diff options
Diffstat (limited to 'tests/users/views/test_auth.py')
| -rw-r--r-- | tests/users/views/test_auth.py | 125 |
1 files changed, 92 insertions, 33 deletions
diff --git a/tests/users/views/test_auth.py b/tests/users/views/test_auth.py index f3a34c0..6dd1010 100644 --- a/tests/users/views/test_auth.py +++ b/tests/users/views/test_auth.py @@ -1,60 +1,119 @@ -from unittest import mock - import pytest +from django.core import mail +from pytest_django.asserts import assertContains, assertNotContains -from core.models import Config -from users.models import User - - -@pytest.fixture -def config_system(): - # TODO: Good enough for now, but a better Config mocking system is needed - result = Config.load_system() - with mock.patch("core.models.Config.load_system", return_value=result): - yield result +from users.models import Invite, User @pytest.mark.django_db def test_signup_disabled(client, config_system): + """ + Tests that disabling signup takes effect + """ # Signup disabled and no signup text config_system.signup_allowed = False - resp = client.get("/auth/signup/") - assert resp.status_code == 200 - content = str(resp.content) - assert "Not accepting new users at this time" in content - assert "<button>Create</button>" not in content + response = client.get("/auth/signup/") + assertContains(response, "Not accepting new users at this time", status_code=200) + assertNotContains(response, "<button>Create</button>") # Signup disabled with signup text configured config_system.signup_text = "Go away!!!!!!" - resp = client.get("/auth/signup/") - assert resp.status_code == 200 - content = str(resp.content) - assert "Go away!!!!!!" in content + response = client.get("/auth/signup/") + assertContains(response, "Go away!!!!!!", status_code=200) # Ensure direct POST doesn't side step guard - resp = client.post( + response = client.post( "/auth/signup/", data={"email": "test_signup_disabled@example.org"} ) - assert resp.status_code == 200 + assert response.status_code == 200 assert not User.objects.filter(email="test_signup_disabled@example.org").exists() # Signup enabled config_system.signup_allowed = True - resp = client.get("/auth/signup/") - assert resp.status_code == 200 - content = str(resp.content) - assert "Not accepting new users at this time" not in content - assert "<button>Create</button>" in content + response = client.get("/auth/signup/") + assertContains(response, "<button>Create</button>", status_code=200) + assertNotContains(response, "Not accepting new users at this time") @pytest.mark.django_db def test_signup_invite_only(client, config_system): + """ + Tests that invite codes work with signup + """ config_system.signup_allowed = True config_system.signup_invite_only = True - resp = client.get("/auth/signup/") - assert resp.status_code == 200 - content = str(resp.content) - assert 'name="invite_code"' in content + # Try to sign up without an invite code + response = client.post("/auth/signup/", {"email": "random@example.com"}) + assertNotContains(response, "Email Sent", status_code=200) + + # Make an invite code for any email + invite_any = Invite.create_random() + response = client.post( + "/auth/signup/", + {"email": "random@example.com", "invite_code": invite_any.token}, + ) + assertNotContains(response, "not a valid invite") + assertContains(response, "Email Sent", status_code=200) + + # Make sure you can't reuse an invite code + response = client.post( + "/auth/signup/", + {"email": "random2@example.com", "invite_code": invite_any.token}, + ) + assertNotContains(response, "Email Sent", status_code=200) + + # Make an invite code for a specific email + invite_specific = Invite.create_random(email="special@example.com") + response = client.post( + "/auth/signup/", + {"email": "random3@example.com", "invite_code": invite_specific.token}, + ) + assertContains(response, "valid invite code for this email", status_code=200) + assertNotContains(response, "Email Sent") + response = client.post( + "/auth/signup/", + {"email": "special@example.com", "invite_code": invite_specific.token}, + ) + assertContains(response, "Email Sent", status_code=200) + + +@pytest.mark.django_db +def test_signup_policy(client, config_system): + """ + Tests that you must agree to policies to sign up + """ + config_system.signup_allowed = True + config_system.signup_invite_only = False + + # Make sure we can sign up when there are no policies + response = client.post("/auth/signup/", {"email": "random@example.com"}) + assertContains(response, "Email Sent", status_code=200) + + # Make sure that's then denied when we have a policy in place + config_system.policy_rules = "You must love unit tests" + response = client.post("/auth/signup/", {"email": "random2@example.com"}) + assertContains(response, "field is required", status_code=200) + assertNotContains(response, "Email Sent") + + +@pytest.mark.django_db +def test_signup_email(client, config_system, stator): + """ + Tests that you can sign up and get an email sent to you + """ + config_system.signup_allowed = True + config_system.signup_invite_only = False + + # Sign up with a user + response = client.post("/auth/signup/", {"email": "random@example.com"}) + assertContains(response, "Email Sent", status_code=200) + + # Verify that made a user object and a password reset + user = User.objects.get(email="random@example.com") + assert user.password_resets.exists() - # TODO: Actually test this + # Run Stator and verify it sends the email + assert len(mail.outbox) == 0 + stator.run_single_cycle_sync() + assert len(mail.outbox) == 1 |