mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-01-21 07:55:00 +00:00
26d317bfd5
- Show a different message for them. Test: - Try to visit page like /plinth/apps/sharing/foo/edit/ where a share named 'foo' does not exist. The common error handling middleware is triggered and an alert message 'Page not found' with exception trace back is shown. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: Veiko Aasa <veiko17@disroot.org>
353 lines
14 KiB
Python
353 lines
14 KiB
Python
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
"""
|
|
Test module for custom middleware.
|
|
"""
|
|
|
|
from unittest.mock import MagicMock, Mock, call, patch
|
|
|
|
import pytest
|
|
from django.contrib.auth.models import AnonymousUser, Group, User
|
|
from django.core.exceptions import PermissionDenied
|
|
from django.db.utils import OperationalError
|
|
from django.http import (Http404, HttpResponse, HttpResponseNotAllowed,
|
|
HttpResponseRedirect)
|
|
from django.test.client import RequestFactory
|
|
from django.urls import resolve
|
|
from stronghold.decorators import public
|
|
|
|
from plinth import app as app_module
|
|
from plinth.middleware import (AdminRequiredMiddleware, CommonErrorMiddleware,
|
|
SetupMiddleware)
|
|
|
|
|
|
@pytest.fixture(name='kwargs')
|
|
def fixture_kwargs():
|
|
"""Fixture for returning kwargs for creating middleware."""
|
|
return {
|
|
'view_func': HttpResponse,
|
|
'view_args': [],
|
|
'view_kwargs': {},
|
|
}
|
|
|
|
|
|
@pytest.fixture(name='app')
|
|
def fixture_app():
|
|
"""Fixture for returning a test app."""
|
|
|
|
class AppTest(app_module.App):
|
|
"""Test app."""
|
|
app_id = 'mockapp'
|
|
|
|
def __init__(self):
|
|
"""Add info component."""
|
|
super().__init__()
|
|
self.add(app_module.Info('mockapp', version=1))
|
|
|
|
def get_setup_state(self):
|
|
return app_module.App.SetupState.NEEDS_SETUP
|
|
|
|
app_module.App._all_apps = {}
|
|
return AppTest()
|
|
|
|
|
|
class TestSetupMiddleware:
|
|
"""Test cases for setup middleware."""
|
|
|
|
@staticmethod
|
|
@pytest.fixture(name='middleware')
|
|
def fixture_middleware(load_cfg):
|
|
"""Fixture for returning middleware."""
|
|
return SetupMiddleware(True)
|
|
|
|
@staticmethod
|
|
@patch('django.urls.reverse', return_value='users:login')
|
|
def test_404_urls(reverse, middleware, kwargs):
|
|
"""Test how middleware deals with 404 URLs."""
|
|
request = RequestFactory().get('/plinth/non-existing-url')
|
|
response = middleware.process_view(request, **kwargs)
|
|
assert response is None
|
|
|
|
@staticmethod
|
|
@patch('django.urls.reverse', return_value='users:login')
|
|
def test_url_not_an_application(reverse, middleware, kwargs):
|
|
"""Test that none is returned for URLs that are not applications."""
|
|
request = RequestFactory().get('/plinth/')
|
|
response = middleware.process_view(request, **kwargs)
|
|
assert response is None
|
|
|
|
@staticmethod
|
|
@patch('django.urls.resolve')
|
|
@patch('django.urls.reverse', return_value='users:login')
|
|
def test_module_is_up_to_date(_reverse, resolve, app, middleware, kwargs):
|
|
"""Test that none is returned when module is up-to-date."""
|
|
resolve.return_value.namespaces = ['mockapp']
|
|
app.get_setup_state = lambda: app_module.App.SetupState.UP_TO_DATE
|
|
|
|
request = RequestFactory().get('/plinth/mockapp')
|
|
request.user = AnonymousUser()
|
|
response = middleware.process_view(request, **kwargs)
|
|
assert response is None
|
|
|
|
@staticmethod
|
|
@patch('plinth.views.SetupView')
|
|
@patch('django.urls.resolve')
|
|
@patch('django.urls.reverse', return_value='users:login')
|
|
@pytest.mark.django_db
|
|
def test_module_view(_reverse, resolve, setup_view, app, middleware,
|
|
kwargs):
|
|
"""Test that only registered users can access the setup view."""
