the email validation method for an invalid
(improperly formatted) email address.
"""
for email in ('bad_email', 'bad_email@', '@bad_email'):
assert self.do_email_validation(email) == 'Valid e-mail address required.'
def test_change_email_to_existing_value(self):
"""
Test the error message if user attempts to change email to the existing value.
"""
assert self.do_email_validation(self.user.email) == 'Old email is the same as the new email.'
@patch('django.core.mail.EmailMultiAlternatives.send')
def test_email_failure(self, send_mail):
"""
Test the return value if sending the email for the user to click fails.
"""
send_mail.side_effect = [Exception, None]
with self.assertRaisesRegex(ValueError, 'Unable to send email activation link. Please try again later.'):
self.do_email_change(self.user, "*****@*****.**")
self.assert_no_events_were_emitted()
def test_email_success(self):
"""
Test email was sent if no errors encountered.
"""
old_email = self.user.email
new_email = "*****@*****.**"
registration_key = "test-registration-key"
self.do_email_change(self.user, new_email, registration_key)
self._assert_email(
subject='Request to change édX account e-mail',
body_fragments=[
'We received a request to change the e-mail associated with',
'your édX account from {old_email} to {new_email}.'.format(
old_email=old_email,
new_email=new_email,
),
'If this is correct, please confirm your new e-mail address by visiting:',
f'http://edx.org/email_confirm/{registration_key}',
'Please do not reply to this e-mail; if you require assistance,',
'check the help section of the édX web site.',
],
)
self.assert_event_emitted(
SETTING_CHANGE_INITIATED, user_id=self.user.id, setting='email', old=old_email, new=new_email
)
def _assert_email(self, subject, body_fragments):
"""
Verify that the email was sent.
"""
assert len(mail.outbox) == 1
assert len(body_fragments) > 1, 'Should provide at least two body fragments'
message = mail.outbox[0]
text = message.body
html = message.alternatives[0][0]
assert message.subject == subject
for body in text, html:
for fragment in body_fragments:
assert fragment in body
def test_bad_receipt_processing(self):
"""Test behaviour when we receive a receipt that doesn't match
anything we know"""
raw_xml_post = """
<?xml version="1.0"?>
<!DOCTYPE receipts>
<receipts>
<receipt>
<msgid>26567958</msgid>
<reference>001efc31</reference>
<msisdn>+44727204592</msisdn>
<status>D</status>
<timestamp>20080831T15:59:24</timestamp>
<billed>NO</billed>
</receipt>
<receipt>
<msgid>26750677</msgid>
<reference>001f4041</reference>
<msisdn>+44733476814</msisdn>
<status>D</status>
<timestamp>20080907T09:42:28</timestamp>
<billed>NO</billed>
</receipt>
</receipts>
"""
# fake us having sent SMSs and having stored the proper identifiers
tree = ET.fromstring(raw_xml_post.strip())
receipts = map(element_to_namedtuple, tree.findall('receipt'))
for receipt in receipts:
[send_sms] = gateway.send_sms(self.user, [receipt.msisdn],
['testing %s' % receipt.reference])
# manually specifiy the identifier so we can compare it later with the
# posted receipt
send_sms.identifier = 'a-bad-id' # this is going to cause a failure
send_sms.save()
# mimick POSTed receipt from Opera
add_perms_to_user('user', 'can_place_sms_receipt')
from django.test.client import RequestFactory
factory = RequestFactory(
HTTP_AUTHORIZATION=basic_auth_string('user', 'password'))
request = factory.post('/',
raw_xml_post.strip(),
content_type='application/xml; charset=utf-8;')
request.user = User.objects.get(username='******')
from txtalert.apps.gateway.backends.opera.views import sms_receipt_handler
response = sms_receipt_handler(request)
# it should return a JSON response
self.assertEquals(response['Content-Type'],
'application/json; charset=utf-8')
# test the json response
from django.utils import simplejson
data = simplejson.loads(response.content)
self.assertTrue(data.keys(), ['fail', 'success'])
# all should've failed
self.assertEquals(len(data['fail']), 2)
# we should get the dict back representing the receipt
self.assertEquals([r._asdict() for r in receipts], data['fail'])
# check database state
for receipt in receipts:
self.assertRaises(
SendSMS.DoesNotExist, # exception expected
SendSMS.objects.get, # callback
user=self.user, # args
msisdn=receipt.msisdn,
identifier=receipt.reference)
def test_good_receipt_processing(self):
"""Test the receipt XML we get back from Opera when a message has been
sent successfully"""
raw_xml_post = """
<?xml version="1.0"?>
<!DOCTYPE receipts>
<receipts>
<receipt>
<msgid>26567958</msgid>
<reference>001efc31</reference>
<msisdn>+44727204592</msisdn>
<status>D</status>
<timestamp>20080831T15:59:24</timestamp>
<billed>NO</billed>
</receipt>
<receipt>
<msgid>26750677</msgid>
<reference>001f4041</reference>
<msisdn>+44733476814</msisdn>
<status>D</status>
<timestamp>20080907T09:42:28</timestamp>
<billed>NO</billed>
</receipt>
</receipts>
"""
# fake us having sent SMSs and having stored the proper identifiers
tree = ET.fromstring(raw_xml_post.strip())
receipts = map(element_to_namedtuple, tree.findall('receipt'))
for receipt in receipts:
# FIXME: we need normalization FAST
[send_sms] = gateway.send_sms(self.user,
[receipt.msisdn.replace("+", "")],
['testing %s' % receipt.reference])
# manually specifiy the identifier so we can compare it later with the
# posted receipt
send_sms.identifier = receipt.reference
send_sms.save()
# mimick POSTed receipt from Opera
add_perms_to_user('user', 'can_place_sms_receipt')
from django.test.client import RequestFactory
factory = RequestFactory(
HTTP_AUTHORIZATION=basic_auth_string('user', 'password'))
request = factory.post('/',
raw_xml_post.strip(),
content_type='application/xml; charset=utf-8;')
request.user = User.objects.get(username='******')
# ugly monkey patching to avoid us having to use a URL to test the opera
# backend
from txtalert.apps.gateway.backends.opera.views import sms_receipt_handler
response = sms_receipt_handler(request)
# it should return a JSON response
self.assertEquals(response['Content-Type'],
'application/json; charset=utf-8')
# test the json response
from django.utils import simplejson
data = simplejson.loads(response.content)
self.assertTrue(data.keys(), ['fail', 'success'])
# all should've succeeded
self.assertEquals(len(data['success']), 2)
# we should get the dict back representing the receipt
self.assertEquals([r._asdict() for r in receipts], data['success'])
# check database state
for receipt in receipts:
# FIXME: normalization please ...
send_sms = SendSMS.objects.get(msisdn=receipt.msisdn.replace(
"+", ""),
identifier=receipt.reference)
self.assertEquals(
send_sms.delivery_timestamp,
datetime.strptime(receipt.timestamp, OPERA_TIMESTAMP_FORMAT))
self.assertEquals(send_sms.status, 'D')
self.assertEquals(send_sms.user, self.user)
class TestProcessPartnershipForm(TestCase):
def setUp(self):
self.factory = RequestFactory()
self.template = 'mozorg/partnerships.html'
self.view = 'mozorg.partnerships'
self.post_data = {
'first_name': 'The',
'last_name': 'Dude',
'title': 'Abider of things',
'company': 'Urban Achievers',
'email': '*****@*****.**',
}
self.invalid_post_data = {
'first_name': 'The',
'last_name': 'Dude',
'title': 'Abider of things',
'company': 'Urban Achievers',
'email': 'thedude',
}
with self.activate('en-US'):
self.url = reverse(self.view)
def test_get(self):
"""
A GET request should simply return a 200.
"""
request = self.factory.get(self.url)
request.locale = 'en-US'
response = views.process_partnership_form(request, self.template,
self.view)
self.assertEqual(response.status_code, 200)
def test_post(self):
"""
POSTing without AJAX should redirect to self.url on success and
render self.template on error.
"""
with self.activate('en-US'):
# test non-AJAX POST with valid form data
request = self.factory.post(self.url, self.post_data)
response = views.process_partnership_form(request, self.template,
self.view)
# should redirect to success URL
self.assertEqual(response.status_code, 302)
self.assertIn(self.url, response._headers['location'][1])
self.assertIn('text/html', response._headers['content-type'][1])
# test non-AJAX POST with invalid form data
request = self.factory.post(self.url, self.invalid_post_data)
# locale is not getting set via self.activate above...?
request.locale = 'en-US'
response = views.process_partnership_form(request, self.template,
self.view)
self.assertEqual(response.status_code, 200)
self.assertIn('text/html', response._headers['content-type'][1])
@patch('bedrock.mozorg.views.render_to_string', return_value='rendered')
@patch('bedrock.mozorg.views.EmailMessage')
def test_post_ajax(self, mock_email_message, mock_render_to_string):
"""
POSTing with AJAX should return success/error JSON.
"""
with self.activate('en-US'):
mock_send = mock_email_message.return_value.send
# test AJAX POST with valid form data
request = self.factory.post(self.url,
self.post_data,
HTTP_X_REQUESTED_WITH='XMLHttpRequest')
response = views.process_partnership_form(request, self.template,
self.view)
# decode JSON response
resp_data = json.loads(response.content)
self.assertEqual(response.status_code, 200)
self.assertEqual(response._headers['content-type'][1],
'application/json')
# make sure email was sent
mock_send.assert_called_once_with()
# make sure email values are correct
mock_email_message.assert_called_once_with(
views.PARTNERSHIPS_EMAIL_SUBJECT, 'rendered',
views.PARTNERSHIPS_EMAIL_FROM, views.PARTNERSHIPS_EMAIL_TO)
# test AJAX POST with invalid form data
request = self.factory.post(self.url,
self.invalid_post_data,
HTTP_X_REQUESTED_WITH='XMLHttpRequest')
response = views.process_partnership_form(request, self.template,
self.view)
# decode JSON response
resp_data = json.loads(response.content)
self.assertEqual(resp_data['msg'], 'Form invalid')
self.assertEqual(response.status_code, 400)
self.assertTrue('email' in resp_data['errors'])
self.assertEqual(response._headers['content-type'][1],
'application/json')
@patch('bedrock.mozorg.views.render_to_string', return_value='rendered')
@patch('bedrock.mozorg.views.EmailMessage')
def test_post_ajax_honeypot(self, mock_email_message,
mock_render_to_string):
"""
POSTing with AJAX and honeypot should return success JSON.
"""
with self.activate('en-US'):
mock_send = mock_email_message.return_value.send
self.post_data['office_fax'] = 'what is this?'
request = self.factory.post(self.url,
self.post_data,
HTTP_X_REQUESTED_WITH='XMLHttpRequest')
response = views.process_partnership_form(request, self.template,
self.view)
# decode JSON response
resp_data = json.loads(response.content)
self.assertEqual(resp_data['msg'], 'ok')
self.assertEqual(response.status_code, 200)
self.assertEqual(response._headers['content-type'][1],
'application/json')
ok_(not mock_send.called)
def test_post_ajax_error_xss(self):
"""
POSTing with AJAX should return sanitized error messages.
Bug 945845.
"""
with self.activate('en-US'):
# test AJAX POST with valid form data
post_data = self.post_data.copy()
post_data['interest'] = '"><img src=x onerror=alert(1);>'
escaped_data = '"><img src=x onerror=alert(1);>'
request = self.factory.post(self.url,
post_data,
HTTP_X_REQUESTED_WITH='XMLHttpRequest')
response = views.process_partnership_form(request, self.template,
self.view)
# decode JSON response
resp_data = json.loads(response.content)
self.assertEqual(resp_data['msg'], 'Form invalid')
self.assertEqual(response.status_code, 400)
self.assertTrue(post_data['interest'] not in resp_data['errors']
['interest'][0])
self.assertTrue(escaped_data in resp_data['errors']['interest'][0])
self.assertEqual(response._headers['content-type'][1],
'application/json')
@patch('bedrock.mozorg.views.render_to_string', return_value='rendered')
@patch('bedrock.mozorg.views.EmailMessage')
def test_lead_source(self, mock_email_message, mock_render_to_string):
"""
A POST request should include the 'lead_source' field in that call. The
value will be defaulted to 'www.mozilla.org/about/partnerships/' if it's
not specified.
