Home Explore Help
Sign In
221V
/
Misago
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

fix #650: test middleware ban enforcement

Rafał Pitoń 8 years ago
parent
8e01d82732
commit
210b18fe4b
2 changed files with 63 additions and 0 deletions
Unified View Show Diff Stats
  1. 1 0
      misago/users/middleware.py
  2. 62 0
      misago/users/tests/test_user_middleware.py

+ 1 - 0
misago/users/middleware.py
View File 

@@ -35,6 +35,7 @@ class UserMiddleware(object):
 
         elif not request.user.is_staff:
 
         elif not request.user.is_staff:
 
             if get_request_ip_ban(request) or get_user_ban(request.user):
 
             if get_request_ip_ban(request) or get_user_ban(request.user):
 
                 logout(request)
 
                 logout(request)
 
+                request.user = AnonymousUser()
 
 
 
 
 
 class OnlineTrackerMiddleware(object):
 
 class OnlineTrackerMiddleware(object):

+ 62 - 0
misago/users/tests/test_user_middleware.py
View File 

@@ -0,0 +1,62 @@
 
+from django.urls import reverse
 
+
 
+from ..bans import ban_ip, ban_user
 
+from ..testutils import AuthenticatedUserTestCase
 
+
 
+
 
+class UserMiddlewareTest(AuthenticatedUserTestCase):
 
+    def setUp(self):
 
+        super(UserMiddlewareTest, self).setUp()
 
+
 
+        self.api_link = reverse('misago:api:auth')
 
+        self.test_link = reverse('misago:index')
 
+
 
+    def test_banned_user(self):
 
+        """middleware handles user that has been banned in meantime"""
 
+        ban_user(self.user)
 
+
 
+        response = self.client.get(self.test_link)
 
+        self.assertEqual(response.status_code, 200)
 
+
 
+        response = self.client.get(self.api_link)
 
+        self.assertEqual(response.status_code, 200)
 
+        self.assertIsNone(response.json()['id'])
 
+
 
+    def test_banned_staff(self):
 
+        """middleware handles staff user that has been banned in meantime"""
 
+        self.user.is_staff = True
 
+        self.user.save()
 
+
 
+        ban_user(self.user)
 
+
 
+        response = self.client.get(self.test_link)
 
+        self.assertEqual(response.status_code, 200)
 
+
 
+        response = self.client.get(self.api_link)
 
+        self.assertEqual(response.status_code, 200)
 
+        self.assertEqual(response.json()['id'], self.user.pk)
 
+
 
+    def test_ip_banned_user(self):
 
+        """middleware handles user that has been banned in meantime"""
 
+        ban_ip('127.0.0.1')
 
+
 
+        response = self.client.get(self.test_link)
 
+        self.assertEqual(response.status_code, 200)
 
+
 
+        response = self.client.get(self.api_link)
 
+        self.assertEqual(response.status_code, 200)
 
+        self.assertIsNone(response.json()['id'])
 
+
 
+    def test_ip_banned_staff(self):
 
+        """middleware handles staff user that has been banned in meantime"""
 
+        self.user.is_staff = True
 
+        self.user.save()
 
+
 
+        ban_ip('127.0.0.1')
 
+
 
+        response = self.client.get(self.test_link)
 
+        self.assertEqual(response.status_code, 200)
 
+
 
+        response = self.client.get(self.api_link)
 
+        self.assertEqual(response.status_code, 200)
 
+        self.assertEqual(response.json()['id'], self.user.pk)