示例#1
0
 def test_permissions(self):
     # Ensure that a user with no permissions cannot access this end point
     credentials = get_other_credentials()
     User.objects.create(**credentials)
     self.login(credentials)
     response = self.client.get(reverse("outbreaks:search"))
     self.assertEqual(response.status_code, 302)
示例#2
0
    def test_admin_redirect_on_get_request_if_no_static_device(self):
        staff_credentials = get_other_credentials(is_admin=False)
        staff_user = User.objects.create_user(**staff_credentials)

        # user doesn't have a static device set → redirect back to profile
        self.login()
        response = self.client.get(
            reverse("backup_codes_admin", kwargs={"pk": staff_user.id}))
        self.assertRedirects(response, "/en/profiles/{}".format(staff_user.id))
示例#3
0
 def setUp(self):
     super().setUp(is_admin=True)
     self.user2_credentials = get_other_credentials(is_admin=False)
     self.user2 = User.objects.create_user(**self.user2_credentials)
     Announcement.objects.create(
         title_en="Test for Site Wide",
         title_fr="Voici un test Site Wide",
         level="info",
         is_active=True,
     )
示例#4
0
    def test_superadmin_no_province_filter(self):
        # Test that searching for 'bobs' will only produce both results for super admins
        credentials = get_other_credentials(is_superuser=True)
        User.objects.create_superuser(**credentials)
        self.login(credentials)
        response = self.client.get(reverse("outbreaks:search"),
                                   {"search_text": "bobs"})
        self.assertEqual(response.status_code, 200)
        self.assertTemplateUsed(response, "search.html")

        # assert that there is a search result found
        self.assertEqual(len(response.context["object_list"]), 2)
示例#5
0
    def test_admin_can_NOT_get_security_code_for_superuser(self):
        superuser_credentials = get_other_credentials(is_superuser=True)
        superuser = User.objects.create_superuser(**superuser_credentials)

        self.login()
        response = self.client.post(
            reverse("backup_codes_admin", kwargs={"pk": superuser.id}))
        # forbidden to generate code
        self.assertEqual(response.status_code, 403)

        # see no codes exist for superuser
        self.assertIsNone(
            StaticDevice.objects.filter(user__id=superuser.id).first())
示例#6
0
    def test_admin_can_NOT_get_security_code_for_other_province_user(self):
        ab_staff_credentials = get_other_credentials(province="AB")
        ab_staff_user = User.objects.create_user(**ab_staff_credentials)

        self.login()
        response = self.client.post(
            reverse("backup_codes_admin", kwargs={"pk": ab_staff_user.id}))
        # forbidden to generate code
        self.assertEqual(response.status_code, 403)

        # see no codes exist for other province user
        self.assertIsNone(
            StaticDevice.objects.filter(user__id=ab_staff_user.id).first())
示例#7
0
    def test_admin_can_get_security_code_for_other_admin_user(self):
        admin_credentials = get_other_credentials(is_admin=True)
        admin_user = User.objects.create_user(**admin_credentials)

        self.login()
        response = self.client.post(
            reverse("backup_codes_admin", kwargs={"pk": admin_user.id}))
        self.assertRedirects(
            response,
            "/en/profiles/{}/backup-codes/admin".format(admin_user.id))

        # see 1 code exists for other admin
        device = StaticDevice.objects.get(user__id=admin_user.id)
        self.assertEqual(len(device.token_set.all()), 1)
示例#8
0
    def test_admin_can_see_security_code_button_for_staff_user(self):
        staff_credentials = get_other_credentials(is_admin=False)
        staff_user = User.objects.create_user(**staff_credentials)

        self.login()
        response = self.client.get(
            reverse("user_profile", kwargs={"pk": staff_user.id}))
        self.assertEqual(response.status_code, 200)
        # see the "get a code" link in the profile of the user
        self.assertContains(
            response,
            '<button type="submit" class="link">Get a security code</button>',
            html=True,
        )
示例#9
0
    def test_admin_can_delete_staff_user_with_security_codes(self):
        staff_credentials = get_other_credentials(is_admin=False)
        staff_user = User.objects.create_user(**staff_credentials)

        self.login()
        # generate a code for a staff user
        self.client.post(reverse("backup_codes_admin",
                                 kwargs={"pk": staff_user.id}),
                         follow=True)

        device = StaticDevice.objects.get(user__id=staff_user.id)
        self.assertEqual(len(device.token_set.all()), 1)

        response = self.client.post(
            reverse("user_delete", kwargs={"pk": staff_user.id}))
        self.assertEqual(response.status_code, 302)
        self.assertEqual(response.url, reverse("profiles"))
        self.assertEqual(len(User.objects.filter(pk=staff_user.id)), 0)
示例#10
0
    def test_admin_can_get_security_code_for_staff_user(self):
        staff_credentials = get_other_credentials(is_admin=False)
        staff_user = User.objects.create_user(**staff_credentials)

        self.login()
        response = self.client.post(reverse("backup_codes_admin",
                                            kwargs={"pk": staff_user.id}),
                                    follow=True)

        device = StaticDevice.objects.get(user__id=staff_user.id)
        self.assertEqual(len(device.token_set.all()), 1)
        token = device.token_set.first().token
        self.assertEqual(response.status_code, 200)
        self.assertContains(response, "<h1>Security code</h1>", html=True)
        # see the code on the screen
        self.assertContains(
            response,
            '<span aria-hidden="true"><span>{}</span><span>{}</span>'.format(
                token[:4].upper(), token[-4:].upper()),
        )
示例#11
0
    def test_admin_getting_security_code_for_staff_user_replaces_existing_codes(
            self):
        staff_credentials = get_other_credentials(is_admin=False)
        staff_user = User.objects.create_user(**staff_credentials)

        # create 10 codes for staff user
        self.login(staff_credentials)
        self.client.post(reverse("backup_codes"), follow=True)
        device = StaticDevice.objects.get(user__id=staff_user.id)
        self.assertEqual(len(device.token_set.all()), 10)

        # login again as the admin user
        self.login()
        # create a code for the staff user
        self.client.post(reverse("backup_codes_admin",
                                 kwargs={"pk": staff_user.id}),
                         follow=True)

        device = StaticDevice.objects.get(user__id=staff_user.id)
        # test there is only 1 code remaining
        self.assertEqual(len(device.token_set.all()), 1)
示例#12
0
    def test_key_throttled_for_another_user(self):
        previous_throttled_value = CodeView.throttled_limit
        CodeView.throttled_limit = settings.COVID_KEY_MAX_PER_USER
        self.login()
        covid_key = COVIDKey()
        covid_key.created_by = self.user
        covid_key.expiry = timezone.now() + timedelta(days=1)
        covid_key.save()

        response = self.client.post(reverse("key"))
        self.assertContains(
            response,
            "You are generating too many keys. Try again later.",
            status_code=403,
        )

        user2_credentials = get_other_credentials()
        get_user_model().objects.create_user(**user2_credentials)
        self.login(user2_credentials)
        response = self.client.get(reverse("key"))
        self.assertEqual(response.status_code, 302)
        self.assertRedirects(response, "/en/start/")
        CodeView.throttled_limit = previous_throttled_value