diff --git a/app/interface/tests/__init__.py b/app/interface/tests/__init__.py index 857bfec..441c064 100644 --- a/app/interface/tests/__init__.py +++ b/app/interface/tests/__init__.py @@ -6,17 +6,9 @@ from datetime import timedelta class AccessTestCase(TestCase): - USERS = ( - {'username': 'admin', 'password': 'foobar', 'is_superuser': True, 'is_staff': True}, - {'username': 'homer', 'password': 'maggie'}, - ) + USERS = () - - ENSEMBLES = ( - {'name': 'The Be Sharps', 'slug': 'be-sharps', 'admins': ['homer']}, - {'name': 'Lisa & the Bleeding Gums', 'slug': 'bleeding-gums'}, - {'name': 'Party Posse'}, - ) + ENSEMBLES = () PROJECTS = () @@ -37,8 +29,6 @@ class AccessTestCase(TestCase): obj.admins.add(cls.users[admin]) cls.ensembles[obj.slug] = obj - #cls.ensembles['be-sharps'].admins.add(cls.users['homer']) - cls.projects = {} for name, ensemble, when in cls.PROJECTS: obj = cls.ensembles[ensemble].projects.create(name=name, event_date=now+timedelta(days=when)) @@ -46,16 +36,9 @@ class AccessTestCase(TestCase): return - - cls.now = timezone.now() - - - cls.ensembles['be-sharps'].admins.add(cls.users['homer']) - def login(self, user, passwd): response = self.client.post('/login', {'username': user, 'password': passwd}) - print(response.request) - self.assertRedirects(response, '/projects', msg_prefix=repr(getattr(response.context.get('form'), 'errors', ''))) + self.assertEqual(response.status_code, 302, f"Failed to login as {user}") def authorize(self, model, **kwargs): object = model.objects.get(**kwargs) diff --git a/app/interface/tests/test_access.py b/app/interface/tests/test_access.py index 96cbba2..ed6b6a5 100644 --- a/app/interface/tests/test_access.py +++ b/app/interface/tests/test_access.py @@ -2,49 +2,41 @@ from django.test import TestCase, Client from interface import models, utils from django.contrib.auth.models import User -from django.utils import timezone -from datetime import timedelta from . import AccessTestCase class InterfaceAccessTestCase(AccessTestCase): + USERS = ( + {'username': 'admin', 'password': 'secret', 'is_superuser': True, 'is_staff': True}, + {'username': 'homer', 'password': 'maggie'}, + ) + + ENSEMBLES = ( + {'name': 'The Be Sharps', 'slug': 'be-sharps', 'admins': ['homer']}, + {'name': 'Lisa & the Bleeding Gums', 'slug': 'bleeding-gums'}, + {'name': 'Party Posse'}, + ) + PROJECTS = ( ('Baker St', 'bleeding-gums', -12), ('Navy Recruitment Day', 'party-posse', 6), - ('Baby on Board', 'be-sharps', 28), + ('Barbershop Contest', 'be-sharps', 28), ('Open Mic Night', 'bleeding-gums', 1) ) - - @classmethod - def oldsetUpTestData(cls): - AccessTestCase.setUpTestData() - return - - admin = User.objects.create_user(username='admin', password='foobar', is_superuser=True, is_staff=True) - homer = User.objects.create_user(username='homer', password='maggie') - - now = timezone.now() - - b_sharps = models.Ensemble.objects.create(name='The Be Sharps') - b_sharps.admins.add(homer) - bleeding_gums = models.Ensemble.objects.create(name='Lisa and the Bleeding Gums', slug='bleeding-gums') - party_posse = models.Ensemble.objects.create(name="Party Posse", slug='party-posse') - - bleeding_gums.projects.create(name='Baker St', event_date=now-timedelta(days=12)) - party_posse.projects.create(name='Navy Recruitment Day', event_date=now+timedelta(days=6)) - b_sharps.projects.create(name='Baby on Board', event_date=now+timedelta(days=28)) - bleeding_gums.projects.create(name='Open Mic Night', event_date=now+timedelta(hours=1)) + def test_bad_login(self): + with self.assertRaisesMessage(self.failureException, 'Failed to login as admin'): + self.login('admin', 'admin') def test_admin_ensembles(self): - self.client.post('/login', {'username': 'admin', 'password': 'foobar'}) + self.login('admin', 'secret') response = self.client.get('/ensembles') self.assertObjectList(response, ['The Be Sharps', 'Lisa & the Bleeding Gums', 'Party Posse']) self.assertContains(response, 'Django Admin') def test_admin_ensemble_permissions(self): - self.client.post('/login', {'username': 'admin', 'password': 'foobar'}) + self.login('admin', 'secret') response = self.client.get('/ensembles/party-posse') self.assertTrue(response.context['request'].is_admin) self.assertContains(response, "Add project") @@ -57,23 +49,23 @@ class InterfaceAccessTestCase(AccessTestCase): }) def test_admin_projects(self): - self.client.post('/login', {'username': 'admin', 'password': 'foobar'}) + self.login('admin', 'secret') response = self.client.get('/projects') - self.assertObjectList(response, ['Open Mic Night', 'Navy Recruitment Day', 'Baby on Board']) + self.assertObjectList(response, ['Open Mic Night', 'Navy Recruitment Day', 'Barbershop Contest']) self.assertObjectList(self.client.get('/ensembles/bleeding-gums'), ['Open Mic Night']) self.assertObjectList(self.client.get('/ensembles/bleeding-gums?inactive'), ['Open Mic Night', 'Baker St']) def test_user_ensembles(self): - self.client.post('/login', {'username': 'homer', 'password': 