class TestAddSubmissionView(TestCase):
def __init__(self, *args, **kwargs):
super(TestAddSubmissionView, self).__init__(*args, **kwargs)
# Add context and template to the response
on_template_render = curry(store_rendered_templates, {})
signals.template_rendered.connect(on_template_render,
dispatch_uid="template-render")
def setUp(self):
self.factory = RequestFactory()
self.ideation = MagicMock()
def test_add_submission_get(self):
request = self.factory.get('/')
request.user = AnonymousUser()
request.development = development_mock
response = views.add_submission(request, self.ideation)
eq_(response.status_code, 200)
def test_invalid_form(self):
request = self.factory.post('/', BLANK_EXTERNALS)
request.user = AnonymousUser()
request.development = development_mock
response = views.add_submission(request, self.ideation)
eq_(response.status_code, 200)
class TestAddSubmissionView(TestCase):
def __init__(self, *args, **kwargs):
super(TestAddSubmissionView, self).__init__(*args, **kwargs)
# Add context and template to the response
on_template_render = curry(store_rendered_templates, {})
signals.template_rendered.connect(on_template_render,
dispatch_uid="template-render")
def setUp(self):
self.factory = RequestFactory()
self.ideation = MagicMock()
def test_add_submission_get(self):
request = self.factory.get('/')
request.user = AnonymousUser()
request.development = development_mock
response = views.add_submission(request, self.ideation)
eq_(response.status_code, 200)
def test_invalid_form(self):
request = self.factory.post('/', BLANK_EXTERNALS)
request.user = AnonymousUser()
request.development = development_mock
response = views.add_submission(request, self.ideation)
eq_(response.status_code, 200)
class GetNextUrlTests(TestCase):
def setUp(self):
super(GetNextUrlTests, self).setUp()
self.r = RequestFactory()
self.patcher = patch('django.contrib.sites.models.Site.objects')
mock = self.patcher.start()
mock.get_current.return_value.domain = 'su.mo.com'
def tearDown(self):
self.patcher.stop()
super(GetNextUrlTests, self).tearDown()
def test_query_string(self):
"""Query-strings remain intact."""
r = self.r.get('/', {'next': '/new?f=b'})
eq_('/new?f=b', get_next_url(r))
def test_good_host_https(self):
"""Full URLs work with valid hosts."""
r = self.r.post('/users/login',
{'next': 'https://su.mo.com/kb/new'})
eq_('https://su.mo.com/kb/new', get_next_url(r))
def test_post(self):
"""'next' in POST overrides GET."""
r = self.r.post('/?next=/foo', {'next': '/bar'})
eq_('/bar', get_next_url(r))
def test_get(self):
"""'next' can be a query-string parameter."""
r = self.r.get('/users/login', {'next': '/kb/new'})
eq_('/kb/new', get_next_url(r))
def test_referer(self):
"""Use HTTP referer if nothing else."""
r = self.r.get('/')
r.META['HTTP_REFERER'] = 'http://su.mo.com/new'
eq_('http://su.mo.com/new', get_next_url(r))
def test_bad_host_https(self):
r = self.r.get('/', {'next': 'https://example.com'})
eq_(None, get_next_url(r))
def test_bad_host_protocol_relative(self):
"""Protocol-relative URLs do not let bad hosts through."""
r = self.r.get('/', {'next': '//example.com'})
eq_(None, get_next_url(r))
class GetNextUrlTests(TestCase):
def setUp(self):
super(GetNextUrlTests, self).setUp()
self.r = RequestFactory()
self.patcher = patch('django.contrib.sites.models.Site.objects')
mock = self.patcher.start()
mock.get_current.return_value.domain = 'su.mo.com'
def tearDown(self):
self.patcher.stop()
super(GetNextUrlTests, self).tearDown()
def test_query_string(self):
"""Query-strings remain intact."""
r = self.r.get('/', {'next': '/new?f=b'})
eq_('/new?f=b', get_next_url(r))
def test_good_host_https(self):
"""Full URLs work with valid hosts."""
r = self.r.post('/users/login',
{'next': 'https://su.mo.com/kb/new'})
eq_('https://su.mo.com/kb/new', get_next_url(r))
def test_post(self):
"""'next' in POST overrides GET."""
r = self.r.post('/?next=/foo', {'next': '/bar'})
eq_('/bar', get_next_url(r))
def test_get(self):
"""'next' can be a query-string parameter."""
r = self.r.get('/users/login', {'next': '/kb/new'})
eq_('/kb/new', get_next_url(r))
def test_referer(self):
"""Use HTTP referer if nothing else."""
r = self.r.get('/')
r.META['HTTP_REFERER'] = 'http://su.mo.com/new'
eq_('http://su.mo.com/new', get_next_url(r))
def test_bad_host_https(self):
r = self.r.get('/', {'next': 'https://example.com'})
eq_(None, get_next_url(r))
def test_bad_host_protocol_relative(self):
"""Protocol-relative URLs do not let bad hosts through."""
r = self.r.get('/', {'next': '//example.com'})
eq_(None, get_next_url(r))
def req_factory_factory(url, user=None, post=False, data=None):
"""Creates a request factory, logged in with the user."""
req = RequestFactory()
if post:
req = req.post(url, data or {})
else:
req = req.get(url, data or {})
if user:
req.amo_user = user
req.user = user.user
req.groups = req.user.get_profile().groups.all()
return req
class GetNextUrlTests(TestCase):
def setUp(self):
super(GetNextUrlTests, self).setUp()
self.r = RequestFactory()
self.patcher = patch('django.contrib.sites.models.Site.objects')
mock = self.patcher.start()
mock.get_current.return_value.domain = 'su.mo.com'
def tearDown(self):
self.patcher.stop()
super(GetNextUrlTests, self).tearDown()
def test_https(self):
"""Verify that protocol and domain get removed for https."""
r = self.r.post('/users/login',
{'next': 'https://su.mo.com/kb/new?f=b'})
eq_('/kb/new?f=b', get_next_url(r))
def test_http(self):
"""Verify that protocol and domain get removed for http."""
r = self.r.post('/users/login', {'next': 'http://su.mo.com/kb/new'})
eq_('/kb/new', get_next_url(r))
def req_factory_factory(url, user=None, post=False, data=None):
"""Creates a request factory, logged in with the user."""
req = RequestFactory()
if post:
req = req.post(url, data or {})
else:
req = req.get(url, data or {})
if user:
req.amo_user = UserProfile.objects.get(id=user.id)
req.user = user
req.groups = user.groups.all()
req.check_ownership = partial(check_ownership, req)
return req
def req_factory_factory(url, user=None, post=False, data=None):
"""Creates a request factory, logged in with the user."""
req = RequestFactory()
if post:
req = req.post(url, data or {})
else:
req = req.get(url, data or {})
if user:
req.amo_user = RequestUser.objects.get(id=user.id)
req.user = user.user
req.groups = req.user.get_profile().groups.all()
req.APP = None
req.check_ownership = partial(check_ownership, req)
return req
class GetNextUrlTests(TestCase):
def setUp(self):
super(GetNextUrlTests, self).setUp()
self.r = RequestFactory()
self.patcher = patch('django.contrib.sites.models.Site.objects')
mock = self.patcher.start()
mock.get_current.return_value.domain = 'su.mo.com'
def tearDown(self):
self.patcher.stop()
super(GetNextUrlTests, self).tearDown()
def test_https(self):
"""Verify that protocol and domain get removed for https."""
r = self.r.post('/users/login',
{'next': 'https://su.mo.com/kb/new?f=b'})
eq_('/kb/new?f=b', get_next_url(r))
def test_http(self):
"""Verify that protocol and domain get removed for http."""
r = self.r.post('/users/login',
{'next': 'http://su.mo.com/kb/new'})
eq_('/kb/new', get_next_url(r))
def req_factory_factory(url='', user=None, post=False, data=None, **kwargs):
"""Creates a request factory, logged in with the user."""
req = RequestFactory()
if post:
req = req.post(url, data or {})
else:
req = req.get(url, data or {})
if user:
req.user = UserProfile.objects.get(id=user.id)
req.groups = user.groups.all()
else:
req.user = AnonymousUser()
req.check_ownership = partial(check_ownership, req)
req.REGION = kwargs.pop('region', mkt.regions.REGIONS_CHOICES[0][1])
req.API_VERSION = 2
for key in kwargs:
setattr(req, key, kwargs[key])
return req
def req_factory_factory(url='', user=None, post=False, data=None, **kwargs):
"""Creates a request factory, logged in with the user."""
