troggle-unchained/core/TESTS/tests_logins.py

"""
Originally written for CUYC
Philip Sargent (Feb.2021)

Modified for Expo April 2021.
"""

import unittest
import re
import pathlib
from http import HTTPStatus

from django.test import TestCase, SimpleTestCase, TransactionTestCase, Client

import troggle.settings as settings

class DataTests(TestCase ):
    '''These check that the NULL and NON-UNIQUE constraints are working in the database '''
    @classmethod
    def setUpTestData(cls):
        pass

    def setUp(self):
        from django.contrib.auth.models import User
        u = User()
        u.pk = 9000
        u.user_id = 8000
        u.username, u.password ='stinker', 'secretword'
        u.email='philip.sargent+SP@gmail.com'
        u.first_name, u.last_name ='Stinker', 'Pinker'
        u.save()
        self.user = u

    def tearDown(self):
        #self.member.delete() # must delete member before user
        #self.user.delete() # horrible crash, why?
        pass

class FixturePageTests(TestCase):
    # The fixtures have a password hash which is compatible with plain-text password 'secretword'
    fixtures = ['auth_users']

    def setUp(self):
        from django.contrib.auth.models import User
        self.user = User.objects.get(username='expotest')

    def tearDown(self):
        pass

    def test_fix_admin_login_fail(self):
        c = self.client
        from django.contrib.auth.models import User
        u = User.objects.get(username='expotest')

        self.assertTrue(u.is_active, 'User \'' + u.username + '\' is INACTIVE')

        logged_in = c.login(username=u.username, password='secretword') # fails to work if password=u.password !
        self.assertTrue(logged_in, 'FAILED to login as \'' + u.username + '\'')

        response = c.get('/admin/')
        content = response.content.decode()
        # with open('admin-op.html', 'w') as f:
            # f.write(content)
        t    = re.search(r'Troggle administration', content)
        self.assertIsNone(t, 'Logged in as \'' + u.username + '\' (not staff) but still managed to get the Admin page' )

class PostTests(TestCase):
    '''Tests scanupload form
    '''
    fixtures = ['auth_users']

    @classmethod
    def setUpTestData(cls):
        pass

    def setUp(self):
        from django.contrib.auth.models import User
        self.user = User.objects.get(username='expotest')
        self.client = Client()

    def test_scan_upload(self):
        '''Expect scan upload to wallet to work on any file
        Need to login first.
        '''
        c = self.client
        from django.contrib.auth.models import User
        u = User.objects.get(username='expotest')

        self.assertTrue(u.is_active, 'User \'' + u.username + '\' is INACTIVE')
        logged_in = c.login(username=u.username, password='secretword')

        with open('core/fixtures/test_upload_file.txt','r') as testf:
            response = self.client.post('/scanupload/2020:00', data={'name': 'test_upload_file.txt', 'uploadfiles': testf })
            content = response.content.decode()
            self.assertEqual(response.status_code, 200)
            self.assertEqual(response.status_code, HTTPStatus.OK)
            # with open('_test_response.html', 'w') as f:
                # f.write(content)
            for ph in [ r'test_upload_',
                    r'&larr; 2020#00 &rarr;',
                    r'description written',
                    r'plan not required',
                    r'Upload scan into wallet']:
                phmatch    = re.search(ph, content)
                self.assertIsNotNone(phmatch, "Failed to find expected text: '" + ph +"'")

        # Does not use the filename Django actually uses, assumes it is unchanged. Potential bug.
        remove_file = pathlib.Path(settings.SURVEY_SCANS) / '2020' / '2020#00'/ 'test_upload_file.txt'
        remove_file.unlink()

    def test_photo_upload(self):
        '''Expect photo upload to work on any file (contrary to msg on screen)
        Upload into current default year. settings.PHOTOS_YEAR
        Deletes file afterwards
        Need to login first.
        '''
        c = self.client
        from django.contrib.auth.models import User
        u = User.objects.get(username='expotest')

        self.assertTrue(u.is_active, 'User \'' + u.username + '\' is INACTIVE')
        logged_in = c.login(username=u.username, password='secretword')

        with open('core/fixtures/test_upload_file.txt','r') as testf:
            response = self.client.post('/photoupload/', data={'name': 'test_upload_file.txt', 'uploadfiles': testf })
            content = response.content.decode()
            self.assertEqual(response.status_code, 200)
            self.assertEqual(response.status_code, HTTPStatus.OK)
            # with open('_test_response.html', 'w') as f:
                # f.write(content)
            for ph in [ r'test_upload_',
                    r'Upload photos into /photos/'+str(settings.PHOTOS_YEAR),
                    r' you can create a new folder in your name',
                    r'Create new Photographer folder',
                    r'only photo image files are accepted']:
                phmatch    = re.search(ph, content)
                self.assertIsNotNone(phmatch, "Failed to find expected text: '" + ph +"'")

