plateforme-tfjm2/apps/registration/tests.py

411 lines
19 KiB
Python
Raw Normal View History

2020-12-27 10:49:54 +00:00
# Copyright (C) 2020 by Animath
# SPDX-License-Identifier: GPL-3.0-or-later
import os
from django.contrib.auth.models import User
from django.contrib.contenttypes.models import ContentType
from django.contrib.sites.models import Site
from django.core.files.uploadedfile import SimpleUploadedFile
from django.core.management import call_command
from django.test import TestCase
from django.urls import reverse
from django.utils.encoding import force_bytes
from django.utils.http import urlsafe_base64_encode
2020-12-28 17:52:50 +00:00
from participation.models import Team
2020-12-28 18:19:01 +00:00
from tfjm.tokens import email_validation_token
2020-12-27 10:49:54 +00:00
from .models import AdminRegistration, CoachRegistration, StudentRegistration
class TestIndexPage(TestCase):
def test_index(self) -> None:
"""
Display the index page, without any right.
"""
response = self.client.get(reverse("index"))
self.assertEqual(response.status_code, 200)
def test_not_authenticated(self):
"""
Try to load some pages without being authenticated.
"""
response = self.client.get(reverse("registration:reset_admin"))
self.assertRedirects(response, reverse("login") + "?next=" + reverse("registration:reset_admin"), 302, 200)
User.objects.create()
response = self.client.get(reverse("registration:user_detail", args=(1,)))
self.assertRedirects(response, reverse("login") + "?next=" + reverse("registration:user_detail", args=(1,)))
Team.objects.create()
response = self.client.get(reverse("participation:team_detail", args=(1,)))
self.assertRedirects(response, reverse("login") + "?next=" + reverse("participation:team_detail", args=(1,)))
response = self.client.get(reverse("participation:update_team", args=(1,)))
self.assertRedirects(response, reverse("login") + "?next=" + reverse("participation:update_team", args=(1,)))
response = self.client.get(reverse("participation:create_team"))
self.assertRedirects(response, reverse("login") + "?next=" + reverse("participation:create_team"))
response = self.client.get(reverse("participation:join_team"))
self.assertRedirects(response, reverse("login") + "?next=" + reverse("participation:join_team"))
response = self.client.get(reverse("participation:team_authorizations", args=(1,)))
self.assertRedirects(response, reverse("login") + "?next="
+ reverse("participation:team_authorizations", args=(1,)))
response = self.client.get(reverse("participation:participation_detail", args=(1,)))
self.assertRedirects(response, reverse("login") + "?next="
+ reverse("participation:participation_detail", args=(1,)))
class TestRegistration(TestCase):
def setUp(self) -> None:
self.user = User.objects.create_superuser(
username="admin",
password="admin",
email="admin@example.com",
)
self.client.force_login(self.user)
self.student = User.objects.create(email="student@example.com")
StudentRegistration.objects.create(user=self.student, student_class=11, school="Earth")
self.coach = User.objects.create(email="coach@example.com")
CoachRegistration.objects.create(user=self.coach, professional_activity="Teacher")
def test_admin_pages(self):
"""
Check that admin pages are rendering successfully.
"""
response = self.client.get(reverse("admin:index") + "registration/registration/")
self.assertEqual(response.status_code, 200)
response = self.client.get(reverse("admin:index")
+ f"registration/registration/{self.user.registration.pk}/change/")
self.assertEqual(response.status_code, 200)
response = self.client.get(reverse("admin:index") +
f"r/{ContentType.objects.get_for_model(AdminRegistration).id}/"
f"{self.user.registration.pk}/")
self.assertRedirects(response, "http://" + Site.objects.get().domain +
str(self.user.registration.get_absolute_url()), 302, 200)
response = self.client.get(reverse("admin:index")
+ f"registration/registration/{self.student.registration.pk}/change/")
self.assertEqual(response.status_code, 200)
response = self.client.get(reverse("admin:index") +
f"r/{ContentType.objects.get_for_model(StudentRegistration).id}/"
f"{self.student.registration.pk}/")
self.assertRedirects(response, "http://" + Site.objects.get().domain +
str(self.student.registration.get_absolute_url()), 302, 200)
response = self.client.get(reverse("admin:index")
+ f"registration/registration/{self.coach.registration.pk}/change/")
self.assertEqual(response.status_code, 200)
response = self.client.get(reverse("admin:index") +
f"r/{ContentType.objects.get_for_model(CoachRegistration).id}/"
f"{self.coach.registration.pk}/")
self.assertRedirects(response, "http://" + Site.objects.get().domain +
str(self.coach.registration.get_absolute_url()), 302, 200)
def test_registration(self):
"""
Ensure that the signup form is working successfully.
