# -*- coding: utf-8 -*- from __future__ import unicode_literals from django.contrib.auth import get_user_model from django.test import TestCase from django.urls import reverse from ..testutils import AdminTestCase from ..views import get_protected_namespace class FakeRequest(object): def __init__(self, path): self.path = path self.path_info = path class AdminProtectedNamespaceTests(TestCase): def test_valid_cases(self): """get_protected_namespace returns true for protected links""" links_prefix = reverse('misago:admin:index') TEST_CASES = ( '', 'somewhere/', 'ejksajdlksajldjskajdlksajlkdas', ) for case in TEST_CASES: request = FakeRequest(links_prefix + case) self.assertEqual(get_protected_namespace(request), 'misago:admin') def test_invalid_cases(self): """get_protected_namespace returns none for other links""" TEST_CASES = ( '/', '/somewhere/', '/ejksajdlksajldjskajdlksajlkdas', ) for case in TEST_CASES: request = FakeRequest(case) self.assertEqual(get_protected_namespace(request), None) class AdminLoginViewTests(TestCase): def test_login_returns_200_on_get(self): """unauthenticated request to admin index produces login form""" response = self.client.get(reverse('misago:admin:index')) self.assertContains(response, 'Sign in') self.assertContains(response, 'Username or e-mail') self.assertContains(response, 'Password') def test_login_returns_200_on_invalid_post(self): """form handles invalid data gracefully""" response = self.client.post( reverse('misago:admin:index'), data={'username': 'Nope', 'password': 'Nope'}) self.assertContains(response, "Login or password is incorrect.") self.assertContains(response, "Sign in") self.assertContains(response, "Username or e-mail") self.assertContains(response, "Password") def test_login_denies_non_staff_non_superuser(self): """login rejects user thats non staff and non superuser""" User = get_user_model() user = User.objects.create_user('Bob', 'bob@test.com', 'Pass.123') user.is_staff = False user.is_superuser = False user.save() response = self.client.post( reverse('misago:admin:index'), data={'username': 'Bob', 'password': 'Pass.123'}) self.assertContains(response, "Your account does not have admin privileges.") def test_login_denies_non_staff_superuser(self): """login rejects user thats non staff and superuser""" User = get_user_model() user = User.objects.create_user('Bob', 'bob@test.com', 'Pass.123') user.is_staff = False user.is_superuser = True user.save() response = self.client.post( reverse('misago:admin:index'), data={'username': 'Bob', 'password': 'Pass.123'}) self.assertContains(response, "Your account does not have admin privileges.") def test_login_signs_in_staff_non_superuser(self): """login passess user thats staff and non superuser""" User = get_user_model() user = User.objects.create_user('Bob', 'bob@test.com', 'Pass.123') user.is_staff = True user.is_superuser = False user.save() response = self.client.post( reverse('misago:admin:index'), data={'username': 'Bob', 'password': 'Pass.123'}) self.assertEqual(response.status_code, 302) def test_login_signs_in_staff_superuser(self): """login passess user thats staff and superuser""" User = get_user_model() user = User.objects.create_user('Bob', 'bob@test.com', 'Pass.123') user.is_staff = True user.is_superuser = True user.save() response = self.client.post( reverse('misago:admin:index'), data={'username': 'Bob', 'password': 'Pass.123'}) self.assertEqual(response.status_code, 302) class AdminLogoutTests(AdminTestCase): def test_admin_logout(self): """admin logout logged from admin only""" response = self.client.post(reverse('misago:admin:logout')) self.assertEqual(response.status_code, 302) response = self.client.get(reverse('misago:admin:index')) self.assertContains(response, "Your admin session has been closed.") response = self.client.get(reverse('misago:index')) self.assertContains(response, self.user.username) def test_complete_logout(self): """complete logout logged from both admin and site""" response = self.client.post(reverse('misago:logout')) self.assertEqual(response.status_code, 302) response = self.client.get(reverse('misago:admin:index')) self.assertContains(response, "Sign in") response = self.client.get(reverse('misago:index')) self.assertContains(response, "Sign in") class AdminViewAccessTests(AdminTestCase): def test_admin_denies_non_staff_non_superuser(self): """admin middleware rejects user thats non staff and non superuser""" self.user.is_staff = False self.user.is_superuser = False self.user.save() response = self.client.get(reverse('misago:admin:index')) self.assertContains(response, "Sign in") def test_admin_denies_non_staff_superuser(self): """admin middleware rejects user thats non staff and superuser""" self.user.is_staff = False self.user.is_superuser = True self.user.save() response = self.client.get(reverse('misago:admin:index')) self.assertContains(response, "Sign in") def test_admin_passess_in_staff_non_superuser(self): """admin middleware passess user thats staff and non superuser""" self.user.is_staff = True self.user.is_superuser = False self.user.save() response = self.client.get(reverse('misago:admin:index')) self.assertContains(response, self.user.username) def test_admin_passess_in_staff_superuser(self): """admin middleware passess user thats staff and superuser""" self.user.is_staff = True self.user.is_superuser = True self.user.save() response = self.client.get(reverse('misago:admin:index')) self.assertContains(response, self.user.username) class AdminIndexViewTests(AdminTestCase): def test_view_returns_200(self): """admin index view returns 200""" response = self.client.get(reverse('misago:admin:index')) self.assertContains(response, self.user.username) class Admin404ErrorTests(AdminTestCase): def test_list_search_unicode_handling(self): """querystring creation handles unicode strings""" test_link = '%stotally-errored/' % reverse('misago:admin:index') response = self.client.get(test_link) self.assertContains( response, "Requested page could not be found.", status_code=404) class AdminGenericViewsTests(AdminTestCase): def test_view_redirected_queryvar(self): """querystring redirected value is handled""" test_link = reverse('misago:admin:users:accounts:index') # request resulted in redirect with redirected=1 bit response = self.client.get('%s?username=lorem' % test_link) self.assertEqual(response.status_code, 302) self.assertIn('redirected=1', response['location']) # request with flag muted redirect response = self.client.get( '%s?redirected=1&username=lorem' % test_link) self.assertEqual(response.status_code, 200) def test_list_search_unicode_handling(self): """querystring creation handles unicode strings""" test_link = reverse('misago:admin:users:accounts:index') response = self.client.get( '%s?redirected=1&username=%s' % (test_link, 'łut')) self.assertEqual(response.status_code, 200)