|
|
resolve.return_value.namespaces = ['mockapp']
|
|
view = Mock()
|
|
setup_view.as_view.return_value = view
|
|
request = RequestFactory().get('/plinth/mockapp')
|
|
request.session = MagicMock()
|
|
|
|
# Verify that anonymous users cannot access the setup page
|
|
request.user = AnonymousUser()
|
|
with pytest.raises(PermissionDenied):
|
|
middleware.process_view(request, **kwargs)
|
|
|
|
setup_view.as_view.assert_not_called()
|
|
view.assert_not_called()
|
|
|
|
# Verify that non-admin logged-in users can't access the setup page
|
|
user = User(username='johndoe')
|
|
user.save()
|
|
request.user = user
|
|
with pytest.raises(PermissionDenied):
|
|
middleware.process_view(request, **kwargs)
|
|
|
|
setup_view.as_view.assert_not_called()
|
|
view.assert_not_called()
|
|
|
|
# Verify that admin logged-in users can access the setup page
|
|
user = User(username='adminuser')
|
|
user.save()
|
|
group = Group(name='admin')
|
|
group.save()
|
|
user.groups.add(group)
|
|
user.save()
|
|
request.user = user
|
|
middleware.process_view(request, **kwargs)
|
|
setup_view.as_view.assert_called_once_with()
|
|
view.assert_called_once_with(request, app_id='mockapp')
|
|
|
|
@staticmethod
|
|
@patch('plinth.operation.manager')
|
|
@patch('django.contrib.messages.error')
|
|
@patch('django.contrib.messages.success')
|
|
@patch('django.urls.resolve')
|
|
@patch('django.urls.reverse', return_value='users:login')
|
|
@pytest.mark.django_db
|
|
def test_install_result_collection(reverse, resolve, messages_success,
|
|
messages_error, operation_manager, app,
|
|
middleware, kwargs):
|
|
"""Test that module installation result is collected properly."""
|
|
resolve.return_value.namespaces = ['mockapp']
|
|
operation_manager.collect_results.return_value = [
|
|
Mock(translated_message='message1', exception=None),
|
|
Mock(translated_message='message2',
|
|
exception=RuntimeError('x-exception'))
|
|
]
|
|
app.get_setup_state = lambda: app_module.App.SetupState.UP_TO_DATE
|
|
|
|
# Admin user can collect result
|
|
request = RequestFactory().get('/plinth/mockapp')
|
|
request.resolver_match = Mock()
|
|
user = User(username='adminuser')
|
|
user.save()
|
|
group = Group(name='admin')
|
|
group.save()
|
|
user.groups.add(group)
|
|
user.save()
|
|
request.user = user
|
|
request.session = MagicMock()
|
|
response = middleware.process_view(request, **kwargs)
|
|
|
|
assert response is None
|
|
messages_success.assert_has_calls([call(request, 'message1')])
|
|
messages_error.assert_called_once()
|
|
assert messages_error.call_args.args[0] == request
|
|
assert messages_error.call_args.args[1].startswith('message2')
|
|
operation_manager.collect_results.assert_has_calls([call('mockapp')])
|
|
|
|
# Non-admin user can't collect result
|
|
messages_success.reset_mock()
|
|
messages_error.reset_mock()
|
|
operation_manager.collect_results.reset_mock()
|
|
request = RequestFactory().get('/plinth/mockapp')
|
|
user = User(username='johndoe')
|
|
user.save()
|
|
request.user = user
|
|
request.session = MagicMock()
|
|
response = middleware.process_view(request, **kwargs)
|
|
|
|
assert response is None
|
|
assert not messages_success.called
|
|
assert not messages_error.called
|
|
operation_manager.collect_results.assert_not_called()
|
|
|
|
|
|
class TestAdminMiddleware:
|
|
"""Test cases for admin middleware."""
|
|
|
|
@staticmethod
|
|
@pytest.fixture(name='middleware')
|
|
def fixture_middleware(load_cfg):
|
|
"""Fixture for returning middleware."""
|
|
return AdminRequiredMiddleware(True)
|
|
|
|
@staticmethod
|
|
@pytest.fixture(name='web_request')
|
|
def fixture_web_request():
|
|
"""Fixture for returning kwargs."""
|
|
web_request = RequestFactory().get('/plinth/mockapp')
|
|
web_request.user = Mock()
|
|
return web_request
|
|
|
|
@staticmethod
|
|
def test_that_admin_view_is_denied_for_usual_user(web_request, middleware,
|
|
kwargs):
|
|
"""Test that normal user is denied for an admin view"""
|
|
web_request.user.groups.filter().exists = Mock(return_value=False)
|
|
web_request.session = MagicMock()
|
|
with pytest.raises(PermissionDenied):
|
|
middleware.process_view(web_request, **kwargs)
|
|
|
|
@staticmethod
|
|
def test_group_view_is_denied_for_non_group_user(web_request, middleware,
|
|
kwargs):
|
|
"""Test that group view is allowed for an admin user."""
|
|
web_request.user.groups.filter().exists = Mock(return_value=False)
|
|
web_request.session = MagicMock()
|
|
with patch(
|
|
'plinth.middleware.AdminRequiredMiddleware.check_user_group',
|
|
lambda x, y: False):
|
|
with pytest.raises(PermissionDenied):
|
|
middleware.process_view(web_request, **kwargs)
|
|
|
|
@staticmethod
|
|
def test_group_view_is_allowed_for_group_user(web_request, middleware,
|
|
kwargs):
|
|
"""Test that group view is allowed for an admin user."""