        # Does not use the filename Django actually uses, assumes it is unchanged. Potential bug.
        remove_file = pathlib.Path(settings.PHOTOS_ROOT, settings.PHOTOS_YEAR) / 'test_upload_file.txt'
        remove_file.unlink()

    def test_photo_folder_create(self):
        '''Create folder for new user
        Create in current default year. settings.PHOTOS_YEAR
        Deletes folder afterwards
        Need to login first.
        '''
        c = self.client
        from django.contrib.auth.models import User
        u = User.objects.get(username='expotest')

        self.assertTrue(u.is_active, 'User \'' + u.username + '\' is INACTIVE')
        logged_in = c.login(username=u.username, password='secretword')

        response = self.client.post('/photoupload/', data={'photographer': 'GussieFinkNottle'})
        content = response.content.decode()
        self.assertEqual(response.status_code, 200)
        self.assertEqual(response.status_code, HTTPStatus.OK)
        # with open('_test_response.html', 'w') as f:
            # f.write(content)
        for ph in [r'/GussieFinkNottle/',
                r'Create new Photographer folder']:
            phmatch    = re.search(ph, content)
            self.assertIsNotNone(phmatch, "Failed to find expected text: '" + ph +"'")

        # Does not use the filename Django actually uses, assumes it is unchanged. Potential bug.
        remove_dir = pathlib.Path(settings.PHOTOS_ROOT, settings.PHOTOS_YEAR) / 'GussieFinkNottle'
        remove_dir.rmdir()


    def test_dwg_upload_txt(self):
        '''Expect .pdf file to be refused upload
        Need to login first.
        '''
        c = self.client
        from django.contrib.auth.models import User
        u = User.objects.get(username='expotest')

        self.assertTrue(u.is_active, 'User \'' + u.username + '\' is INACTIVE')
        logged_in = c.login(username=u.username, password='secretword')

        with open('core/fixtures/test_upload_file.pdf','r') as testf:
            response = self.client.post('/dwgupload/uploads', data={'name': 'test_upload_file.txt', 'uploadfiles': testf })
            content = response.content.decode()
            self.assertEqual(response.status_code, 200)
            t    = re.search('Files refused:', content)
            self.assertIsNotNone(t, 'Logged in but failed to see "Files refused:"' )

    def test_dwg_upload_drawing(self):
        '''Expect no-suffix file to upload
        Need to login first.
        '''
        c = self.client
        from django.contrib.auth.models import User
        u = User.objects.get(username='expotest')

        self.assertTrue(u.is_active, 'User \'' + u.username + '\' is INACTIVE')
        logged_in = c.login(username=u.username, password='secretword')

        with open('core/fixtures/test_upload_nosuffix','r') as testf:
            response = self.client.post('/dwguploadnogit/uploads', data={'name': 'test_upload_nosuffix', 'uploadfiles': testf })
            content = response.content.decode()
            # with open('_test_response.html', 'w') as f:
                # f.write(content)
            self.assertEqual(response.status_code, 200)
            for ph in [ r'Upload more',
                    r' saved as ',
                    r'Clicking on a filename only']:
                phmatch    = re.search(ph, content)
                self.assertIsNotNone(phmatch, "Failed to find expected text: '" + ph +"'")

        # Does not use the filename Django actually uses, assumes it is unchanged. Potential bug.
        remove_file = pathlib.Path(settings.DRAWINGS_DATA) / 'uploads' / 'test_upload_nosuffix'
        remove_file.unlink()


class ComplexLoginTests(TestCase):
    '''These test the login and capabilities of logged-in users, they do not use fixtures'''
    def setUp(self):
        '''setUp runs once for each test in this class'''
        from django.contrib.auth.models import User

        u = User()
        u.pk = 9000
        u.user_id = 8000
        u.username, u.password ='expotest', 'secretword'
        u.email='philip.sargent+ET@gmail.com'
        u.first_name, u.last_name ='ExpoTest', 'Caver'
        u.is_staff = True
        u.is_superuser = True

        u.set_password(u.password) # This creates a new salt and thus a new key for EACH test
        u.save() # vital that we save all this before attempting login
        #print ('\n',u.password)
        self.user = u

    def tearDown(self):
        self.client.logout() # not needed as each test creates a new self.client
        #self.member.delete()
        ##self.user.delete() # id attribute set to None !
        pass

