def test_send_response_file_list_fails_for_draft_questionnaire_for_inspector(
client):
questionnaire = factories.QuestionnaireFactory(is_draft=True)
user = utils.make_inspector_user(questionnaire.control)
utils.login(client, user=user)
url = reverse('send-response-file-list', args=[questionnaire.id])
response = client.get(url)
assert response.status_code != 200
def test_an_action_log_is_added_on_user_login(client):
user = factories.UserFactory()
count_before = user.actor_actions.filter(
verb__icontains='logged in').count()
utils.login(client, user=user)
count_after = user.actor_actions.filter(
verb__icontains='logged in').count()
assert count_after == count_before + 1
def test_admin_can_create_managers_deposit(self):
token = login(self, '*****@*****.**', 'password1')
resp = create_deposit(self, token, msg='manager', user_id=3)
self.assertIn('manager', resp.data.decode('utf-8'))
# read to verify
token = login(self, '*****@*****.**', 'password1')
resp = send_get_request(self, 'api/v1/deposits/1', token=token)
self.assertIn('manager', resp.data.decode('utf-8'))
def test_admin_can_create_normals_task(self):
token = login(self, '*****@*****.**', 'password')
resp = create_task(self, token, msg='normal', user_id=5)
self.assertIn('normal', resp.data.decode('utf-8'))
# read to verify
token = login(self, '*****@*****.**', 'password')
resp = send_get_request(self, 'api/v1/tasks/1', token=token)
self.assertIn('normal', resp.data.decode('utf-8'))
def test_can_access_question_api_if_control_is_associated_with_the_user():
question = factories.QuestionFactory()
user = factories.UserFactory()
user.profile.controls.add(question.theme.questionnaire.control)
user.profile.save()
utils.login(client, user=user)
url = reverse('api:question-detail', args=[question.id])
response = client.get(url)
assert response.status_code == 200
def test_login_logout(driver, root_url, existing_credentials):
driver.get(root_url)
utils.login(driver, existing_credentials)
logout_button = driver.find_element_by_xpath(
'//nav//a//*[contains(text(), "Logout")]')
logout_button.click()
email_input = driver.find_element_by_css_selector('input[name="email"]')
def test_user_who_agreed_to_tos_is_not_redirected():
user = make_user(agreed_to_tos=True)
utils.login(client, user=user)
url = reverse('questionnaire-list')
response = client.get(url)
assert response.status_code == 200
def test_without_hostname(flask_client):
login(flask_client)
r = flask_client.post(
url_for("api.new_random_alias"),
)
assert r.status_code == 201
assert r.json["alias"].endswith(EMAIL_DOMAIN)
def test_setup_done(flask_client):
login(flask_client)
r = flask_client.get(url_for("dashboard.setup_done"), )
assert r.status_code == 302
# user is redirected to the dashboard page
assert r.headers["Location"].endswith("/dashboard/")
assert "setup_done=true" in r.headers["Set-Cookie"]
def test_delete_twice_raise_404():
inspector = factories.UserProfileFactory(profile_type=UserProfile.INSPECTOR)
control = factories.ControlFactory()
inspector.controls.add(control)
utils.login(client, user=inspector.user)
url = reverse('api:deletion-delete-control', args=[control.pk])
control.delete()
response = client.post(url)
assert response.status_code == 404
def test_user_who_agreed_to_tos_is_not_redirected(client):
user = make_user(agreed_to_tos=True)
utils.login(client, user=user)
url = reverse('control-detail')
response = client.get(url)
assert response.status_code == 200
def test_profile(minclient):
"""Test that the profile page url works."""
