Misago/misago/admin/tests/test_admin_views.py

from django.contrib.auth import get_user_model
from django.test import TestCase
from django.urls import reverse

from misago.admin.testutils import AdminTestCase
from misago.admin.views import get_protected_namespace


UserModel = get_user_model()


class MockRequest(object):
    def __init__(self, path):
        self.path = path


class AdminProtectedNamespaceTests(TestCase):
    def test_valid_cases(self):
        """get_protected_namespace returns true for protected links"""
        TEST_CASES = ('', 'somewhere/', 'ejksajdlksajldjskajdlksajlkdas', )
        
        links_prefix = reverse('misago:admin:index')
        
        for case in TEST_CASES:
            request = MockRequest(links_prefix + case)
            self.assertEqual(get_protected_namespace(request), 'misago:admin')

    def test_invalid_cases(self):
        """get_protected_namespace returns none for other links"""
        TEST_CASES = ('/', '/somewhere/', '/ejksajdlksajldjskajdlksajlkdas', )

        for case in TEST_CASES:
            request = MockRequest(case)
            self.assertEqual(get_protected_namespace(request), None)


class AdminLoginViewTests(TestCase):
    def test_login_returns_200_on_get(self):
        """unauthenticated request to admin index produces login form"""
        response = self.client.get(reverse('misago:admin:index'))

        self.assertContains(response, 'Sign in')
        self.assertContains(response, 'Username or e-mail')
        self.assertContains(response, 'Password')

    def test_login_returns_200_on_invalid_post(self):
        """form handles invalid data gracefully"""
        response = self.client.post(
            reverse('misago:admin:index'),
            data={
                'username': 'Nope',
                'password': 'Nope',
            },
        )

        self.assertContains(response, "Login or password is incorrect.")
        self.assertContains(response, "Sign in")
        self.assertContains(response, "Username or e-mail")
        self.assertContains(response, "Password")

    def test_login_denies_non_staff_non_superuser(self):
        """login rejects user thats non staff and non superuser"""
        user = UserModel.objects.create_user('Bob', 'bob@test.com', 'Pass.123')

        user.is_staff = False
        user.is_superuser = False
        user.save()

        response = self.client.post(
            reverse('misago:admin:index'),
            data={
                'username': 'Bob',
                'password': 'Pass.123',
            },
        )

        self.assertContains(response, "Your account does not have admin privileges.")

    def test_login_denies_non_staff_superuser(self):
        """login rejects user thats non staff and superuser"""
        user = UserModel.objects.create_user('Bob', 'bob@test.com', 'Pass.123')

        user.is_staff = False
        user.is_superuser = True
        user.save()

        response = self.client.post(
            reverse('misago:admin:index'),
            data={
                'username': 'Bob',
                'password': 'Pass.123',
            },
        )

        self.assertContains(response, "Your account does not have admin privileges.")

    def test_login_signs_in_staff_non_superuser(self):
        """login passess user thats staff and non superuser"""
        user = UserModel.objects.create_user('Bob', 'bob@test.com', 'Pass.123')

        user.is_staff = True
        user.is_superuser = False
        user.save()

        response = self.client.post(
            reverse('misago:admin:index'),
            data={
                'username': 'Bob',
                'password': 'Pass.123',
            },
        )

        self.assertEqual(response.status_code, 302)

    def test_login_signs_in_staff_superuser(self):
        """login passess user thats staff and superuser"""
        user = UserModel.objects.create_user('Bob', 'bob@test.com', 'Pass.123')

        user.is_staff = True
        user.is_superuser = True
        user.save()

        response = self.client.post(
            reverse('misago:admin:index'),
            data={
                'username': 'Bob',
                'password': 'Pass.123',
            },
        )

        self.assertEqual(response.status_code, 302)


class AdminLogoutTests(AdminTestCase):
    def test_admin_logout(self):
        """admin logout logged from admin only"""
        response = self.client.post(reverse('misago:admin:logout'))
        self.assertEqual(response.status_code, 302)

        response = self.client.get(reverse('misago:admin:index'))
        self.assertContains(response, "Your admin session has been closed.")

        response = self.client.get(reverse('misago:index'))
        self.assertContains(response, self.user.username)

    def test_complete_logout(self):
        """complete logout logged from both admin and site"""
        response = self.client.post(reverse('misago:logout'))
        self.assertEqual(response.status_code, 302)

        response = self.client.get(reverse('misago:admin:index'))
        self.assertContains(response, "Sign in")

        response = self.client.get(reverse('misago:index'))
        self.assertContains(response, "Sign in")


class AdminViewAccessTests(AdminTestCase):
    def test_admin_denies_non_staff_non_superuser(self):
        """admin middleware rejects user thats non staff and non superuser"""
        self.user.is_staff = False
        self.user.is_superuser = False
        self.user.save()

        response = self.client.get(reverse('misago:admin:index'))
        self.assertContains(response, "Sign in")

    def test_admin_denies_non_staff_superuser(self):
        """admin middleware rejects user thats non staff and superuser"""
        self.user.is_staff = False
        self.user.is_superuser = True
        self.user.save()

        response = self.client.get(reverse('misago:admin:index'))
        self.assertContains(response, "Sign in")

    def test_admin_passess_in_staff_non_superuser(self):
        """admin middleware passess user thats staff and non superuser"""
        self.user.is_staff = True
        self.user.is_superuser = False
        self.user.save()

        response = self.client.get(reverse('misago:admin:index'))
        self.assertContains(response, self.user.username)

    def test_admin_passess_in_staff_superuser(self):
        """admin middleware passess user thats staff and superuser"""
        self.user.is_staff = True
        self.user.is_superuser = True
        self.user.save()

        response = self.client.get(reverse('misago:admin:index'))
        self.assertContains(response, self.user.username)


class Admin404ErrorTests(AdminTestCase):
    def test_list_search_unicode_handling(self):
        """querystring creation handles unicode strings"""
        test_link = '%stotally-errored/' % reverse('misago:admin:index')

        response = self.client.get(test_link)

        self.assertContains(response, "Requested page could not be found.", status_code=404)


class AdminGenericViewsTests(AdminTestCase):
    def test_view_redirected_queryvar(self):
        """querystring redirected value is handled"""
        test_link = reverse('misago:admin:users:accounts:index')

        # request resulted in redirect with redirected=1 bit
        response = self.client.get('%s?username=lorem' % test_link)
        self.assertEqual(response.status_code, 302)
        self.assertIn('redirected=1', response['location'])

        # request with flag muted redirect
        response = self.client.get('%s?redirected=1&username=lorem' % test_link)
        self.assertEqual(response.status_code, 200)

    def test_list_search_unicode_handling(self):
        """querystring creation handles unicode strings"""
        test_link = reverse('misago:admin:users:accounts:index')
        response = self.client.get('%s?redirected=1&username=%s' % (test_link, 'łut'))
        self.assertEqual(response.status_code, 200)