moviewyrm/bookwyrm/tests/views/test_authentication.py
2021-08-07 08:01:14 -07:00

351 lines
13 KiB
Python

""" test for app action functionality """
from unittest.mock import patch
from django.contrib.auth.models import AnonymousUser
from django.core.exceptions import PermissionDenied
from django.http.response import Http404
from django.template.response import TemplateResponse
from django.test import TestCase
from django.test.client import RequestFactory
from bookwyrm import forms, models, views
from bookwyrm.settings import DOMAIN
# pylint: disable=too-many-public-methods
@patch("bookwyrm.suggested_users.rerank_suggestions_task.delay")
class AuthenticationViews(TestCase):
"""login and password management"""
def setUp(self):
"""we need basic test data and mocks"""
self.factory = RequestFactory()
with patch("bookwyrm.suggested_users.rerank_suggestions_task.delay"):
self.local_user = models.User.objects.create_user(
"mouse@your.domain.here",
"mouse@mouse.com",
"password",
local=True,
localname="mouse",
)
self.anonymous_user = AnonymousUser
self.anonymous_user.is_authenticated = False
self.settings = models.SiteSettings.objects.create(
id=1, require_confirm_email=False
)
def test_login_get(self, _):
"""there are so many views, this just makes sure it LOADS"""
login = views.Login.as_view()
request = self.factory.get("")
request.user = self.anonymous_user
result = login(request)
self.assertIsInstance(result, TemplateResponse)
result.render()
self.assertEqual(result.status_code, 200)
request.user = self.local_user
result = login(request)
self.assertEqual(result.url, "/")
self.assertEqual(result.status_code, 302)
def test_login_post_localname(self, _):
"""there are so many views, this just makes sure it LOADS"""
view = views.Login.as_view()
form = forms.LoginForm()
form.data["localname"] = "mouse@mouse.com"
form.data["password"] = "password"
request = self.factory.post("", form.data)
request.user = self.anonymous_user
with patch("bookwyrm.views.authentication.login"):
result = view(request)
self.assertEqual(result.url, "/")
self.assertEqual(result.status_code, 302)
def test_login_post_username(self, _):
"""there are so many views, this just makes sure it LOADS"""
view = views.Login.as_view()
form = forms.LoginForm()
form.data["localname"] = "mouse@your.domain.here"
form.data["password"] = "password"
request = self.factory.post("", form.data)
request.user = self.anonymous_user
with patch("bookwyrm.views.authentication.login"):
result = view(request)
self.assertEqual(result.url, "/")
self.assertEqual(result.status_code, 302)
def test_login_post_email(self, _):
"""there are so many views, this just makes sure it LOADS"""
view = views.Login.as_view()
form = forms.LoginForm()
form.data["localname"] = "mouse"
form.data["password"] = "password"
request = self.factory.post("", form.data)
request.user = self.anonymous_user
with patch("bookwyrm.views.authentication.login"):
result = view(request)
self.assertEqual(result.url, "/")
self.assertEqual(result.status_code, 302)
def test_login_post_invalid_credentials(self, _):
"""there are so many views, this just makes sure it LOADS"""
view = views.Login.as_view()
form = forms.LoginForm()
form.data["localname"] = "mouse"
form.data["password"] = "passsword1"
request = self.factory.post("", form.data)
request.user = self.anonymous_user
with patch("bookwyrm.views.authentication.login"):
result = view(request)
result.render()
self.assertEqual(result.status_code, 200)
self.assertEqual(
result.context_data["login_form"].non_field_errors,
"Username or password are incorrect",
)
def test_register(self, _):
"""create a user"""
view = views.Register.as_view()
self.assertEqual(models.User.objects.count(), 1)
request = self.factory.post(
"register/",
{
"localname": "nutria-user.user_nutria",
"password": "mouseword",
"email": "aa@bb.cccc",
},
)
with patch("bookwyrm.views.authentication.login"):
response = view(request)
self.assertEqual(models.User.objects.count(), 2)
self.assertEqual(response.status_code, 302)
nutria = models.User.objects.last()
self.assertEqual(nutria.username, "nutria-user.user_nutria@%s" % DOMAIN)
self.assertEqual(nutria.localname, "nutria-user.user_nutria")
self.assertEqual(nutria.local, True)
@patch("bookwyrm.emailing.send_email.delay")
def test_register_email_confirm(self, *_):
"""create a user"""
self.settings.require_confirm_email = True
self.settings.save()
view = views.Register.as_view()
self.assertEqual(models.User.objects.count(), 1)
request = self.factory.post(
"register/",
{
"localname": "nutria",
"password": "mouseword",
"email": "aa@bb.cccc",
},
)
with patch("bookwyrm.views.authentication.login"):
response = view(request)
self.assertEqual(response.status_code, 302)
nutria = models.User.objects.get(localname="nutria")
self.assertEqual(nutria.username, "nutria@%s" % DOMAIN)
self.assertEqual(nutria.local, True)
self.assertFalse(nutria.is_active)
self.assertEqual(nutria.deactivation_reason, "pending")
self.assertIsNotNone(nutria.confirmation_code)
def test_register_trailing_space(self, _):
"""django handles this so weirdly"""
view = views.Register.as_view()
request = self.factory.post(
"register/",
{"localname": "nutria ", "password": "mouseword", "email": "aa@bb.ccc"},
)
with patch("bookwyrm.views.authentication.login"):