"""
response = self.client.get(reverse("registration:signup"))
self.assertEqual(response.status_code, 200)
# Incomplete form
response = self.client.post(reverse("registration:signup"), data=dict(
last_name="Toto",
first_name="Toto",
email="toto@example.com",
password1="azertyuiopazertyuiop",
password2="azertyuiopazertyuiop",
role="participant",
))
self.assertEqual(response.status_code, 200)
response = self.client.post(reverse("registration:signup"), data=dict(
last_name="Toto",
first_name="Toto",
email="toto@example.com",
password1="azertyuiopazertyuiop",
password2="azertyuiopazertyuiop",
role="participant",
student_class=12,
school="God",
2021-01-17 12:57:50 +00:00
birth_date="2000-01-01",
2021-01-22 08:04:44 +00:00
gender="other",
2021-01-17 12:57:50 +00:00
address="1 Rue de Rivoli, 75001 Paris, France",
phone_number="0123456789",
responsible_name="Toto",
responsible_phone="0123456789",
responsible_email="toto@example.com",
2020-12-27 10:49:54 +00:00
give_contact_to_animath=False,
))
self.assertRedirects(response, reverse("registration:email_validation_sent"), 302, 200)
2021-01-17 12:57:50 +00:00
self.assertTrue(User.objects.filter(
email="toto@example.com",
registration__participantregistration__studentregistration__responsible_name="Toto").exists())
2020-12-27 10:49:54 +00:00
# Email is already used
response = self.client.post(reverse("registration:signup"), data=dict(
last_name="Toto",
first_name="Toto",
email="toto@example.com",
password1="azertyuiopazertyuiop",
password2="azertyuiopazertyuiop",
role="participant",
student_class=12,
school="God",
2021-01-17 12:57:50 +00:00
birth_date="2000-01-01",
2021-01-22 08:04:44 +00:00
gender="other",
2021-01-17 12:57:50 +00:00
address="1 Rue de Rivoli, 75001 Paris, France",
phone_number="0123456789",
responsible_name="Toto",
responsible_phone="0123456789",
responsible_email="toto@example.com",
2020-12-27 10:49:54 +00:00
give_contact_to_animath=False,
))
self.assertEqual(response.status_code, 200)
response = self.client.get(reverse("registration:email_validation_sent"))
self.assertEqual(response.status_code, 200)
response = self.client.post(reverse("registration:signup"), data=dict(
last_name="Toto",
first_name="Coach",
email="coachtoto@example.com",
password1="azertyuiopazertyuiop",
password2="azertyuiopazertyuiop",
role="coach",
2021-01-17 12:57:50 +00:00
birth_date="1980-01-01",
2021-01-22 08:04:44 +00:00
gender="other",
2021-01-17 12:57:50 +00:00
address="1 Rue de Rivoli, 75001 Paris, France",
phone_number="0123456789",
2020-12-27 10:49:54 +00:00
professional_activity="God",
give_contact_to_animath=True,
))
self.assertRedirects(response, reverse("registration:email_validation_sent"), 302, 200)
self.assertTrue(User.objects.filter(email="coachtoto@example.com").exists())
user = User.objects.get(email="coachtoto@example.com")
token = email_validation_token.make_token(user)
uid = urlsafe_base64_encode(force_bytes(user.pk))
response = self.client.get(reverse("registration:email_validation", kwargs=dict(uidb64=uid, token=token)))
self.assertEqual(response.status_code, 200)
user.registration.refresh_from_db()
self.assertTrue(user.registration.email_confirmed)
# Token has expired
response = self.client.get(reverse("registration:email_validation", kwargs=dict(uidb64=uid, token=token)))
self.assertEqual(response.status_code, 400)
# Uid does not exist
response = self.client.get(reverse("registration:email_validation", kwargs=dict(uidb64=0, token="toto")))
self.assertEqual(response.status_code, 400)
response = self.client.get(reverse("registration:email_validation_resend", args=(user.pk,)))
self.assertRedirects(response, reverse("registration:email_validation_sent"), 302, 200)
def test_login(self):
"""
With a registered user, try to log in
"""
response = self.client.get(reverse("login"))
self.assertEqual(response.status_code, 200)
self.client.logout()
response = self.client.post(reverse("login"), data=dict(
username="admin",
password="toto",
))
self.assertEqual(response.status_code, 200)
response = self.client.post(reverse("login"), data=dict(
username="admin@example.com",
password="admin",
))
self.assertRedirects(response, reverse("index"), 302, 200)
def test_user_detail(self):
"""
Load a user detail page.
