from django.test import TestCase from django.urls import reverse from ...users.test import create_test_user from ..test import AdminTestCase from ..views import get_protected_namespace class MockRequest: def __init__(self, path): self.path = path class AdminProtectedNamespaceTests(TestCase): def test_valid_cases(self): """get_protected_namespace returns true for protected links""" TEST_CASES = ("", "somewhere/", "ejksajdlksajldjskajdlksajlkdas") links_prefix = reverse("misago:admin:index") for case in TEST_CASES: request = MockRequest(links_prefix + case) self.assertEqual(get_protected_namespace(request), "misago:admin") def test_invalid_cases(self): """get_protected_namespace returns none for other links""" TEST_CASES = ("/", "/somewhere/", "/ejksajdlksajldjskajdlksajlkdas") for case in TEST_CASES: request = MockRequest(case) self.assertEqual(get_protected_namespace(request), None) class AdminLoginViewTests(TestCase): def test_login_returns_200_on_get(self): """unauthenticated request to admin index produces login form""" response = self.client.get(reverse("misago:admin:index")) self.assertContains(response, "Sign in") self.assertContains(response, "Username or e-mail") self.assertContains(response, "Password") def test_login_returns_200_on_invalid_post(self): """form handles invalid data gracefully""" response = self.client.post( reverse("misago:admin:index"), data={"username": "no", "password": "no"} ) self.assertContains(response, "Login or password is incorrect.") self.assertContains(response, "Sign in") self.assertContains(response, "Username or e-mail") self.assertContains(response, "Password") def test_login_denies_non_staff_non_superuser(self): """login rejects user thats non staff and non superuser""" user = create_test_user("User", "user@example.com", "password") user.is_staff = False user.is_superuser = False user.save() response = self.client.post( reverse("misago:admin:index"), data={"username": "User", "password": "password"}, ) self.assertContains(response, "Your account does not have admin privileges.") def test_login_denies_non_staff_superuser(self): """login rejects user thats non staff and superuser""" user = create_test_user("User", "user@example.com", "password") user.is_staff = False user.is_superuser = True user.save() response = self.client.post( reverse("misago:admin:index"), data={"username": "User", "password": "password"}, ) self.assertContains(response, "Your account does not have admin privileges.") def test_login_signs_in_staff_non_superuser(self): """login passess user thats staff and non superuser""" user = create_test_user("User", "user@example.com", "password") user.is_staff = True user.is_superuser = False user.save() response = self.client.post( reverse("misago:admin:index"), data={"username": "User", "password": "password"}, ) self.assertEqual(response.status_code, 302) def test_login_signs_in_staff_superuser(self): """login passess user thats staff and superuser""" user = create_test_user("User", "user@example.com", "password") user.is_staff = True user.is_superuser = True user.save() response = self.client.post( reverse("misago:admin:index"), data={"username": "User", "password": "password"}, ) self.assertEqual(response.status_code, 302) class AdminLogoutTests(AdminTestCase): def test_admin_logout(self): """admin logout logged from admin only""" response = self.client.post(reverse("misago:admin:logout")) self.assertEqual(response.status_code, 302) response = self.client.get(reverse("misago:admin:index")) self.assertContains(response, "Your admin session has been closed.") response = self.client.get(reverse("misago:index")) self.assertContains(response, self.user.username) def test_complete_logout(self): """complete logout logged from both admin and site""" response = self.client.post(reverse("misago:logout")) self.assertEqual(response.status_code, 302) response = self.client.get(reverse("misago:admin:index")) self.assertContains(response, "Sign in") response = self.client.get(reverse("misago:index")) self.assertContains(response, "Sign in") class AdminViewAccessTests(AdminTestCase): def test_admin_denies_non_staff_non_superuser(self): """admin middleware rejects user thats non staff and non superuser""" self.user.is_staff = False self.user.is_superuser = False self.user.save() response = self.client.get(reverse("misago:admin:index")) self.assertContains(response, "Sign in") def test_admin_denies_non_staff_superuser(self): """admin middleware rejects user thats non staff and superuser""" self.user.is_staff = False self.user.is_superuser = True self.user.save() response = self.client.get(reverse("misago:admin:index")) self.assertContains(response, "Sign in") def test_admin_passess_in_staff_non_superuser(self): """admin middleware passess user thats staff and non superuser""" self.user.is_staff = True self.user.is_superuser = False self.user.save() response = self.client.get(reverse("misago:admin:index")) self.assertContains(response, self.user.username) def test_admin_passess_in_staff_superuser(self): """admin middleware passess user thats staff and superuser""" self.user.is_staff = True self.user.is_superuser = True self.user.save() response = self.client.get(reverse("misago:admin:index")) self.assertContains(response, self.user.username) class Admin404ErrorTests(AdminTestCase): def test_list_search_unicode_handling(self): """querystring creation handles unicode strings""" test_link = "%stotally-errored/" % reverse("misago:admin:index") response = self.client.get(test_link) self.assertContains( response, "Requested page could not be found.", status_code=404 ) class AdminGenericViewsTests(AdminTestCase): def test_view_redirected_queryvar(self): """querystring redirected value is handled""" test_link = reverse("misago:admin:users:accounts:index") # request resulted in redirect with redirected=1 bit response = self.client.get("%s?username=lorem" % test_link) self.assertEqual(response.status_code, 302) self.assertIn("redirected=1", response["location"]) # request with flag muted redirect response = self.client.get("%s?redirected=1&username=lorem" % test_link) self.assertEqual(response.status_code, 200) def test_list_search_unicode_handling(self): """querystring creation handles unicode strings""" test_link = reverse("misago:admin:users:accounts:index") response = self.client.get("%s?redirected=1&username=%s" % (test_link, "łut")) self.assertEqual(response.status_code, 200)