PyRIGS/RIGS/tests/test_functional.py

import datetime
from datetime import date

import pytest
from django.conf import settings
from django.core import mail, signing
from django.http import HttpResponseBadRequest
from django.test import TestCase
from django.urls import reverse

import PyRIGS.tests.base
from RIGS import models
from pytest_django.asserts import assertContains, assertNotContains, assertFormError


def setup_event():
    venue = models.Venue.objects.create(name='Authorisation Test Venue')
    client = models.Person.objects.create(name='Authorisation Test Person', email='authorisation@functional.test')
    organisation = models.Organisation.objects.create(name='Authorisation Test Organisation', union_account=True)
    return models.Event.objects.create(
        name='Authorisation Test',
        start_date=date.today(),
        venue=venue,
        person=client,
        organisation=organisation,
    )


def setup_mail(event, profile):
    profile.email = "teccie@nottinghamtec.co.uk"
    profile.save()
    auth_data = {
        'name': 'Test ABC',
        'po': '1234ABCZXY',
        'account_code': 'ABC TEST 12345',
        'uni_id': 1234567890,
        'tos': True
    }
    hmac = signing.dumps({'pk': event.pk, 'email': 'authemail@function.test',
                          'sent_by': profile.pk})
    url = reverse('event_authorise', kwargs={'pk': event.pk, 'hmac': hmac})
    return auth_data, hmac, url


def test_create(admin_client):
    url = reverse('event_create')
    # end time before start access after start
    response = admin_client.post(url, {'start_date': datetime.date(2020, 1, 1), 'start_time': datetime.time(10, 00),
                                       'end_time': datetime.time(9, 00),
                                       'access_at': datetime.datetime(2020, 1, 5, 10)})
    assertFormError(response, 'form', 'end_time',
                    "Unless you've invented time travel, the event can't finish before it has started.")
    assertFormError(response, 'form', 'access_at',
                    "Regardless of what some clients might think, access time cannot be after the event has started.")


def test_requires_valid_hmac(client, admin_user):
    event = setup_event()
    auth_data, hmac, url = setup_mail(event, admin_user)
    bad_hmac = hmac[:-1]
    url = reverse('event_authorise', kwargs={'pk': event.pk, 'hmac': bad_hmac})
    response = client.get(url)
    assert isinstance(response, HttpResponseBadRequest)
    # TODO: Add some form of sensible user facing error
    # self.assertIn(response.content, "new URL")  # check there is some level of sane instruction
    # response = client.get(url)
    # assertContains(response, event.organisation.name)


def test_validation(client, admin_user):
    event = setup_event()
    auth_data, hmac, url = setup_mail(event, admin_user)
    response = client.get(url)
    assertContains(response, "Terms of Hire")
    assertContains(response, "Account code")
    assertContains(response, "University ID")

    response = client.post(url)
    assertContains(response, "This field is required.", 5)

    auth_data['amount'] = event.total + 1

    response = client.post(url, auth_data)
    assertContains(response, "The amount authorised must equal the total for the event")
    assertNotContains(response, "This field is required.")

    auth_data['amount'] = event.total
    response = client.post(url, auth_data)
    assertContains(response, "Your event has been authorised")

    event.refresh_from_db()
    assert event.authorised
    assert str(event.authorisation.email) == "authemail@function.test"


def test_duplicate_warning(client, admin_user):
    event = setup_event()
    auth_data, hmac, url = setup_mail(event, admin_user)
    auth = models.EventAuthorisation.objects.create(event=event, name='Test ABC', email='dupe@functional.test',
                                                    amount=event.total, sent_by=admin_user)
    response = client.get(url)
    assertContains(response, 'This event has already been authorised.')

    auth.amount += 1
    auth.save()

    response = client.get(url)
    assertContains(response, 'amount has changed')


@pytest.mark.django_db
def test_email_sent(admin_client, admin_user, mailoutbox):
    event = setup_event()
    auth_data, hmac, url = setup_mail(event, admin_user)

    data = auth_data
    data['amount'] = event.total
    response = admin_client.post(url, data)
    assertContains(response, "Your event has been authorised.")
    assert len(mailoutbox) == 2
    assert mailoutbox[0].to == ['authemail@function.test']
    assert mailoutbox[1].to == [settings.AUTHORISATION_NOTIFICATION_ADDRESS]


def test_email_check(admin_client, admin_user):
    event = setup_event()
    url = reverse('event_authorise_request', kwargs={'pk': event.pk})
    admin_user.email = 'teccie@someotherdomain.com'
    admin_user.save()

    response = admin_client.post(url)

    assertContains(response, 'must have an @nottinghamtec.co.uk email address')


def test_request_send(admin_client, admin_user):
    event = setup_event()
    url = reverse('event_authorise_request', kwargs={'pk': event.pk})
    admin_user.email = 'teccie@nottinghamtec.co.uk'
    admin_user.save()
    response = admin_client.post(url)
    assertContains(response, 'This field is required.')

    mail.outbox = []

    response = admin_client.post(url, {'email': 'client@functional.test'})
    assert response.status_code == 302
    assert len(mail.outbox) == 1
    email = mail.outbox[0]
    assert 'client@functional.test' in email.to
    assert '/event/%d/' % event.pk in email.body

    # Check sent by details are populated
    event.refresh_from_db()
    assert event.auth_request_by == admin_user
    assert event.auth_request_to == 'client@functional.test'
    assert event.auth_request_at is not None