2021-03-08 16:49:10 +00:00
|
|
|
""" test for app action functionality """
|
2021-01-12 17:09:05 +00:00
|
|
|
from unittest.mock import patch
|
|
|
|
|
|
|
|
|
|
from django.contrib.auth.models import AnonymousUser
|
|
|
|
|
from django.core.exceptions import PermissionDenied
|
|
|
|
|
from django.http.response import Http404
|
|
|
|
|
from django.template.response import TemplateResponse
|
|
|
|
|
from django.test import TestCase
|
2021-01-12 17:53:04 +00:00
|
|
|
from django.test.client import RequestFactory
|
2021-01-12 17:09:05 +00:00
|
|
|
|
2021-08-06 18:23:38 +00:00
|
|
|
from bookwyrm import forms, models, views
|
2021-01-12 17:09:05 +00:00
|
|
|
from bookwyrm.settings import DOMAIN
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# pylint: disable=too-many-public-methods
|
2021-08-03 17:25:53 +00:00
|
|
|
@patch("bookwyrm.suggested_users.rerank_suggestions_task.delay")
|
2021-01-12 17:09:05 +00:00
|
|
|
class AuthenticationViews(TestCase):
|
2021-04-26 16:15:42 +00:00
|
|
|
"""login and password management"""
|
2021-03-08 16:49:10 +00:00
|
|
|
|
2021-01-12 17:53:04 +00:00
|
|
|
def setUp(self):
|
2021-04-26 16:15:42 +00:00
|
|
|
"""we need basic test data and mocks"""
|
2021-01-12 17:53:04 +00:00
|
|
|
self.factory = RequestFactory()
|
2021-08-03 17:25:53 +00:00
|
|
|
with patch("bookwyrm.suggested_users.rerank_suggestions_task.delay"):
|
|
|
|
|
self.local_user = models.User.objects.create_user(
|
2021-08-06 18:23:38 +00:00
|
|
|
"mouse@your.domain.here",
|
2021-08-03 17:25:53 +00:00
|
|
|
"mouse@mouse.com",
|
|
|
|
|
"password",
|
|
|
|
|
local=True,
|
|
|
|
|
localname="mouse",
|
|
|
|
|
)
|
2021-01-12 17:53:04 +00:00
|
|
|
self.anonymous_user = AnonymousUser
|
|
|
|
|
self.anonymous_user.is_authenticated = False
|
2021-08-02 23:05:40 +00:00
|
|
|
|
2021-08-07 01:13:51 +00:00
|
|
|
self.settings = models.SiteSettings.objects.create(
|
2021-08-07 01:48:16 +00:00
|
|
|
id=1, require_confirm_email=False
|
2021-08-07 01:13:51 +00:00
|
|
|
)
|
2021-01-12 17:53:04 +00:00
|
|
|
|
2021-08-03 17:25:53 +00:00
|
|
|
def test_login_get(self, _):
|
2021-04-26 16:15:42 +00:00
|
|
|
"""there are so many views, this just makes sure it LOADS"""
|
2021-01-12 17:53:04 +00:00
|
|
|
login = views.Login.as_view()
|
2021-03-08 16:49:10 +00:00
|
|
|
request = self.factory.get("")
|
2021-01-12 17:53:04 +00:00
|
|
|
request.user = self.anonymous_user
|
|
|
|
|
|
|
|
|
|
result = login(request)
|
2021-01-12 17:09:05 +00:00
|
|
|
self.assertIsInstance(result, TemplateResponse)
|
2021-01-30 20:16:57 +00:00
|
|
|
result.render()
|
2021-01-12 17:09:05 +00:00
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
|
|
|
|
|
request.user = self.local_user
|
2021-01-12 17:53:04 +00:00
|
|
|
result = login(request)
|
2021-03-08 16:49:10 +00:00
|
|
|
self.assertEqual(result.url, "/")
|
2021-01-12 17:09:05 +00:00
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
|
|
2021-08-06 18:23:38 +00:00
|
|
|
def test_login_post_localname(self, _):
|
|
|
|
|
"""there are so many views, this just makes sure it LOADS"""
|
|
|
|
|
view = views.Login.as_view()
|
|
|
|
|
form = forms.LoginForm()
|
|
|
|
|
form.data["localname"] = "mouse@mouse.com"
|
|
|
|
|
form.data["password"] = "password"
|
|
|
|
|
request = self.factory.post("", form.data)
|
|
|
|
|
request.user = self.anonymous_user
|
|
|
|
|
|
|
|
|
|
