summaryrefslogtreecommitdiffstats
path: root/tests/activities/views
diff options
context:
space:
mode:
Diffstat (limited to 'tests/activities/views')
-rw-r--r--tests/activities/views/test_compose.py68
-rw-r--r--tests/activities/views/test_posts.py21
-rw-r--r--tests/activities/views/test_timelines.py19
3 files changed, 54 insertions, 54 deletions
diff --git a/tests/activities/views/test_compose.py b/tests/activities/views/test_compose.py
index 2b8c4ea..2fdec3a 100644
--- a/tests/activities/views/test_compose.py
+++ b/tests/activities/views/test_compose.py
@@ -1,46 +1,58 @@
-import re
-from unittest import mock
-
import pytest
-from django.core.exceptions import PermissionDenied
+from django.test.client import Client
+from pytest_django.asserts import assertContains
from activities.models import Post
-from activities.views.compose import Compose
+from core.models import Config
+from users.models import Identity
@pytest.mark.django_db
-def test_content_warning_text(identity, user, rf, config_system):
- request = rf.get("/compose/")
- request.user = user
- request.identity = identity
-
+def test_content_warning_text(
+ client_with_identity: Client,
+ config_system: Config.SystemOptions,
+):
+ """
+ Tests that changing the content warning name works
+ """
config_system.content_warning_text = "Content Summary"
- with mock.patch("core.models.Config.load_system", return_value=config_system):
- view = Compose.as_view()
- resp = view(request)
- assert resp.status_code == 200
- content = str(resp.rendered_content)
- assert 'placeholder="Content Summary"' in content
- assert re.search(
- r"<label.*>\s*Content Summary\s*</label>", content, flags=re.MULTILINE
- )
+ response = client_with_identity.get("/compose/")
+ assertContains(response, 'placeholder="Content Summary"', status_code=200)
+ assertContains(
+ response, "<label for='id_content_warning'>Content Summary</label>", html=True
+ )
@pytest.mark.django_db
-def test_post_edit_security(identity, user, rf, other_identity):
- # Create post
+def test_post_edit_security(client_with_identity: Client, other_identity: Identity):
+ """
+ Tests that you can't edit other users' posts with URL fiddling
+ """
other_post = Post.objects.create(
content="<p>OTHER POST!</p>",
author=other_identity,
local=True,
visibility=Post.Visibilities.public,
)
+ response = client_with_identity.get(other_post.urls.action_edit)
+ assert response.status_code == 403
- request = rf.get(other_post.get_absolute_url() + "edit/")
- request.user = user
- request.identity = identity
- view = Compose.as_view()
- with pytest.raises(PermissionDenied) as ex:
- view(request, handle=other_identity.handle.lstrip("@"), post_id=other_post.id)
- assert str(ex.value) == "Post author is not requestor"
+@pytest.mark.django_db
+def test_rate_limit(identity: Identity, client_with_identity: Client):
+ """
+ Tests that the posting rate limit comes into force
+ """
+ # First post should go through
+ assert identity.posts.count() == 0
+ response = client_with_identity.post(
+ "/compose/", data={"text": "post 1", "visibility": "0"}
+ )
+ assert response.status_code == 302
+ assert identity.posts.count() == 1
+ # Second should not
+ response = client_with_identity.post(
+ "/compose/", data={"text": "post 2", "visibility": "0"}
+ )
+ assertContains(response, "You must wait at least", status_code=200)
+ assert identity.posts.count() == 1
diff --git a/tests/activities/views/test_posts.py b/tests/activities/views/test_posts.py
index ac148d0..a3dbc64 100644
--- a/tests/activities/views/test_posts.py
+++ b/tests/activities/views/test_posts.py
@@ -1,25 +1,20 @@
import pytest
-from django.core.exceptions import PermissionDenied
+from django.test.client import Client
from activities.models import Post
-from activities.views.posts import Delete
+from users.models import Identity
@pytest.mark.django_db
-def test_post_delete_security(identity, user, rf, other_identity):
- # Create post
+def test_post_delete_security(client_with_identity: Client, other_identity: Identity):
+ """
+ Tests that you can't delete other users' posts with URL fiddling
+ """
other_post = Post.objects.create(
content="<p>OTHER POST!</p>",
author=other_identity,
local=True,
visibility=Post.Visibilities.public,
)
-
- request = rf.post(other_post.get_absolute_url() + "delete/")
- request.user = user
- request.identity = identity
-
- view = Delete.as_view()
- with pytest.raises(PermissionDenied) as ex:
- view(request, handle=other_identity.handle.lstrip("@"), post_id=other_post.id)
- assert str(ex.value) == "Post author is not requestor"
+ response = client_with_identity.get(other_post.urls.action_delete)
+ assert response.status_code == 403
diff --git a/tests/activities/views/test_timelines.py b/tests/activities/views/test_timelines.py
index 74bf43d..a2cbb32 100644
--- a/tests/activities/views/test_timelines.py
+++ b/tests/activities/views/test_timelines.py
@@ -1,19 +1,12 @@
-from unittest import mock
-
import pytest
-from activities.views.timelines import Home
-
@pytest.mark.django_db
-def test_content_warning_text(identity, user, rf, config_system):
- request = rf.get("/")
- request.user = user
- request.identity = identity
+def test_content_warning_text(client_with_identity, config_system):
config_system.content_warning_text = "Content Summary"
- with mock.patch("core.models.Config.load_system", return_value=config_system):
- view = Home.as_view()
- resp = view(request)
- assert resp.status_code == 200
- assert 'placeholder="Content Summary"' in str(resp.rendered_content)
+
+ response = client_with_identity.get("/")
+
+ assert response.status_code == 200
+ assert 'placeholder="Content Summary"' in str(response.rendered_content)