Refactor 'no access to unauthed' test to cover all of PyRIGS

2026-01-17 13:32:15 +00:00 · 2021-01-31 01:07:52 +00:00
parent 4434a2bc80
commit a2b253a808
6 changed files with 52 additions and 24 deletions
--- a/PyRIGS/decorators.py
+++ b/PyRIGS/decorators.py
@@ -1,3 +1,4 @@
+from django.conf import settings
 from django.contrib.auth import REDIRECT_FIELD_NAME
 from django.http import HttpResponseRedirect
 from django.shortcuts import render
@@ -15,11 +16,7 @@ def get_oembed(login_url, request, oembed_view, kwargs):
    return resp


-def has_oembed(oembed_view, login_url=None):
-    if not login_url:
-        from django.conf import settings
-        login_url = settings.LOGIN_URL
-
+def has_oembed(oembed_view, login_url=settings.LOGIN_URL):
    def _dec(view_func):
        def _checklogin(request, *args, **kwargs):
            if request.user.is_authenticated:
--- a/PyRIGS/tests/test_unit.py
+++ b/PyRIGS/tests/test_unit.py
@@ -0,0 +1,47 @@
+from PyRIGS import urls
+from assets.tests.test_unit import create_asset_one
+import pytest
+from django.urls import URLPattern, URLResolver, reverse
+from django.urls.exceptions import NoReverseMatch
+from pytest_django.asserts import assertContains, assertRedirects, assertTemplateUsed
+
+pytestmark = pytest.mark.django_db
+
+
+def find_urls_recursive(patterns):
+    urls_to_check = []
+    for url in patterns:
+        if isinstance(url, URLResolver):
+            urls_to_check += find_urls_recursive(url.url_patterns)
+        elif isinstance(url, URLPattern):
+            # Skip some thinks that actually don't need auth (mainly OEmbed JSONs that are essentially just a redirect)
+            if url.name is not None and url.name != "closemodal" and "json" not in str(url):
+                urls_to_check.append(url)
+    return urls_to_check
+
+
+def test_unauthenticated(client):  # Nothing should be available to the unauthenticated
+    create_asset_one()
+    for url in find_urls_recursive(urls.urlpatterns):
+        pattern = str(url.pattern)
+        request_url = ""
+        try:
+            kwargz = {}
+            if ":pk>" in pattern:
+                kwargz['pk'] = 1
+            if ":model>" in pattern:
+                kwargz['model'] = "event"
+            request_url = reverse(url.name, kwargs=kwargz)
+        except NoReverseMatch:
+            print("Couldn't test url " + pattern)
+        if request_url and 'user' not in request_url: # User module is full of edge cases
+            response = client.get(request_url, follow=True, HTTP_HOST='example.com')
+            assertContains(response, 'Login')
+            if 'application/json+oembed' in str(response.content):
+                assertTemplateUsed(response, 'login_redirect.html')
+            else:
+                if "embed" in str(url):
+                    expected_url = "{0}?next={1}".format(reverse('login_embed'), request_url)
+                else:
+                    expected_url = "{0}?next={1}".format(reverse('login'), request_url)
+                assertRedirects(response, expected_url)
--- a/PyRIGS/urls.py
+++ b/PyRIGS/urls.py
@@ -3,7 +3,7 @@ from django.conf.urls import include
 from django.contrib import admin
 from django.contrib.auth.decorators import login_required
 from django.contrib.staticfiles.urls import staticfiles_urlpatterns
-from django.urls import path, re_path
+from django.urls import path
 from django.views.generic import TemplateView

 from PyRIGS import views
@@ -34,6 +34,6 @@ if settings.DEBUG:

    import debug_toolbar
    urlpatterns = [
-        re_path(r'^__debug__/', include(debug_toolbar.urls)),
+        path('__debug__/', include(debug_toolbar.urls)),
        path('bootstrap/', TemplateView.as_view(template_name="bootstrap.html")),
    ] + urlpatterns
--- a/assets/tests/test_unit.py
+++ b/assets/tests/test_unit.py
@@ -214,21 +214,6 @@ def create_asset_one():
    return models.Asset.objects.create(asset_id="1", description="Half Price Fish", status=status, category=category, date_acquired=datetime.date(2020, 2, 1))


-def test_unauthenticated(client):  # Nothing should be available to the unauthenticated
-    create_asset_one()
-    for url in filter(lambda url: url.name is not None and "json" not in str(url), urls.urlpatterns):
-        pattern = str(url.pattern)
-        if ":pk>" in pattern:
-            request_url = reverse(url.name, kwargs={'pk': 1})
-        else:
-            request_url = reverse(url.name)
-        if request_url:
-            print(request_url)
-            response = client.get(request_url, follow=True, HTTP_HOST='example.com')
-            # TODO Check the URL here
-            assertContains(response, 'Login')
-
-
 def test_basic_access(client):
    create_asset_one()
    client.login(username="basic", password="basic")
--- a/pytest.ini
+++ b/pytest.ini
@@ -1,5 +1,4 @@
 [pytest]
 DJANGO_SETTINGS_MODULE = PyRIGS.settings
-# FAIL_INVALID_TEMPLATE_VARS = True
 filterwarnings =
    ignore:.*site-packages.*:DeprecationWarning
--- a/versioning/urls.py
+++ b/versioning/urls.py
@@ -20,7 +20,7 @@ for app in [apps.get_app_config(label) for label in ("RIGS", "assets")]:
        table_name = 'activity_table'
    else:
        table_name = appname + '_activity_table'
-        
+
    # TODO Proper Permissions
    urlpatterns += [
        path(appname + '/activity/', permission_required_with_403('RIGS.add_event')(views.ActivityTable.as_view()),