"""
def _req(form_kwargs):
request = self.factory.post(self.url, self.post_data)
views.process_partnership_form(request, self.template, self.view,
{}, form_kwargs)
return str(mock_render_to_string.call_args[0][1])
self.assertTrue('www.mozilla.org/about/partnerships/' in _req(None))
self.assertTrue('www.mozilla.org/firefox/partners/' in _req(
{'lead_source': 'www.mozilla.org/firefox/partners/'}))
class TestPlaceListView(APITestMixin, TestCase):
def setUp(self):
cache_buffer.reset()
django_cache.clear()
self.owner = User.objects.create_user(username='******',
password='******',
email='*****@*****.**')
self.submitter = User.objects.create_user(username='******',
password='******',
email='*****@*****.**')
self.dataset = DataSet.objects.create(slug='ds', owner=self.owner)
self.place = Place.objects.create(
dataset=self.dataset,
geometry='POINT(2 3)',
submitter=self.submitter,
data=json.dumps({
'type': 'ATM',
'name': 'K-Mart',
'private-secrets': 42
}),
)
self.invisible_place = Place.objects.create(
dataset=self.dataset,
geometry='POINT(3 4)',
submitter=self.submitter,
visible=False,
data=json.dumps({
'type': 'ATM',
'name': 'Walmart',
}),
)
self.submissions = [
Submission.objects.create(place=self.place,
set_name='comments',
dataset=self.dataset,
data='{}'),
Submission.objects.create(place=self.place,
set_name='comments',
dataset=self.dataset,
data='{}'),
Submission.objects.create(place=self.place,
set_name='likes',
dataset=self.dataset,
data='{}'),
Submission.objects.create(place=self.place,
set_name='likes',
dataset=self.dataset,
data='{}'),
Submission.objects.create(place=self.place,
set_name='likes',
dataset=self.dataset,
data='{}'),
]
self.ds_origin = Origin.objects.create(
pattern='http://openplans.github.com', dataset=self.dataset)
dataset2 = DataSet.objects.create(slug='ds2', owner=self.owner)
place2 = Place.objects.create(
dataset=dataset2,
geometry='POINT(3 4)',
)
self.apikey = ApiKey.objects.create(key='abc', dataset=self.dataset)
self.request_kwargs = {
'owner_username': self.owner.username,
'dataset_slug': self.dataset.slug
}
self.factory = RequestFactory()
self.path = reverse('place-list', kwargs=self.request_kwargs)
self.view = PlaceListView.as_view()
def tearDown(self):
User.objects.all().delete()
DataSet.objects.all().delete()
Place.objects.all().delete()
Submission.objects.all().delete()
ApiKey.objects.all().delete()
cache_buffer.reset()
django_cache.clear()
@responses.activate
def test_POST_response(self):
Webhook.objects.create(dataset=self.dataset,
submission_set='places',
url='http://www.example.com/')
responses.add(responses.POST,
"http://www.example.com/",
body='{}',
content_type="application/json")
place_data = json.dumps({
'properties': {
'submitter_name': 'Andy',
'type': 'Park Bench',
'private-secrets': 'The mayor loves this bench',
},
'type': 'Feature',
'geometry': {
"type": "Point",
"coordinates": [-73.99, 40.75]
}
})
#
# View should create the place when owner is authenticated
#
request = self.factory.post(self.path,
data=place_data,
content_type='application/json')
request.META[KEY_HEADER] = self.apikey.key
response = self.view(request, **self.request_kwargs)
# Check that the request was successful
self.assertStatusCode(response, 201)
self.assertEqual(len(responses.calls), 1)
class TestSpeakerRequest(TestCase):
def setUp(self):
self.factory = RequestFactory()
self.view = press_views.SpeakerRequestView.as_view()
with self.activate('en-US'):
self.url = reverse('press.speaker-request')
self.data = {
'sr_event_name': 'Test Event',
'sr_event_url': 'www.mozilla.org',
'sr_event_date':
datetime.date.today() + datetime.timedelta(days=1),
'sr_event_time': '12:00 PM',
'sr_contact_name': 'The Dude',
'sr_contact_email': '*****@*****.**',
}
def tearDown(self):
mail.outbox = []
def test_view_post_valid_data(self):
"""
A valid POST should 302 redirect.
"""
request = self.factory.post(self.url, self.data)
# make sure CSRF doesn't hold us up
request._dont_enforce_csrf_checks = True
response = self.view(request)
assert response.status_code == 302
assert response[
'Location'] == '/en-US/press/speakerrequest/?success=True'
def test_view_post_missing_data(self):
"""
POST with missing data should return 200 and contain form
errors in the template.
"""
self.data.update(sr_event_url='') # remove required url
request = self.factory.post(self.url, self.data)
# make sure CSRF doesn't hold us up
request._dont_enforce_csrf_checks = True
response = self.view(request)
assert response.status_code == 200
self.assertIn(b'Please enter a URL', response.content)
def test_view_post_honeypot(self):
"""
POST with honeypot text box filled should return 200 and
contain general form error message.
"""
self.data['office_fax'] = 'spammer'
request = self.factory.post(self.url, self.data)
# make sure CSRF doesn't hold us up
request._dont_enforce_csrf_checks = True
response = self.view(request)
assert response.status_code == 200
self.assertIn(b'An error has occurred', response.content)
def test_form_valid_data(self):
"""
Form should be valid.
"""
form = SpeakerRequestForm(self.data)
# make sure form is valid
assert form.is_valid()
def test_form_missing_data(self):
"""
With incorrect data (missing url), form should not be valid and should
have url in the errors hash.
"""
self.data.update(sr_event_url='') # remove required url
form = SpeakerRequestForm(self.data)
# make sure form is invalid
assert not form.is_valid()
# make sure url errors are in form
self.assertIn('sr_event_url', form.errors)
def test_form_honeypot(self):
"""
Form with honeypot text box filled should not be valid.
"""
self.data['office_fax'] = 'spammer'
form = SpeakerRequestForm(self.data)
assert not form.is_valid()
def test_form_valid_attachement(self):
"""
Form should be valid when attachment under/at size limit.
"""
# attachment within size limit
mock_attachment = Mock(
size=press_forms.SPEAKER_REQUEST_FILE_SIZE_LIMIT)
form = SpeakerRequestForm(self.data,
{'sr_attachment': mock_attachment})
# make sure form is valid
assert form.is_valid()
def test_form_invalid_attachement(self):
"""
Form should be invalid and contain attachment errors when attachment
over size limit.
"""
# attachment within size limit
mock_attachment = Mock(
size=(press_forms.SPEAKER_REQUEST_FILE_SIZE_LIMIT + 1))
form = SpeakerRequestForm(self.data,
{'sr_attachment': mock_attachment})
# make sure form is not valid
assert not form.is_valid()
# make sure attachment errors are in form
self.assertIn('sr_attachment', form.errors)
@patch('bedrock.press.views.render_to_string', return_value='rendered')
@patch('bedrock.press.views.EmailMessage')
def test_email(self, mock_email_message, mock_render_to_string):
"""
Make sure email is sent with expected values.
"""
mock_send = mock_email_message.return_value.send
# create POST request
request = self.factory.post(self.url, self.data)
# make sure CSRF doesn't hold us up
request._dont_enforce_csrf_checks = True
# submit POST request
self.view(request)
# make sure email was sent
mock_send.assert_called_once_with()
# make sure email values are correct
mock_email_message.assert_called_once_with(
press_views.SPEAKER_REQUEST_EMAIL_SUBJECT, 'rendered',
press_views.SPEAKER_REQUEST_EMAIL_FROM,
press_views.SPEAKER_REQUEST_EMAIL_TO)
@patch('bedrock.press.views.render_to_string', return_value='rendered')
@patch('bedrock.press.views.EmailMessage')
def test_email_with_attachement(self, mock_email_message,
mock_render_to_string):
"""
Make sure email is sent with attachment.
"""
mock_attachment = Mock(
content_type='text/plain',
size=(press_forms.SPEAKER_REQUEST_FILE_SIZE_LIMIT))
# make sure name attribute is treated as string
mock_attachment.name = 'img.jpg'
# create POST request
request = self.factory.post(self.url, self.data)
# make sure CSRF doesn't hold us up
request._dont_enforce_csrf_checks = True
# add mock attachment to files dict
request.FILES['sr_attachment'] = mock_attachment
# submit POST request
self.view(request)
# make sure attachment was attached
mock_email_message.return_value.attach.assert_called_once_with(
'img.jpg', mock_attachment.read.return_value, 'text/plain')
mock_attachment.read.assert_called_once_with()
# make sure email was sent
mock_email_message.return_value.send.assert_called_once_with()
# make sure email values are correct
mock_email_message.assert_called_once_with(
press_views.SPEAKER_REQUEST_EMAIL_SUBJECT, 'rendered',
press_views.SPEAKER_REQUEST_EMAIL_FROM,
press_views.SPEAKER_REQUEST_EMAIL_TO)
def test_emails_not_escaped(self):
"""
Strings in the fraud report form should not be HTML escaped
when inserted into the email, which is just text.
E.g. if they entered
J'adore le ''Renard de feu''
the email should not contain
J'adore le ''Renard de feu''
Tags are still stripped, though.
"""
STRING1 = u"<blink>J'adore Citröns</blink> & <Piñatas> so there"
EXPECTED1 = u"J'adore Citröns & so there"
STRING2 = u"J'adore Piñatas & <fromage> so here"
EXPECTED2 = u"J'adore Piñatas & so here"
STRING3 = u"J'adore <coffee>el café</coffee> también"
EXPECTED3 = u"J'adore el café también"
self.data.update(sr_contact_title=STRING1,
sr_event_theme=STRING2,
sr_event_format=STRING3)
request = self.factory.post(self.url, self.data)
# make sure CSRF doesn't hold us up
request._dont_enforce_csrf_checks = True
self.view(request)
assert len(mail.outbox) == 1
m = mail.outbox[0]
self.assertIn(EXPECTED1, m.body)
self.assertIn(EXPECTED2, m.body)
self.assertIn(EXPECTED3, m.body)
class SecondaryEmailChangeRequestTests(EventTestMixin, EmailTemplateTagMixin, CacheIsolationTestCase):
"""
Test changing a user's email address
"""
def setUp(self, tracker='common.djangoapps.student.views.management.tracker'):
super().setUp(tracker)
self.user = UserFactory.create()
self.new_secondary_email = '*****@*****.**'
self.req_factory = RequestFactory()
self.request = self.req_factory.post('unused_url', data={
'password': '******',
'new_email': self.new_secondary_email
})
self.request.user = self.user
self.user.email_user = Mock()
def do_email_validation(self, email):
"""
Executes validate_new_secondary_email, returning any resulting error message.
"""
try:
validate_new_email(self.request.user, email)
except ValueError as err:
return str(err)
def do_secondary_email_change(self, user, email, activation_key=None):
"""
Executes do_secondary_email_change_request, returning any resulting error message.