with patch("bookwyrm.views.authentication.login"):
|
|
|
|
|
result = view(request)
|
|
|
|
|
self.assertEqual(result.url, "/")
|
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
|
|
|
|
|
|
def test_login_post_username(self, _):
|
|
|
|
|
"""there are so many views, this just makes sure it LOADS"""
|
|
|
|
|
view = views.Login.as_view()
|
|
|
|
|
form = forms.LoginForm()
|
|
|
|
|
form.data["localname"] = "mouse@your.domain.here"
|
|
|
|
|
form.data["password"] = "password"
|
|
|
|
|
request = self.factory.post("", form.data)
|
|
|
|
|
request.user = self.anonymous_user
|
|
|
|
|
|
|
|
|
|
with patch("bookwyrm.views.authentication.login"):
|
|
|
|
|
result = view(request)
|
|
|
|
|
self.assertEqual(result.url, "/")
|
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
|
|
|
|
|
|
def test_login_post_email(self, _):
|
|
|
|
|
"""there are so many views, this just makes sure it LOADS"""
|
|
|
|
|
view = views.Login.as_view()
|
|
|
|
|
form = forms.LoginForm()
|
|
|
|
|
form.data["localname"] = "mouse"
|
|
|
|
|
form.data["password"] = "password"
|
|
|
|
|
request = self.factory.post("", form.data)
|
|
|
|
|
request.user = self.anonymous_user
|
|
|
|
|
|
|
|
|
|
with patch("bookwyrm.views.authentication.login"):
|
|
|
|
|
result = view(request)
|
|
|
|
|
self.assertEqual(result.url, "/")
|
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
|
|
|
|
|
|
def test_login_post_invalid_credentials(self, _):
|
|
|
|
|
"""there are so many views, this just makes sure it LOADS"""
|
|
|
|
|
view = views.Login.as_view()
|
|
|
|
|
form = forms.LoginForm()
|
|
|
|
|
form.data["localname"] = "mouse"
|
|
|
|
|
form.data["password"] = "passsword1"
|
|
|
|
|
request = self.factory.post("", form.data)
|
|
|
|
|
request.user = self.anonymous_user
|
|
|
|
|
|
|
|
|
|
with patch("bookwyrm.views.authentication.login"):
|
|
|
|
|
result = view(request)
|
|
|
|
|
result.render()
|
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
self.assertEqual(
|
|
|
|
|
result.context_data["login_form"].non_field_errors,
|
|
|
|
|
"Username or password are incorrect",
|
|
|
|
|
)
|
|
|
|
|
|
2021-08-03 17:25:53 +00:00
|
|
|
def test_register(self, _):
|
2021-04-26 16:15:42 +00:00
|
|
|
"""create a user"""
|
2021-01-12 17:53:04 +00:00
|
|
|
view = views.Register.as_view()
|
|
|
|
|
self.assertEqual(models.User.objects.count(), 1)
|
2021-01-12 17:09:05 +00:00
|
|
|
request = self.factory.post(
|
2021-03-08 16:49:10 +00:00
|
|
|
"register/",
|
2021-01-12 17:09:05 +00:00
|
|
|
{
|
2021-03-08 16:49:10 +00:00
|
|
|
"localname": "nutria-user.user_nutria",
|
|
|
|
|
"password": "mouseword",
|
|
|
|
|
"email": "aa@bb.cccc",
|
|
|
|
|
},
|
|
|
|
|
)
|
2021-08-02 23:05:40 +00:00
|
|
|
with patch("bookwyrm.views.authentication.login"):
|
|
|
|
|
response = view(request)
|
2021-01-12 17:53:04 +00:00
|
|
|
self.assertEqual(models.User.objects.count(), 2)
|
2021-01-12 17:09:05 +00:00
|
|
|
self.assertEqual(response.status_code, 302)
|
|
|
|
|
nutria = models.User.objects.last()
|
2021-03-08 16:49:10 +00:00
|
|
|
self.assertEqual(nutria.username, "nutria-user.user_nutria@%s" % DOMAIN)
|
|
|
|
|
self.assertEqual(nutria.localname, "nutria-user.user_nutria")
|
2021-01-12 17:09:05 +00:00
|
|
|
self.assertEqual(nutria.local, True)
|
|
|
|
|
|
2021-08-07 15:01:14 +00:00
|
|
|
@patch("bookwyrm.emailing.send_email.delay")
|
|
|
|
|
def test_register_email_confirm(self, *_):