"""
response = self.client.get(reverse("registration:my_account_detail"))
self.assertRedirects(response, reverse("registration:user_detail", args=(self.user.pk,)))
response = self.client.get(reverse("registration:user_detail", args=(self.user.pk,)))
self.assertEqual(response.status_code, 200)
def test_user_list(self):
"""
Display the list of all users.
"""
response = self.client.get(reverse("registration:user_list"))
self.assertEqual(response.status_code, 200)
def test_update_user(self):
"""
Update the user information, for each type of user.
"""
# To test the modification of mailing lists
from participation.models import Team
self.student.registration.team = Team.objects.create(
name="toto",
trigram="TOT",
)
self.student.registration.save()
for user, data in [(self.user, dict(role="Bot")),
2021-01-17 12:57:50 +00:00
(self.student, dict(student_class=11, school="Sky", birth_date="2001-01-01",
2021-01-22 08:04:44 +00:00
gender="female", address="1 Rue de Rivoli, 75001 Paris, France",
responsible_name="Toto", responsible_email="toto@example.com")),
2021-01-17 12:57:50 +00:00
(self.coach, dict(professional_activity="God", birth_date="2001-01-01",
2021-01-22 08:04:44 +00:00
gender="male", address="1 Rue de Rivoli, 75001 Paris, France"))]:
2020-12-27 10:49:54 +00:00
response = self.client.get(reverse("registration:update_user", args=(user.pk,)))
self.assertEqual(response.status_code, 200)
response = self.client.post(reverse("registration:update_user", args=(user.pk,)), data=dict(
first_name="Changed",
last_name="Name",
email="new_" + user.email,
give_contact_to_animath=True,
email_confirmed=True,
team_id="",
))
self.assertEqual(response.status_code, 200)
data.update(
first_name="Changed",
last_name="Name",
email="new_" + user.email,
give_contact_to_animath=True,
email_confirmed=True,
team_id="",
)
response = self.client.post(reverse("registration:update_user", args=(user.pk,)), data=data)
self.assertRedirects(response, reverse("registration:user_detail", args=(user.pk,)), 302, 200)
user.refresh_from_db()
self.assertEqual(user.email, user.username)
self.assertFalse(user.registration.email_confirmed)
self.assertEqual(user.first_name, "Changed")
def test_upload_photo_authorization(self):
"""
Try to upload a photo authorization.