"""
with patch('crum.get_current_request', return_value=self.fake_request):
do_email_change_request(
user=user,
new_email=email,
activation_key=activation_key,
secondary_email_change_request=True
)
def assertFailedRequest(self, response_data, expected_error):
"""
Assert that `response_data` indicates a failed request that returns `expected_error`
"""
assert not response_data['success']
assert expected_error == response_data['error']
assert not self.user.email_user.called
def test_invalid_emails(self):
"""
Assert the expected error message from the email validation method for an invalid
(improperly formatted) email address.
"""
for email in ('bad_email', 'bad_email@', '@bad_email'):
assert self.do_email_validation(email) == 'Valid e-mail address required.'
@patch('django.core.mail.EmailMultiAlternatives.send')
def test_email_failure(self, send_mail):
"""
Test the return value if sending the email for the user to click fails.
"""
send_mail.side_effect = [Exception, None]
with self.assertRaisesRegex(ValueError, 'Unable to send email activation link. Please try again later.'):
self.do_secondary_email_change(self.user, "*****@*****.**")
self.assert_no_events_were_emitted()
def test_email_success(self):
"""
Test email was sent if no errors encountered.
"""
new_email = "*****@*****.**"
registration_key = "test-registration-key"
self.do_secondary_email_change(self.user, new_email, registration_key)
self._assert_email(
subject='Confirm your recovery email for édX',
body_fragments=[
'You\'ve registered this recovery email address for édX.',
'If you set this email address, click "confirm email."',
'If you didn\'t request this change, you can disregard this email.',
f'http://edx.org/activate_secondary_email/{registration_key}',
],
)
def _assert_email(self, subject, body_fragments):
"""
Verify that the email was sent.
"""
assert len(mail.outbox) == 1
assert len(body_fragments) > 1, 'Should provide at least two body fragments'
message = mail.outbox[0]
text = message.body
html = message.alternatives[0][0]
assert message.subject == subject
for fragment in body_fragments:
assert fragment in text
assert escape(fragment) in html
class PublishEntryTestCase(TestCase):
tags = ('offering-api', )
def setUp(self):
# Create request factory
self.factory = RequestFactory()
# Create testing user
self.user = User.objects.create_user(username='******',
email='',
password='******')
self.data = {'marketplaces': []}
self.request = self.factory.post(
'/offering/offerings/test_user/test_offering/1.0',
json.dumps(self.data),
content_type='application/json',
HTTP_ACCEPT='application/json')
self.request.user = self.user
def test_publish_offering(self):
# Mock publish offering method
views.publish_offering = MagicMock(name='publish_offering')
publish_entry = views.PublishEntry(permitted_methods=('POST', ))
offering = Offering.objects.create(
name='test_offering',
owner_organization=Organization.objects.get(
name=self.user.username),
owner_admin_user=self.user,
version='1.0',
state='uploaded',
description_url='',
resources=[],
comments=[],
tags=[],
image_url='',
related_images=[],
offering_description={},
notification_url='',
creation_date='2013-06-03 10:00:00')
# Call the view
site = Site.objects.create(name='Test_site',
domain='http://testsite.com')
Context.objects.create(site=site)
views.get_current_site = MagicMock()
views.get_current_site.return_value = site
response = publish_entry.create(self.request, 'test_user',
'test_offering', '1.0')
views.publish_offering.assert_called_once_with(self.user, offering,
self.data)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.get('Content-type'),
'application/json; charset=utf-8')
body_response = json.loads(response.content)
self.assertEqual(type(body_response), dict)
self.assertEqual(body_response['message'], 'OK')
self.assertEqual(body_response['result'], 'correct')
def test_publish_offering_not_found(self):
# Mock publish offering method
views.publish_offering = MagicMock(name='publish_offering')
publish_entry = views.PublishEntry(permitted_methods=('POST', ))
# Call the view
response = publish_entry.create(self.request, 'test_user',
'test_offering', '1.0')
self.assertFalse(views.publish_offering.called)
self.assertEqual(response.status_code, 404)
self.assertEqual(response.get('Content-type'),
'application/json; charset=utf-8')
body_response = json.loads(response.content)
self.assertEqual(type(body_response), dict)
self.assertEqual(body_response['message'], 'Offering not found')
self.assertEqual(body_response['result'], 'error')
def test_publish_entry_not_owner(self):
# Mock publish offering method
views.publish_offering = MagicMock(name='publish_offering')
publish_entry = views.PublishEntry(permitted_methods=('POST', ))
org = Organization.objects.get(name=self.user.username)
org.managers = []
org.save()
Offering.objects.create(name='test_offering',
owner_organization=org,
owner_admin_user=self.user,
version='1.0',
state='uploaded',
description_url='',
resources=[],
comments=[],
tags=[],
image_url='',
related_images=[],
offering_description={},
notification_url='',
creation_date='2013-06-03 10:00:00')
Offering.is_owner = MagicMock()
Offering.is_owner.return_value = False
# Call the view
response = publish_entry.create(self.request, 'test_user',
'test_offering', '1.0')
self.assertFalse(views.publish_offering.called)
self.assertEqual(response.status_code, 403)
self.assertEqual(response.get('Content-type'),
'application/json; charset=utf-8')
body_response = json.loads(response.content)
self.assertEqual(type(body_response), dict)
self.assertEqual(body_response['message'], 'Forbidden')
self.assertEqual(body_response['result'], 'error')
def test_publish_entry_bad_gateway(self):
# Mock publish offering method
views.publish_offering = MagicMock(name='publish_offering')
views.publish_offering.side_effect = HTTPError('', 500, '', None, None)
publish_entry = views.PublishEntry(permitted_methods=('POST', ))
offering = Offering.objects.create(
name='test_offering',
owner_organization=Organization.objects.get(
name=self.user.username),
owner_admin_user=self.user,
version='1.0',
state='uploaded',
description_url='',
resources=[],
comments=[],
tags=[],
image_url='',
related_images=[],
offering_description={},
notification_url='',
creation_date='2013-06-03 10:00:00')
# Call the view
response = publish_entry.create(self.request, 'test_user',
'test_offering', '1.0')
views.publish_offering.assert_called_once_with(self.user, offering,
self.data)
self.assertEqual(response.status_code, 502)
self.assertEqual(response.get('Content-type'),
'application/json; charset=utf-8')
body_response = json.loads(response.content)
self.assertEqual(type(body_response), dict)
self.assertEqual(body_response['message'],
'The Marketplace has failed publishing the offering')
self.assertEqual(body_response['result'], 'error')
def test_publish_entry_exception(self):
# Mock publish offering method
views.publish_offering = MagicMock(name='publish_offering')
views.publish_offering.side_effect = Exception('Publication error')
publish_entry = views.PublishEntry(permitted_methods=('POST', ))
offering = Offering.objects.create(
name='test_offering',
owner_organization=Organization.objects.get(
name=self.user.username),
owner_admin_user=self.user,
version='1.0',
state='uploaded',
description_url='',
resources=[],
comments=[],
tags=[],
image_url='',
related_images=[],
offering_description={},
notification_url='',
creation_date='2013-06-03 10:00:00')
# Call the view
response = publish_entry.create(self.request, 'test_user',
'test_offering', '1.0')
views.publish_offering.assert_called_once_with(self.user, offering,
self.data)
self.assertEqual(response.status_code, 400)
self.assertEqual(response.get('Content-type'),
'application/json; charset=utf-8')
body_response = json.loads(response.content)
self.assertEqual(type(body_response), dict)
self.assertEqual(body_response['message'], 'Publication error')
self.assertEqual(body_response['result'], 'error')
def test_signup(self):
url = reverse('signup')
response = self.client.get(url)
self.assertEqual(response.status_code, 200)
data = {
'username': '******',
'email': '*****@*****.**',
'first_name': 'Test',
'last_name': 'User',
'latitude': '45',
'longitude': '2',
'country': 'FR',
'location_description': 'Somewhere',
'privacy_search': 'public',
'privacy_email': 'private',
'privacy_im': 'private',
'privacy_irctrack': 'public',
}
response = self.client.post(url, data)
self.assertEqual(response.status_code, 200)
self.assertEqual(User.objects.count(), 3)
data['password1'] = 'secret'
data['password2'] = 'othersecret'
response = self.client.post(url, data)
self.assertEqual(response.status_code, 200)
self.assertEqual(User.objects.count(), 3)
data['region'] = 'AL'
response = self.client.post(url, data)
self.assertEqual(response.status_code, 200)
self.assertEqual(User.objects.count(), 3)
self.assertFormError(response, 'form', 'region',
('The region you selected does not match the '
'country'))
del data['region']
data['password2'] = 'secret'
response = self.client.post(url, data, follow=True)
self.assertEqual(response.status_code, 200)
self.assertEqual(User.objects.count(), 4)
created = User.objects.get(username='******')
self.assertTrue(created.check_password('secret'))
self.assertEqual(len(response.redirect_chain), 1)
# Logged in users go back to the homepage
response = self.client.get(url)
self.assertEqual(response.status_code, 302)
self.client.session.flush()
# Registration with an OpenID shouldn't ask for a password
factory = RequestFactory()
request = prepare_request(factory.get(url))
response = signup(request)
response.render()
self.assertTrue('foo.example.com' in response.content)
del data['password1']
del data['password2']
data['username'] = '******'
data['email'] = '*****@*****.**'
request = prepare_request(factory.post(url, data))
response = signup(request)
self.assertEqual(response.status_code, 302)
self.assertEqual(response['Location'],
reverse('user_profile', args=['meh']))
self.assertEqual(User.objects.count(), 5)
self.assertEqual(DjangoPerson.objects.count(), 4)
class TestCORSMiddleware(TestCase):
def setUp(self):
self.factory = RequestFactory()
self.middleware = CorsMiddleware()
self.url = '/api/v2/search'
self.owner = create_user(username='******', password='******')
self.project = get(
Project, slug='pip',
users=[self.owner],
privacy_level=PUBLIC,
main_language_project=None,
)
self.project.versions.update(privacy_level=PUBLIC)
self.version = self.project.versions.get(slug=LATEST)
self.subproject = get(
Project,
users=[self.owner],
privacy_level=PUBLIC,
main_language_project=None,
)
self.subproject.versions.update(privacy_level=PUBLIC)
self.version_subproject = self.subproject.versions.get(slug=LATEST)
self.relationship = get(
ProjectRelationship,
parent=self.project,
child=self.subproject,
)
self.domain = get(
Domain,
domain='my.valid.domain',
project=self.project,
)
self.another_project = get(
Project,
privacy_level=PUBLIC,
slug='another',
)
self.another_project.versions.update(privacy_level=PUBLIC)
self.another_version = self.another_project.versions.get(slug=LATEST)
self.another_domain = get(
Domain,
domain='another.valid.domain',
project=self.another_project,
)
def test_allow_linked_domain_from_public_version(self):
request = self.factory.get(
self.url,
{'project': self.project.slug, 'version': self.version.slug},
HTTP_ORIGIN='http://my.valid.domain',
)
resp = self.middleware.process_response(request, {})
self.assertIn('Access-Control-Allow-Origin', resp)
def test_dont_allow_linked_domain_from_private_version(self):
self.version.privacy_level = PRIVATE
self.version.save()
request = self.factory.get(
self.url,
{'project': self.project.slug, 'version': self.version.slug},
HTTP_ORIGIN='http://my.valid.domain',
)
resp = self.middleware.process_response(request, {})
self.assertNotIn('Access-Control-Allow-Origin', resp)
def test_allowed_api_public_version_from_another_domain(self):
request = self.factory.get(
self.url,
{'project': self.project.slug, 'version': self.version.slug},
HTTP_ORIGIN='http://docs.another.domain',
)
resp = self.middleware.process_response(request, {})
self.assertIn('Access-Control-Allow-Origin', resp)
request = self.factory.get(
self.url,
{'project': self.project.slug, 'version': self.version.slug},
HTTP_ORIGIN='http://another.valid.domain',
)
resp = self.middleware.process_response(request, {})
self.assertIn('Access-Control-Allow-Origin', resp)
def test_not_allowed_api_private_version_from_another_domain(self):
self.version.privacy_level = PRIVATE
self.version.save()
request = self.factory.get(
self.url,
{'project': self.project.slug, 'version': self.version.slug},
HTTP_ORIGIN='http://docs.another.domain',
)
resp = self.middleware.process_response(request, {})
self.assertNotIn('Access-Control-Allow-Origin', resp)
request = self.factory.get(
self.url,
{'project': self.project.slug, 'version': self.version.slug},
HTTP_ORIGIN='http://another.valid.domain',
)
resp = self.middleware.process_response(request, {})
self.assertNotIn('Access-Control-Allow-Origin', resp)
def test_valid_subproject(self):
self.assertTrue(
Project.objects.filter(
pk=self.project.pk,
subprojects__child=self.subproject,
).exists(),
)
request = self.factory.get(
self.url,
{'project': self.project.slug, 'version': self.version.slug},
HTTP_ORIGIN='http://my.valid.domain',
)
resp = self.middleware.process_response(request, {})
self.assertIn('Access-Control-Allow-Origin', resp)
def test_embed_api_private_version_linked_domain(self):
self.version.privacy_level = PRIVATE
self.version.save()
request = self.factory.get(
'/api/v2/embed/',
{'project': self.project.slug, 'version': self.version.slug},
HTTP_ORIGIN='http://my.valid.domain',
)
resp = self.middleware.process_response(request, {})
self.assertNotIn('Access-Control-Allow-Origin', resp)
@mock.patch('readthedocs.core.signals._has_donate_app')
def test_sustainability_endpoint_allways_allowed(self, has_donate_app):
has_donate_app.return_value = True
request = self.factory.get(
'/api/v2/sustainability/',
{'project': self.project.slug, 'active': True, 'version': self.version.slug},
HTTP_ORIGIN='http://invalid.domain',
)
resp = self.middleware.process_response(request, {})
self.assertIn('Access-Control-Allow-Origin', resp)
request = self.factory.get(
'/api/v2/sustainability/',
{'project': self.project.slug, 'active': True, 'version': self.version.slug},
HTTP_ORIGIN='http://my.valid.domain',
)
resp = self.middleware.process_response(request, {})
self.assertIn('Access-Control-Allow-Origin', resp)
@mock.patch('readthedocs.core.signals._has_donate_app')
def test_sustainability_endpoint_no_ext(self, has_donate_app):
has_donate_app.return_value = False
request = self.factory.get(
'/api/v2/sustainability/',
{'project': self.project.slug, 'active': True, 'version': self.version.slug},
HTTP_ORIGIN='http://invalid.domain',
)
resp = self.middleware.process_response(request, {})
self.assertNotIn('Access-Control-Allow-Origin', resp)
request = self.factory.get(
'/api/v2/sustainability/',
{'project': self.project.slug, 'active': True, 'version': self.version.slug},
HTTP_ORIGIN='http://my.valid.domain',
)
resp = self.middleware.process_response(request, {})
self.assertNotIn('Access-Control-Allow-Origin', resp)
def test_apiv2_endpoint_not_allowed(self):
request = self.factory.get(
'/api/v2/version/',
{'project': self.project.slug, 'active': True, 'version': self.version.slug},
HTTP_ORIGIN='http://invalid.domain',
)
resp = self.middleware.process_response(request, {})
self.assertNotIn('Access-Control-Allow-Origin', resp)