|
2021-08-07 14:28:24 +00:00
|
|
|
"""create a user"""
|
|
|
|
|
self.settings.require_confirm_email = True
|
|
|
|
|
self.settings.save()
|
|
|
|
|
|
|
|
|
|
view = views.Register.as_view()
|
|
|
|
|
self.assertEqual(models.User.objects.count(), 1)
|
|
|
|
|
request = self.factory.post(
|
|
|
|
|
"register/",
|
|
|
|
|
{
|
|
|
|
|
"localname": "nutria",
|
|
|
|
|
"password": "mouseword",
|
|
|
|
|
"email": "aa@bb.cccc",
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
with patch("bookwyrm.views.authentication.login"):
|
|
|
|
|
response = view(request)
|
|
|
|
|
self.assertEqual(response.status_code, 302)
|
|
|
|
|
nutria = models.User.objects.get(localname="nutria")
|
|
|
|
|
self.assertEqual(nutria.username, "nutria@%s" % DOMAIN)
|
|
|
|
|
self.assertEqual(nutria.local, True)
|
|
|
|
|
|
|
|
|
|
self.assertFalse(nutria.is_active)
|
|
|
|
|
self.assertEqual(nutria.deactivation_reason, "pending")
|
|
|
|
|
self.assertIsNotNone(nutria.confirmation_code)
|
|
|
|
|
|
2021-08-03 17:25:53 +00:00
|
|
|
def test_register_trailing_space(self, _):
|
2021-04-26 16:15:42 +00:00
|
|
|
"""django handles this so weirdly"""
|
2021-01-12 17:53:04 +00:00
|
|
|
view = views.Register.as_view()
|
2021-01-12 17:09:05 +00:00
|
|
|
request = self.factory.post(
|
2021-03-08 16:49:10 +00:00
|
|
|
"register/",
|
|
|
|
|
{"localname": "nutria ", "password": "mouseword", "email": "aa@bb.ccc"},
|
|
|
|
|
)
|
2021-08-02 23:05:40 +00:00
|
|
|
with patch("bookwyrm.views.authentication.login"):
|
|
|
|
|
response = view(request)
|
2021-01-12 17:53:04 +00:00
|
|
|
self.assertEqual(models.User.objects.count(), 2)
|
2021-01-12 17:09:05 +00:00
|
|
|
self.assertEqual(response.status_code, 302)
|
|
|
|
|
nutria = models.User.objects.last()
|
2021-03-08 16:49:10 +00:00
|
|
|
self.assertEqual(nutria.username, "nutria@%s" % DOMAIN)
|
|
|
|
|
self.assertEqual(nutria.localname, "nutria")
|
2021-01-12 17:09:05 +00:00
|
|
|
self.assertEqual(nutria.local, True)
|
|
|
|
|
|
2021-08-03 17:25:53 +00:00
|
|
|
def test_register_invalid_email(self, _):
|
2021-04-26 16:15:42 +00:00
|
|
|
"""gotta have an email"""
|
2021-01-12 17:53:04 +00:00
|
|
|
view = views.Register.as_view()
|
|
|
|
|
self.assertEqual(models.User.objects.count(), 1)
|
2021-01-12 17:09:05 +00:00
|
|
|
request = self.factory.post(
|
2021-03-08 16:49:10 +00:00
|
|
|
"register/", {"localname": "nutria", "password": "mouseword", "email": "aa"}
|
|
|
|
|
)
|
2021-01-12 17:53:04 +00:00
|
|
|
response = view(request)
|
|
|
|
|
self.assertEqual(models.User.objects.count(), 1)
|
2021-01-30 20:16:57 +00:00
|
|
|
response.render()
|
2021-01-12 17:09:05 +00:00
|
|
|
|
2021-08-03 17:25:53 +00:00
|
|
|
def test_register_invalid_username(self, _):
|
2021-04-26 16:15:42 +00:00
|
|
|
"""gotta have an email"""
|
2021-01-12 17:53:04 +00:00
|
|
|
view = views.Register.as_view()
|
|
|
|
|
self.assertEqual(models.User.objects.count(), 1)
|
2021-01-12 17:09:05 +00:00
|
|
|
request = self.factory.post(
|
2021-03-08 16:49:10 +00:00
|
|
|
"register/",
|
|
|
|
|
{"localname": "nut@ria", "password": "mouseword", "email": "aa@bb.ccc"},
|
|
|
|
|
)
|
2021-01-12 17:53:04 +00:00
|
|
|
response = view(request)
|
|
|
|
|
self.assertEqual(models.User.objects.count(), 1)
|
2021-01-30 20:16:57 +00:00
|
|
|
response.render()
|
2021-01-12 17:09:05 +00:00
|
|
|
|
|
|
|
|
request = self.factory.post(
