arona/PyRIGS
1
0
Fork 0
mirror of https://github.com/nottinghamtec/PyRIGS.git synced 2026-01-28 19:02:16 +00:00
Code Issues Projects Releases Wiki Activity

Refactor 'no access to unauthed' test to cover all of PyRIGS

Browse Source
This commit is contained in:
FreneticScribbler
2021-01-31 01:07:52 +00:00
parent 4434a2bc80
commit a2b253a808
6 changed files with 52 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
PyRIGS/decorators.py
View File

@@ -1,3 +1,4 @@
from django.conf import settings
from django.contrib.auth import REDIRECT_FIELD_NAME from django.contrib.auth import REDIRECT_FIELD_NAME
from django.http import HttpResponseRedirect from django.http import HttpResponseRedirect
from django.shortcuts import render from django.shortcuts import render
@@ -15,11 +16,7 @@ def get_oembed(login_url, request, oembed_view, kwargs):
return resp return resp
def has_oembed(oembed_view, login_url=None): def has_oembed(oembed_view, login_url=settings.LOGIN_URL):
if not login_url:
from django.conf import settings
login_url = settings.LOGIN_URL
def _dec(view_func): def _dec(view_func):
def _checklogin(request, *args, **kwargs): def _checklogin(request, *args, **kwargs):
if request.user.is_authenticated: if request.user.is_authenticated:

47
PyRIGS/tests/test_unit.py Normal file
View File

@@ -0,0 +1,47 @@
from PyRIGS import urls
from assets.tests.test_unit import create_asset_one
import pytest
from django.urls import URLPattern, URLResolver, reverse
from django.urls.exceptions import NoReverseMatch
from pytest_django.asserts import assertContains, assertRedirects, assertTemplateUsed
pytestmark = pytest.mark.django_db
def find_urls_recursive(patterns):
urls_to_check = []
for url in patterns:
if isinstance(url, URLResolver):
urls_to_check += find_urls_recursive(url.url_patterns)
elif isinstance(url, URLPattern):
# Skip some thinks that actually don't need auth (mainly OEmbed JSONs that are essentially just a redirect)
if url.name is not None and url.name != "closemodal" and "json" not in str(url):
urls_to_check.append(url)
return urls_to_check
def test_unauthenticated(client): # Nothing should be available to the unauthenticated
create_asset_one()
for url in find_urls_recursive(urls.urlpatterns):
pattern = str(url.pattern)
request_url = ""
try:
kwargz = {}
if ":pk>" in pattern:
kwargz['pk'] = 1
if ":model>" in pattern:
kwargz['model'] = "event"
request_url = reverse(url.name, kwargs=kwargz)
except NoReverseMatch:
print("Couldn't test url " + pattern)
if request_url and 'user' not in request_url: # User module is full of edge cases
response = client.get(request_url, follow=True, HTTP_HOST='example.com')
assertContains(response, 'Login')
if 'application/json+oembed' in str(response.content):
assertTemplateUsed(response, 'login_redirect.html')
else:
if "embed" in str(url):
expected_url = "{0}?next={1}".format(reverse('login_embed'), request_url)
else:
expected_url = "{0}?next={1}".format(reverse('login'), request_url)
assertRedirects(response, expected_url)

4
PyRIGS/urls.py
View File

@@ -3,7 +3,7 @@ from django.conf.urls import include
from django.contrib import admin from django.contrib import admin
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
from django.contrib.staticfiles.urls import staticfiles_urlpatterns from django.contrib.staticfiles.urls import staticfiles_urlpatterns
from django.urls import path, re_path from django.urls import path
from django.views.generic import TemplateView from django.views.generic import TemplateView
from PyRIGS import views from PyRIGS import views
@@ -34,6 +34,6 @@ if settings.DEBUG:
import debug_toolbar import debug_toolbar
urlpatterns = [ urlpatterns = [
re_path(r'^__debug__/', include(debug_toolbar.urls)), path('__debug__/', include(debug_toolbar.urls)),
path('bootstrap/', TemplateView.as_view(template_name="bootstrap.html")), path('bootstrap/', TemplateView.as_view(template_name="bootstrap.html")),
] + urlpatterns ] + urlpatterns

15
assets/tests/test_unit.py
View File

@@ -214,21 +214,6 @@ def create_asset_one():
return models.Asset.objects.create(asset_id="1", description="Half Price Fish", status=status, category=category, date_acquired=datetime.date(2020, 2, 1)) return models.Asset.objects.create(asset_id="1", description="Half Price Fish", status=status, category=category, date_acquired=datetime.date(2020, 2, 1))
def test_unauthenticated(client): # Nothing should be available to the unauthenticated
create_asset_one()
for url in filter(lambda url: url.name is not None and "json" not in str(url), urls.urlpatterns):
pattern = str(url.pattern)
if ":pk>" in pattern:
request_url = reverse(url.name, kwargs={'pk': 1})
else:
request_url = reverse(url.name)
if request_url:
print(request_url)
response = client.get(request_url, follow=True, HTTP_HOST='example.com')
# TODO Check the URL here
assertContains(response, 'Login')
def test_basic_access(client): def test_basic_access(client):
create_asset_one() create_asset_one()
client.login(username="basic", password="basic") client.login(username="basic", password="basic")

1
pytest.ini
View File

@@ -1,5 +1,4 @@
[pytest] [pytest]
DJANGO_SETTINGS_MODULE = PyRIGS.settings DJANGO_SETTINGS_MODULE = PyRIGS.settings
# FAIL_INVALID_TEMPLATE_VARS = True
filterwarnings = filterwarnings =
ignore:.*site-packages.*:DeprecationWarning ignore:.*site-packages.*:DeprecationWarning

2
versioning/urls.py
View File

@@ -20,7 +20,7 @@ for app in [apps.get_app_config(label) for label in ("RIGS", "assets")]:
table_name = 'activity_table' table_name = 'activity_table'
else: else:
table_name = appname + '_activity_table' table_name = appname + '_activity_table'
# TODO Proper Permissions # TODO Proper Permissions
urlpatterns += [ urlpatterns += [
path(appname + '/activity/', permission_required_with_403('RIGS.add_event')(views.ActivityTable.as_view()), path(appname + '/activity/', permission_required_with_403('RIGS.add_event')(views.ActivityTable.as_view()),