mirror of
https://github.com/ae-utbm/sith.git
synced 2024-11-26 11:04:20 +00:00
b9298792ae
* integration of 3D secure v2 for eboutic bank payment * edit yml to avoid git conflict when deploying on test * escape html characters on xml (#505) * Change country id to ISO 3166 1 numeric for 3DSV2 (#510) * remove useless tests * Fix le panier de l'Eboutic pour Safari (#518) Co-authored-by: Théo DURR <git@theodurr.fr> Co-authored-by: thomas girod <56346771+imperosol@users.noreply.github.com> * update some dependencies (#523) * [Eboutic] Fix double quote issue & improved user experience on small screen (#522) * Fix #511 Regex issue with escaped double quotes * Fix basket being when reloading the page (when cookie != "") + Added JSDoc + Cleaned some code * Fix #509 Improved user experience on small screens * Fix css class not being added back when reloading page * CSS Fixes (see description) + Fixed overlaping item title with the cart emoji on small screen + Fixed minimal size of the basket on small screen (full width) * Added darkened background circle to items with no image * Fix issue were the basket could be None * Edited CSS to have bette img ratio & the 🛒 icon Adapt, Improve, Overcome * Moved basket down on small screen size * enhance admin pages * update documentation * Update doc/about/tech.rst Co-authored-by: Julien Constant <49886317+Juknum@users.noreply.github.com> * remove csrf_token * Fix 3DSv2 implementation (#542) * Fixed wrong HMAC signature generation * Fix xml du panier Co-authored-by: Julien Constant <julienconstant190@gmail.com> * [FIX] 3DSv2 - Echappement du XML et modif tables (#543) * Fixed wrong HMAC signature generation * Updated migration files Co-authored-by: Julien Constant <julienconstant190@gmail.com> * Update doc/about/tech.rst * Update doc/start/install.rst * Updated lock file according to pyproject * unify account_id creation * upgrade re_path to path (#533) * redirect directly on counter if user is barman * Passage de vue à Alpine pour les comptoirs (#561) Vue, c'est cool, mais avec Django c'est un peu chiant à utiliser. Alpine a l'avantage d'être plus léger et d'avoir une syntaxe qui ne ressemble pas à celle de Jinja (ce qui évite d'avoir à mettre des {% raw %} partout). * resolved importError (#565) * Add galaxy (#562) * style.scss: lint * style.scss: add 'th' padding * core: populate: add much more data for development * Add galaxy * repair user merging tool (#498) * Disabled galaxy feature (only visually) * Disabled Galaxy button & Removed 404 exception display * Update 404.jinja * Fixed broken test * Added eurocks links to eboutic * fix typo * fix wording Co-authored-by: Théo DURR <git@theodurr.fr> * Edited unit tests This test caused a breach in security due to the alert block displaying sensitive data. * Repair NaN bug for autocomplete on counter click * remove-useless-queries-counter-stats (#519) * Amélioration des pages utilisateurs pour les petits écrans (#578, #520) - Refonte de l'organisation des pages utilisateurs (principalement du front) - Page des parrains/fillots - Page d'édition du profil - Page du profil - Page des outils - Page des préférences - Page des stats utilisateurs - Refonte du CSS / organisation de la navbar principale (en haut de l'écran) - Refonte du CSS de la navbar bleu clair (le menu) - Refonte du CSS du SAS : - Page de photo - Page d'albums * Added GA/Clubs Google Calendar to main page (#585) * Added GA/Clubs google calendar to main page * Made tables full width * Create dependabot.yml (#587) * Bump django from 3.2.16 to 3.2.18 (#574) * [CSS] Follow up of #578 (#589) * [FIX] Broken link in readme and license fix (& update) (#591) * Fixes pour la mise à jour de mars (#598) * Fix problème de cache dans le SAS & améliore le CSS du SAS Co-authored-by: Bartuccio Antoine <klmp200@users.noreply.github.com> * Fixes & améliorations du nouveau CSS (#616) * [UPDATE] Bump sentry-sdk from 1.12.1 to 1.19.1 (#620) * [FIX] Fixes supplémentaires pour la màj de mars (#622) - Les photos de l'onglet de la page utilisateur utilise désormais leur version thumbnail au lieu de leur version HD - Une des classes du CSS du SAS a été renommée car elle empiétait sur une class de la navbar - Le profil utilisateur a été revu pour ajouter plus d'espacement entre le tableau des cotisations et le numéro de cotisants - Les images de forum & blouse sont de nouveau cliquable pour les afficher en grands - Sur mobile, lorsqu'on cliquait sur le premier élément de la navbar, ce dernier avait un overlay avec des angles arrondis - Sur mobile, les utilisateurs avec des images