req = RequestFactory()
if post:
req = req.post(url, data or {})
else:
req = req.get(url, data or {})
if user:
req.user = UserProfile.objects.get(id=user.id)
req.groups = user.groups.all()
else:
req.user = AnonymousUser()
req.check_ownership = partial(check_ownership, req)
req.REGION = kwargs.pop('region', mkt.regions.REGIONS_CHOICES[0][1])
req.API_VERSION = 2
for key in kwargs:
setattr(req, key, kwargs[key])
return req
class TestClosedPhaseRequiredDecorator(TestCase):
def setUp(self):
self.factory = RequestFactory()
self.request = self.factory.get('/')
self.request.ideation = phase_mock
def test_decorator_defaults(self):
response = mock_phase_view(self.request, phase='ideation')
eq_(response.status_code, 403)
def test_phase_method_allowed(self):
response = mock_phase_view_get(self.request, phase='ideation')
eq_(response['phase'], 'ideation')
def test_phase_method_not_allowed(self):
request = self.factory.post('/', {})
request.ideation = phase_mock
response = mock_phase_view_get(request, phase='ideation')
eq_(response.status_code, 403)
class TestClient(object):
def __init__(self):
ConsumerModel.objects.create(name='test', key='test',
secret='test', status='accepted')
self.url = 'http://testserver/subscriptions/subscribe/'
self.consumer = oauth.Consumer(key='test', secret='test')
self.signature_method = oauth.SignatureMethod_HMAC_SHA1()
# we're only using 2-legged auth, no need for tokens
self.token = None
self.params = {
'oauth_version': '1.0',
'oauth_nonce': oauth.generate_nonce(),
'oauth_timestamp': int(time.time()),
}
self.c = Client()
self.rf = RequestFactory()
def tearDown(self):
ConsumerModel.objects.filter(key='test').delete()
def headers(self, method='POST', **kwargs):
params = self.params.copy()
params.update(kwargs)
req = oauth.Request(method=method, url=self.url, parameters=params)
req.sign_request(self.signature_method, self.consumer, self.token)
return req.to_header()
def subscribe(self, **kwargs):
header = self.headers(**kwargs)
return self.c.post(self.url, kwargs, **header)
def subscribe_request(self, **kwargs):
header = self.headers(**kwargs)
return self.rf.post(self.url, kwargs, **header)
def read(self, **kwargs):
header = self.headers(method="GET", **kwargs)
return self.c.get(self.url, kwargs, **header)
class TestPhaseRequiredDecorator(TestCase):
def setUp(self):
self.factory = RequestFactory()
self.request = self.factory.get('/')
self.request.ideation = phase_mock
def test_method_allowed(self):
response = mock_view(self.request, phase='ideation')
eq_(response['phase'], 'ideation')
def test_method_not_allowed(self):
request = self.factory.post('/', {})
request.ideation = phase_mock
response = mock_view(request, phase='ideation')
eq_(response.status_code, 403)
@raises(ImproperlyConfigured)
def test_invalid_phase(self):
mock_view(self.request, phase='development')
def test_defaults(self):
response = mock_default_view(self.request, phase='ideation')
eq_(response.status_code, 403)
class ViewsTests(TestCase):
def setUp(self):
super(ViewsTests, self).setUp()
self.factory = RequestFactory()
self.u = get_user('ccarlos')
self.c = get_user('CTO')
def _create_lets(self):
f = forms.LetsForm(creator=self.u, data={'content': 'Hello',
'category': CAT_OTHR})
return f.save()
def test_delete_own_lets(self):
e = self._create_lets()
url = reverse('diary.delete', args=[e.id])
request = self.factory.post(url)
request.user = self.u
response = views.delete(request, lets_id=e.id)
eq_(response.status_code, 302)
# Assert object was deleted.
assert not models.Lets.objects.filter(creator=self.u).exists()
def test_delete_someones_entry(self):
"""Delete someone else's lets object."""