app, client = minclient
with app.test_request_context():
u = User.query.get(2)
login(u, client)
url = url_for('user.profile', user_id=u.id)
rv = client.get(url)
assert bytes(u.displayname, 'utf-8') in rv.data
def test_user_who_did_not_agree_to_tos_is_redirected(client):
user = make_user(agreed_to_tos=False)
utils.login(client, user=user)
url = reverse('control-detail')
response = client.get(url)
assert response.status_code == 302
assert response.url == reverse('welcome')
def __init__(self, client):
questionnaire = factories.QuestionnaireFactory(is_draft=False)
self.filename = questionnaire.basename
user = utils.make_audited_user(questionnaire.control)
utils.login(client, user=user)
url = reverse('send-questionnaire-file', args=[questionnaire.id])
self.response = client.get(url)
def test_do_not_redirect_logout(client):
user = make_user(agreed_to_tos=False)
utils.login(client, user=user)
url = reverse('logout')
response = client.get(url)
# redirected but not to welcome
assert response.status_code == 302
assert response.url != reverse('welcome')
def test_download_question_file_fails_if_the_control_is_not_associated_with_the_user(
client):
question_file = factories.QuestionFileFactory()
unauthorized_control = factories.ControlFactory()
assert unauthorized_control != question_file.question.theme.questionnaire.control
user = utils.make_audited_user(unauthorized_control)
utils.login(client, user=user)
url = reverse('send-question-file', args=[question_file.id])
response = client.get(url)
assert response.status_code != 200
def test_create_random_alias_success(flask_client):
login(flask_client)
assert Alias.query.count() == 1
r = flask_client.post(
url_for("dashboard.index"),
data={"form-name": "create-random-email"},
follow_redirects=True,
)
assert r.status_code == 200
assert Alias.query.count() == 2
def access_control_page(client, page_name, is_control_associated_with_user, profile_type):
control = factories.ControlFactory()
if is_control_associated_with_user:
user = utils.make_user(profile_type, control)
else:
user = utils.make_user(profile_type, None)
utils.login(client, user=user)
url = reverse(page_name, args=[control.id])
response = client.get(url)
return response
def __init__(self, client):
response_file = factories.ResponseFileFactory()
self.filename = response_file.basename
user = response_file.author
user.profile.controls.add(
response_file.question.theme.questionnaire.control)
user.profile.agreed_to_tos = True
user.profile.save()
utils.login(client, user=response_file.author)
url = reverse('send-response-file', args=[response_file.id])
self.response = client.get(url)
def test_response_file_listed_in_question_endpoint():
response_file = factories.ResponseFileFactory()
user = response_file.author
question = response_file.question
user.profile.controls.add(
response_file.question.theme.questionnaire.control)
user.profile.save()
utils.login(client, user=response_file.author)
url = reverse('api:question-detail', args=[question.id])
response = client.get(url)
assert response_file.basename in str(response.content)
def test_audited_cannot_delete_a_control():
audited = factories.UserProfileFactory(profile_type=UserProfile.AUDITED)
control = factories.ControlFactory()
audited.controls.add(control)
utils.login(client, user=audited.user)
url = reverse('api:deletion-delete-control', args=[control.pk])
count_before = Control.objects.active().count()
response = client.post(url)
count_after = Control.objects.active().count()
assert count_after == count_before
assert response.status_code == 403
def test_get_setting(flask_client):
login(flask_client)
r = flask_client.get("/api/setting")
assert r.status_code == 200
assert r.json == {
"alias_generator": "word",
"notification": True,
"random_alias_default_domain": "sl.local",
"sender_format": "AT",
}
def test_inspector_can_delete_a_control():
inspector = factories.UserProfileFactory(profile_type=UserProfile.INSPECTOR)
control = factories.ControlFactory()
inspector.controls.add(control)
utils.login(client, user=inspector.user)
url = reverse('api:deletion-delete-control', args=[control.pk])
count_before = Control.objects.active().count()
response = client.post(url)
count_after = Control.objects.active().count()
assert count_after == count_before - 1
assert response.status_code == 200
def test_create_contact_route_invalid_contact_email(flask_client):
login(flask_client)
alias = Alias.query.first()
r = flask_client.post(
url_for("api.create_contact_route", alias_id=alias.id),
json={"contact": "with [email protected]"},
)
assert r.status_code == 400
assert r.json["error"] == "invalid contact email with [email protected]"
def test_create_contact_route_empty_contact_address(flask_client):
login(flask_client)
alias = Alias.query.first()
r = flask_client.post(
url_for("api.create_contact_route", alias_id=alias.id),
json={"contact": ""},
)
assert r.status_code == 400
assert r.json["error"] == "Contact cannot be empty"
def test_wrongly_formatted_payload(flask_client):
login(flask_client)
r = flask_client.post(
"/api/v3/alias/custom/new",
json="string isn't a dict",
)
assert r.status_code == 400
assert r.json == {
"error": "request body does not follow the required format"
}
def test_create_directory(flask_client):
login(flask_client)
r = flask_client.post(
url_for("dashboard.directory"),
data={"form-name": "create", "name": "test"},
follow_redirects=True,
)
assert r.status_code == 200
assert f"Directory test is created" in r.data.decode()
assert Directory.get_by(name="test") is not None
def test_no_access_to_questionnaire_page_if_control_is_not_associated_with_the_user(
client):
questionnaire = factories.QuestionnaireFactory()
user = factories.UserFactory()
unautorized_control = factories.ControlFactory()
assert unautorized_control != questionnaire.control
user.profile.controls.add(unautorized_control)
user.profile.save()
utils.login(client, user=user)
url = reverse('questionnaire-detail', args=[questionnaire.id])
response = client.get(url)
assert response.status_code != 200
def __init__(self, client):
questionnaire = factories.QuestionnaireFactory()
self.filename = questionnaire.basename
user = factories.UserFactory()
user.profile.controls.add(questionnaire.control)
user.profile.save()
utils.login(client, user=user)
url = reverse('send-questionnaire-file', args=[questionnaire.id])
self.response = client.get(url)
def test_download_response_file_fails_if_the_control_is_not_associated_with_the_user(
client):
response_file = factories.ResponseFileFactory()
user = response_file.author
unauthorized_control = factories.ControlFactory()
assert unauthorized_control != response_file.question.theme.questionnaire.control
user.profile.controls.add(unauthorized_control)
user.profile.save()
utils.login(client, user=response_file.author)
url = reverse('send-response-file', args=[response_file.id])
response = client.get(url)
assert response.status_code != 200