de profils non carrées dépassait dans l'onglet Famille * [UPDATE] Bump dict2xml from 1.7.2 to 1.7.3 (#592) Bumps [dict2xml](https://github.com/delfick/python-dict2xml) from 1.7.2 to 1.7.3. - [Release notes](https://github.com/delfick/python-dict2xml/releases) - [Commits](https://github.com/delfick/python-dict2xml/compare/release-1.7.2...release-1.7.3) --- updated-dependencies: - dependency-name: dict2xml dependency-type: direct:production update-type: version-update:semver-patch ... * [UPDATE] Bump django-debug-toolbar from 3.8.1 to 4.0.0 (#593) Bumps [django-debug-toolbar](https://github.com/jazzband/django-debug-toolbar) from 3.8.1 to 4.0.0. - [Release notes](https://github.com/jazzband/django-debug-toolbar/releases) - [Changelog](https://github.com/jazzband/django-debug-toolbar/blob/main/docs/changes.rst) - [Commits](https://github.com/jazzband/django-debug-toolbar/compare/3.8.1...4.0.0) --- updated-dependencies: - dependency-name: django-debug-toolbar dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [UPDATE] Bump cryptography from 37.0.4 to 40.0.1 (#594) * [UPDATE] Bump cryptography from 37.0.4 to 40.0.1 Bumps [cryptography](https://github.com/pyca/cryptography) from 37.0.4 to 40.0.1. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/37.0.4...40.0.1) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Updated pyOpenSSL to match cryptography requirements --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Julien Constant <julienconstant190@gmail.com> * Mise à jour de Black vers la version 23.3 (#629) * update link for poetry install * [UPDATE] Bump django-countries from 7.5 to 7.5.1 (#624) Bumps [django-countries](https://github.com/SmileyChris/django-countries) from 7.5 to 7.5.1. - [Release notes](https://github.com/SmileyChris/django-countries/releases) - [Changelog](https://github.com/SmileyChris/django-countries/blob/main/CHANGES.rst) - [Commits](https://github.com/SmileyChris/django-countries/compare/v7.5...v7.5.1) --- updated-dependencies: - dependency-name: django-countries dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [UPDATE] Bump sentry-sdk from 1.19.1 to 1.21.0 Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 1.19.1 to 1.21.0. - [Release notes](https://github.com/getsentry/sentry-python/releases) - [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md) - [Commits](https://github.com/getsentry/sentry-python/compare/1.19.1...1.21.0) --- updated-dependencies: - dependency-name: sentry-sdk dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Speed up tests (#638) * Better usage of cache for groups and clubs related operations (#634) * Better usage of cache for group retrieval * Cache clearing on object deletion or update * replace signals by save and delete override * add is_anonymous check in is_owned_by Add in many is_owned_by(self, user) methods that user is not anonymous. Since many of those functions do db queries, this should reduce a little bit the load of the db. * Stricter usage of User.is_in_group Constrain the parameters that can be passed to the function to make sure only a str or an int can be used. Also force to explicitly specify if the group id or the group name is used. * write test and correct bugs * remove forgotten populate commands * Correct test * [FIX] Correction de bugs (#617) * Fix #600 * Fix #602 * Fixes & améliorations du nouveau CSS (#616) * Fix #604 * should fix #605 * Fix #608 * Update core/views/site.py Co-Authored-By: thomas girod <56346771+imperosol@users.noreply.github.com> * Added back the permission denied * Should fix #609 * Fix failing test when 2 user are merged * Should fix #610 * Should fix #627 * Should fix #109 Block les URLs suivantes lorsque le fichier se trouve dans le dir `profiles` ou `SAS` : - `/file/<id>/` - `/file/<id>/[delete|prop|edit]` > Les urls du SAS restent accessiblent pour les roots & les admins SAS > Les urls de profiles sont uniquement accessiblent aux roots * Fix root dir of SAS being unnaccessible for sas admins ⚠️ need to edit the SAS directory & save it (no changes required in sas directory properties) * Remove overwritten code * Should fix duplicated albums in user profile (wtf) * Fix typo * Extended profiles picture access to board members * Should fix #607 * Fix keyboard navigation not working properly * Fix user tagged pictures section inside python rather than in the template * Update utils.py * Apply suggested changes * Fix #604 * Fix #608 * Added back the permission denied * Should fix duplicated albums in user profile (wtf) * Fix user tagged pictures section inside python rather