response = view(request)
self.assertEqual(models.User.objects.count(), 2)
self.assertEqual(response.status_code, 302)
nutria = models.User.objects.last()
self.assertEqual(nutria.username, "nutria@%s" % DOMAIN)
self.assertEqual(nutria.localname, "nutria")
self.assertEqual(nutria.local, True)
def test_register_invalid_email(self, _):
"""gotta have an email"""
view = views.Register.as_view()
self.assertEqual(models.User.objects.count(), 1)
request = self.factory.post(
"register/", {"localname": "nutria", "password": "mouseword", "email": "aa"}
)
response = view(request)
self.assertEqual(models.User.objects.count(), 1)
response.render()
def test_register_invalid_username(self, _):
"""gotta have an email"""
view = views.Register.as_view()
self.assertEqual(models.User.objects.count(), 1)
request = self.factory.post(
"register/",
{"localname": "nut@ria", "password": "mouseword", "email": "aa@bb.ccc"},
)
response = view(request)
self.assertEqual(models.User.objects.count(), 1)
response.render()
request = self.factory.post(
"register/",
{"localname": "nutr ia", "password": "mouseword", "email": "aa@bb.ccc"},
)
response = view(request)
self.assertEqual(models.User.objects.count(), 1)
response.render()
request = self.factory.post(
"register/",
{"localname": "nut@ria", "password": "mouseword", "email": "aa@bb.ccc"},
)
response = view(request)
self.assertEqual(models.User.objects.count(), 1)
response.render()
def test_register_closed_instance(self, _):
"""you can't just register"""
view = views.Register.as_view()
self.settings.allow_registration = False
self.settings.save()
request = self.factory.post(
"register/",
{"localname": "nutria ", "password": "mouseword", "email": "aa@bb.ccc"},
)
with self.assertRaises(PermissionDenied):
view(request)
def test_register_invite(self, _):
"""you can't just register"""
view = views.Register.as_view()
self.settings.allow_registration = False
self.settings.save()
models.SiteInvite.objects.create(
code="testcode", user=self.local_user, use_limit=1
)
self.assertEqual(models.SiteInvite.objects.get().times_used, 0)
request = self.factory.post(
"register/",
{
"localname": "nutria",
"password": "mouseword",
"email": "aa@bb.ccc",
"invite_code": "testcode",
},
)
with patch("bookwyrm.views.authentication.login"):
response = view(request)
self.assertEqual(models.User.objects.count(), 2)
self.assertEqual(response.status_code, 302)
self.assertEqual(models.SiteInvite.objects.get().times_used, 1)
# invite already used to max capacity
request = self.factory.post(
"register/",
{
"localname": "nutria2",
"password": "mouseword",
"email": "aa@bb.ccc",
"invite_code": "testcode",
},
)
with self.assertRaises(PermissionDenied):
response = view(request)
self.assertEqual(models.User.objects.count(), 2)
# bad invite code
request = self.factory.post(
"register/",
{
"localname": "nutria3",
"password": "mouseword",
"email": "aa@bb.ccc",
"invite_code": "dkfkdjgdfkjgkdfj",
},
)
with self.assertRaises(Http404):
response = view(request)
self.assertEqual(models.User.objects.count(), 2)
def test_confirm_email_code_get(self, _):
"""there are so many views, this just makes sure it LOADS"""
self.settings.require_confirm_email = True
self.settings.save()
self.local_user.is_active = False
self.local_user.deactivation_reason = "pending"
self.local_user.confirmation_code = "12345"
self.local_user.save(
broadcast=False,
update_fields=["is_active", "deactivation_reason", "confirmation_code"],
)
view = views.ConfirmEmailCode.as_view()
request = self.factory.get("")
request.user = self.anonymous_user
result = view(request, "12345")
self.assertEqual(result.url, "/login/confirmed")
self.assertEqual(result.status_code, 302)
self.local_user.refresh_from_db()
self.assertTrue(self.local_user.is_active)
self.assertIsNone(self.local_user.deactivation_reason)
request.user = self.local_user
result = view(request, "12345")
self.assertEqual(result.url, "/")
self.assertEqual(result.status_code, 302)
def test_confirm_email_code_get_invalid_code(self, _):
"""there are so many views, this just makes sure it LOADS"""
self.settings.require_confirm_email = True
self.settings.save()
self.local_user.is_active = False
self.local_user.deactivation_reason = "pending"
self.local_user.confirmation_code = "12345"
self.local_user.save(
broadcast=False,
update_fields=["is_active", "deactivation_reason", "confirmation_code"],
)
view = views.ConfirmEmailCode.as_view()
request = self.factory.get("")
request.user = self.anonymous_user
result = view(request, "abcde")
self.assertIsInstance(result, TemplateResponse)
result.render()
self.assertEqual(result.status_code, 200)
self.assertFalse(self.local_user.is_active)
self.assertEqual(self.local_user.deactivation_reason, "pending")
def test_confirm_email_get(self, _):
"""there are so many views, this just makes sure it LOADS"""
self.settings.require_confirm_email = True
self.settings.save()
login = views.ConfirmEmail.as_view()
request = self.factory.get("")
request.user = self.anonymous_user
result = login(request)
self.assertIsInstance(result, TemplateResponse)
result.render()
self.assertEqual(result.status_code, 200)
request.user = self.local_user
result = login(request)
self.assertEqual(result.url, "/")
self.assertEqual(result.status_code, 302)