"""
2020-12-29 15:14:56 +00:00
for auth_type in ["photo_authorization", "health_sheet", "parental_authorization"]:
response = self.client.get(reverse("registration:upload_user_photo_authorization",
args=(self.student.registration.pk,)))
self.assertEqual(response.status_code, 200)
2020-12-27 10:49:54 +00:00
2020-12-29 15:14:56 +00:00
# README is not a valid PDF file
response = self.client.post(reverse(f"registration:upload_user_{auth_type}",
args=(self.student.registration.pk,)), data={
auth_type: open("README.md", "rb"),
})
self.assertEqual(response.status_code, 200)
2020-12-27 10:49:54 +00:00
2020-12-29 15:14:56 +00:00
# Don't send too large files
response = self.client.post(reverse(f"registration:upload_user_{auth_type}",
args=(self.student.registration.pk,)), data={
auth_type: SimpleUploadedFile("file.pdf", content=int(0).to_bytes(2000001, "big"),
content_type="application/pdf"),
})
self.assertEqual(response.status_code, 200)
2020-12-27 10:49:54 +00:00
2020-12-29 15:14:56 +00:00
response = self.client.post(reverse(f"registration:upload_user_{auth_type}",
args=(self.student.registration.pk,)), data={
auth_type: open("tfjm/static/Fiche_sanitaire.pdf", "rb"),
})
self.assertRedirects(response, reverse("registration:user_detail", args=(self.student.pk,)), 302, 200)
2020-12-27 10:49:54 +00:00
2020-12-29 15:14:56 +00:00
self.student.registration.refresh_from_db()
self.assertTrue(getattr(self.student.registration, auth_type))
2020-12-27 10:49:54 +00:00
2020-12-29 15:14:56 +00:00
response = self.client.get(reverse(
auth_type, args=(getattr(self.student.registration, auth_type).name.split('/')[-1],)))
2020-12-29 15:14:56 +00:00
self.assertEqual(response.status_code, 200)
2020-12-27 10:49:54 +00:00
from participation.models import Team
team = Team.objects.create(name="Test", trigram="TES")
self.student.registration.team = team
self.student.registration.save()
response = self.client.get(reverse("participation:team_authorizations", args=(team.pk,)))
self.assertEqual(response.status_code, 200)
self.assertEqual(response["content-type"], "application/zip")
# Do it twice, ensure that the previous authorization got deleted
old_authoratization = self.student.registration.photo_authorization.path
response = self.client.post(reverse("registration:upload_user_photo_authorization",
args=(self.student.registration.pk,)), data=dict(
2020-12-28 17:52:50 +00:00
photo_authorization=open("tfjm/static/Fiche_sanitaire.pdf", "rb"),
2020-12-27 10:49:54 +00:00
))
self.assertRedirects(response, reverse("registration:user_detail", args=(self.student.pk,)), 302, 200)
self.assertFalse(os.path.isfile(old_authoratization))
self.student.registration.refresh_from_db()
self.student.registration.photo_authorization.delete()
self.student.registration.save()
2020-12-27 10:49:54 +00:00
def test_user_detail_forbidden(self):
"""
Create a new user and ensure that it can't see the detail of another user.
"""
self.client.force_login(self.coach)
response = self.client.get(reverse("registration:user_detail", args=(self.user.pk,)))
self.assertEqual(response.status_code, 403)
response = self.client.get(reverse("registration:update_user", args=(self.user.pk,)))
self.assertEqual(response.status_code, 403)
2021-01-17 12:57:50 +00:00
response = self.client.get(reverse("registration:upload_user_photo_authorization",
args=(self.student.registration.pk,)))
2020-12-27 10:49:54 +00:00
self.assertEqual(response.status_code, 403)
response = self.client.get(reverse("photo_authorization", args=("inexisting-authorization",)))
self.assertEqual(response.status_code, 404)
with open("media/authorization/photo/example", "w") as f:
f.write("I lost the game.")
self.student.registration.photo_authorization = "authorization/photo/example"
self.student.registration.save()
response = self.client.get(reverse("photo_authorization", args=("example",)))
self.assertEqual(response.status_code, 403)
os.remove("media/authorization/photo/example")
def test_impersonate(self):
"""
Admin can impersonate other people to act as them.
"""
response = self.client.get(reverse("registration:user_impersonate", args=(0x7ffff42ff,)))
self.assertEqual(response.status_code, 404)
# Impersonate student account
response = self.client.get(reverse("registration:user_impersonate", args=(self.student.pk,)))
self.assertRedirects(response, reverse("registration:user_detail", args=(self.student.pk,)), 302, 200)
self.assertEqual(self.client.session["_fake_user_id"], self.student.id)
# Reset admin view
response = self.client.get(reverse("registration:reset_admin"))
self.assertRedirects(response, reverse("index"), 302, 200)
self.assertFalse("_fake_user_id" in self.client.session)
def test_research(self):
"""
Try to search some things.
"""
call_command("rebuild_index", "--noinput", "-v", 0)
response = self.client.get(reverse("haystack_search") + "?q=" + self.user.email)
self.assertEqual(response.status_code, 200)
self.assertTrue(response.context["object_list"])
response = self.client.get(reverse("haystack_search") + "?q=" +
str(self.coach.registration.professional_activity))
self.assertEqual(response.status_code, 200)
self.assertTrue(response.context["object_list"])
response = self.client.get(reverse("haystack_search") + "?q=" +
self.student.registration.get_student_class_display())
self.assertEqual(response.status_code, 200)
self.assertTrue(response.context["object_list"])