def test_permissions(self): # Ensure that a user with no permissions cannot access this end point credentials = get_other_credentials() User.objects.create(**credentials) self.login(credentials) response = self.client.get(reverse("outbreaks:search")) self.assertEqual(response.status_code, 302)
def test_admin_redirect_on_get_request_if_no_static_device(self): staff_credentials = get_other_credentials(is_admin=False) staff_user = User.objects.create_user(**staff_credentials) # user doesn't have a static device set → redirect back to profile self.login() response = self.client.get( reverse("backup_codes_admin", kwargs={"pk": staff_user.id})) self.assertRedirects(response, "/en/profiles/{}".format(staff_user.id))
def setUp(self): super().setUp(is_admin=True) self.user2_credentials = get_other_credentials(is_admin=False) self.user2 = User.objects.create_user(**self.user2_credentials) Announcement.objects.create( title_en="Test for Site Wide", title_fr="Voici un test Site Wide", level="info", is_active=True, )
def test_superadmin_no_province_filter(self): # Test that searching for 'bobs' will only produce both results for super admins credentials = get_other_credentials(is_superuser=True) User.objects.create_superuser(**credentials) self.login(credentials) response = self.client.get(reverse("outbreaks:search"), {"search_text": "bobs"}) self.assertEqual(response.status_code, 200) self.assertTemplateUsed(response, "search.html") # assert that there is a search result found self.assertEqual(len(response.context["object_list"]), 2)
def test_admin_can_NOT_get_security_code_for_superuser(self): superuser_credentials = get_other_credentials(is_superuser=True) superuser = User.objects.create_superuser(**superuser_credentials) self.login() response = self.client.post( reverse("backup_codes_admin", kwargs={"pk": superuser.id})) # forbidden to generate code self.assertEqual(response.status_code, 403) # see no codes exist for superuser self.assertIsNone( StaticDevice.objects.filter(user__id=superuser.id).first())
def test_admin_can_NOT_get_security_code_for_other_province_user(self): ab_staff_credentials = get_other_credentials(province="AB") ab_staff_user = User.objects.create_user(**ab_staff_credentials) self.login() response = self.client.post( reverse("backup_codes_admin", kwargs={"pk": ab_staff_user.id})) # forbidden to generate code self.assertEqual(response.status_code, 403) # see no codes exist for other province user self.assertIsNone( StaticDevice.objects.filter(user__id=ab_staff_user.id).first())
def test_admin_can_get_security_code_for_other_admin_user(self): admin_credentials = get_other_credentials(is_admin=True) admin_user = User.objects.create_user(**admin_credentials) self.login() response = self.client.post( reverse("backup_codes_admin", kwargs={"pk": admin_user.id})) self.assertRedirects( response, "/en/profiles/{}/backup-codes/admin".format(admin_user.id)) # see 1 code exists for other admin device = StaticDevice.objects.get(user__id=admin_user.id) self.assertEqual(len(device.token_set.all()), 1)
def test_admin_can_see_security_code_button_for_staff_user(self): staff_credentials = get_other_credentials(is_admin=False) staff_user = User.objects.create_user(**staff_credentials) self.login() response = self.client.get( reverse("user_profile", kwargs={"pk": staff_user.id})) self.assertEqual(response.status_code, 200) # see the "get a code" link in the profile of the user self.assertContains( response, '<button type="submit" class="link">Get a security code</button>', html=True, )
def test_admin_can_delete_staff_user_with_security_codes(self): staff_credentials = get_other_credentials(is_admin=False) staff_user = User.objects.create_user(**staff_credentials) self.login() # generate a code for a staff user self.client.post(reverse("backup_codes_admin", kwargs={"pk": staff_user.id}), follow=True) device = StaticDevice.objects.get(user__id=staff_user.id) self.assertEqual(len(device.token_set.all()), 1) response = self.client.post( reverse("user_delete", kwargs={"pk": staff_user.id})) self.assertEqual(response.status_code, 302) self.assertEqual(response.url, reverse("profiles")) self.assertEqual(len(User.objects.filter(pk=staff_user.id)), 0)
def test_admin_can_get_security_code_for_staff_user(self): staff_credentials = get_other_credentials(is_admin=False) staff_user = User.objects.create_user(**staff_credentials) self.login() response = self.client.post(reverse("backup_codes_admin", kwargs={"pk": staff_user.id}), follow=True) device = StaticDevice.objects.get(user__id=staff_user.id) self.assertEqual(len(device.token_set.all()), 1) token = device.token_set.first().token self.assertEqual(response.status_code, 200) self.assertContains(response, "<h1>Security code</h1>", html=True) # see the code on the screen self.assertContains( response, '<span aria-hidden="true"><span>{}</span><span>{}</span>'.format( token[:4].upper(), token[-4:].upper()), )
def test_admin_getting_security_code_for_staff_user_replaces_existing_codes( self): staff_credentials = get_other_credentials(is_admin=False) staff_user = User.objects.create_user(**staff_credentials) # create 10 codes for staff user self.login(staff_credentials) self.client.post(reverse("backup_codes"), follow=True) device = StaticDevice.objects.get(user__id=staff_user.id) self.assertEqual(len(device.token_set.all()), 10) # login again as the admin user self.login() # create a code for the staff user self.client.post(reverse("backup_codes_admin", kwargs={"pk": staff_user.id}), follow=True) device = StaticDevice.objects.get(user__id=staff_user.id) # test there is only 1 code remaining self.assertEqual(len(device.token_set.all()), 1)
def test_key_throttled_for_another_user(self): previous_throttled_value = CodeView.throttled_limit CodeView.throttled_limit = settings.COVID_KEY_MAX_PER_USER self.login() covid_key = COVIDKey() covid_key.created_by = self.user covid_key.expiry = timezone.now() + timedelta(days=1) covid_key.save() response = self.client.post(reverse("key")) self.assertContains( response, "You are generating too many keys. Try again later.", status_code=403, ) user2_credentials = get_other_credentials() get_user_model().objects.create_user(**user2_credentials) self.login(user2_credentials) response = self.client.get(reverse("key")) self.assertEqual(response.status_code, 302) self.assertRedirects(response, "/en/start/") CodeView.throttled_limit = previous_throttled_value