|
2021-03-08 16:49:10 +00:00
|
|
|
"register/",
|
|
|
|
|
{"localname": "nutr ia", "password": "mouseword", "email": "aa@bb.ccc"},
|
|
|
|
|
)
|
2021-01-12 17:53:04 +00:00
|
|
|
response = view(request)
|
|
|
|
|
self.assertEqual(models.User.objects.count(), 1)
|
2021-01-30 20:16:57 +00:00
|
|
|
response.render()
|
2021-01-12 17:09:05 +00:00
|
|
|
|
|
|
|
|
request = self.factory.post(
|
2021-03-08 16:49:10 +00:00
|
|
|
"register/",
|
|
|
|
|
{"localname": "nut@ria", "password": "mouseword", "email": "aa@bb.ccc"},
|
|
|
|
|
)
|
2021-01-12 17:53:04 +00:00
|
|
|
response = view(request)
|
|
|
|
|
self.assertEqual(models.User.objects.count(), 1)
|
2021-01-30 20:16:57 +00:00
|
|
|
response.render()
|
2021-01-12 17:09:05 +00:00
|
|
|
|
2021-08-03 17:25:53 +00:00
|
|
|
def test_register_closed_instance(self, _):
|
2021-04-26 16:15:42 +00:00
|
|
|
"""you can't just register"""
|
2021-01-12 17:53:04 +00:00
|
|
|
view = views.Register.as_view()
|
2021-01-12 17:09:05 +00:00
|
|
|
self.settings.allow_registration = False
|
|
|
|
|
self.settings.save()
|
|
|
|
|
request = self.factory.post(
|
2021-03-08 16:49:10 +00:00
|
|
|
"register/",
|
|
|
|
|
{"localname": "nutria ", "password": "mouseword", "email": "aa@bb.ccc"},
|
|
|
|
|
)
|
2021-01-12 17:09:05 +00:00
|
|
|
with self.assertRaises(PermissionDenied):
|
2021-01-12 17:53:04 +00:00
|
|
|
view(request)
|
2021-01-12 17:09:05 +00:00
|
|
|
|
2021-08-03 17:25:53 +00:00
|
|
|
def test_register_invite(self, _):
|
2021-04-26 16:15:42 +00:00
|
|
|
"""you can't just register"""
|
2021-01-12 17:53:04 +00:00
|
|
|
view = views.Register.as_view()
|
2021-01-12 17:09:05 +00:00
|
|
|
self.settings.allow_registration = False
|
|
|
|
|
self.settings.save()
|
|
|
|
|
models.SiteInvite.objects.create(
|
2021-03-08 16:49:10 +00:00
|
|
|
code="testcode", user=self.local_user, use_limit=1
|
|
|
|
|
)
|
2021-01-12 17:09:05 +00:00
|
|
|
self.assertEqual(models.SiteInvite.objects.get().times_used, 0)
|
|
|
|
|
|
|
|
|
|
request = self.factory.post(
|
2021-03-08 16:49:10 +00:00
|
|
|
"register/",
|
2021-01-12 17:09:05 +00:00
|
|
|
{
|
2021-03-08 16:49:10 +00:00
|
|
|
"localname": "nutria",
|
|
|
|
|
"password": "mouseword",
|
|
|
|
|
"email": "aa@bb.ccc",
|
|
|
|
|
"invite_code": "testcode",
|
|
|
|
|
},
|
|
|
|
|
)
|
2021-08-02 23:05:40 +00:00
|
|
|
with patch("bookwyrm.views.authentication.login"):
|
|
|
|
|
response = view(request)
|
2021-01-12 17:53:04 +00:00
|
|
|
self.assertEqual(models.User.objects.count(), 2)
|
2021-01-12 17:09:05 +00:00
|
|
|
self.assertEqual(response.status_code, 302)
|
|
|
|
|
self.assertEqual(models.SiteInvite.objects.get().times_used, 1)
|
|
|
|
|
|
|
|
|
|
# invite already used to max capacity
|
|
|
|
|
request = self.factory.post(
|
2021-03-08 16:49:10 +00:00
|
|
|
"register/",
|
2021-01-12 17:09:05 +00:00
|
|
|
{
|
2021-03-08 16:49:10 +00:00
|
|
|
"localname": "nutria2",
|
|
|
|
|
"password": "mouseword",
|
|
|
|
|
"email": "aa@bb.ccc",
|
|
|
|
|
"invite_code": "testcode",
|
|
|
|
|
},
|
|
|
|
|
)
|
2021-01-12 17:09:05 +00:00
|
|
|
with self.assertRaises(PermissionDenied):
|
2021-01-12 17:53:04 +00:00
|
|
|
response = view(request)
|
|
|
|
|
self.assertEqual(models.User.objects.count(), 2)
|
2021-01-12 17:09:05 +00:00
|
|
|
|
|
|
|
|
# bad invite code
|
|
|
|
|
request = self.factory.post(
|
2021-03-08 16:49:10 +00:00
|
|
|