than in the template * Apply suggested changes --------- Co-authored-by: thomas girod <56346771+imperosol@users.noreply.github.com> * Remove duplicated css * Galaxy improvements (#628) * galaxy: improve logging and performance reporting * galaxy: add a full galaxy state test * galaxy: optimize user self score computation * galaxy: add 'generate_galaxy_test_data' command for development at scale * galaxy: big refactor Main changes: - Multiple Galaxy objects can now exist at the same time in DB. This allows for ruling a new galaxy while still displaying the old one. - The criteria to quickly know whether a user is a possible citizen is now a simple query on picture count. This avoids a very complicated query to database, that could often result in huge working memory load. With this change, it should be possible to run the galaxy even on a vanilla Postgres that didn't receive fine tuning for the Sith's galaxy. * galaxy: template: make the galaxy graph work and be usable with a lot of stars - Display focused star and its connections clearly - Display star label faintly by default for other stars to avoid overloading the graph - Hide non-focused lanes - Avoid clicks on non-highlighted, too far stars - Make the canva adapt its width to initial screen size, doesn't work dynamically * galaxy: better docstrings * galaxy: use bulk_create whenever possible This is a big performance gain, especially for the tests. Examples: ---- `./manage.py test galaxy.tests.GalaxyTest.test_full_galaxy_state` Measurements averaged over 3 run on *my machine*™: Before: 2min15s After: 1m41s ---- `./manage.py generate_galaxy_test_data --user-pack-count 1` Before: 48s After: 25s ---- `./manage.py rule_galaxy` (for 600 citizen, corresponding to 1 user-pack) Before: 14m4s After: 12m34s * core: populate: use a less ambiguous 'timezone.now()' When running the tests around midnight, the day is changing, leading to some values being offset to the next day depending on the timezone, and making some tests to fail. This ensure to use a less ambiguous `now` when populating the database. * write more extensive documentation - add documentation to previously documented classes and functions and refactor some of the documented one, in accordance to the PEP257 and ReStructuredText standards ; - add some type hints ; - use a NamedTuple for the `Galaxy.compute_users_score` method instead of a raw tuple. Also change a little bit the logic in the function which call the latter ; - add some additional parameter checks on a few functions ; - change a little bit the logic of the log level setting for the galaxy related commands. * galaxy: tests: split Model and View for more efficient data usage --------- Co-authored-by: maréchal <thgirod@hotmail.com> * [UPDATE] Bump libsass from 0.21.0 to 0.22.0 (#640) Bumps [libsass](https://github.com/sass/libsass-python) from 0.21.0 to 0.22.0. - [Release notes](https://github.com/sass/libsass-python/releases) - [Changelog](https://github.com/sass/libsass-python/blob/main/docs/changes.rst) - [Commits](https://github.com/sass/libsass-python/compare/0.21.0...0.22.0) --- updated-dependencies: - dependency-name: libsass dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [FIX] Fix cached groups (#647) * Bump sqlparse from 0.4.3 to 0.4.4 (#645) Bumps [sqlparse](https://github.com/andialbrecht/sqlparse) from 0.4.3 to 0.4.4. - [Release notes](https://github.com/andialbrecht/sqlparse/releases) - [Changelog](https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG) - [Commits](https://github.com/andialbrecht/sqlparse/compare/0.4.3...0.4.4) --- updated-dependencies: - dependency-name: sqlparse dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [UPDATE] Bump django-ordered-model from 3.6 to 3.7.4 (#625) Bumps [django-ordered-model](https://github.com/django-ordered-model/django-ordered-model) from 3.6 to 3.7.4. - [Release notes](https://github.com/django-ordered-model/django-ordered-model/releases) - [Changelog](https://github.com/django-ordered-model/django-ordered-model/blob/master/CHANGES.md) - [Commits](https://github.com/django-ordered-model/django-ordered-model/compare/3.6...3.7.4) --- updated-dependencies: - dependency-name: django-ordered-model dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Fix immutable default variable in `get_start_of_semester` (#656) Le serveur ne percevait pas le changement de semestre, parce que la valeur par défaut passée à la fonction `get_start_of_semester()` était une fonction appelée une seule fois, lors du lancement du serveur. Bref, c'était ça : https://beta.ruff.rs/docs/rules/function-call-in-default-argument/ --------- Co-authored-by: imperosol <thgirod@hotmail.com> * Add missing method on AnonymousUser (#649) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Thomas Girod <thgirod@hotmail.com> Co-authored-by: thomas girod <56346771+imperosol@users.noreply.github.com> Co-authored-by: Théo DURR <git@theodurr.fr> Co-authored-by: Skia <skia@hya.sk> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Bartuccio Antoine <klmp200@users.noreply.github.com>