'maggie'}) + self.login('homer', 'maggie') response = self.client.get('/ensembles') self.assertObjectList(response, ['The Be Sharps']) self.assertNotContains(response, 'Django Admin') def test_user_ensemble_permissions(self): - self.client.post('/login', {'username': 'homer', 'password': 'maggie'}) + self.login('homer', 'maggie') response = self.client.get('/ensembles/be-sharps') self.assertTrue(response.context['request'].is_admin) self.assertContains(response, "Add project") @@ -100,9 +92,9 @@ class InterfaceAccessTestCase(AccessTestCase): self.assertNotContains(response, 'Show all') def test_user_projects(self): - self.client.post('/login', {'username': 'homer', 'password': 'maggie'}) + self.login('homer', 'maggie') response = self.client.get('/projects') - self.assertObjectList(response, ['Baby on Board']) + self.assertObjectList(response, ['Barbershop Contest']) response = self.client.get('/projects/3') self.assertTrue(response.context['request'].is_admin) @@ -118,7 +110,7 @@ class InterfaceAccessTestCase(AccessTestCase): self.authorize(models.Project, pk=4) response = self.client.get('/projects') - self.assertObjectList(response, ['Open Mic Night', 'Baby on Board']) + self.assertObjectList(response, ['Open Mic Night', 'Barbershop Contest']) response = self.client.get('/projects/4') self.assertFalse(response.context['request'].is_admin) @@ -164,87 +156,13 @@ class InterfaceAccessTestCase(AccessTestCase): '/ensembles/bleeding-gums': False, '/ensembles/unknown': False, }) - """ - def authorize(self, model, **kwargs): - object = model.objects.get(**kwargs) - response = self.client.get(f'{object.get_absolute_url()}?auth={object.auth()}') - self.assertEqual(response.status_code, 302) - def assertAccess(self, urls): - for url, expected in urls.items(): - response = self.client.get(url) - self.assertEqual(response.status_code == 200, expected, f"Expected {expected} for {url} (status: {response.status_code})") - - def assertObjectList(self, response, expected, element='name'): - self.assertEqual(response.status_code, 200, "No result returned") - objects = response.context['object_list'].values_list(element, flat=True) - self.assertEqual(list(objects), expected) - """ - """ - def test_redirect(self): - self.skipTest("No redirect") - response = self.client.get('/') - self.assertRedirects(response, '/register?') - - def test_redirect_project(self): - response = self.client.get('/projects/1') - self.assertEqual(response.status_code, 404) - - #def test_redirect_with_code(self): - # response = self.client.get('/?code=123-456-789') - # self.assertRedirects(response, '/register?code=123-456-789') - - def test_register(self): - - response = self.client.get('/ensembles/1') - self.assertEqual(response.status_code, 404) - - url = utils.signed_url('register', group='ensemble', pk=1) - - response = self.client.get(url + "i") - self.assertEqual(response.status_code, 400) - - response = self.client.get(url) - self.assertRedirects(response, '/ensembles/1') - - response = self.client.get('/ensembles/1') - self.assertEqual(response.context['object'].pk, 1) - - response = self.client.get('/projects/1', ) - - def old_test_register(self): - response = self.client.post('/register', {'code': '123-456-789', }) - self.assertFormError(response, 'form', 'passphrase', 'This field is required.') - - response = self.client.post('/register', {'code': '123-456-789', 'passphrase': 'Foo'}) - self.assertFormError(response, 'form', None, 'Incorrect code or passphrase') - - response = self.client.post('/register', {'code': '12-34', 'passphrase': 'Homer'}) - self.assertRedirects(response, '/') - - response = self.client.get(response.url) - self.assertEqual(response.context['object'].pk, 1) - - # revisting original url get redirected back to homepage - response = self.client.get('/?code=12-34') - response = self.client.get(response.url) - response = self.client.get(response.url) - self.assertEqual(response.context['object'].pk, 1) - - # providing a new code - response = self.client.get('/?code=23-45') - self.assertRedirects(response, '/register?code=23-45') - response = self.client.get(response.url) - #self.assertQuerysetEqual(response.context['current'], ['']) - #self.assertEqual(response.context['form'].code.initial, 'foo') - response = self.client.post('/register', {'code': '23-45', 'passphrase': 'maggie'}) - self.assertRedirects(response, '/') - response = self.client.get('/') - self.assertEqual(response.context['object'].pk, 2) - - # can use previous link to switch back without passphrase - response = self.client.get('/?code=12-34') - response = self.client.get(response.url) - response = self.client.get(response.url) - self.assertEqual(response.context['object'].pk, 1) - """ \ No newline at end of file + def test_anon_deauthorize_project(self): + self.authorize(models.Project, pk=4) + self.assertAccess({ + '/projects/4': True + }) + models.Project.objects.filter(pk=4).update(nonce=2) + self.assertAccess({ + '/projects/4': False + }) \ No newline at end of file