    # def test_login_redirect_for_non_logged_on_user(self): # need to fix this in real system
        # c = self.client
        # # Need to login first. Tests that we are redirected to login page if not logged in
        # response = c.get('noinfo/cave-number-index')
        # self.assertRedirects(response, "/login/?next=/committee/appointments/")

    def test_ordinary_login(self):
        c = self.client
        u = self.user

        self.assertTrue(u.is_active, 'User \'' + u.username + '\' is INACTIVE')

        logged_in = c.login(username=u.username, password='secretword') # fails to work if password=u.password !
        self.assertTrue(logged_in, 'FAILED to login as \'' + u.username + '\'')

        response = c.get('/accounts/login/') # defined by auth system
        content = response.content.decode()
        t    = re.search(r'You are now logged in', content)
        self.assertIsNotNone(t, 'Logged in as \'' + u.username + '\' but failed to get \'Now you can\' greeting' )

    def test_authentication_login(self):
        c = self.client
        u = self.user

        self.assertTrue(u.is_active, 'User \'' + u.username + '\' is INACTIVE')

        # This is weird. I thought that the user had to login before she was in the authenticated state
        self.assertTrue(u.is_authenticated, 'User \'' + u.username + '\' is NOT AUTHENTICATED before login')

        logged_in = c.login(username=u.username, password='secretword') # fails to work if password=u.password !
        self.assertTrue(logged_in, 'FAILED to login as \'' + u.username + '\'')

        self.assertTrue(u.is_authenticated, 'User \'' + u.username + '\' is NOT AUTHENTICATED after login')

        # c.logout() # This next test always means user is still authenticated after logout. Surely not?
        # self.assertFalse(u.is_authenticated, 'User \'' + u.username + '\' is STILL AUTHENTICATED after logout')

    def test_admin_login(self):
        c = self.client
        u = self.user

        logged_in = c.login(username=u.username, password='secretword') # fails to work if password=u.password !
        self.assertTrue(logged_in, 'FAILED to login as \'' + u.username + '\'')

        response = c.get('/admin/')
        content = response.content.decode()
        # with open('admin-op.html', 'w') as f:
            # f.write(content)
        t    = re.search(r'Troggle administration', content)
        self.assertIsNotNone(t, 'Logged in as \'' + u.username + '\' but failed to get the Troggle Admin page' )

    def test_noinfo_login(self):
        from django.contrib.auth.models import User
        c  = self.client # inherited from TestCase
        u  = self.user

        logged_in = c.login(username=u.username, password='secretword') # fails if password=u.password !
        self.assertTrue(logged_in, 'FAILED to login as \'' + u.username + '\'')
        response = c.get('/stats') # a page with the Troggle menus
        content = response.content.decode()
        t    = re.search(r'User\:expotest', content)
        self.assertIsNotNone(t, 'Logged in as \'' + u.username + '\' but failed to get \'User:expotest\' heading' )

        response = c.get('/noinfo/cave-number-index')
        content = response.content.decode()
        t    = re.search(r'2001-07 Hoffnungschacht', content)
        self.assertIsNotNone(t, 'Logged in as \'' + u.username + '\' but failed to get /noinfo/ content')

    def test_user_force(self):
        from django.conf import settings
        c = self.client
        u = self.user

        try:
            c.force_login(u)
        except:
            self.assertIsNotNone(None, 'Unexpected exception trying to force_login as \'' + u.username + '\' but failed (Bad Django documentation?)')

        response = c.get('/stats') # a page with the Troggle menus
        content = response.content.decode()
        t    = re.search(r'Log out', content)
        self.assertIsNotNone(t, 'Forced logged in as \'' + u.username + '\' but failed to get Log out heading' )

        response = c.get('/accounts/login/')
        content = response.content.decode()
        t    = re.search(r'You are now logged in', content)
        self.assertIsNotNone(t, 'Forced logged in as \'' + u.username + '\' but failed to get /accounts/profile/ content')