| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235 |
- # -*- coding: utf-8 -*-
- from __future__ import unicode_literals
- from django.contrib.auth import get_user_model
- from django.test import TestCase
- from django.urls import reverse
- from misago.admin.testutils import AdminTestCase
- from misago.admin.views import get_protected_namespace
- UserModel = get_user_model()
- class FakeRequest(object):
- def __init__(self, path):
- self.path = path
- self.path_info = path
- class AdminProtectedNamespaceTests(TestCase):
- def test_valid_cases(self):
- """get_protected_namespace returns true for protected links"""
- links_prefix = reverse('misago:admin:index')
- TEST_CASES = ('', 'somewhere/', 'ejksajdlksajldjskajdlksajlkdas', )
- for case in TEST_CASES:
- request = FakeRequest(links_prefix + case)
- self.assertEqual(get_protected_namespace(request), 'misago:admin')
- def test_invalid_cases(self):
- """get_protected_namespace returns none for other links"""
- TEST_CASES = ('/', '/somewhere/', '/ejksajdlksajldjskajdlksajlkdas', )
- for case in TEST_CASES:
- request = FakeRequest(case)
- self.assertEqual(get_protected_namespace(request), None)
- class AdminLoginViewTests(TestCase):
- def test_login_returns_200_on_get(self):
- """unauthenticated request to admin index produces login form"""
- response = self.client.get(reverse('misago:admin:index'))
- self.assertContains(response, 'Sign in')
- self.assertContains(response, 'Username or e-mail')
- self.assertContains(response, 'Password')
- def test_login_returns_200_on_invalid_post(self):
- """form handles invalid data gracefully"""
- response = self.client.post(
- reverse('misago:admin:index'),
- data={
- 'username': 'Nope',
- 'password': 'Nope',
- },
- )
- self.assertContains(response, "Login or password is incorrect.")
- self.assertContains(response, "Sign in")
- self.assertContains(response, "Username or e-mail")
- self.assertContains(response, "Password")
- def test_login_denies_non_staff_non_superuser(self):
- """login rejects user thats non staff and non superuser"""
- user = UserModel.objects.create_user('Bob', 'bob@test.com', 'Pass.123')
- user.is_staff = False
- user.is_superuser = False
- user.save()
- response = self.client.post(
- reverse('misago:admin:index'),
- data={
- 'username': 'Bob',
- 'password': 'Pass.123',
- },
- )
- self.assertContains(response, "Your account does not have admin privileges.")
- def test_login_denies_non_staff_superuser(self):
- """login rejects user thats non staff and superuser"""
- user = UserModel.objects.create_user('Bob', 'bob@test.com', 'Pass.123')
- user.is_staff = False
- user.is_superuser = True
- user.save()
- response = self.client.post(
- reverse('misago:admin:index'),
- data={
- 'username': 'Bob',
- 'password': 'Pass.123',
- },
- )
- self.assertContains(response, "Your account does not have admin privileges.")
- def test_login_signs_in_staff_non_superuser(self):
- """login passess user thats staff and non superuser"""
- user = UserModel.objects.create_user('Bob', 'bob@test.com', 'Pass.123')
- user.is_staff = True
- user.is_superuser = False
- user.save()
- response = self.client.post(
- reverse('misago:admin:index'),
- data={
- 'username': 'Bob',
- 'password': 'Pass.123',
- },
- )
- self.assertEqual(response.status_code, 302)
- def test_login_signs_in_staff_superuser(self):
- """login passess user thats staff and superuser"""
- user = UserModel.objects.create_user('Bob', 'bob@test.com', 'Pass.123')
- user.is_staff = True
- user.is_superuser = True
- user.save()
- response = self.client.post(
- reverse('misago:admin:index'),
- data={
- 'username': 'Bob',
- 'password': 'Pass.123',
- },
- )
- self.assertEqual(response.status_code, 302)
- class AdminLogoutTests(AdminTestCase):
- def test_admin_logout(self):
- """admin logout logged from admin only"""
- response = self.client.post(reverse('misago:admin:logout'))
- self.assertEqual(response.status_code, 302)
- response = self.client.get(reverse('misago:admin:index'))
- self.assertContains(response, "Your admin session has been closed.")
- response = self.client.get(reverse('misago:index'))
- self.assertContains(response, self.user.username)
- def test_complete_logout(self):
- """complete logout logged from both admin and site"""
- response = self.client.post(reverse('misago:logout'))
- self.assertEqual(response.status_code, 302)
- response = self.client.get(reverse('misago:admin:index'))
- self.assertContains(response, "Sign in")
- response = self.client.get(reverse('misago:index'))
- self.assertContains(response, "Sign in")
- class AdminViewAccessTests(AdminTestCase):
- def test_admin_denies_non_staff_non_superuser(self):
- """admin middleware rejects user thats non staff and non superuser"""
- self.user.is_staff = False
- self.user.is_superuser = False
- self.user.save()
- response = self.client.get(reverse('misago:admin:index'))
- self.assertContains(response, "Sign in")
- def test_admin_denies_non_staff_superuser(self):
- """admin middleware rejects user thats non staff and superuser"""
- self.user.is_staff = False
- self.user.is_superuser = True
- self.user.save()
- response = self.client.get(reverse('misago:admin:index'))
- self.assertContains(response, "Sign in")
- def test_admin_passess_in_staff_non_superuser(self):
- """admin middleware passess user thats staff and non superuser"""
- self.user.is_staff = True
- self.user.is_superuser = False
- self.user.save()
- response = self.client.get(reverse('misago:admin:index'))
- self.assertContains(response, self.user.username)
- def test_admin_passess_in_staff_superuser(self):
- """admin middleware passess user thats staff and superuser"""
- self.user.is_staff = True
- self.user.is_superuser = True
- self.user.save()
- response = self.client.get(reverse('misago:admin:index'))
- self.assertContains(response, self.user.username)
- class AdminIndexViewTests(AdminTestCase):
- def test_view_returns_200(self):
- """admin index view returns 200"""
- response = self.client.get(reverse('misago:admin:index'))
- self.assertContains(response, self.user.username)
- class Admin404ErrorTests(AdminTestCase):
- def test_list_search_unicode_handling(self):
- """querystring creation handles unicode strings"""
- test_link = '%stotally-errored/' % reverse('misago:admin:index')
- response = self.client.get(test_link)
- self.assertContains(response, "Requested page could not be found.", status_code=404)
- class AdminGenericViewsTests(AdminTestCase):
- def test_view_redirected_queryvar(self):
- """querystring redirected value is handled"""
- test_link = reverse('misago:admin:users:accounts:index')
- # request resulted in redirect with redirected=1 bit
- response = self.client.get('%s?username=lorem' % test_link)
- self.assertEqual(response.status_code, 302)
- self.assertIn('redirected=1', response['location'])
- # request with flag muted redirect
- response = self.client.get('%s?redirected=1&username=lorem' % test_link)
- self.assertEqual(response.status_code, 200)
- def test_list_search_unicode_handling(self):
- """querystring creation handles unicode strings"""
- test_link = reverse('misago:admin:users:accounts:index')
- response = self.client.get('%s?redirected=1&username=%s' % (test_link, 'łut'))
- self.assertEqual(response.status_code, 200)
|