693 lines
25 KiB
Python
693 lines
25 KiB
Python
# -*- coding:utf-8 -*
|
|
#
|
|
# Copyright 2023 © AE UTBM
|
|
# ae@utbm.fr / ae.info@utbm.fr
|
|
#
|
|
# This file is part of the website of the UTBM Student Association (AE UTBM),
|
|
# https://ae.utbm.fr.
|
|
#
|
|
# You can find the source code of the website at https://github.com/ae-utbm/sith3
|
|
#
|
|
# LICENSED UNDER THE GNU GENERAL PUBLIC LICENSE VERSION 3 (GPLv3)
|
|
# SEE : https://raw.githubusercontent.com/ae-utbm/sith3/master/LICENSE
|
|
# OR WITHIN THE LOCAL FILE "LICENSE"
|
|
#
|
|
#
|
|
|
|
import os
|
|
from datetime import date, timedelta
|
|
|
|
import freezegun
|
|
from django.core.cache import cache
|
|
from django.test import Client, TestCase
|
|
from django.urls import reverse
|
|
from django.utils.timezone import now
|
|
|
|
from club.models import Membership
|
|
from core.markdown import markdown
|
|
from core.models import AnonymousUser, Group, Page, User
|
|
from core.utils import get_semester_code, get_start_of_semester
|
|
from sith import settings
|
|
|
|
"""
|
|
to run these tests :
|
|
python3 manage.py test
|
|
"""
|
|
|
|
|
|
class UserRegistrationTest(TestCase):
|
|
@classmethod
|
|
def setUpTestData(cls):
|
|
User.objects.all().delete()
|
|
|
|
def test_register_user_form_ok(self):
|
|
"""
|
|
Should register a user correctly
|
|
"""
|
|
c = Client()
|
|
response = c.post(
|
|
reverse("core:register"),
|
|
{
|
|
"first_name": "Guy",
|
|
"last_name": "Carlier",
|
|
"email": "guy@git.an",
|
|
"date_of_birth": "12/6/1942",
|
|
"password1": "plop",
|
|
"password2": "plop",
|
|
"captcha_0": "dummy-value",
|
|
"captcha_1": "PASSED",
|
|
},
|
|
)
|
|
self.assertTrue(response.status_code == 200)
|
|
self.assertTrue("TEST_REGISTER_USER_FORM_OK" in str(response.content))
|
|
|
|
def test_register_user_form_fail_password(self):
|
|
"""
|
|
Should not register a user correctly
|
|
"""
|
|
c = Client()
|
|
response = c.post(
|
|
reverse("core:register"),
|
|
{
|
|
"first_name": "Guy",
|
|
"last_name": "Carlier",
|
|
"email": "bibou@git.an",
|
|
"date_of_birth": "12/6/1942",
|
|
"password1": "plop",
|
|
"password2": "plop2",
|
|
"captcha_0": "dummy-value",
|
|
"captcha_1": "PASSED",
|
|
},
|
|
)
|
|
self.assertTrue(response.status_code == 200)
|
|
self.assertTrue("TEST_REGISTER_USER_FORM_FAIL" in str(response.content))
|
|
|
|
def test_register_user_form_fail_email(self):
|
|
"""
|
|
Should not register a user correctly
|
|
"""
|
|
c = Client()
|
|
response = c.post(
|
|
reverse("core:register"),
|
|
{
|
|
"first_name": "Guy",
|
|
"last_name": "Carlier",
|
|
"email": "bibou.git.an",
|
|
"date_of_birth": "12/6/1942",
|
|
"password1": "plop",
|
|
"password2": "plop",
|
|
"captcha_0": "dummy-value",
|
|
"captcha_1": "PASSED",
|
|
},
|
|
)
|
|
self.assertTrue(response.status_code == 200)
|
|
self.assertTrue("TEST_REGISTER_USER_FORM_FAIL" in str(response.content))
|
|
|
|
def test_register_user_form_fail_missing_name(self):
|
|
"""
|
|
Should not register a user correctly
|
|
"""
|
|
c = Client()
|
|
response = c.post(
|
|
reverse("core:register"),
|
|
{
|
|
"first_name": "Guy",
|
|
"last_name": "",
|
|
"email": "bibou@git.an",
|
|
"date_of_birth": "12/6/1942",
|
|
"password1": "plop",
|
|
"password2": "plop",
|
|
"captcha_0": "dummy-value",
|
|
"captcha_1": "PASSED",
|
|
},
|
|
)
|
|
self.assertTrue(response.status_code == 200)
|
|
self.assertTrue("TEST_REGISTER_USER_FORM_FAIL" in str(response.content))
|
|
|
|
def test_register_user_form_fail_missing_date_of_birth(self):
|
|
"""
|
|
Should not register a user correctly
|
|
"""
|
|
c = Client()
|
|
response = c.post(
|
|
reverse("core:register"),
|
|
{
|
|
"first_name": "",
|
|
"last_name": "Carlier",
|
|
"email": "bibou@git.an",
|
|
"date_of_birth": "",
|
|
"password1": "plop",
|
|
"password2": "plop",
|
|
"captcha_0": "dummy-value",
|
|
"captcha_1": "PASSED",
|
|
},
|
|
)
|
|
self.assertTrue(response.status_code == 200)
|
|
self.assertTrue("TEST_REGISTER_USER_FORM_FAIL" in str(response.content))
|
|
|
|
def test_register_user_form_fail_missing_first_name(self):
|
|
"""
|
|
Should not register a user correctly
|
|
"""
|
|
c = Client()
|
|
response = c.post(
|
|
reverse("core:register"),
|
|
{
|
|
"first_name": "",
|
|
"last_name": "Carlier",
|
|
"email": "bibou@git.an",
|
|
"date_of_birth": "12/6/1942",
|
|
"password1": "plop",
|
|
"password2": "plop",
|
|
"captcha_0": "dummy-value",
|
|
"captcha_1": "PASSED",
|
|
},
|
|
)
|
|
self.assertTrue(response.status_code == 200)
|
|
self.assertTrue("TEST_REGISTER_USER_FORM_FAIL" in str(response.content))
|
|
|
|
def test_register_user_form_fail_wrong_captcha(self):
|
|
"""
|
|
Should not register a user correctly
|
|
"""
|
|
c = Client()
|
|
response = c.post(
|
|
reverse("core:register"),
|
|
{
|
|
"first_name": "Bibou",
|
|
"last_name": "Carlier",
|
|
"email": "bibou@git.an",
|
|
"date_of_birth": "12/6/1942",
|
|
"password1": "plop",
|
|
"password2": "plop",
|
|
"captcha_0": "dummy-value",
|
|
"captcha_1": "WRONG_CAPTCHA",
|
|
},
|
|
)
|
|
self.assertTrue(response.status_code == 200)
|
|
self.assertTrue("TEST_REGISTER_USER_FORM_FAIL" in str(response.content))
|
|
|
|
def test_register_user_form_fail_already_exists(self):
|
|
"""
|
|
Should not register a user correctly
|
|
"""
|
|
c = Client()
|
|
c.post(
|
|
reverse("core:register"),
|
|
{
|
|
"first_name": "Guy",
|
|
"last_name": "Carlier",
|
|
"email": "bibou@git.an",
|
|
"date_of_birth": "12/6/1942",
|
|
"password1": "plop",
|
|
"password2": "plop",
|
|
"captcha_0": "dummy-value",
|
|
"captcha_1": "PASSED",
|
|
},
|
|
)
|
|
response = c.post(
|
|
reverse("core:register"),
|
|
{
|
|
"first_name": "Bibou",
|
|
"last_name": "Carlier",
|
|
"email": "bibou@git.an",
|
|
"date_of_birth": "12/6/1942",
|
|
"password1": "plop",
|
|
"password2": "plop",
|
|
"captcha_0": "dummy-value",
|
|
"captcha_1": "PASSED",
|
|
},
|
|
)
|
|
self.assertTrue(response.status_code == 200)
|
|
self.assertTrue("TEST_REGISTER_USER_FORM_FAIL" in str(response.content))
|
|
|
|
def test_login_success(self):
|
|
"""
|
|
Should login a user correctly
|
|
"""
|
|
c = Client()
|
|
c.post(
|
|
reverse("core:register"),
|
|
{
|
|
"first_name": "Guy",
|
|
"last_name": "Carlier",
|
|
"email": "bibou@git.an",
|
|
"date_of_birth": "12/6/1942",
|
|
"password1": "plop",
|
|
"password2": "plop",
|
|
"captcha_0": "dummy-value",
|
|
"captcha_1": "PASSED",
|
|
},
|
|
)
|
|
response = c.post(
|
|
reverse("core:login"), {"username": "gcarlier", "password": "plop"}
|
|
)
|
|
self.assertTrue(response.status_code == 302)
|
|
# self.assertTrue('Hello, world' in str(response.content))
|
|
|
|
def test_login_fail(self):
|
|
"""
|
|
Should not login a user correctly
|
|
"""
|
|
c = Client()
|
|
c.post(
|
|
reverse("core:register"),
|
|
{
|
|
"first_name": "Guy",
|
|
"last_name": "Carlier",
|
|
"email": "bibou@git.an",
|
|
"date_of_birth": "12/6/1942",
|
|
"password1": "plop",
|
|
"password2": "plop",
|
|
"captcha_0": "dummy-value",
|
|
"captcha_1": "PASSED",
|
|
},
|
|
)
|
|
response = c.post(
|
|
reverse("core:login"), {"username": "gcarlier", "password": "guy"}
|
|
)
|
|
self.assertTrue(response.status_code == 200)
|
|
self.assertTrue(
|
|
"""<p class="alert alert-red">Votre nom d\\'utilisateur et votre mot de passe ne correspondent pas. Merci de r\\xc3\\xa9essayer.</p>"""
|
|
in str(response.content)
|
|
)
|
|
|
|
|
|
class MarkdownTest(TestCase):
|
|
def test_full_markdown_syntax(self):
|
|
root_path = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
|
with open(os.path.join(root_path) + "/doc/SYNTAX.md", "r") as md_file:
|
|
md = md_file.read()
|
|
with open(os.path.join(root_path) + "/doc/SYNTAX.html", "r") as html_file:
|
|
html = html_file.read()
|
|
result = markdown(md)
|
|
self.assertTrue(result == html)
|
|
|
|
|
|
class PageHandlingTest(TestCase):
|
|
def setUp(self):
|
|
self.client.login(username="root", password="plop")
|
|
self.root_group = Group.objects.get(name="Root")
|
|
|
|
def test_create_page_ok(self):
|
|
"""
|
|
Should create a page correctly
|
|
"""
|
|
|
|
response = self.client.post(
|
|
reverse("core:page_new"),
|
|
{"parent": "", "name": "guy", "owner_group": self.root_group.id},
|
|
)
|
|
self.assertRedirects(
|
|
response, reverse("core:page", kwargs={"page_name": "guy"})
|
|
)
|
|
self.assertTrue(Page.objects.filter(name="guy").exists())
|
|
|
|
response = self.client.get(reverse("core:page", kwargs={"page_name": "guy"}))
|
|
self.assertEqual(response.status_code, 200)
|
|
html = response.content.decode()
|
|
self.assertIn('<a href="/page/guy/hist/">', html)
|
|
self.assertIn('<a href="/page/guy/edit/">', html)
|
|
self.assertIn('<a href="/page/guy/prop/">', html)
|
|
|
|
def test_create_child_page_ok(self):
