diff --git a/bookwyrm/tests/views/test_login.py b/bookwyrm/tests/views/test_login.py new file mode 100644 index 000000000..c37eaa514 --- /dev/null +++ b/bookwyrm/tests/views/test_login.py @@ -0,0 +1,110 @@ +""" test for app action functionality """ +from unittest.mock import patch + +from django.contrib.auth.models import AnonymousUser +from django.template.response import TemplateResponse +from django.test import TestCase +from django.test.client import RequestFactory + +from bookwyrm import forms, models, views + + +# pylint: disable=too-many-public-methods +@patch("bookwyrm.suggested_users.rerank_suggestions_task.delay") +@patch("bookwyrm.activitystreams.populate_stream_task.delay") +class LoginViews(TestCase): + """login and password management""" + + def setUp(self): + """we need basic test data and mocks""" + self.factory = RequestFactory() + with patch("bookwyrm.suggested_users.rerank_suggestions_task.delay"), patch( + "bookwyrm.activitystreams.populate_stream_task.delay" + ): + self.local_user = models.User.objects.create_user( + "mouse@your.domain.here", + "mouse@mouse.com", + "password", + local=True, + localname="mouse", + ) + self.anonymous_user = AnonymousUser + self.anonymous_user.is_authenticated = False + + models.SiteSettings.objects.create(id=1, require_confirm_email=False) + + def test_login_get(self, *_): + """there are so many views, this just makes sure it LOADS""" + login = views.Login.as_view() + request = self.factory.get("") + request.user = self.anonymous_user + + result = login(request) + self.assertIsInstance(result, TemplateResponse) + result.render() + self.assertEqual(result.status_code, 200) + + request.user = self.local_user + result = login(request) + self.assertEqual(result.url, "/") + self.assertEqual(result.status_code, 302) + + def test_login_post_localname(self, *_): + """there are so many views, this just makes sure it LOADS""" + view = views.Login.as_view() + form = forms.LoginForm() + form.data["localname"] = "mouse@mouse.com" + form.data["password"] = "password" + request = self.factory.post("", form.data) + request.user = self.anonymous_user + + with patch("bookwyrm.views.login.login"): + result = view(request) + self.assertEqual(result.url, "/") + self.assertEqual(result.status_code, 302) + + def test_login_post_username(self, *_): + """there are so many views, this just makes sure it LOADS""" + view = views.Login.as_view() + form = forms.LoginForm() + form.data["localname"] = "mouse@your.domain.here" + form.data["password"] = "password" + request = self.factory.post("", form.data) + request.user = self.anonymous_user + + with patch("bookwyrm.views.login.login"): + result = view(request) + self.assertEqual(result.url, "/") + self.assertEqual(result.status_code, 302) + + def test_login_post_email(self, *_): + """there are so many views, this just makes sure it LOADS""" + view = views.Login.as_view() + form = forms.LoginForm() + form.data["localname"] = "mouse" + form.data["password"] = "password" + request = self.factory.post("", form.data) + request.user = self.anonymous_user + + with patch("bookwyrm.views.login.login"): + result = view(request) + self.assertEqual(result.url, "/") + self.assertEqual(result.status_code, 302) + + def test_login_post_invalid_credentials(self, *_): + """there are so many views, this just makes sure it LOADS""" + view = views.Login.as_view() + form = forms.LoginForm() + form.data["localname"] = "mouse" + form.data["password"] = "passsword1" + request = self.factory.post("", form.data) + request.user = self.anonymous_user + + with patch("bookwyrm.views.login.login"): + result = view(request) + result.render() + self.assertEqual(result.status_code, 200) + self.assertEqual( + result.context_data["login_form"].non_field_errors, + "Username or password are incorrect", + ) diff --git a/bookwyrm/tests/views/test_authentication.py b/bookwyrm/tests/views/test_register.py similarity index 76% rename from bookwyrm/tests/views/test_authentication.py rename to bookwyrm/tests/views/test_register.py index 74f3c0902..45e748807 100644 --- a/bookwyrm/tests/views/test_authentication.py +++ b/bookwyrm/tests/views/test_register.py @@ -8,14 +8,14 @@ from django.template.response import TemplateResponse from django.test import TestCase from django.test.client import RequestFactory -from bookwyrm import forms, models, views +from bookwyrm import models, views from bookwyrm.settings import DOMAIN # pylint: disable=too-many-public-methods @patch("bookwyrm.suggested_users.rerank_suggestions_task.delay") @patch("bookwyrm.activitystreams.populate_stream_task.delay") -class AuthenticationViews(TestCase): +class RegisterViews(TestCase): """login and password management""" def setUp(self): @@ -38,82 +38,6 @@ class AuthenticationViews(TestCase): id=1, require_confirm_email=False ) - def test_login_get(self, *_): - """there are so many views, this just makes sure it LOADS""" - login = views.Login.as_view() - request = self.factory.get("") - request.user = self.anonymous_user - - result = login(request) - self.assertIsInstance(result, TemplateResponse) - result.render() - self.assertEqual(result.status_code, 200) - - request.user = self.local_user - result = login(request) - self.assertEqual(result.url, "/") - self.assertEqual(result.status_code, 302) - - def test_login_post_localname(self, *_): - """there are so many views, this just makes sure it LOADS""" - view = views.Login.as_view() - form = forms.LoginForm() - form.data["localname"] = "mouse@mouse.com" - form.data["password"] = "password" - request = self.factory.post("", form.data) - request.user = self.anonymous_user - - with patch("bookwyrm.views.login.login"): - result = view(request) - self.assertEqual(result.url, "/") - self.assertEqual(result.status_code, 302) - - def test_login_post_username(self, *_): - """there are so many views, this just makes sure it LOADS""" - view = views.Login.as_view() - form = forms.LoginForm() - form.data["localname"] = "mouse@your.domain.here" - form.data["password"] = "password" - request = self.factory.post("", form.data) - request.user = self.anonymous_user - - with patch("bookwyrm.views.login.login"): - result = view(request) - self.assertEqual(result.url, "/") - self.assertEqual(result.status_code, 302) - - def test_login_post_email(self, *_): - """there are so many views, this just makes sure it LOADS""" - view = views.Login.as_view() - form = forms.LoginForm() - form.data["localname"] = "mouse" - form.data["password"] = "password" - request = self.factory.post("", form.data) - request.user = self.anonymous_user - - with patch("bookwyrm.views.login.login"): - result = view(request) - self.assertEqual(result.url, "/") - self.assertEqual(result.status_code, 302) - - def test_login_post_invalid_credentials(self, *_): - """there are so many views, this just makes sure it LOADS""" - view = views.Login.as_view() - form = forms.LoginForm() - form.data["localname"] = "mouse" - form.data["password"] = "passsword1" - request = self.factory.post("", form.data) - request.user = self.anonymous_user - - with patch("bookwyrm.views.login.login"): - result = view(request) - result.render() - self.assertEqual(result.status_code, 200) - self.assertEqual( - result.context_data["login_form"].non_field_errors, - "Username or password are incorrect", - ) - def test_register(self, *_): """create a user""" view = views.Register.as_view() @@ -126,7 +50,7 @@ class AuthenticationViews(TestCase): "email": "aa@bb.cccc", }, ) - with patch("bookwyrm.views.login.login"): + with patch("bookwyrm.views.register.login"): response = view(request) self.assertEqual(models.User.objects.count(), 2) self.assertEqual(response.status_code, 302) @@ -151,7 +75,7 @@ class AuthenticationViews(TestCase): "email": "aa@bb.cccc", }, ) - with patch("bookwyrm.views.login.login"): + with patch("bookwyrm.views.register.login"): response = view(request) self.assertEqual(response.status_code, 302) nutria = models.User.objects.get(localname="nutria") @@ -169,7 +93,7 @@ class AuthenticationViews(TestCase): "register/", {"localname": "nutria ", "password": "mouseword", "email": "aa@bb.ccc"}, ) - with patch("bookwyrm.views.login.login"): + with patch("bookwyrm.views.register.login"): response = view(request) self.assertEqual(models.User.objects.count(), 2) self.assertEqual(response.status_code, 302) @@ -248,7 +172,7 @@ class AuthenticationViews(TestCase): "invite_code": "testcode", }, ) - with patch("bookwyrm.views.login.login"): + with patch("bookwyrm.views.register.login"): response = view(request) self.assertEqual(models.User.objects.count(), 2) self.assertEqual(response.status_code, 302) diff --git a/bookwyrm/views/login.py b/bookwyrm/views/login.py index 1ca65f2ff..97d541690 100644 --- a/bookwyrm/views/login.py +++ b/bookwyrm/views/login.py @@ -32,7 +32,7 @@ class Login(View): return TemplateResponse(request, "login.html", data) @sensitive_variables("password") - @sensitive_post_parameters("password") + @method_decorator(sensitive_post_parameters("password")) def post(self, request): """authentication action""" if request.user.is_authenticated: diff --git a/bookwyrm/views/register.py b/bookwyrm/views/register.py index 1ffa16ec6..1ecb97b16 100644 --- a/bookwyrm/views/register.py +++ b/bookwyrm/views/register.py @@ -3,6 +3,7 @@ from django.contrib.auth import login from django.core.exceptions import PermissionDenied from django.shortcuts import get_object_or_404, redirect from django.template.response import TemplateResponse +from django.utils.decorators import method_decorator from django.views import View from django.views.decorators.http import require_POST from django.views.decorators.debug import sensitive_variables, sensitive_post_parameters @@ -16,7 +17,7 @@ class Register(View): """register a user""" @sensitive_variables("password") - @sensitive_post_parameters("password") + @method_decorator(sensitive_post_parameters("password")) def post(self, request): """join the server""" settings = models.SiteSettings.get()