9 changed files with 11 additions and 498 deletions
--- a/intervention/models.py
+++ b/intervention/models.py
@ -249,7 +249,7 @@ class Intervention(BaseObject, RecordableMixin, CheckableMixin):
            )
        # