Add tests for Screamshotter and Convertit

makinacorpus · Sep 14, 2023 · 60487d0 · 60487d0
1 parent cbad05c
commit 60487d0
Show file tree

Hide file tree

Showing 3 changed files with 75 additions and 71 deletions.
diff --git a/test_app/tests/test_helpers.py b/test_app/tests/test_helpers.py
@@ -4,6 +4,7 @@
 from django.test import TestCase
 
 from mapentity.helpers import (
+    capture_map_image,
     capture_url,
     convertit_url,
     user_has_perm,
@@ -25,6 +26,13 @@ def test_capture_url_is_escaped(self):
         url = capture_url('http://geotrek.fr')
         self.assertIn('http%3A//geotrek.fr', url)
 
+    @mock.patch('mapentity.helpers.open')
+    @mock.patch('mapentity.helpers.capture_image')
+    def test_capture_url_has_auth_token(self, mocked_capture, mocked_open):
+        capture_map_image('', '')
+        url, _ = mocked_capture.call_args[0]
+        self.assertIn("auth_token", url)
+
     def test_capture_url_with_no_params(self):
         url = capture_url('http://geotrek.fr')
         self.assertNotIn('width', url)

diff --git a/test_app/tests/test_middleware.py b/test_app/tests/test_middleware.py
@@ -1,79 +1,65 @@
-from unittest import mock
-
-from django.conf import settings
 from django.contrib.auth import get_user_model
-from django.contrib.auth.models import AnonymousUser
 from django.core.management import call_command
-from django.http import HttpResponse
 from django.test import TestCase
-from django.test.client import RequestFactory
-from django.test.utils import override_settings
 
-from mapentity import middleware
-from mapentity.middleware import AutoLoginMiddleware, get_internal_user
-from mapentity.tests.factories import AttachmentFactory, UserFactory
-from .factories import DummyModelFactory
+from mapentity.middleware import get_internal_user, clear_internal_user_cache
+from mapentity.tests.factories import SuperUserFactory
+from mapentity.tokens import TokenManager
 
 User = get_user_model()
 
 
-def fake_view(request):
-    return HttpResponse()
-
+class AutoLoginMiddlewareTest(TestCase):
+    @classmethod
+    def setUpTestData(cls):
+        cls.user = SuperUserFactory()
 
-@override_settings(TEST=False)
-class AutoLoginTest(TestCase):
     def setUp(self):
-        middleware.clear_internal_user_cache()
-        self.middleware = AutoLoginMiddleware(fake_view)
-        self.request = RequestFactory()
-        self.request.user = AnonymousUser()  # usually set by other middleware
-        self.request.META = {'REMOTE_ADDR': '6.6.6.6'}
-        self.internal_user = get_internal_user()
+        clear_internal_user_cache()
         call_command('update_permissions_mapentity')
 
-    def test_internal_user_cannot_login(self):
-        success = self.client.login(
-            username=self.internal_user.username,
-            password=settings.SECRET_KEY)
-        self.assertFalse(success)
-
-    def test_auto_login_happens_by_remote_addr(self):
-        obj = DummyModelFactory.create()
-        middleware.AUTOLOGIN_IPS = ['1.2.3.4']
-        attachment = AttachmentFactory.create(content_object=obj)
-        response = self.client.get("/media/%s" % attachment.attachment_file,
-                                   REMOTE_ADDR='1.2.3.5')
-        self.assertEqual(response.status_code, 403)
-        with mock.patch('django.contrib.auth.models._user_has_perm', return_value=True):
-            response = self.client.get("/media/%s" % attachment.attachment_file,
-                                       REMOTE_ADDR='1.2.3.4')
+    def test_user_authenticated_no_token(self):
+        self.client.force_login(self.user)
+        response = self.client.get('/dummymodel/list/')
+
+        self.assertTrue(response.status_code == 200)
+        self.assertEqual(response.wsgi_request.user, self.user)
+
+    def test_user_authenticated_with_valid_token(self):
+        self.client.force_login(self.user)
+        auth_token = TokenManager.generate_token()
+        response = self.client.get(f'/dummymodel/list/?auth_token={auth_token}')
+
+        self.assertTrue(response.status_code == 200)
+        self.assertEqual(response.wsgi_request.user, self.user)
+
+    def test_user_authenticated_with_invalid_token(self):
+        self.client.force_login(self.user)
+        auth_token = 'invalid_token'
+        response = self.client.get(f'/dummymodel/list/?auth_token={auth_token}')
+
+        self.assertTrue(response.status_code == 200)
+        self.assertEqual(response.wsgi_request.user, self.user)
+
+    def test_user_not_authenticated_no_token(self):
+        response = self.client.get('/dummymodel/list/')
+
+        self.assertEqual(response.status_code, 302)
+        self.assertIn('/login/', response.url)
+
+    def test_user_not_authenticated_with_invalid_token(self):
+        auth_token = 'invalid_token'
+        response = self.client.get(f'/dummymodel/list/?auth_token={auth_token}')
+
+        self.assertEqual(response.status_code, 302)
+        self.assertIn('/login/', response.url)
+
+    def test_user_not_authenticated_with_valid_token(self):
+        auth_token = TokenManager.generate_token()
+        response = self.client.get(f'/dummymodel/list/?auth_token={auth_token}')
+
         self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.wsgi_request.user, get_internal_user())
 