# This also doesn't work on registered domains.
request = self.factory.get(
'/api/v2/version/',
{'project': self.project.slug, 'active': True, 'version': self.version.slug},
HTTP_ORIGIN='http://my.valid.domain',
)
resp = self.middleware.process_response(request, {})
self.assertNotIn('Access-Control-Allow-Origin', resp)
# Or from our public domain.
request = self.factory.get(
'/api/v2/version/',
{'project': self.project.slug, 'active': True, 'version': self.version.slug},
HTTP_ORIGIN='http://docs.readthedocs.io/',
)
resp = self.middleware.process_response(request, {})
self.assertNotIn('Access-Control-Allow-Origin', resp)
# POST is not allowed
request = self.factory.post(
'/api/v2/version/',
{'project': self.project.slug, 'active': True, 'version': self.version.slug},
HTTP_ORIGIN='http://my.valid.domain',
)
resp = self.middleware.process_response(request, {})
self.assertNotIn('Access-Control-Allow-Origin', resp)
class TripUpdateTests(TestCase):
'''Tests for the TripUpdate view.'''
def setUp(self):
"""Instantiate RequestFactory and User objects to pass POST requests
to the TripUpdate view.
Parameters:
self(TripUpdateTests): the calling object
Returns:
None
"""
self.factory = RequestFactory()
self.user = User.objects.create(username='******',
email='*****@*****.**',
password="******")
self.trip = Trip.objects.create(title="Summer Break",
passenger=self.user,
arrive_at="BOS",
terminal='G')
self.url = 'trips/4/change-details/'
def pass_test_func(self, user):
"""Check to make sure the request meets the requirements of the
UserPassesTestMixin that TripUpdate inherits from.
Parameters:
user(User): the client making the request
Returns
bool: True or False, depending on whether the client is the Trip
passenger
"""
return self.trip.passenger == user
def test_changing_trip_fields(self):
"""A user is able to change the title, arrive_at, or terminal fields
of a pre-exisiting Trip.
"""
# there is already a Trip in the db
old_trip = Trip.objects.get(title=self.trip.title)
self.assertTrue(old_trip, not None)
# the user is able to GET the update from
get_request = self.factory.get(self.url)
# the user making this request passes the UserPassesTestMixin of view
self.assertTrue(True, self.pass_test_func(self.user))
get_request.user = self.user
response = TripUpdate.as_view()(get_request, pk=self.trip.id)
self.assertEqual(response.status_code, 200)
# the user can then POST changes to the database
new_title = 'End of School-Year Journeys'
form_data = {'title': new_title, 'arrive_at': 'OAK', 'terminal': 'A'}
post_request = self.factory.post(self.url, form_data)
# the user making this request passes the UserPassesTestMixin of view
self.assertTrue(True, self.pass_test_func(self.user))
post_request.user = self.user
response = TripUpdate.as_view()(post_request,
form_data,
pk=self.trip.id)
# the user is then redirected
self.assertEqual(response.status_code, 302)
# the Trip fields have been chnaged to match the user data
new_trip = Trip.objects.get(title=new_title)
self.assertTrue(new_trip, not None)
class GetStartedViews(TestCase):
"""helping new users get oriented"""
def setUp(self):
"""we need basic test data and mocks"""
self.factory = RequestFactory()
self.local_user = models.User.objects.create_user(
"*****@*****.**",
"*****@*****.**",
"password",
local=True,
localname="mouse",
)
self.book = models.Edition.objects.create(
parent_work=models.Work.objects.create(title="hi"),
title="Example Edition",
remote_id="https://example.com/book/1",
)
models.Connector.objects.create(identifier="self",
connector_file="self_connector",
local=True)
models.SiteSettings.objects.create()
def test_profile_view(self):
"""there are so many views, this just makes sure it LOADS"""
view = views.GetStartedProfile.as_view()
request = self.factory.get("")
request.user = self.local_user
result = view(request)
self.assertIsInstance(result, TemplateResponse)
result.render()
self.assertEqual(result.status_code, 200)
def test_profile_view_post(self):
"""save basic user details"""
view = views.GetStartedProfile.as_view()
form = forms.LimitedEditUserForm(instance=self.local_user)
form.data["name"] = "New Name"
form.data["discoverable"] = "True"
request = self.factory.post("", form.data)
request.user = self.local_user
self.assertIsNone(self.local_user.name)
with patch("bookwyrm.models.activitypub_mixin.broadcast_task.delay"
) as delay_mock:
view(request)
self.assertEqual(delay_mock.call_count, 1)
self.assertEqual(self.local_user.name, "New Name")
self.assertTrue(self.local_user.discoverable)
def test_books_view(self):
"""there are so many views, this just makes sure it LOADS"""
view = views.GetStartedBooks.as_view()
request = self.factory.get("")
request.user = self.local_user
result = view(request)
self.assertIsInstance(result, TemplateResponse)
result.render()
self.assertEqual(result.status_code, 200)
def test_books_view_with_query(self):
"""there are so many views, this just makes sure it LOADS"""
view = views.GetStartedBooks.as_view()
request = self.factory.get("?query=Example")
request.user = self.local_user
result = view(request)
self.assertIsInstance(result, TemplateResponse)
result.render()
self.assertEqual(result.status_code, 200)
def test_books_view_post(self):
"""shelve some books"""
view = views.GetStartedBooks.as_view()
data = {self.book.id: self.local_user.shelf_set.first().id}
request = self.factory.post("", data)
request.user = self.local_user
self.assertFalse(self.local_user.shelfbook_set.exists())
with patch("bookwyrm.models.activitypub_mixin.broadcast_task.delay"
) as delay_mock:
view(request)
self.assertEqual(delay_mock.call_count, 1)
shelfbook = self.local_user.shelfbook_set.first()
self.assertEqual(shelfbook.book, self.book)
self.assertEqual(shelfbook.user, self.local_user)
def test_users_view(self):
"""there are so many views, this just makes sure it LOADS"""
view = views.GetStartedUsers.as_view()
request = self.factory.get("")
request.user = self.local_user
result = view(request)
self.assertIsInstance(result, TemplateResponse)
result.render()
self.assertEqual(result.status_code, 200)
def test_users_view_with_query(self):
"""there are so many views, this just makes sure it LOADS"""
view = views.GetStartedUsers.as_view()
request = self.factory.get("?query=rat")
request.user = self.local_user
result = view(request)
self.assertIsInstance(result, TemplateResponse)
result.render()
self.assertEqual(result.status_code, 200)
class ResourceCollectionTestCase(TestCase):
tags = ('offering-api', )
def setUp(self):
# Create request factory
self.factory = RequestFactory()
# Create testing user
self.user = User.objects.create_user(username='******',
email='',
password='******')
self.user.userprofile.get_current_roles = MagicMock(
name='get_current_roles')
self.user.userprofile.get_current_roles.return_value = [
'provider', 'customer'
]
self.user.userprofile.save()
@classmethod
def tearDownClass(cls):
from wstore.offerings import offerings_management
reload(offerings_management)
reload(views)
super(ResourceCollectionTestCase, cls).tearDownClass()
def _no_provider(self):
self.user.userprofile.get_current_roles = MagicMock(
name='get_current_roles')
self.user.userprofile.get_current_roles.return_value = ['customer']
self.user.userprofile.save()
def _call_exception(self):
views.get_provider_resources.side_effect = Exception(
'Getting resources error')
def _creation_exception(self):
views.register_resource.side_effect = Exception(
'Resource creation exception')
def _existing(self):
views.register_resource.side_effect = ConflictError('Resource exists')
@parameterized.expand([([{
'name': 'test_resource',
'provider': 'test_user',
'version': '1.0'
}], 'true'),
([{
'name': 'test_resource',
'provider': 'test_user',
'version': '1.0'
}], 'false'),
([{
'name': 'test_resource',
'provider': 'test_user',
'version': '1.0'
}], ),
([{
'name': 'test_resource',
'provider': 'test_user',
'version': '1.0'
}], None, None, 200, None, {
'start': '1',
'limit': '1'
}), ([], None, _no_provider, 403, 'Forbidden'),
([], 'inv', None, 400, 'Invalid open param'),
([], None, _call_exception, 400,
'Getting resources error')])
def test_get_resources(self,
return_value,
filter_=None,
side_effect=None,
code=200,
error_msg=None,
pagination=None):
# Mock get offerings method
resource_collection = views.ResourceCollection(
permitted_methods=('GET', 'POST'))
views.get_provider_resources = MagicMock(name='get_provider_resources')
views.get_provider_resources.return_value = return_value
path = '/api/offering/resources'
if filter_ is not None:
path += '?open=' + filter_
if pagination is not None:
if filter_ is None:
path += '?'