|
|
"""
|
|
Should create a page correctly
|
|
"""
|
|
# remove all other pages to make sure there is no side effect
|
|
Page.objects.all().delete()
|
|
self.client.post(
|
|
reverse("core:page_new"),
|
|
{"parent": "", "name": "guy", "owner_group": str(self.root_group.id)},
|
|
)
|
|
page = Page.objects.first()
|
|
response = self.client.post(
|
|
reverse("core:page_new"),
|
|
{
|
|
"parent": str(page.id),
|
|
"name": "bibou",
|
|
"owner_group": str(self.root_group.id),
|
|
},
|
|
)
|
|
response = self.client.get(
|
|
reverse("core:page", kwargs={"page_name": "guy/bibou"})
|
|
)
|
|
self.assertTrue(response.status_code == 200)
|
|
self.assertTrue('<a href="/page/guy/bibou/">' in str(response.content))
|
|
|
|
def test_access_child_page_ok(self):
|
|
"""
|
|
Should display a page correctly
|
|
"""
|
|
parent = Page(name="guy", owner_group=self.root_group)
|
|
parent.save(force_lock=True)
|
|
page = Page(name="bibou", owner_group=self.root_group, parent=parent)
|
|
page.save(force_lock=True)
|
|
response = self.client.get(
|
|
reverse("core:page", kwargs={"page_name": "guy/bibou"})
|
|
)
|
|
self.assertTrue(response.status_code == 200)
|
|
html = response.content.decode()
|
|
self.assertIn('<a href="/page/guy/bibou/edit/">', html)
|
|
|
|
def test_access_page_not_found(self):
|
|
"""
|
|
Should not display a page correctly
|
|
"""
|
|
response = self.client.get(reverse("core:page", kwargs={"page_name": "swagg"}))
|
|
self.assertTrue(response.status_code == 200)
|
|
html = response.content.decode()
|
|
self.assertIn('<a href="/page/create/?page=swagg">', html)
|
|
|
|
def test_create_page_markdown_safe(self):
|
|
"""
|
|
Should format the markdown and escape html correctly
|
|
"""
|
|
self.client.post(
|
|
reverse("core:page_new"), {"parent": "", "name": "guy", "owner_group": "1"}
|
|
)
|
|
self.client.post(
|
|
reverse("core:page_edit", kwargs={"page_name": "guy"}),
|
|
{
|
|
"title": "Bibou",
|
|
"content": """Guy *bibou*
|
|
|
|
http://git.an
|
|
|
|
# Swag
|
|
|
|
<guy>Bibou</guy>
|
|
|
|
<script>alert('Guy');</script>
|
|
""",
|
|
},
|
|
)
|
|
response = self.client.get(reverse("core:page", kwargs={"page_name": "guy"}))
|
|
self.assertTrue(response.status_code == 200)
|
|
self.assertTrue(
|
|
'<p>Guy <em>bibou</em></p>\\n<p><a href="http://git.an">http://git.an</a></p>\\n'
|
|
+ "<h1>Swag</h1>\\n<guy>Bibou</guy>"
|
|
+ "<script>alert(\\'Guy\\');</script>"
|
|
in str(response.content)
|
|
)
|
|
|
|
|
|
class UserToolsTest(TestCase):
|
|
def test_anonymous_user_unauthorized(self):
|
|
response = self.client.get(reverse("core:user_tools"))
|
|
self.assertEqual(response.status_code, 403)
|
|
|
|
def test_page_is_working(self):
|
|
# Test for simple user
|
|
self.client.login(username="guy", password="plop")
|
|
response = self.client.get(reverse("core:user_tools"))
|
|
self.assertNotEqual(response.status_code, 500)
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
# Test for root
|
|
self.client.login(username="root", password="plop")
|
|
response = self.client.get(reverse("core:user_tools"))
|
|
self.assertNotEqual(response.status_code, 500)
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
# Test for skia
|
|
self.client.login(username="skia", password="plop")
|
|
response = self.client.get(reverse("core:user_tools"))
|
|
self.assertNotEqual(response.status_code, 500)
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
# Test for comunity
|
|
self.client.login(username="comunity", password="plop")
|
|
response = self.client.get(reverse("core:user_tools"))
|
|
self.assertNotEqual(response.status_code, 500)
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
|
|
# TODO: many tests on the pages:
|
|
# - renaming a page
|
|
# - changing a page's parent --> check that page's children's full_name
|
|
# - changing the different groups of the page
|
|
|
|
|
|
class FileHandlingTest(TestCase):
|
|
@classmethod
|
|
def setUpTestData(cls):
|
|
cls.subscriber = User.objects.get(username="subscriber")
|
|
|
|
def setUp(self):
|
|
self.client.login(username="subscriber", password="plop")
|
|
|
|
def test_create_folder_home(self):
|
|
response = self.client.post(
|
|
reverse("core:file_detail", kwargs={"file_id": self.subscriber.home.id}),
|
|
{"folder_name": "GUY_folder_test"},
|
|
)
|
|
self.assertTrue(response.status_code == 302)
|
|
response = self.client.get(
|
|
reverse("core:file_detail", kwargs={"file_id": self.subscriber.home.id})
|
|
)
|
|
self.assertTrue(response.status_code == 200)
|
|
self.assertTrue("GUY_folder_test</a>" in str(response.content))
|
|
|
|
