[WIP] Tests for kfet views

2017-08-10 15:02:08 +02:00 · 2017-08-10 15:02:08 +02:00 · c9aac8a49d
commit c9aac8a49d
parent 878c617cc7
3 changed files with 585 additions and 22 deletions
--- a/kfet/tests/testcases.py
+++ b/kfet/tests/testcases.py
@ -0,0 +1,142 @@
+from unittest import mock
+
+from django.core.urlresolvers import reverse
+from django.http import QueryDict
+from django.test import Client
+
+from .utils import create_root, create_team, create_user
+
+
+class ViewTestCaseMixin:
+    url_name = None
+    url_expected = None
+
+    auth_user = None
+    auth_forbidden = []
+
+    def setUp(self):
+        # Signals handlers on login/logout send messages.
+        # Due to the way the Django' test Client performs login, this raise an
+        # error. As workaround, we mock the Django' messages module.
+        patcher_messages = mock.patch('gestioncof.signals.messages')
+        patcher_messages.start()
+        self.addCleanup(patcher_messages.stop)
+
+        self.users = {}
+        self.accounts = {}
+
+        for label, user in {**self.users_base, **self.users_extra}.items():
+            self.register_user(label, user)
+
+        if self.auth_user:
+            # The wrapper is a sanity check.
+            self.assertTrue(
+                self.client.login(
+                    username=self.auth_user,
+                    password=self.auth_user,
+                )
+            )
+
+    @property
+    def users_base(self):
+        # Format desc: username, password, trigramme
+        return {
+            # user, user, 000
+            'user': create_user(),
+            # team, team, 100
+            'team': create_team(),
+            # root, root, 200
+            'root': create_root(),
+        }
+
+    @property
+    def users_extra(self):
+        return {}
+
+    def register_user(self, label, user):
+        self.users[label] = user
+        if hasattr(user.profile, 'account_kfet'):
+            self.accounts[label] = user.profile.account_kfet
+
+    @property
+    def urls_conf(self):
+        return [{
+            'name': self.url_name,
+            'args': getattr(self, 'url_args', []),
+            'kwargs': getattr(self, 'url_kwargs', {}),
+            'expected': self.url_expected,
+        }]
+
+    @property
+    def t_urls(self):
+        return [
+            reverse(
+                url_conf['name'],
+                args=url_conf.get('args', []),
+                kwargs=url_conf.get('kwargs', {}),
+            )
+            for url_conf in self.urls_conf]
+
+    @property
+    def url(self):
+        return self.t_urls[0]
+
+    def assertForbidden(self, response):
+        request = response.wsgi_request
+
+        try:
+            try:
+                # Is this an HTTP Forbidden response ?
+                self.assertEqual(response.status_code, 403)
+            except AssertionError:
+                # A redirection to the login view is fine too.
+
+                # Let's build the login url with the 'next' param on current
+                # page.
+                full_path = request.get_full_path()
+
+                querystring = QueryDict(mutable=True)
+                querystring['next'] = full_path
+
+                login_url = '/login?' + querystring.urlencode(safe='/')
+
+                # We don't focus on what the login view does.
+                # So don't fetch the redirect.
+                self.assertRedirects(
+                    response, login_url,
+                    fetch_redirect_response=False,
+                )
+        except AssertionError:
+            raise AssertionError(
+                "%(http_method)s request at %(path)s should be forbidden for "
+                "%(username)s user.\n"
+                "Response isn't 403, nor a redirect to login view. Instead, "
+                "response code is %(code)d." % {
+                    'http_method': request.method,
+                    'path': request.get_full_path(),
+                    'username': (
+                        "'{}'".format(request.user.username)
+                        if request.user.username
+                        else 'anonymous'
+                    ),
+                    'code': response.status_code,
+                }
+            )
+
+    def assertForbiddenKfet(self, response):
+        self.assertEqual(response.status_code, 200)
+        form = response.context['form']
+        self.assertIn("Permission refusée", form.non_field_errors)
+
+    def test_urls(self):
+        for url, conf in zip(self.t_urls, self.urls_conf):
+            self.assertEqual(url, conf['expected'])
+
+    def test_forbidden(self):
+        for creds in self.auth_forbidden:
+            for url in self.t_urls:
+                client = Client()
+                if creds is not None:
+                    client.login(username=creds, password=creds)
+                r = client.get(url)
+                self.assertForbidden(r)