else:
path += '&'
path += 'start=' + pagination['start'] + '&limit=' + pagination[
'limit']
request = self.factory.get(path, HTTP_ACCEPT='application/json')
request.user = self.user
# Create the side effect if needed
if side_effect:
side_effect(self)
# Call the view
response = resource_collection.read(request)
self.assertEquals(response.status_code, code)
self.assertEqual(response.get('Content-type'),
'application/json; charset=utf-8')
body_response = json.loads(response.content)
if not error_msg:
# Check correct call
expected_filter = None
if filter_ is not None:
expected_filter = False
if filter_ == 'true':
expected_filter = True
views.get_provider_resources.assert_called_once_with(
self.user, pagination=pagination, filter_=expected_filter)
self.assertEquals(type(body_response), list)
self.assertEquals(body_response, return_value)
else:
self.assertEqual(type(body_response), dict)
self.assertEqual(body_response['message'], error_msg)
self.assertEqual(body_response['result'], 'error')
@parameterized.expand([(RESOURCE_DATA, ), (RESOURCE_DATA, True),
(RESOURCE_DATA, False, _no_provider, True, 403,
"You don't have the provider role"),
(RESOURCE_DATA, False, _creation_exception, True,
400, 'Resource creation exception'),
(RESOURCE_DATA, True, _creation_exception, True,
400, 'Resource creation exception'),
(RESOURCE_DATA, True, _creation_exception, True,
400, 'Resource creation exception'),
(RESOURCE_DATA, True, _existing, True, 409,
'Resource exists')])
def test_create_resource(self,
data,
file_=False,
side_effect=None,
error=False,
code=201,
msg='Created'):
# Mock get offerings method
resource_collection = views.ResourceCollection(
permitted_methods=('GET', 'POST'))
views.register_resource = MagicMock(name='get_provider_resources')
content = json.dumps(data)
content_type = 'application/json'
if file_:
f = StringIO()
f.name = 'test_file.txt'
f.write('test file')
content = {'json': json.dumps(data), 'file': f}
content_type = MULTIPART_CONTENT
# Build the request
request = self.factory.post('/api/offering/resources',
content,
content_type=content_type,
HTTP_ACCEPT='application/json')
request.user = self.user
# Create the side effect if needed
if side_effect:
side_effect(self)
# Call the view
response = resource_collection.create(request)
self.assertEqual(response.status_code, code)
self.assertEqual(response.get('Content-type'),
'application/json; charset=utf-8')
body_response = json.loads(response.content)
self.assertEqual(type(body_response), dict)
self.assertEqual(body_response['message'], msg)
if not error:
# Check correct call
if not file_:
views.register_resource.assert_called_once_with(
self.user, data)
else:
expected_file = request.FILES[
'file'] # The type change when loaded
views.register_resource.assert_called_once_with(
self.user, data, file_=expected_file)
self.assertEqual(body_response['result'], 'correct')
else:
self.assertEqual(body_response['result'], 'error')
class InteractionViews(TestCase):
""" viewing and creating statuses """
def setUp(self):
""" we need basic test data and mocks """
self.factory = RequestFactory()
self.local_user = models.User.objects.create_user(
"*****@*****.**",
"*****@*****.**",
"mouseword",
local=True,
localname="mouse",
remote_id="https://example.com/users/mouse",
)
with patch("bookwyrm.models.user.set_remote_server"):
self.remote_user = models.User.objects.create_user(
"rat",
"*****@*****.**",
"ratword",
local=False,
remote_id="https://example.com/users/rat",
inbox="https://example.com/users/rat/inbox",
outbox="https://example.com/users/rat/outbox",
)
work = models.Work.objects.create(title="Test Work")
self.book = models.Edition.objects.create(
title="Example Edition",
remote_id="https://example.com/book/1",
parent_work=work,
)
def test_handle_favorite(self):
""" create and broadcast faving a status """
view = views.Favorite.as_view()
request = self.factory.post("")
request.user = self.remote_user
with patch("bookwyrm.models.activitypub_mixin.broadcast_task.delay"):
status = models.Status.objects.create(user=self.local_user,
content="hi")
view(request, status.id)
fav = models.Favorite.objects.get()
self.assertEqual(fav.status, status)
self.assertEqual(fav.user, self.remote_user)
notification = models.Notification.objects.get()
self.assertEqual(notification.notification_type, "FAVORITE")
self.assertEqual(notification.user, self.local_user)
self.assertEqual(notification.related_user, self.remote_user)
def test_handle_unfavorite(self):
""" unfav a status """
view = views.Unfavorite.as_view()
request = self.factory.post("")
request.user = self.remote_user
with patch("bookwyrm.models.activitypub_mixin.broadcast_task.delay"):
status = models.Status.objects.create(user=self.local_user,
content="hi")
views.Favorite.as_view()(request, status.id)
self.assertEqual(models.Favorite.objects.count(), 1)
self.assertEqual(models.Notification.objects.count(), 1)
with patch("bookwyrm.models.activitypub_mixin.broadcast_task.delay"):
view(request, status.id)
self.assertEqual(models.Favorite.objects.count(), 0)
self.assertEqual(models.Notification.objects.count(), 0)
def test_handle_boost(self):
""" boost a status """
view = views.Boost.as_view()
request = self.factory.post("")
request.user = self.remote_user
with patch("bookwyrm.models.activitypub_mixin.broadcast_task.delay"):
status = models.Status.objects.create(user=self.local_user,
content="hi")
view(request, status.id)
boost = models.Boost.objects.get()
self.assertEqual(boost.boosted_status, status)
self.assertEqual(boost.user, self.remote_user)
self.assertEqual(boost.privacy, "public")
notification = models.Notification.objects.get()
self.assertEqual(notification.notification_type, "BOOST")
self.assertEqual(notification.user, self.local_user)
self.assertEqual(notification.related_user, self.remote_user)
self.assertEqual(notification.related_status, status)
def test_handle_boost_unlisted(self):
""" boost a status """
view = views.Boost.as_view()
request = self.factory.post("")
request.user = self.local_user
with patch("bookwyrm.models.activitypub_mixin.broadcast_task.delay"):
status = models.Status.objects.create(user=self.local_user,
content="hi",
privacy="unlisted")
view(request, status.id)
boost = models.Boost.objects.get()
self.assertEqual(boost.privacy, "unlisted")
def test_handle_boost_private(self):
""" boost a status """
view = views.Boost.as_view()
request = self.factory.post("")
request.user = self.local_user
with patch("bookwyrm.models.activitypub_mixin.broadcast_task.delay"):
status = models.Status.objects.create(user=self.local_user,
content="hi",
privacy="followers")
view(request, status.id)
self.assertFalse(models.Boost.objects.exists())
def test_handle_boost_twice(self):
""" boost a status """
view = views.Boost.as_view()
request = self.factory.post("")
request.user = self.local_user
with patch("bookwyrm.models.activitypub_mixin.broadcast_task.delay"):
status = models.Status.objects.create(user=self.local_user,
content="hi")
view(request, status.id)
view(request, status.id)
self.assertEqual(models.Boost.objects.count(), 1)
def test_handle_unboost(self):
""" undo a boost """
view = views.Unboost.as_view()
request = self.factory.post("")
request.user = self.local_user
with patch("bookwyrm.models.activitypub_mixin.broadcast_task.delay"):
status = models.Status.objects.create(user=self.local_user,
content="hi")
views.Boost.as_view()(request, status.id)
self.assertEqual(models.Boost.objects.count(), 1)
self.assertEqual(models.Notification.objects.count(), 1)
with patch("bookwyrm.models.activitypub_mixin.broadcast_task.delay"
) as mock:
view(request, status.id)
self.assertEqual(mock.call_count, 1)
self.assertEqual(models.Boost.objects.count(), 0)
self.assertEqual(models.Notification.objects.count(), 0)
class CreateCustomExamsViewTest(TestCase):
def setUp(self):
self.factory = RequestFactory()
self.health_professional = HealthProfessional.objects.create_user(
email='*****@*****.**', password='******')
self.patient = Patient.objects.create_user(email='*****@*****.**',
password='******',
CEP='72850735',
UF='DF',
city='Brasília',
neighborhood='Asa sul',
complement='Bloco 2 QD 701')
self.user = User.objects.create_user(email='*****@*****.**',
password='******')
self.description = "Examina alguma coisa"
def teste_exam_get_without_login(self):
request = self.factory.get('/exam/create_custom_exams/')
request.user = AnonymousUser()
response = CreateCustomExamsView.as_view()(request)
self.assertEqual(response.status_code, 302)
def teste_exam_get_with_patient(self):
request = self.factory.get('/exam/create_custom_exams/')
request.user = self.patient
with self.assertRaises(PermissionDenied):
CreateCustomExamsView.as_view()(request)
def teste_exam_get_with_user(self):
request = self.factory.get('/exam/create_custom_exams/')
request.user = self.user
with self.assertRaises(PermissionDenied):
CreateCustomExamsView.as_view()(request)
def teste_exam_get_with_health_professional(self):
request = self.factory.get('/exam/create_custom_exams/')
request.user = self.health_professional
response = CreateCustomExamsView.as_view()(request)
self.assertEqual(response.status_code, 200)
def teste_exam_post_without_login(self):
request = self.factory.post('/exam/create_custom_exams/', {
'name': '',
'description': self.description
})
request.user = AnonymousUser()
response = CreateCustomExamsView.as_view()(request)
self.assertEqual(response.status_code, 302)
def teste_exam_post_with_patient(self):
request = self.factory.post('/exam/create_custom_exams/', {
'name': '',
'description': self.description
})
request.user = self.patient
with self.assertRaises(PermissionDenied):
CreateCustomExamsView.as_view()(request)
def teste_exam_post_with_user(self):
request = self.factory.post('/exam/create_custom_exams/', {
'name': '',
'description': self.description
})
request.user = self.user
with self.assertRaises(PermissionDenied):
CreateCustomExamsView.as_view()(request)
def teste_exam_post_with_health_professional(self):
request = self.factory.post('/exam/create_custom_exams/', {
'name': '',
'description': self.description
})
request.user = self.health_professional
response = CreateCustomExamsView.as_view()(request)
self.assertEqual(response.status_code, 200)
class ResourceEntryTestCase(TestCase):
tags = ('offering-api', )
def setUp(self):
# Create request factory
self.factory = RequestFactory()
# Create testing user
self.user = User.objects.create_user(username='******',
email='',
password='******')
self.user.userprofile.get_current_roles = MagicMock(
name='get_current_roles')
self.user.userprofile.get_current_roles.return_value = [
'provider', 'customer'
]
self.user.userprofile.save()
# Create resource model mock
self.resource = MagicMock()
self.resource.provider = self.user.userprofile.current_organization
views.OfferingResource = MagicMock()
views.OfferingResource.objects.get.return_value = self.resource
@classmethod
def tearDownClass(cls):
from wstore.offerings import offerings_management
reload(offerings_management)
reload(views)
super(ResourceEntryTestCase, cls).tearDownClass()
def tearDown(self):
views.json = json
def _not_found(self):
views.OfferingResource.objects.get.side_effect = Exception('Not found')
def _no_provider(self):
self.user.userprofile.get_current_roles.return_value = ['customer']
def _exception_update(self):
views.update_resource.side_effect = Exception('Exception in call')
def _exception_upgrade(self):
views.upgrade_resource.side_effect = Exception('Exception in call')
def _exception_delete(self):
views.delete_resource.side_effect = Exception('Exception in call')
def _invalid_json(self):
views.json = MagicMock()
views.json.loads.side_effect = Exception('Invalid content')
@parameterized.expand([
(RESOURCE_DATA, 200, 'OK'),
(RESOURCE_DATA, 400, 'Invalid content', _invalid_json, 'error'),
(RESOURCE_DATA, 403, 'Forbidden', _no_provider, 'error'),