e = self._create_lets()
url = reverse('lets.delete', args=[e.id])
request = self.factory.post(url)
request.user = self.c
fn = lambda: views.delete(request, lets_id=e.id)
self.assertRaises(PermissionDenied, fn)
def test_vote_ipm(self):
visits = get_users_and_visits(self.u, self.c)[2]
before = visits[0].mojo
e = self._create_lets()
url = reverse('lets.like', args=[e.id])
request = self.factory.post(url)
request.user = self.c
views.like_lets(request, lets_id=e.id)
visits = get_users_and_visits(self.u, self.c)[2]
after = visits[0].mojo
eq_(before + IPM_POINTS['lets_like']['per'], after)
def test_view_activities(self):
from users.forms import SettingsForm
from users.models import Setting
request = self.factory.get(reverse('lets'))
request.user = self.u
views.activities(request)
eq_('lets', Setting.get_for_user(self.u, 'home_tab'))
form = SettingsForm(data={'home_tab': 'stream'})
form.is_valid()
form.save_for_user(request.user)
eq_('stream', Setting.get_for_user(self.u, 'home_tab'))
views.activities(request)
eq_('lets', Setting.get_for_user(self.u, 'home_tab'))
class ViewsTests(TestCase):
def setUp(self):
super(ViewsTests, self).setUp()
self.factory = RequestFactory()
self.c = get_user('CTO')
self.u = get_user('zinoma')
self.f = forms.DiaryForm(creator=self.u, data={'text': 's' * 500})
self.e = self.f.save()
def test_new_entry(self):
# Since user doesn't have an entry, we check if the
# new diary form is displayed.
url = reverse('diary.new')
request = self.factory.get(url)
request.user = self.c
response = views.new(request)
eq_(response.status_code, 200)
page_content = response.content
contains(page_content, 'Write your entry here...')
contains(page_content, 'action=\"/diary/new')
def test_existing_entry(self):
url = reverse('diary.list_all', args=[self.u.username])
request = self.factory.get(url)
request.user = self.u
response = views.list_personal(request, username=self.u.username)
eq_(response.status_code, 200)
page_content = response.content
contains(page_content, '/diary/user/zinoma/%d/%d/%d' %
(self.e.created_day.year, self.e.created_day.month,
self.e.created_day.day))
contains(page_content, 'entry/%d/delete' % (self.e.id))
def test_edit_entry(self):
url = reverse('diary.edit', args=[self.e.id])
request = self.factory.get(url)
request.user = self.u
response = views.edit(request, diary_id=self.e.id)
eq_(response.status_code, 200)
page_content = response.content
# In edit form box, assert initial contents are displayed.
contains(page_content, 's' * 500)
contains(page_content, 'diary/entry/%d/edit' % (self.e.id))
def test_edit_someones_entry(self):
"""Edit someone else's entry."""
url = reverse('diary.edit', args=[self.e.id])
request = self.factory.get(url)
request.user = self.c
fn = lambda: views.edit(request, diary_id=self.e.id)
self.assertRaises(PermissionDenied, fn)
def test_edit_update_entry(self):
url = reverse('diary.edit', args=[self.e.id])
request = self.factory.post(url, {'text': 'x' * 500})
request.user = self.u
response = views.edit(request, diary_id=self.e.id)
# Is HttpResponseRedirect called (based on a valid form)?
eq_(response.status_code, 302)
# Was the diary entry changed?
url = reverse('diary.list_all', args=[self.u.username])
request = self.factory.get(url)
request.user = self.u
response = views.list_personal(request, username=self.u.username)
eq_(response.status_code, 200)
# Yes, indeed.
contains(response.content, 'x' * 500)
def test_reply_diary(self):
url = reverse('diary.reply', args=[self.e.id])
request = self.factory.post(url, {'text': 'ha' * 10})
request.user = self.u
response = views.reply(request, diary_id=self.e.id)
# Is HttpResponseRedirect called (based on a valid form)?
eq_(response.status_code, 302)
# Was the diary comment created?
url = reverse('diary.single',
kwargs=get_kwargs_for_diary_id(self.e.id))
request = self.factory.get(url)
request.user = self.u
response = views.single(request, username=self.u.username,
year=self.e.created_day.year,
month=self.e.created_day.month,
day=self.e.created_day.day)
eq_(response.status_code, 200)
# Yes, indeed.
contains(response.content, 'ha' * 10)
def test_delete_own_reply(self):
"""Delete own comment on owned diary."""
