Fix tests

This commit is contained in:
Ludovic Stephan 2021-02-20 17:04:45 +01:00
parent 1450b65dcd
commit 47f406e09e
3 changed files with 44 additions and 40 deletions

View file

@ -284,7 +284,11 @@ class TemporaryAuthTests(TestCase):
self.perm = Permission.objects.get(
content_type__app_label="kfet", codename="is_team"
)
self.user2.user_permissions.add(self.perm)
self.perm2 = Permission.objects.get(
content_type__app_label="kfet", codename="can_force_close"
)
self.user1.user_permissions.add(self.perm)
self.user2.user_permissions.add(self.perm, self.perm2)
def test_context_processor(self):
"""
@ -295,7 +299,7 @@ class TemporaryAuthTests(TestCase):
r = self.client.post("/k-fet/accounts/000/edit", HTTP_KFETPASSWORD="kfet_user2")
self.assertEqual(r.context["user"], self.user1)
self.assertNotIn("kfet.is_team", r.context["perms"])
self.assertNotIn("kfet.can_force_close", r.context["perms"])
def test_auth_not_persistent(self):
"""

View file

@ -112,7 +112,7 @@ class AccountPwdForm(forms.Form):
def save(self, commit=True):
password = self.cleaned_data["pwd1"]
self.account.set_password(password)
self.account.change_pwd(password)
if commit:
self.account.save()

View file

@ -11,6 +11,7 @@ from django.utils import timezone
from .. import KFET_DELETED_TRIGRAMME
from ..auth import KFET_GENERIC_TRIGRAMME
from ..auth.models import KFetGroup
from ..auth.utils import hash_password
from ..config import kfet_config
from ..models import (
Account,
@ -296,8 +297,8 @@ class AccountReadViewTests(ViewTestCaseMixin, TestCase):
class AccountUpdateViewTests(ViewTestCaseMixin, TestCase):
url_name = "kfet.account.update"
url_kwargs = {"trigramme": "001"}
url_expected = "/k-fet/accounts/001/edit"
url_kwargs = {"trigramme": "100"}
url_expected = "/k-fet/accounts/100/edit"
http_methods = ["GET", "POST"]
@ -317,26 +318,16 @@ class AccountUpdateViewTests(ViewTestCaseMixin, TestCase):
"promo": "",
# 'is_frozen': not checked
# Account password
"pwd1": "",
"pwd2": "",
"pwd1": "changed_pwd",
"pwd2": "changed_pwd",
}
def get_users_extra(self):
return {
"user1": create_user("user1", "001"),
"team1": create_team("team1", "101", perms=["kfet.change_account"]),
"team2": create_team("team2", "102"),
}
# Users with forbidden access users should get a 404 here, to avoid leaking trigrams
# See issue #224
def test_forbidden(self):
for method in ["get", "post"]:
for user in self.auth_forbidden:
self.assertRedirectsToLoginOr404(user, method, self.url_expected)
self.assertRedirectsToLoginOr404(
user, method, "/k-fet/accounts/NEX/edit"
)
def assertRedirectsToLoginOr404(self, user, method, url):
client = Client()
meth = getattr(client, method)
@ -356,46 +347,55 @@ class AccountUpdateViewTests(ViewTestCaseMixin, TestCase):
r = self.client.get(self.url)
self.assertEqual(r.status_code, 200)
def test_get_ok_self(self):
client = Client()
client.login(username="user1", password="user1")
r = client.get(self.url)
self.assertEqual(r.status_code, 200)
def test_post_ok(self):
client = Client()
client.login(username="team1", password="team1")
r = client.post(self.url, self.post_data)
r = client.post(self.url, self.post_data, follow=True)
self.assertRedirects(r, reverse("kfet.account.read", args=["051"]))
self.accounts["user1"].refresh_from_db()
self.users["user1"].refresh_from_db()
# Comportement attendu : compte modifié,
# utilisateur/mdp inchangé, warning pour le mdp
self.accounts["team"].refresh_from_db()
self.users["team"].refresh_from_db()
self.assertInstanceExpected(
self.accounts["user1"],
{"first_name": "first", "last_name": "last", "trigramme": "051"},
self.accounts["team"],
{"first_name": "team", "last_name": "member", "trigramme": "051"},
)
self.assertEqual(self.accounts["team"].password, hash_password("kfetpwd_team"))
self.assertTrue(
any("mot de passe" in str(msg).casefold() for msg in r.context["messages"])
)
def test_post_ok_self(self):
client = Client()
client.login(username="user1", password="user1")
r = self.client.post(self.url, self.post_data, follow=True)
self.assertRedirects(r, reverse("kfet.account.read", args=["051"]))
post_data = {"first_name": "The first", "last_name": "The last"}
self.accounts["team"].refresh_from_db()
self.users["team"].refresh_from_db()
r = client.post(self.url, post_data)
self.assertRedirects(r, reverse("kfet.account.read", args=["001"]))
self.accounts["user1"].refresh_from_db()
self.users["user1"].refresh_from_db()
# Comportement attendu : compte/mdp modifié, utilisateur inchangé
self.assertInstanceExpected(
self.accounts["user1"], {"first_name": "first", "last_name": "last"}
self.accounts["team"],
{"first_name": "team", "last_name": "member", "trigramme": "051"},
)
self.assertEqual(self.accounts["team"].password, hash_password("changed_pwd"))
def test_post_forbidden(self):
r = self.client.post(self.url, self.post_data)
self.assertForbiddenKfet(r)
client = Client()
client.login(username="team2", password="team2")
r = client.post(self.url, self.post_data)
self.assertTrue(
any(
"permission refusée" in str(msg).casefold()
for msg in r.context["messages"]
)
)
class AccountDeleteViewTests(ViewTestCaseMixin, TestCase):