Test user impersonification

2020-11-02 12:08:01 +01:00 · 2020-11-02 12:08:01 +01:00 · 62b883467c
parent 5fc46e74d2
commit 62b883467c
2 changed files with 25 additions and 2 deletions
--- a/apps/registration/tests.py
+++ b/apps/registration/tests.py
@ -18,6 +18,13 @@ class TestIndexPage(TestCase):
        response = self.client.get(reverse("index"))
        self.assertEqual(response.status_code, 200)

+    def test_not_authenticated(self):
+        """
+        Try to load some pages without being authenticated.
+        """
+        response = self.client.get(reverse("registration:reset_admin"))
+        self.assertRedirects(response, reverse("login") + "?next=" + reverse("registration:reset_admin"), 302, 200)
+

 class TestRegistration(TestCase):
    def setUp(self) -> None:
@ -255,6 +262,23 @@ class TestRegistration(TestCase):
        self.assertEqual(response.status_code, 403)
        os.remove("media/authorization/photo/example")

+    def test_impersonate(self):
+        """
+        Admin can impersonate other people to act as them.
+        """
+        response = self.client.get(reverse("registration:user_impersonate", args=(0x7ffff42ff,)))
+        self.assertEqual(response.status_code, 404)
+
+        # Impersonate student account
+        response = self.client.get(reverse("registration:user_impersonate", args=(self.student.pk,)))
+        self.assertRedirects(response, reverse("registration:user_detail", args=(self.student.pk,)), 302, 200)
+        self.assertEqual(self.client.session["_fake_user_id"], self.student.id)
+
+        # Reset admin view
+        response = self.client.get(reverse("registration:reset_admin"))
+        self.assertRedirects(response, reverse("index"), 302, 200)
+        self.assertFalse("_fake_user_id" in self.client.session)
+
    def test_string_render(self):
        # TODO These string field tests will be removed when used in a template
        self.assertRaises(NotImplementedError, lambda: Registration().type)
--- a/apps/registration/views.py
+++ b/apps/registration/views.py
@ -256,7 +256,6 @@ class UserImpersonateView(LoginRequiredMixin, RedirectView):
            session = request.session
            session["admin"] = request.user.pk
            session["_fake_user_id"] = kwargs["pk"]
-            return redirect(request.path)
        return super().dispatch(request, *args, **kwargs)

    def get_redirect_url(self, *args, **kwargs):
@ -274,4 +273,4 @@ class ResetAdminView(LoginRequiredMixin, View):
            return self.handle_no_permission()
        if "_fake_user_id" in request.session:
            del request.session["_fake_user_id"]
-        return redirect(request.GET.get("path", "/"))
+        return redirect(request.GET.get("path", reverse_lazy("index")))