url = reverse('diary.reply', args=[self.e.id])
request = self.factory.post(url, {'text': 'ha' * 10})
request.user = self.u
response = views.reply(request, diary_id=self.e.id)
# Is HttpResponseRedirect called (based on a valid form)?
eq_(response.status_code, 302)
assert Comment.objects.filter(diary=self.e.id, creator=self.u).exists()
comm = get_object_or_404(Comment, diary=self.e.id, creator=self.u)
url = reverse('diary.delete_comment', args=[comm.id])
request = self.factory.post(url)
request.user = self.u
response = views.delete_comment(request, comment_id=comm.id)
assert not (Comment.objects.filter(diary=self.e.id, creator=self.u).
exists())
def test_delete_someones_reply(self):
"""Delete someone else's comment as the owner of the entry."""
url = reverse('diary.reply', args=[self.e.id])
request = self.factory.post(url, {'text': 'ha' * 10})
request.user = self.c
response = views.reply(request, diary_id=self.e.id)
# Is HttpResponseRedirect called (based on a valid form)?
eq_(response.status_code, 302)
assert Comment.objects.filter(diary=self.e.id, creator=self.c).exists()
comm = get_object_or_404(Comment, diary=self.e.id, creator=self.c)
url = reverse('diary.delete_comment', args=[comm.id])
request = self.factory.post(url)
request.user = self.u
response = views.delete_comment(request, comment_id=comm.id)
assert not (Comment.objects.filter(diary=self.e.id, creator=self.c).
exists())
def test_delete_someones_reply_not_owner(self):
"""Delete someone else's comment as NOT the owner of the entry."""
url = reverse('diary.reply', args=[self.e.id])
request = self.factory.post(url, {'text': 'ha' * 10})
request.user = self.u
response = views.reply(request, diary_id=self.e.id)
# Is HttpResponseRedirect called (based on a valid form)?
eq_(response.status_code, 302)
assert Comment.objects.filter(diary=self.e.id, creator=self.u).exists()
comm = get_object_or_404(Comment, diary=self.e.id, creator=self.u)
url = reverse('diary.delete_comment', args=[comm.id])
request = self.factory.post(url)
request.user = self.c
fn = lambda: views.delete_comment(request, comment_id=comm.id)
self.assertRaises(PermissionDenied, fn)
def test_delete_own_reply_diff_diary(self):
"""Delete own comment as NOT the owner of the entry."""
url = reverse('diary.reply', args=[self.e.id])
request = self.factory.post(url, {'text': 'ha' * 10})
request.user = self.c
response = views.reply(request, diary_id=self.e.id)
# Is HttpResponseRedirect called (based on a valid form)?
eq_(response.status_code, 302)
assert Comment.objects.filter(diary=self.e.id, creator=self.c).exists()
comm = get_object_or_404(Comment, diary=self.e.id, creator=self.c)
url = reverse('diary.delete_comment', args=[comm.id])
request = self.factory.post(url)
request.user = self.c
response = views.delete_comment(request, comment_id=comm.id)
assert not (Comment.objects.filter(diary=self.e.id, creator=self.c).
exists())
def test_delete_existing_entry(self):
url = reverse('diary.delete', args=[self.e.id])
request = self.factory.post(url)
request.user = self.u
response = views.delete(request, diary_id=self.e.id)
# Assert a redirect took place.
eq_(response.status_code, 302)
# Was the diary entry deleted?
url = reverse('diary.list_all', args=[self.u.username])
request = self.factory.get(url)
request.user = self.u
response = views.list_personal(request, username=self.u.username)
eq_(response.status_code, 200)
# Yes, indeed.
not_contains(response.content, 'a' * 500)
def test_delete_someones_entry(self):
"""Delete someone else's entry."""
url = reverse('diary.delete', args=[self.e.id])
request = self.factory.post(url)
request.user = self.c
fn = lambda: views.delete(request, diary_id=self.e.id)
self.assertRaises(PermissionDenied, fn)