|
|
web_request.user.groups.filter().exists = Mock(return_value=False)
|
|
web_request.session = MagicMock()
|
|
with patch(
|
|
'plinth.middleware.AdminRequiredMiddleware.check_user_group',
|
|
lambda x, y: True):
|
|
response = middleware.process_view(web_request, **kwargs)
|
|
assert response is None
|
|
|
|
@staticmethod
|
|
def test_that_admin_view_is_allowed_for_admin_user(web_request, middleware,
|
|
kwargs):
|
|
"""Test that admin user is allowed for an admin view"""
|
|
web_request.user.groups.filter().exists = Mock(return_value=True)
|
|
web_request.session = MagicMock()
|
|
response = middleware.process_view(web_request, **kwargs)
|
|
assert response is None
|
|
|
|
@staticmethod
|
|
def test_that_public_view_is_allowed_for_normal_user(
|
|
web_request, middleware, kwargs):
|
|
"""Test that normal user is allowed for an public view"""
|
|
kwargs = dict(kwargs)
|
|
kwargs['view_func'] = public(HttpResponse)
|
|
|
|
response = middleware.process_view(web_request, **kwargs)
|
|
assert response is None
|
|
|
|
|
|
class TestCommonErrorMiddleware:
|
|
"""Test cases for common error middleware."""
|
|
|
|
@staticmethod
|
|
@pytest.fixture(name='middleware')
|
|
def fixture_middleware(load_cfg):
|
|
"""Fixture for returning middleware."""
|
|
return CommonErrorMiddleware(True)
|
|
|
|
@staticmethod
|
|
@pytest.fixture(name='web_request')
|
|
def fixture_web_request():
|
|
"""Fixture for returning web request."""
|
|
web_request = RequestFactory().get('/apps/testapp/')
|
|
web_request.resolver_match = resolve('/apps/testapp/')
|
|
web_request.user = Mock()
|
|
return web_request
|
|
|
|
@staticmethod
|
|
@pytest.fixture(name='operational_error')
|
|
def fixture_operational_error():
|
|
"""Fixture for returning an OperationalError."""
|
|
return OperationalError()
|
|
|
|
@staticmethod
|
|
@pytest.fixture(name='other_error')
|
|
def fixture_other_error():
|
|
"""Fixture for returning a different type of error."""
|
|
return IndexError()
|
|
|
|
@staticmethod
|
|
def test_operational_error(middleware, web_request, operational_error):
|
|
response = middleware.process_exception(web_request, operational_error)
|
|
assert response.template_name == 'error.html'
|
|
assert 'message' in response.context_data
|
|
|
|
@staticmethod
|
|
@patch('django.contrib.messages.error')
|
|
def test_404_error_get(messages_error, middleware, web_request, test_menu):
|
|
"""Test that 404 page not found errors are handled."""
|
|
response = middleware.process_exception(web_request, Http404())
|
|
assert isinstance(response, HttpResponseRedirect)
|
|
assert response.url == '/apps/'
|
|
messages_error.assert_called_once()
|
|
assert messages_error.call_args.args[0] == web_request
|
|
assert messages_error.call_args.args[1].startswith(
|
|
'Page not found: /apps/testapp/')
|
|
|
|
@staticmethod
|
|
@patch('django.contrib.messages.error')
|
|
def test_other_error_get(messages_error, middleware, web_request,
|
|
other_error, test_menu):
|
|
response = middleware.process_exception(web_request, other_error)
|
|
assert isinstance(response, HttpResponseRedirect)
|
|
assert response.url == '/apps/'
|
|
messages_error.assert_called_once()
|
|
assert messages_error.call_args.args[0] == web_request
|
|
assert messages_error.call_args.args[1].startswith(
|
|
'Error loading page.')
|
|
|
|
@staticmethod
|
|
@patch('django.contrib.messages.error')
|
|
def test_other_error_post(messages_error, middleware, web_request,
|
|
other_error, test_menu):
|
|
web_request.method = 'POST'
|
|
response = middleware.process_exception(web_request, other_error)
|
|
assert isinstance(response, HttpResponseRedirect)
|
|
assert response.url == '/apps/testapp/'
|
|
messages_error.assert_called_once()
|
|
assert messages_error.call_args.args[0] == web_request
|
|
assert messages_error.call_args.args[1].startswith(
|
|
'Error running operation.')
|
|
|
|
@staticmethod
|
|
@patch('django.contrib.messages.error')
|
|
def test_other_error_index(messages_error, middleware, web_request,
|
|
other_error, test_menu):
|
|
web_request.path = '/'
|
|
web_request.resolver_match = resolve('/')
|
|
response = middleware.process_exception(web_request, other_error)
|
|
assert not response
|
|
messages_error.assert_not_called()
|
|
|
|
@staticmethod
|
|
@patch('django.contrib.messages.error')
|
|
def test_405_error(messages_error, middleware, web_request, test_menu):
|
|
"""Test that method not allowed errors are handled."""
|
|
response = middleware.process_response(
|
|
web_request, HttpResponseNotAllowed(['POST']))
|
|
assert isinstance(response, HttpResponseRedirect)
|
|
assert response.url == '/apps/'
|
|
messages_error.assert_not_called()
|