def test_upload_file_home(self):
|
|
with open("/bin/ls", "rb") as f:
|
|
response = self.client.post(
|
|
reverse(
|
|
"core:file_detail", kwargs={"file_id": self.subscriber.home.id}
|
|
),
|
|
{"file_field": f},
|
|
)
|
|
self.assertTrue(response.status_code == 302)
|
|
response = self.client.get(
|
|
reverse("core:file_detail", kwargs={"file_id": self.subscriber.home.id})
|
|
)
|
|
self.assertTrue(response.status_code == 200)
|
|
self.assertTrue("ls</a>" in str(response.content))
|
|
|
|
|
|
class UserIsInGroupTest(TestCase):
|
|
"""
|
|
Test that the User.is_in_group() and AnonymousUser.is_in_group()
|
|
work as intended
|
|
"""
|
|
|
|
@classmethod
|
|
def setUpTestData(cls):
|
|
from club.models import Club
|
|
|
|
cls.root_group = Group.objects.get(name="Root")
|
|
cls.public = Group.objects.get(name="Public")
|
|
cls.subscribers = Group.objects.get(name="Subscribers")
|
|
cls.old_subscribers = Group.objects.get(name="Old subscribers")
|
|
cls.accounting_admin = Group.objects.get(name="Accounting admin")
|
|
cls.com_admin = Group.objects.get(name="Communication admin")
|
|
cls.counter_admin = Group.objects.get(name="Counter admin")
|
|
cls.banned_alcohol = Group.objects.get(name="Banned from buying alcohol")
|
|
cls.banned_counters = Group.objects.get(name="Banned from counters")
|
|
cls.banned_subscription = Group.objects.get(name="Banned to subscribe")
|
|
cls.sas_admin = Group.objects.get(name="SAS admin")
|
|
cls.club = Club.objects.create(
|
|
name="Fake Club",
|
|
unix_name="fake-club",
|
|
address="Fake address",
|
|
)
|
|
cls.main_club = Club.objects.get(id=1)
|
|
|
|
def setUp(self) -> None:
|
|
self.toto = User.objects.create(
|
|
username="toto", first_name="a", last_name="b", email="a.b@toto.fr"
|
|
)
|
|
self.skia = User.objects.get(username="skia")
|
|
|
|
def assert_in_public_group(self, user):
|
|
self.assertTrue(user.is_in_group(pk=self.public.id))
|
|
self.assertTrue(user.is_in_group(name=self.public.name))
|
|
|
|
def assert_in_club_metagroups(self, user, club):
|
|
meta_groups_board = club.unix_name + settings.SITH_BOARD_SUFFIX
|
|
meta_groups_members = club.unix_name + settings.SITH_MEMBER_SUFFIX
|
|
self.assertFalse(user.is_in_group(name=meta_groups_board))
|
|
self.assertFalse(user.is_in_group(name=meta_groups_members))
|
|
|
|
def assert_only_in_public_group(self, user):
|
|
self.assert_in_public_group(user)
|
|
for group in (
|
|
self.root_group,
|
|
self.banned_counters,
|
|
self.accounting_admin,
|
|
self.sas_admin,
|
|
self.subscribers,
|
|
self.old_subscribers,
|
|
):
|
|
self.assertFalse(user.is_in_group(pk=group.pk))
|
|
self.assertFalse(user.is_in_group(name=group.name))
|
|
meta_groups_board = self.club.unix_name + settings.SITH_BOARD_SUFFIX
|
|
meta_groups_members = self.club.unix_name + settings.SITH_MEMBER_SUFFIX
|
|
self.assertFalse(user.is_in_group(name=meta_groups_board))
|
|
self.assertFalse(user.is_in_group(name=meta_groups_members))
|
|
|
|
def test_anonymous_user(self):
|
|
"""
|
|
Test that anonymous users are only in the public group
|
|
"""
|
|
user = AnonymousUser()
|
|
self.assert_only_in_public_group(user)
|
|
|
|
def test_not_subscribed_user(self):
|
|
"""
|
|
Test that users who never subscribed are only in the public group
|
|
"""
|
|
self.assert_only_in_public_group(self.toto)
|
|
|
|
def test_wrong_parameter_fail(self):
|
|
"""
|
|
Test that when neither the pk nor the name argument is given,
|
|
the function raises a ValueError
|
|
"""
|
|
with self.assertRaises(ValueError):
|
|
self.toto.is_in_group()
|
|
|
|
def test_number_queries(self):
|
|
"""
|
|
Test that the number of db queries is stable
|
|
and that less queries are made when making a new call
|
|
"""
|
|
# make sure Skia is in at least one group
|
|
self.skia.groups.add(Group.objects.first().pk)
|
|
skia_groups = self.skia.groups.all()
|
|
|
|
group_in = skia_groups.first()
|
|
cache.clear()
|
|
# Test when the user is in the group
|
|
with self.assertNumQueries(2):
|
|
self.skia.is_in_group(pk=group_in.id)
|
|
with self.assertNumQueries(0):
|
|
self.skia.is_in_group(pk=group_in.id)
|
|
|
|
ids = skia_groups.values_list("pk", flat=True)
|
|
group_not_in = Group.objects.exclude(pk__in=ids).first()
|
|
cache.clear()
|
|
# Test when the user is not in the group
|
|
with self.assertNumQueries(2):
|
|
self.skia.is_in_group(pk=group_not_in.id)
|
|
with self.assertNumQueries(0):
|
|
self.skia.is_in_group(pk=group_not_in.id)
|
|
|
|
def test_cache_properly_cleared_membership(self):
|
|
"""
|
|
Test that when the membership of a user end,
|
|
the cache is properly invalidated
|
|
"""