(RESOURCE_DATA, 400, 'Exception in call', _exception_update, 'error')
])
def test_resource_update_api(self,
data,
code,
msg,
side_effect=None,
status='correct'):
views.update_resource = MagicMock(name='update_resource')
if side_effect:
side_effect(self)
request = self.factory.put(
'/api/offering/resources/test_user/test_resource/1.0',
json.dumps(data),
content_type='application/json',
HTTP_ACCEPT='application/json')
request.user = self.user
res_entry = views.ResourceEntry(permitted_methods=('PUT', 'POST',
'DELETE'))
response = res_entry.update(request, 'test_user', 'test_resource',
'1.0')
self.assertEqual(response.status_code, code)
self.assertEqual(response.get('Content-type'),
'application/json; charset=utf-8')
body_response = json.loads(response.content)
self.assertEquals(type(body_response), dict)
self.assertEquals(body_response['message'], msg)
self.assertEquals(body_response['result'], status)
# Check call to update method if needed
if status != 'error':
views.update_resource.assert_called_once_with(
self.resource, self.user, data)
@parameterized.expand([
(RESOURCE_DATA, 200, 'OK'), (RESOURCE_DATA, 200, 'OK', True),
(RESOURCE_DATA, 400, 'Invalid content', False, _invalid_json, True),
(RESOURCE_DATA, 400, 'Invalid content', True, _invalid_json, True),
(RESOURCE_DATA, 404, 'Resource not found', False, _not_found, True),
(RESOURCE_DATA, 403, 'Forbidden', False, _no_provider, True),
(RESOURCE_DATA, 400, 'Exception in call', False, _exception_upgrade,
True)
])
def test_resource_upgrade_api(self,
data,
code,
msg,
file_=False,
side_effect=None,
error=False):
# Mock update method
views.upgrade_resource = MagicMock(name='upgrade_resource')
if side_effect:
side_effect(self)
content = json.dumps(data)
content_type = 'application/json'
if file_:
f = StringIO()
f.name = 'test_file.txt'
f.write('test file')
content = {'json': json.dumps(data), 'file': f}
content_type = MULTIPART_CONTENT
request = self.factory.post(
'/api/offering/resources/test_user/test_resource/1.0',
content,
content_type=content_type,
HTTP_ACCEPT='application/json')
request.user = self.user
res_entry = views.ResourceEntry(permitted_methods=('PUT', 'POST',
'DELETE'))
response = res_entry.create(request, 'test_user', 'test_resource',
'1.0')
self.assertEqual(response.status_code, code)
self.assertEqual(response.get('Content-type'),
'application/json; charset=utf-8')
body_response = json.loads(response.content)
self.assertEqual(type(body_response), dict)
self.assertEqual(body_response['message'], msg)
if not error:
if not file_:
views.upgrade_resource.assert_called_once_with(
self.resource, self.user, data)
else:
expected_file = request.FILES[
'file'] # The type change when loaded
views.upgrade_resource.assert_called_once_with(
self.resource, self.user, data, expected_file)
self.assertEqual(body_response['result'], 'correct')
else:
self.assertEqual(body_response['result'], 'error')
@parameterized.expand([(204, 'No Content'),
(404, 'Resource not found', _not_found, True),
(403, 'Forbidden', _no_provider, True),
(400, 'Exception in call', _exception_delete, True)]
)
def test_resource_deletion_api(self,
code,
msg,
side_effect=None,
error=False):
# Mock delete resource method
views.delete_resource = MagicMock(name='delete_resource')
if side_effect:
side_effect(self)
request = self.factory.delete(
'/api/offering/resources/test_user/test_resource/1.0',
HTTP_ACCEPT='application/json')
request.user = self.user
res_entry = views.ResourceEntry(permitted_methods=('POST', 'DELETE'))
response = res_entry.delete(request, 'test_user', 'test_resource',
'1.0')
self.assertEqual(response.status_code, code)
self.assertEqual(response.get('Content-type'),
'application/json; charset=utf-8')
body_response = json.loads(response.content)
self.assertEqual(type(body_response), dict)
self.assertEqual(body_response['message'], msg)
if not error:
views.delete_resource.assert_called_once_with(
self.resource, self.user)
self.assertEqual(body_response['result'], 'correct')
else:
self.assertEqual(body_response['result'], 'error')
class TestFormHandler(TestCase):
def setUp(self):
self.factory = RequestFactory()
self.form = Form.add_root(widgy_site)
def test_get(self):
req = self.factory.get('/?from=/foo/')
resp = handle_form(req, form_node_pk=self.form.node.pk)
self.assertEqual(resp['Location'], '/foo/')
def test_post(self):
req = self.factory.post('/?from=/foo/')
with mock.patch.object(Form, 'execute') as form_execute:
form_execute.return_value = object()
resp = handle_form(req, form_node_pk=self.form.node.pk)
args, kwargs = form_execute.call_args
self.assertIs(args[0], req)
self.assertIsInstance(args[1], forms.BaseForm)
# should use the form's response
self.assertIs(resp, form_execute.return_value)
def test_post_rerender(self):
self.form.children['fields'].add_child(
widgy_site,
FormInput,
label='foo',
required=True,
type='text',
)
req = self.factory.post('/?from=/foo/')
req.user = User(is_superuser=True)
with mock.patch.object(Form, 'execute') as form_execute:
with mock.patch('widgy.contrib.widgy_mezzanine.views.page_view'
) as page_view:
page_view.return_value = object()
resp = handle_form(req, form_node_pk=self.form.node.pk)
form_execute.assert_not_called()
self.assertIs(resp, page_view.return_value)
args, kwargs = page_view.call_args
self.assertIs(args[0], req)
extra_context = kwargs['extra_context']
self.assertEqual(extra_context['root_node_override'], self.form.node)
django_form = extra_context[self.form.context_var]
self.assertIsInstance(django_form, forms.BaseForm)
self.assertTrue(django_form.errors)
@override_settings(MIDDLEWARE_CLASSES=settings.MIDDLEWARE_CLASSES +
('mezzanine.pages.middleware.PageMiddleware', ))
def test_post_no_404(self):
"""
Mezzanine==3.1.2 introduced a change that caused calls to page view
(such as in the form_invalid of the handle_form view to 404. This test
ensures that there is no 404.
"""
from widgy.contrib.widgy_mezzanine.models import WidgyPage
page = WidgyPage.objects.create(title='Test')
self.form.children['fields'].add_child(
widgy_site,
FormInput,
label='foo',
required=True,
type='text',
)
req = self.factory.post('/?from=/foo/')
req.user = User(is_superuser=True)
resp = handle_form(req, form_node_pk=self.form.node.pk, slug=page.slug)
self.assertEqual(resp.status_code, 200)
class TestCreateAccount(TestCase):
"""Tests for account creation"""
def setUp(self):
super(TestCreateAccount, self).setUp()
self.username = "******"
self.url = reverse("create_account")
self.request_factory = RequestFactory()
self.params = {
"username": self.username,
"email": "*****@*****.**",
"password": "******",
"name": "Test User",
"honor_code": "true",
"terms_of_service": "true",
}
@ddt.data("en", "eo")
def test_default_lang_pref_saved(self, lang):
with mock.patch("django.conf.settings.LANGUAGE_CODE", lang):
response = self.client.post(self.url, self.params)
self.assertEqual(response.status_code, 200)
user = User.objects.get(username=self.username)
self.assertEqual(get_user_preference(user, LANGUAGE_KEY), lang)
@ddt.data("en", "eo")
def test_header_lang_pref_saved(self, lang):
response = self.client.post(self.url, self.params, HTTP_ACCEPT_LANGUAGE=lang)
user = User.objects.get(username=self.username)
self.assertEqual(response.status_code, 200)
self.assertEqual(get_user_preference(user, LANGUAGE_KEY), lang)
def create_account_and_fetch_profile(self):
"""
Create an account with self.params, assert that the response indicates
success, and return the UserProfile object for the newly created user
"""
response = self.client.post(self.url, self.params, HTTP_HOST="microsite.example.com")
self.assertEqual(response.status_code, 200)
user = User.objects.get(username=self.username)
return user.profile
def test_marketing_cookie(self):
response = self.client.post(self.url, self.params)
self.assertEqual(response.status_code, 200)
self.assertIn(settings.EDXMKTG_LOGGED_IN_COOKIE_NAME, self.client.cookies)
self.assertIn(settings.EDXMKTG_USER_INFO_COOKIE_NAME, self.client.cookies)
@unittest.skipUnless(
"microsite_configuration.middleware.MicrositeMiddleware" in settings.MIDDLEWARE_CLASSES,
"Microsites not implemented in this environment"
)
def test_profile_saved_no_optional_fields(self):
profile = self.create_account_and_fetch_profile()
self.assertEqual(profile.name, self.params["name"])
self.assertEqual(profile.level_of_education, "")
self.assertEqual(profile.gender, "")
self.assertEqual(profile.mailing_address, "")
self.assertEqual(profile.city, "")
self.assertEqual(profile.country, "")
self.assertEqual(profile.goals, "")
self.assertEqual(
profile.get_meta(),
{
"extra1": "",
"extra2": "",
}
)
self.assertIsNone(profile.year_of_birth)
@unittest.skipUnless(
"microsite_configuration.middleware.MicrositeMiddleware" in settings.MIDDLEWARE_CLASSES,
"Microsites not implemented in this environment"
)
@override_settings(LMS_SEGMENT_KEY="testkey")
@mock.patch('student.views.analytics.track')
@mock.patch('student.views.analytics.identify')
def test_segment_tracking(self, mock_segment_identify, _):
year = datetime.now().year
year_of_birth = year - 14
self.params.update({
"level_of_education": "a",
"gender": "o",
"mailing_address": "123 Example Rd",
"city": "Exampleton",
"country": "US",
"goals": "To test this feature",
"year_of_birth": str(year_of_birth),
"extra1": "extra_value1",
"extra2": "extra_value2",
})
expected_payload = {
'email': self.params['email'],
'username': self.params['username'],
'name': self.params['name'],
'age': 13,
'yearOfBirth': year_of_birth,
'education': 'Associate degree',
'address': self.params['mailing_address'],
'gender': 'Other/Prefer Not to Say',
'country': self.params['country'],
}
self.create_account_and_fetch_profile()
mock_segment_identify.assert_called_with(1, expected_payload)
@unittest.skipUnless(
"microsite_configuration.middleware.MicrositeMiddleware" in settings.MIDDLEWARE_CLASSES,
"Microsites not implemented in this environment"
)
def test_profile_saved_all_optional_fields(self):
self.params.update({
"level_of_education": "a",
"gender": "o",
"mailing_address": "123 Example Rd",
"city": "Exampleton",
"country": "US",
"goals": "To test this feature",
"year_of_birth": "2015",
"extra1": "extra_value1",
"extra2": "extra_value2",
})
profile = self.create_account_and_fetch_profile()
self.assertEqual(profile.level_of_education, "a")
self.assertEqual(profile.gender, "o")
self.assertEqual(profile.mailing_address, "123 Example Rd")
self.assertEqual(profile.city, "Exampleton")
self.assertEqual(profile.country, "US")
self.assertEqual(profile.goals, "To test this feature")
self.assertEqual(
profile.get_meta(),
{
"extra1": "extra_value1",
"extra2": "extra_value2",
}
)
self.assertEqual(profile.year_of_birth, 2015)
@unittest.skipUnless(
"microsite_configuration.middleware.MicrositeMiddleware" in settings.MIDDLEWARE_CLASSES,
"Microsites not implemented in this environment"
)
def test_profile_saved_empty_optional_fields(self):
self.params.update({
"level_of_education": "",
"gender": "",
"mailing_address": "",
"city": "",
"country": "",
"goals": "",
"year_of_birth": "",
"extra1": "",
"extra2": "",
})
profile = self.create_account_and_fetch_profile()
self.assertEqual(profile.level_of_education, "")
self.assertEqual(profile.gender, "")
self.assertEqual(profile.mailing_address, "")
self.assertEqual(profile.city, "")
self.assertEqual(profile.country, "")
self.assertEqual(profile.goals, "")
self.assertEqual(
profile.get_meta(),
{"extra1": "", "extra2": ""}
)
self.assertEqual(profile.year_of_birth, None)
def test_profile_year_of_birth_non_integer(self):
self.params["year_of_birth"] = "not_an_integer"
profile = self.create_account_and_fetch_profile()
self.assertIsNone(profile.year_of_birth)
def base_extauth_bypass_sending_activation_email(self, bypass_activation_email):
"""
Tests user creation without sending activation email when
doing external auth
"""
request = self.request_factory.post(self.url, self.params)