"register/",
|
2021-01-12 17:09:05 +00:00
|
|
|
{
|
2021-03-08 16:49:10 +00:00
|
|
|
"localname": "nutria3",
|
|
|
|
|
"password": "mouseword",
|
|
|
|
|
"email": "aa@bb.ccc",
|
|
|
|
|
"invite_code": "dkfkdjgdfkjgkdfj",
|
|
|
|
|
},
|
|
|
|
|
)
|
2021-01-12 17:09:05 +00:00
|
|
|
with self.assertRaises(Http404):
|
2021-01-12 17:53:04 +00:00
|
|
|
response = view(request)
|
|
|
|
|
self.assertEqual(models.User.objects.count(), 2)
|
2021-08-07 14:28:24 +00:00
|
|
|
|
|
|
|
|
def test_confirm_email_code_get(self, _):
|
|
|
|
|
"""there are so many views, this just makes sure it LOADS"""
|
|
|
|
|
self.settings.require_confirm_email = True
|
|
|
|
|
self.settings.save()
|
|
|
|
|
|
|
|
|
|
self.local_user.is_active = False
|
|
|
|
|
self.local_user.deactivation_reason = "pending"
|
|
|
|
|
self.local_user.confirmation_code = "12345"
|
|
|
|
|
self.local_user.save(
|
|
|
|
|
broadcast=False,
|
|
|
|
|
update_fields=["is_active", "deactivation_reason", "confirmation_code"],
|
|
|
|
|
)
|
|
|
|
|
view = views.ConfirmEmailCode.as_view()
|
|
|
|
|
request = self.factory.get("")
|
|
|
|
|
request.user = self.anonymous_user
|
|
|
|
|
|
|
|
|
|
result = view(request, "12345")
|
|
|
|
|
self.assertEqual(result.url, "/login/confirmed")
|
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
|
|
|
|
|
|
self.local_user.refresh_from_db()
|
|
|
|
|
self.assertTrue(self.local_user.is_active)
|
|
|
|
|
self.assertIsNone(self.local_user.deactivation_reason)
|
|
|
|
|
|
|
|
|
|
request.user = self.local_user
|
|
|
|
|
result = view(request, "12345")
|
|
|
|
|
self.assertEqual(result.url, "/")
|
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
|
|
|
|
|
|
def test_confirm_email_code_get_invalid_code(self, _):
|
|
|
|
|
"""there are so many views, this just makes sure it LOADS"""
|
|
|
|
|
self.settings.require_confirm_email = True
|
|
|
|
|
self.settings.save()
|
|
|
|
|
|
|
|
|
|
self.local_user.is_active = False
|
|
|
|
|
self.local_user.deactivation_reason = "pending"
|
|
|
|
|
self.local_user.confirmation_code = "12345"
|
|
|
|
|
self.local_user.save(
|
|
|
|
|
broadcast=False,
|
|
|
|
|
update_fields=["is_active", "deactivation_reason", "confirmation_code"],
|
|
|
|
|
)
|
|
|
|
|
view = views.ConfirmEmailCode.as_view()
|
|
|
|
|
request = self.factory.get("")
|
|
|
|
|
request.user = self.anonymous_user
|
|
|
|
|
|
|
|
|
|
result = view(request, "abcde")
|
|
|
|
|
self.assertIsInstance(result, TemplateResponse)
|
|
|
|
|
result.render()
|
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
self.assertFalse(self.local_user.is_active)
|
|
|
|
|
self.assertEqual(self.local_user.deactivation_reason, "pending")
|
|
|
|
|
|
|
|
|
|
def test_confirm_email_get(self, _):
|
|
|
|
|
"""there are so many views, this just makes sure it LOADS"""
|
|
|
|
|
self.settings.require_confirm_email = True
|
|
|
|
|
self.settings.save()
|
|
|
|
|
|
|
|
|
|
login = views.ConfirmEmail.as_view()
|
|
|
|
|
request = self.factory.get("")
|
|
|
|
|
request.user = self.anonymous_user
|
|
|
|
|
|
|
|
|
|
result = login(request)
|
|
|
|
|
self.assertIsInstance(result, TemplateResponse)
|
|
|
|
|
result.render()
|
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
|
|
|
|
|
request.user = self.local_user
|
|
|
|
|
result = login(request)
|
|
|
|
|
self.assertEqual(result.url, "/")
|
|
|
|
|
self.assertEqual(result.status_code, 302)
|