-    def test_auto_login_do_not_change_current_user(self):
-        user = UserFactory()
-        self.request.user = user
-        self.middleware(self.request)
-        self.assertEqual(self.request.user, user)
-
-    def test_auto_login_do_not_log_whoever(self):
-        self.middleware(self.request)
-        self.assertTrue(self.request.user.is_anonymous)
-
-    def test_auto_login(self):
-        middleware.AUTOLOGIN_IPS = ['1.2.3.4']
-        self.request.META['REMOTE_ADDR'] = '1.2.3.4'
-
-        self.assertTrue(self.request.user.is_anonymous)
-        self.middleware(self.request)
-        self.assertFalse(self.request.user.is_anonymous)
-        self.assertEqual(self.request.user, self.internal_user)
-
-    def test_auto_login_proxy(self):
-        middleware.AUTOLOGIN_IPS = ['1.2.3.4']
-        self.request.META['HTTP_X_FORWARDED_FOR'] = '1.2.3.4,2.2.2.2'
-
-        self.assertTrue(self.request.user.is_anonymous)
-        self.middleware(self.request)
-        self.assertFalse(self.request.user.is_anonymous)
-        self.assertEqual(self.request.user, self.internal_user)
+        # A token can't be used twice
+        self.assertFalse(TokenManager.verify_token(auth_token))
diff --git a/test_app/tests/test_views.py b/test_app/tests/test_views.py
@@ -129,24 +129,32 @@ def test_convert_view_only_supports_get(self):
         self.assertEqual(response.status_code, 405)
 
     @mock.patch('mapentity.helpers.requests.get')
-    def test_convert_view_uses_original_request_headers(self, get_mocked):
+    @mock.patch('mapentity.tokens.TokenManager.generate_token')
+    def test_convert_view_uses_original_request_headers(self, token_mocked, get_mocked):
+        token_mocked.return_value = "a_temp0rary_t0k3n"
         get_mocked.return_value.status_code = 200
         get_mocked.return_value.content = 'x'
         get_mocked.return_value.url = 'x'
         self.login()
         self.client.get('/convert/?url=http://geotrek.fr',
                         HTTP_ACCEPT_LANGUAGE='it')
-        get_mocked.assert_called_with('http://localhost//?url=http%3A//geotrek.fr&to=application/pdf',
+        host = app_settings['CONVERSION_SERVER']
+        url = f"{host}/?url=http%3A//geotrek.fr%3Fauth_token%3Da_temp0rary_t0k3n&to=application/pdf"
+        get_mocked.assert_called_with(url,
                                       headers={'Accept-Language': 'it'})
 
     @mock.patch('mapentity.helpers.requests.get')
-    def test_convert_view_builds_absolute_url_from_relative(self, get_mocked):
+    @mock.patch('mapentity.tokens.TokenManager.generate_token')
+    def test_convert_view_builds_absolute_url_from_relative(self, token_mocked, get_mocked):
+        token_mocked.return_value = "a_temp0rary_t0k3n"
         get_mocked.return_value.status_code = 200
         get_mocked.return_value.content = 'x'
         get_mocked.return_value.url = 'x'
         self.login()
         self.client.get('/convert/?url=/path/1/')
-        get_mocked.assert_called_with('http://localhost//?url=http%3A//testserver/path/1/&to=application/pdf',
+        host = app_settings['CONVERSION_SERVER']
+        url = f"{host}/?url=http%3A//testserver/path/1/%3Fauth_token%3Da_temp0rary_t0k3n&to=application/pdf"
+        get_mocked.assert_called_with(url,
                                       headers={})
 
 
@@ -385,11 +393,13 @@ def test_export_buttons_odt(self):
                             '<img src="/static/paperclip/fileicons/odt.png"/> ODT</a>'.format(self.object.pk))
         self.assertContains(response,
                             '<a class="btn btn-light btn-sm" rel="noopener noreferrer" target="_blank"'
-                            ' href="/convert/?url=/document/dummymodel-{}.odt&to=doc">'
+                            ' href="/convert/?url=/document/dummymodel-{}.odt'
+                            '&from=application/vnd.oasis.opendocument.text&to=doc">'
                             '<img src="/static/paperclip/fileicons/doc.png"/> DOC</a>'.format(self.object.pk))
         self.assertContains(response,
                             '<a class="btn btn-light btn-sm" rel="noopener noreferrer" target="_blank"'
-                            ' href="/convert/?url=/document/dummymodel-{}.odt">'
+                            ' href="/convert/?url=/document/dummymodel-{}.odt'
+                            '&from=application/vnd.oasis.opendocument.text">'
                             '<img src="/static/paperclip/fileicons/pdf.png"/> PDF</a>'.format(self.object.pk))
 
     def test_export_buttons_weasyprint(self):