From a2b253a8080aa64d041bdaf9b6999373cf6ca19f Mon Sep 17 00:00:00 2001 From: Arona Jones Date: Sun, 31 Jan 2021 01:07:52 +0000 Subject: [PATCH] Refactor 'no access to unauthed' test to cover all of PyRIGS --- PyRIGS/decorators.py | 7 ++---- PyRIGS/tests/test_unit.py | 47 +++++++++++++++++++++++++++++++++++++++ PyRIGS/urls.py | 4 ++-- assets/tests/test_unit.py | 15 ------------- pytest.ini | 1 - versioning/urls.py | 2 +- 6 files changed, 52 insertions(+), 24 deletions(-) create mode 100644 PyRIGS/tests/test_unit.py diff --git a/PyRIGS/decorators.py b/PyRIGS/decorators.py index 9094d5a0..df942838 100644 --- a/PyRIGS/decorators.py +++ b/PyRIGS/decorators.py @@ -1,3 +1,4 @@ +from django.conf import settings from django.contrib.auth import REDIRECT_FIELD_NAME from django.http import HttpResponseRedirect from django.shortcuts import render @@ -15,11 +16,7 @@ def get_oembed(login_url, request, oembed_view, kwargs): return resp -def has_oembed(oembed_view, login_url=None): - if not login_url: - from django.conf import settings - login_url = settings.LOGIN_URL - +def has_oembed(oembed_view, login_url=settings.LOGIN_URL): def _dec(view_func): def _checklogin(request, *args, **kwargs): if request.user.is_authenticated: diff --git a/PyRIGS/tests/test_unit.py b/PyRIGS/tests/test_unit.py new file mode 100644 index 00000000..7e39c240 --- /dev/null +++ b/PyRIGS/tests/test_unit.py @@ -0,0 +1,47 @@ +from PyRIGS import urls +from assets.tests.test_unit import create_asset_one +import pytest +from django.urls import URLPattern, URLResolver, reverse +from django.urls.exceptions import NoReverseMatch +from pytest_django.asserts import assertContains, assertRedirects, assertTemplateUsed + +pytestmark = pytest.mark.django_db + + +def find_urls_recursive(patterns): + urls_to_check = [] + for url in patterns: + if isinstance(url, URLResolver): + urls_to_check += find_urls_recursive(url.url_patterns) + elif isinstance(url, URLPattern): + # Skip some thinks that actually don't need auth (mainly OEmbed JSONs that are essentially just a redirect) + if url.name is not None and url.name != "closemodal" and "json" not in str(url): + urls_to_check.append(url) + return urls_to_check + + +def test_unauthenticated(client): # Nothing should be available to the unauthenticated + create_asset_one() + for url in find_urls_recursive(urls.urlpatterns): + pattern = str(url.pattern) + request_url = "" + try: + kwargz = {} + if ":pk>" in pattern: + kwargz['pk'] = 1 + if ":model>" in pattern: + kwargz['model'] = "event" + request_url = reverse(url.name, kwargs=kwargz) + except NoReverseMatch: + print("Couldn't test url " + pattern) + if request_url and 'user' not in request_url: # User module is full of edge cases + response = client.get(request_url, follow=True, HTTP_HOST='example.com') + assertContains(response, 'Login') + if 'application/json+oembed' in str(response.content): + assertTemplateUsed(response, 'login_redirect.html') + else: + if "embed" in str(url): + expected_url = "{0}?next={1}".format(reverse('login_embed'), request_url) + else: + expected_url = "{0}?next={1}".format(reverse('login'), request_url) + assertRedirects(response, expected_url) diff --git a/PyRIGS/urls.py b/PyRIGS/urls.py index af2b10f9..73f80bc8 100644 --- a/PyRIGS/urls.py +++ b/PyRIGS/urls.py @@ -3,7 +3,7 @@ from django.conf.urls import include from django.contrib import admin from django.contrib.auth.decorators import login_required from django.contrib.staticfiles.urls import staticfiles_urlpatterns -from django.urls import path, re_path +from django.urls import path from django.views.generic import TemplateView from PyRIGS import views @@ -34,6 +34,6 @@ if settings.DEBUG: import debug_toolbar urlpatterns = [ - re_path(r'^__debug__/', include(debug_toolbar.urls)), + path('__debug__/', include(debug_toolbar.urls)), path('bootstrap/', TemplateView.as_view(template_name="bootstrap.html")), ] + urlpatterns diff --git a/assets/tests/test_unit.py b/assets/tests/test_unit.py index 68b5c57d..25508a33 100644 --- a/assets/tests/test_unit.py +++ b/assets/tests/test_unit.py @@ -214,21 +214,6 @@ def create_asset_one(): return models.Asset.objects.create(asset_id="1", description="Half Price Fish", status=status, category=category, date_acquired=datetime.date(2020, 2, 1)) -def test_unauthenticated(client): # Nothing should be available to the unauthenticated - create_asset_one() - for url in filter(lambda url: url.name is not None and "json" not in str(url), urls.urlpatterns): - pattern = str(url.pattern) - if ":pk>" in pattern: - request_url = reverse(url.name, kwargs={'pk': 1}) - else: - request_url = reverse(url.name) - if request_url: - print(request_url) - response = client.get(request_url, follow=True, HTTP_HOST='example.com') - # TODO Check the URL here - assertContains(response, 'Login') - - def test_basic_access(client): create_asset_one() client.login(username="basic", password="basic") diff --git a/pytest.ini b/pytest.ini index edffa6da..9cc9bb62 100644 --- a/pytest.ini +++ b/pytest.ini @@ -1,5 +1,4 @@ [pytest] DJANGO_SETTINGS_MODULE = PyRIGS.settings -# FAIL_INVALID_TEMPLATE_VARS = True filterwarnings = ignore:.*site-packages.*:DeprecationWarning diff --git a/versioning/urls.py b/versioning/urls.py index 48d6ef17..9bc250be 100644 --- a/versioning/urls.py +++ b/versioning/urls.py @@ -20,7 +20,7 @@ for app in [apps.get_app_config(label) for label in ("RIGS", "assets")]: table_name = 'activity_table' else: table_name = appname + '_activity_table' - + # TODO Proper Permissions urlpatterns += [ path(appname + '/activity/', permission_required_with_403('RIGS.add_event')(views.ActivityTable.as_view()),