# now indicate we are doing ext_auth by setting 'ExternalAuthMap' in the session.
request.session = import_module(settings.SESSION_ENGINE).SessionStore() # empty session
extauth = ExternalAuthMap(external_id='*****@*****.**',
external_email='*****@*****.**',
internal_password=self.params['password'],
external_domain='shib:https://idp.stanford.edu/')
request.session['ExternalAuthMap'] = extauth
request.user = AnonymousUser()
with mock.patch('edxmako.request_context.get_current_request', return_value=request):
with mock.patch('django.core.mail.send_mail') as mock_send_mail:
student.views.create_account(request)
# check that send_mail is called
if bypass_activation_email:
self.assertFalse(mock_send_mail.called)
else:
self.assertTrue(mock_send_mail.called)
@unittest.skipUnless(settings.FEATURES.get('AUTH_USE_SHIB'), "AUTH_USE_SHIB not set")
@mock.patch.dict(settings.FEATURES, {'BYPASS_ACTIVATION_EMAIL_FOR_EXTAUTH': True, 'AUTOMATIC_AUTH_FOR_TESTING': False})
def test_extauth_bypass_sending_activation_email_with_bypass(self):
"""
Tests user creation without sending activation email when
settings.FEATURES['BYPASS_ACTIVATION_EMAIL_FOR_EXTAUTH']=True and doing external auth
"""
self.base_extauth_bypass_sending_activation_email(True)
@unittest.skipUnless(settings.FEATURES.get('AUTH_USE_SHIB'), "AUTH_USE_SHIB not set")
@mock.patch.dict(settings.FEATURES, {'BYPASS_ACTIVATION_EMAIL_FOR_EXTAUTH': False, 'AUTOMATIC_AUTH_FOR_TESTING': False})
def test_extauth_bypass_sending_activation_email_without_bypass_1(self):
"""
Tests user creation without sending activation email when
settings.FEATURES['BYPASS_ACTIVATION_EMAIL_FOR_EXTAUTH']=False and doing external auth
"""
self.base_extauth_bypass_sending_activation_email(False)
@unittest.skipUnless(settings.FEATURES.get('AUTH_USE_SHIB'), "AUTH_USE_SHIB not set")
@mock.patch.dict(settings.FEATURES, {'BYPASS_ACTIVATION_EMAIL_FOR_EXTAUTH': False, 'AUTOMATIC_AUTH_FOR_TESTING': False, 'SKIP_EMAIL_VALIDATION': True})
def test_extauth_bypass_sending_activation_email_without_bypass_2(self):
"""
Tests user creation without sending activation email when
settings.FEATURES['BYPASS_ACTIVATION_EMAIL_FOR_EXTAUTH']=False and doing external auth
"""
self.base_extauth_bypass_sending_activation_email(True)
@ddt.data(True, False)
def test_discussions_email_digest_pref(self, digest_enabled):
with mock.patch.dict("student.models.settings.FEATURES", {"ENABLE_DISCUSSION_EMAIL_DIGEST": digest_enabled}):
response = self.client.post(self.url, self.params)
self.assertEqual(response.status_code, 200)
user = User.objects.get(username=self.username)
preference = get_user_preference(user, NOTIFICATION_PREF_KEY)
if digest_enabled:
self.assertIsNotNone(preference)
else:
self.assertIsNone(preference)
@unittest.skipUnless(settings.ROOT_URLCONF == 'lms.urls', 'Test only valid in lms')
def test_affiliate_referral_attribution(self):
"""
Verify that a referral attribution is recorded if an affiliate
cookie is present upon a new user's registration.
"""
affiliate_id = 'test-partner'
self.client.cookies[settings.AFFILIATE_COOKIE_NAME] = affiliate_id
user = self.create_account_and_fetch_profile().user
self.assertEqual(UserAttribute.get_user_attribute(user, REGISTRATION_AFFILIATE_ID), affiliate_id)
@unittest.skipUnless(settings.ROOT_URLCONF == 'lms.urls', 'Test only valid in lms')
def test_utm_referral_attribution(self):
"""
Verify that a referral attribution is recorded if an affiliate
cookie is present upon a new user's registration.
"""
utm_cookie_name = 'edx.test.utm'
with mock.patch('student.models.RegistrationCookieConfiguration.current') as config:
instance = config.return_value
instance.utm_cookie_name = utm_cookie_name
timestamp = 1475521816879
utm_cookie = {
'utm_source': 'test-source',
'utm_medium': 'test-medium',
'utm_campaign': 'test-campaign',
'utm_term': 'test-term',
'utm_content': 'test-content',
'created_at': timestamp
}
created_at = datetime.fromtimestamp(timestamp / float(1000), tz=pytz.UTC)
self.client.cookies[utm_cookie_name] = json.dumps(utm_cookie)
user = self.create_account_and_fetch_profile().user
self.assertEqual(
UserAttribute.get_user_attribute(user, REGISTRATION_UTM_PARAMETERS.get('utm_source')),
utm_cookie.get('utm_source')
)
self.assertEqual(
UserAttribute.get_user_attribute(user, REGISTRATION_UTM_PARAMETERS.get('utm_medium')),
utm_cookie.get('utm_medium')
)
self.assertEqual(
UserAttribute.get_user_attribute(user, REGISTRATION_UTM_PARAMETERS.get('utm_campaign')),
utm_cookie.get('utm_campaign')
)
self.assertEqual(
UserAttribute.get_user_attribute(user, REGISTRATION_UTM_PARAMETERS.get('utm_term')),
utm_cookie.get('utm_term')
)
self.assertEqual(
UserAttribute.get_user_attribute(user, REGISTRATION_UTM_PARAMETERS.get('utm_content')),
utm_cookie.get('utm_content')
)
self.assertEqual(
UserAttribute.get_user_attribute(user, REGISTRATION_UTM_CREATED_AT),
str(created_at)
)
@unittest.skipUnless(settings.ROOT_URLCONF == 'lms.urls', 'Test only valid in lms')
def test_no_referral(self):
"""Verify that no referral is recorded when a cookie is not present."""
utm_cookie_name = 'edx.test.utm'
with mock.patch('student.models.RegistrationCookieConfiguration.current') as config:
instance = config.return_value
instance.utm_cookie_name = utm_cookie_name
self.assertIsNone(self.client.cookies.get(settings.AFFILIATE_COOKIE_NAME)) # pylint: disable=no-member
self.assertIsNone(self.client.cookies.get(utm_cookie_name)) # pylint: disable=no-member
user = self.create_account_and_fetch_profile().user
self.assertIsNone(UserAttribute.get_user_attribute(user, REGISTRATION_AFFILIATE_ID))
self.assertIsNone(UserAttribute.get_user_attribute(user, REGISTRATION_UTM_PARAMETERS.get('utm_source')))
self.assertIsNone(UserAttribute.get_user_attribute(user, REGISTRATION_UTM_PARAMETERS.get('utm_medium')))
self.assertIsNone(UserAttribute.get_user_attribute(user, REGISTRATION_UTM_PARAMETERS.get('utm_campaign')))
self.assertIsNone(UserAttribute.get_user_attribute(user, REGISTRATION_UTM_PARAMETERS.get('utm_term')))
self.assertIsNone(UserAttribute.get_user_attribute(user, REGISTRATION_UTM_PARAMETERS.get('utm_content')))
self.assertIsNone(UserAttribute.get_user_attribute(user, REGISTRATION_UTM_CREATED_AT))
@unittest.skipUnless(settings.ROOT_URLCONF == 'lms.urls', 'Test only valid in lms')
def test_incomplete_utm_referral(self):
"""Verify that no referral is recorded when a cookie is not present."""
utm_cookie_name = 'edx.test.utm'
with mock.patch('student.models.RegistrationCookieConfiguration.current') as config:
instance = config.return_value
instance.utm_cookie_name = utm_cookie_name
utm_cookie = {
'utm_source': 'test-source',
'utm_medium': 'test-medium',
# No campaign
'utm_term': 'test-term',
'utm_content': 'test-content',
# No created at
}
self.client.cookies[utm_cookie_name] = json.dumps(utm_cookie)
user = self.create_account_and_fetch_profile().user
self.assertEqual(
UserAttribute.get_user_attribute(user, REGISTRATION_UTM_PARAMETERS.get('utm_source')),
utm_cookie.get('utm_source')
)
self.assertEqual(
UserAttribute.get_user_attribute(user, REGISTRATION_UTM_PARAMETERS.get('utm_medium')),
utm_cookie.get('utm_medium')
)
self.assertEqual(
UserAttribute.get_user_attribute(user, REGISTRATION_UTM_PARAMETERS.get('utm_term')),
utm_cookie.get('utm_term')
)
self.assertEqual(
UserAttribute.get_user_attribute(user, REGISTRATION_UTM_PARAMETERS.get('utm_content')),
utm_cookie.get('utm_content')
)
self.assertIsNone(
UserAttribute.get_user_attribute(user, REGISTRATION_UTM_PARAMETERS.get('utm_campaign'))
)
self.assertIsNone(
UserAttribute.get_user_attribute(user, REGISTRATION_UTM_CREATED_AT)
)
@unittest.skipUnless(settings.ROOT_URLCONF == 'lms.urls', 'Test only valid in lms')
def test_created_on_site_user_attribute_set(self):
profile = self.create_account_and_fetch_profile(host=self.site.domain)
self.assertEqual(UserAttribute.get_user_attribute(profile.user, 'created_on_site'), self.site.domain)
class TestPressInquiry(TestCase):
def setUp(self):
self.factory = RequestFactory()
self.view = press_views.PressInquiryView.as_view()
with self.activate('en-US'):
self.url = reverse('press.press-inquiry')
self.data = {
'jobtitle': 'Senior Inquiry Person',
'name': 'IceCat FireBadger',
'user_email': '*****@*****.**',
'media_org': 'Big Money',
'inquiry': 'Want to know private stuff',
'deadline': datetime.date.today() + datetime.timedelta(days=1)
}
def tearDown(self):
mail.outbox = []
def test_view_post_valid_data(self):
"""
A valid POST should 302 redirect.
"""
request = self.factory.post(self.url, self.data)
# make sure CSRF doesn't hold us up
request._dont_enforce_csrf_checks = True
response = self.view(request)
assert response.status_code == 302
assert response[
'Location'] == '/en-US/press/press-inquiry/?success=True'
def test_view_post_missing_data(self):
"""
POST with missing data should return 200 and contain form
errors in the template.