|
|
membership = Membership.objects.create(
|
|
club=self.club, user=self.toto, end_date=None
|
|
)
|
|
meta_groups_members = self.club.unix_name + settings.SITH_MEMBER_SUFFIX
|
|
cache.clear()
|
|
self.assertTrue(self.toto.is_in_group(name=meta_groups_members))
|
|
self.assertEqual(
|
|
membership, cache.get(f"membership_{self.club.id}_{self.toto.id}")
|
|
)
|
|
membership.end_date = now() - timedelta(minutes=5)
|
|
membership.save()
|
|
cached_membership = cache.get(f"membership_{self.club.id}_{self.toto.id}")
|
|
self.assertEqual(cached_membership, "not_member")
|
|
self.assertFalse(self.toto.is_in_group(name=meta_groups_members))
|
|
|
|
def test_cache_properly_cleared_group(self):
|
|
"""
|
|
Test that when a user is removed from a group,
|
|
the is_in_group_method return False when calling it again
|
|
"""
|
|
# testing with pk
|
|
self.toto.groups.add(self.com_admin.pk)
|
|
self.assertTrue(self.toto.is_in_group(pk=self.com_admin.pk))
|
|
|
|
self.toto.groups.remove(self.com_admin.pk)
|
|
self.assertFalse(self.toto.is_in_group(pk=self.com_admin.pk))
|
|
|
|
# testing with name
|
|
self.toto.groups.add(self.sas_admin.pk)
|
|
self.assertTrue(self.toto.is_in_group(name="SAS admin"))
|
|
|
|
self.toto.groups.remove(self.sas_admin.pk)
|
|
self.assertFalse(self.toto.is_in_group(name="SAS admin"))
|
|
|
|
def test_not_existing_group(self):
|
|
"""
|
|
Test that searching for a not existing group
|
|
returns False
|
|
"""
|
|
self.assertFalse(self.skia.is_in_group(name="This doesn't exist"))
|
|
|
|
|
|
class DateUtilsTest(TestCase):
|
|
@classmethod
|
|
def setUpTestData(cls):
|
|
cls.autumn_month = settings.SITH_SEMESTER_START_AUTUMN[0]
|
|
cls.autumn_day = settings.SITH_SEMESTER_START_AUTUMN[1]
|
|
cls.spring_month = settings.SITH_SEMESTER_START_SPRING[0]
|
|
cls.spring_day = settings.SITH_SEMESTER_START_SPRING[1]
|
|
|
|
cls.autumn_semester_january = date(2025, 1, 4)
|
|
cls.autumn_semester_september = date(2024, 9, 4)
|
|
cls.autumn_first_day = date(2024, cls.autumn_month, cls.autumn_day)
|
|
|
|
cls.spring_semester_march = date(2023, 3, 4)
|
|
cls.spring_first_day = date(2023, cls.spring_month, cls.spring_day)
|
|
|
|
def test_get_semester(self):
|
|
"""
|
|
Test that the get_semester function returns the correct semester string
|
|
"""
|
|
self.assertEqual(get_semester_code(self.autumn_semester_january), "A24")
|
|
self.assertEqual(get_semester_code(self.autumn_semester_september), "A24")
|
|
self.assertEqual(get_semester_code(self.autumn_first_day), "A24")
|
|
|
|
self.assertEqual(get_semester_code(self.spring_semester_march), "P23")
|
|
self.assertEqual(get_semester_code(self.spring_first_day), "P23")
|
|
|
|
def test_get_start_of_semester_fixed_date(self):
|
|
"""
|
|
Test that the get_start_of_semester correctly the starting date of the semester.
|
|
"""
|
|
automn_2024 = date(2024, self.autumn_month, self.autumn_day)
|
|
self.assertEqual(
|
|
get_start_of_semester(self.autumn_semester_january), automn_2024
|
|
)
|
|
self.assertEqual(
|
|
get_start_of_semester(self.autumn_semester_september), automn_2024
|
|
)
|
|
self.assertEqual(get_start_of_semester(self.autumn_first_day), automn_2024)
|
|
|
|
spring_2023 = date(2023, self.spring_month, self.spring_day)
|
|
self.assertEqual(get_start_of_semester(self.spring_semester_march), spring_2023)
|
|
self.assertEqual(get_start_of_semester(self.spring_first_day), spring_2023)
|
|
|
|
def test_get_start_of_semester_today(self):
|
|
"""
|
|
Test that the get_start_of_semester returns the start of the current semester
|
|
when no date is given
|
|
"""
|
|
with freezegun.freeze_time(self.autumn_semester_september):
|
|
self.assertEqual(get_start_of_semester(), self.autumn_first_day)
|
|
|
|
with freezegun.freeze_time(self.spring_semester_march):
|
|
self.assertEqual(get_start_of_semester(), self.spring_first_day)
|
|
|
|
def test_get_start_of_semester_changing_date(self):
|
|
"""
|
|
Test that the get_start_of_semester correctly gives the starting date of the semester,
|
|
even when the semester changes while the server isn't restarted.
|
|
"""
|
|
spring_2023 = date(2023, self.spring_month, self.spring_day)
|
|
autumn_2023 = date(2023, self.autumn_month, self.autumn_day)
|
|
mid_spring = spring_2023 + timedelta(days=45)
|
|
mid_autumn = autumn_2023 + timedelta(days=45)
|
|
|
|
with freezegun.freeze_time(mid_spring) as frozen_time:
|
|
self.assertEqual(get_start_of_semester(), spring_2023)
|
|
|
|
# forward time to the middle of the next semester
|
|
frozen_time.move_to(mid_autumn)
|
|
self.assertEqual(get_start_of_semester(), autumn_2023)
|