From b9d19be1835a9f9b797944e9ca008420ba02a18e Mon Sep 17 00:00:00 2001
From: Sli <antoine@bartuccio.fr>
Date: Tue, 23 Jul 2024 01:12:52 +0200
Subject: [PATCH] Fix markdown api and add test for user picture page

---
 core/api.py                                 |  1 +
 core/templates/core/markdown_textarea.jinja | 21 ++++-----
 core/tests.py                               | 51 ++++++++++++++++++---
 3 files changed, 54 insertions(+), 19 deletions(-)

diff --git a/core/api.py b/core/api.py
index 2f203680..f7f6a044 100644
--- a/core/api.py
+++ b/core/api.py
@@ -1,5 +1,6 @@
 from django.conf import settings
 from django.http import HttpResponse
+from ninja import Form
 from ninja_extra import ControllerBase, api_controller, route
 from ninja_extra.exceptions import PermissionDenied
 
diff --git a/core/templates/core/markdown_textarea.jinja b/core/templates/core/markdown_textarea.jinja
index c33a45a0..9f94c4d3 100644
--- a/core/templates/core/markdown_textarea.jinja
+++ b/core/templates/core/markdown_textarea.jinja
@@ -14,26 +14,21 @@
 				document.head.innerHTML += '<link rel="stylesheet" href="' + css + '">';
 			}
 
-			// Custom markdown parser
-			function customMarkdownParser(plainText, cb) {
-				$.ajax({
-					url: "{{ markdown_api_url }}",
-					method: "POST",
-					data: { text: plainText, csrfmiddlewaretoken: getCSRFToken() },
-				}).done(cb);
-			}
-
 			// Pretty markdown input
 			const easymde = new EasyMDE({
 				element: document.getElementById("{{ widget.attrs.id }}"),
 				spellChecker: false,
 				autoDownloadFontAwesome: false,
-				previewRender: function(plainText, preview) { // Async method
+				previewRender: function (plainText, preview) {
 					clearTimeout(lastAPICall);
-					lastAPICall = setTimeout(() => {
-						customMarkdownParser(plainText, (msg) => preview.innerHTML = msg);
+					lastAPICall = setTimeout(async () => {
+                        const res = await fetch("{{ markdown_api_url }}", {
+                            method: "POST",
+                            body: JSON.stringify({ text: plainText }),
+                        });
+                        preview.innerHTML = await res.text();
 					}, 300);
-					return preview.innerHTML;
+                    return null;
 				},
 				forceSync: true, // Avoid validation error on generic create view
 				toolbar: [
diff --git a/core/tests.py b/core/tests.py
index 07259946..6fa24874 100644
--- a/core/tests.py
+++ b/core/tests.py
@@ -217,7 +217,7 @@ def test_full_markdown_syntax():
     assert result == html
 
 
-class PageHandlingTest(TestCase):
+class TestPageHandling(TestCase):
     @classmethod
     def setUpTestData(cls):
         cls.root = User.objects.get(username="root")
@@ -320,11 +320,16 @@ http://git.an
         assertInHTML(expected, response.content.decode())
 
 
-class UserToolsTest:
+@pytest.mark.django_db
+class TestUserTools:
     def test_anonymous_user_unauthorized(self, client):
         """An anonymous user shouldn't have access to the tools page."""
         response = client.get(reverse("core:user_tools"))
-        assert response.status_code == 403
+        assertRedirects(
+            response,
+            expected_url=f"/login?next=%2Fuser%2Ftools%2F",
+            target_status_code=301,
+        )
 
     @pytest.mark.parametrize("username", ["guy", "root", "skia", "comunity"])
     def test_page_is_working(self, client, username):
@@ -335,13 +340,47 @@ class UserToolsTest:
         assert response.status_code == 200
 
 
+@pytest.mark.django_db
+class TestUserPicture:
+    def test_anonymous_user_unauthorized(self, client):
+        """An anonymous user shouldn't have access to an user's photo page."""
+        response = client.get(
+            reverse(
+                "core:user_pictures",
+                kwargs={"user_id": User.objects.get(username="sli").pk},
+            )
+        )
+        assert response.status_code == 403
+
+    @pytest.mark.parametrize(
+        ("username", "status"),
+        [
+            ("guy", 403),
+            ("root", 200),
+            ("skia", 200),
+            ("sli", 200),
+        ],
+    )
+    def test_page_is_working(self, client, username, status):
+        """Only user that subscribed (or admins) should be able to see the page."""
+        # Test for simple user
+        client.force_login(User.objects.get(username=username))
+        response = client.get(
+            reverse(
+                "core:user_pictures",
+                kwargs={"user_id": User.objects.get(username="sli").pk},
+            )
+        )
+        assert response.status_code == status
+
+
 # TODO: many tests on the pages:
 #   - renaming a page
 #   - changing a page's parent --> check that page's children's full_name
 #   - changing the different groups of the page
 
 
-class FileHandlingTest(TestCase):
+class TestFileHandling(TestCase):
     @classmethod
     def setUpTestData(cls):
         cls.subscriber = User.objects.get(username="subscriber")
@@ -377,7 +416,7 @@ class FileHandlingTest(TestCase):
         assert "ls</a>" in str(response.content)
 
 
-class UserIsInGroupTest(TestCase):
+class TestUserIsInGroup(TestCase):
     """Test that the User.is_in_group() and AnonymousUser.is_in_group()
     work as intended.
     """
@@ -518,7 +557,7 @@ class UserIsInGroupTest(TestCase):
         assert self.skia.is_in_group(name="This doesn't exist") is False
 
 
-class DateUtilsTest(TestCase):
+class TestDateUtils(TestCase):
     @classmethod
     def setUpTestData(cls):
         cls.autumn_month = settings.SITH_SEMESTER_START_AUTUMN[0]