"""
self.data.update(name='') # remove required name
request = self.factory.post(self.url, self.data)
# make sure CSRF doesn't hold us up
request._dont_enforce_csrf_checks = True
response = self.view(request)
assert response.status_code == 200
self.assertIn(b'Please enter your name.', response.content)
def test_view_post_honeypot(self):
"""
POST with honeypot text box filled should return 200 and
contain general form error message.
"""
self.data['office_fax'] = 'spammer'
request = self.factory.post(self.url, self.data)
# make sure CSRF doesn't hold us up
request._dont_enforce_csrf_checks = True
response = self.view(request)
assert response.status_code == 200
self.assertIn(b'An error has occurred', response.content)
def test_form_valid_data(self):
"""
Form should be valid.
"""
form = PressInquiryForm(self.data)
# make sure form is valid
assert form.is_valid()
def test_form_missing_data(self):
"""
With incorrect data (missing email), form should not be valid and should
have user_email in the errors hash.
"""
self.data.update(user_email='') # remove required user_email
form = PressInquiryForm(self.data)
# make sure form is invalid
assert not form.is_valid()
# make sure user_email errors are in form
self.assertIn('user_email', form.errors)
def test_form_honeypot(self):
"""
Form with honeypot text box filled should not be valid.
"""
self.data['office_fax'] = 'spammer'
form = PressInquiryForm(self.data)
assert not form.is_valid()
@patch('bedrock.press.views.render_to_string', return_value='rendered')
@patch('bedrock.press.views.EmailMessage')
def test_email(self, mock_email_message, mock_render_to_string):
"""
Make sure email is sent with expected values.
"""
mock_send = mock_email_message.return_value.send
# create POST request
request = self.factory.post(self.url, self.data)
# make sure CSRF doesn't hold us up
request._dont_enforce_csrf_checks = True
# submit POST request
self.view(request)
# make sure email was sent
mock_send.assert_called_once_with()
# make sure email values are correct
mock_email_message.assert_called_once_with(
press_views.PRESS_INQUIRY_EMAIL_SUBJECT, 'rendered',
press_views.PRESS_INQUIRY_EMAIL_FROM,
press_views.PRESS_INQUIRY_EMAIL_TO)
class KeyViewTest(TestCase):
def setUp(self):
self.factory = RequestFactory()
self.request = self.factory.get('/')
self.request.session = {"tsuru_token": "admin"}
self.response = Key.as_view()(self.request)
self.request_post = self.factory.post('/team/', {'key': 'test-key-qq'})
self.request_post.session = {"tsuru_token": "admin"}
def test_should_require_login_to_create_team(self):
assert issubclass(Key, LoginRequiredMixin)
def test_key_should_render_expected_template(self):
self.assertIn('auth/key.html', self.response.template_name)
def test_context_should_contain_form(self):
self.assertIn('form', self.response.context_data.keys())
def test_form_in_context_should_has_a_instance_of_KeyForm(self):
form = self.response.context_data.get('form')
self.assertTrue(isinstance(form, KeyForm))
def test_get_request_key_url_should_not_return_404(self):
response = self.client.get(reverse('key'))
self.assertNotEqual(404, response.status_code)
@patch("django.contrib.messages.error")
@patch('requests.post')
def test_post_with_name_should_send_request_post_to_tsuru(self, post, er):
self.request_post.session = {'tsuru_token': 'tokentest'}
Key.as_view()(self.request_post)
self.assertEqual(1, post.call_count)
post.assert_called_with('%s/users/keys' % settings.TSURU_HOST,
data='{"key": "test-key-qq"}',
headers={
'authorization':
self.request_post.session['tsuru_token']
})
@patch("django.contrib.messages.success")
@patch('requests.post')
def test_valid_postshould_return_message_expected(self, post, success):
post.return_value = Mock(status_code=200)
Key.as_view()(self.request_post)
success.assert_called_with(self.request_post,
"The key was successfully added",
fail_silently=True)
@patch("django.contrib.messages.error")
@patch('requests.post')
def test_invalid_post_should_return_error_message(self, post, error):
post.return_value = Mock(status_code=500, text='Error')
Key.as_view()(self.request_post)
error.assert_called_with(self.request_post,
'Error',
fail_silently=True)
@patch("django.contrib.messages.success")
@patch('requests.post')
def test_successfully_post_should_redirects(self, post, m):
post.return_value = Mock(status_code=200)
response = Key.as_view()(self.request_post)
self.assertEqual(302, response.status_code)
self.assertEqual(reverse('key'), response.items()[1][1])
@patch("django.contrib.messages.error")
@patch('requests.post')
def test_post_with_error_should_redirects(self, post, er):
post.return_value = Mock(status_code=500, content='Error')
response = Key.as_view()(self.request_post)
self.assertEqual(302, response.status_code)
self.assertEqual(reverse('key'), response.items()[1][1])
@patch('requests.post')
def test_post_without_key_should_not_send_request_to_tsuru(self, post):
request = self.factory.post('/team/', {'key': ''})
request.session = {}
Key.as_view()(request)
self.assertEqual(0, post.call_count)
@patch('requests.post')
def test_post_without_key_should_return_form_with_errors(self, post):
request = self.factory.post('/team/', {'key': ''})
request.session = {"tsuru_token": "admin"}
response = Key.as_view()(request)
self.assertIn('form', response.context_data.keys())
form = response.context_data.get('form')
self.assertTrue(isinstance(form, KeyForm))
self.assertEqual(u'This field is required.', form.errors.get('key')[0])
class UserTestCase(TestCase):
"""
A unit test case for the User and Organization User models.
"""
def setUp(self):
models.Organization.objects.create(
organization_name="The New York Times", organization_type="p")
self.factory = RequestFactory()
def test_create_user_page(self):
request = self.factory.get('/pool/user/create/')
response = views.create_user(request)
# The create user page returns a valid response to GET.
self.assertEqual(response.status_code, 200)
def test_create_user_error(self):
user_data = {}
request = self.factory.post('/pool/user/create/', user_data)
response = views.create_user(request)
# Even with a blank request, the page returns a 200.
self.assertEqual(response.status_code, 200)
# The page explains we're missing parameters.
self.assertIn('you\'re missing a parameter', str(response))
def test_create_user(self):
user_data = {}
user_data['first_name'] = 'Jeremy'
user_data['last_name'] = 'Bowers'
user_data['email_address'] = '*****@*****.**'
user_data['username'] = '******'
user_data['phone_number'] = '555-555-5555'
user_data['preferred_contact'] = 'e'
user_data['organization_id'] = '2'
user_data['password'] = '******'
user_data['shared_secret'] = settings.SHARED_SECRET
# So as not to send an email.
user_data['test'] = True
request = self.factory.post('/pool/user/create/', user_data)
response = views.create_user(request)
# Should have a 200.
self.assertEqual(response.status_code, 200)
# Tests for special text in the response body.
# This would be the body of a success email.
self.assertIn(
'If this was you, please click this link to verify your account.',
str(response))
# Creates exactly one OrganizationUser.
self.assertEqual(1, models.OrganizationUser.objects.all().count())
# The OrganizationUser's special code is in the email body.
self.assertIn(models.OrganizationUser.objects.all()[0].temporary_code,
str(response))
def test_login_user(self):
pass
def test_logout_user(self):
pass
def test_verify_user(self):
pass
def test_create_organization_user(self):
pass
def test_preferred_contact_method(self):
pass
class OutboxView(TestCase):
"""sends out activities"""
def setUp(self):
"""we'll need some data"""
self.factory = RequestFactory()
with patch(
"bookwyrm.suggested_users.rerank_suggestions_task.delay"
), patch("bookwyrm.activitystreams.populate_stream_task.delay"), patch(
"bookwyrm.lists_stream.populate_lists_task.delay"):
self.local_user = models.User.objects.create_user(
"*****@*****.**",
"*****@*****.**",
"mouseword",
local=True,
localname="mouse",
remote_id="https://example.com/users/mouse",
)
work = models.Work.objects.create(title="Test Work")
self.book = models.Edition.objects.create(
title="Example Edition",
remote_id="https://example.com/book/1",
parent_work=work,
)
def test_outbox(self, _):
"""returns user's statuses"""
request = self.factory.get("")
result = views.Outbox.as_view()(request, "mouse")
self.assertIsInstance(result, JsonResponse)
def test_outbox_bad_method(self, _):
"""can't POST to outbox"""
request = self.factory.post("")
result = views.Outbox.as_view()(request, "mouse")
self.assertEqual(result.status_code, 405)
def test_outbox_unknown_user(self, _):
"""should 404 for unknown and remote users"""
request = self.factory.post("")
result = views.Outbox.as_view()(request, "beepboop")
self.assertEqual(result.status_code, 405)
result = views.Outbox.as_view()(request, "rat")
self.assertEqual(result.status_code, 405)
def test_outbox_privacy(self, _):
"""don't show dms et cetera in outbox"""
with patch("bookwyrm.activitystreams.add_status_task.delay"):
models.Status.objects.create(content="PRIVATE!!",
user=self.local_user,
privacy="direct")
models.Status.objects.create(content="bffs ONLY",
user=self.local_user,
privacy="followers")
models.Status.objects.create(content="unlisted status",
user=self.local_user,
privacy="unlisted")
models.Status.objects.create(content="look at this",
user=self.local_user,
privacy="public")
request = self.factory.get("")
result = views.Outbox.as_view()(request, "mouse")
self.assertIsInstance(result, JsonResponse)
data = json.loads(result.content)
self.assertEqual(data["type"], "OrderedCollection")
self.assertEqual(data["totalItems"], 2)
def test_outbox_filter(self, _):
"""if we only care about reviews, only get reviews"""
with patch("bookwyrm.activitystreams.add_status_task.delay"):
models.Review.objects.create(
content="look at this",
name="hi",
rating=1,
book=self.book,
user=self.local_user,
)
models.Status.objects.create(content="look at this",
user=self.local_user)
request = self.factory.get("", {"type": "bleh"})
result = views.Outbox.as_view()(request, "mouse")
self.assertIsInstance(result, JsonResponse)
data = json.loads(result.content)
self.assertEqual(data["type"], "OrderedCollection")
self.assertEqual(data["totalItems"], 2)
request = self.factory.get("", {"type": "Review"})
result = views.Outbox.as_view()(request, "mouse")
self.assertIsInstance(result, JsonResponse)
data = json.loads(result.content)
self.assertEqual(data["type"], "OrderedCollection")
self.assertEqual(data["totalItems"], 1)
def test_outbox_bookwyrm_request_true(self, _):
"""should differentiate between bookwyrm and outside requests"""
with patch("bookwyrm.activitystreams.add_status_task.delay"):
models.Review.objects.create(
name="hi",
content="look at this",
user=self.local_user,
book=self.book,
privacy="public",
)
request = self.factory.get("", {"page": 1}, HTTP_USER_AGENT=USER_AGENT)
result = views.Outbox.as_view()(request, "mouse")
data = json.loads(result.content)
self.assertEqual(len(data["orderedItems"]), 1)
self.assertEqual(data["orderedItems"][0]["type"], "Review")
def test_outbox_bookwyrm_request_false(self, _):
"""should differentiate between bookwyrm and outside requests"""
with patch("bookwyrm.activitystreams.add_status_task.delay"):
models.Review.objects.create(
name="hi",
content="look at this",
user=self.local_user,
book=self.book,
privacy="public",
)
request = self.factory.get("", {"page": 1})
result = views.Outbox.as_view()(request, "mouse")
data = json.loads(result.content)
self.assertEqual(len(data["orderedItems"]), 1)
self.assertEqual(data["orderedItems"][0]["type"], "Article")
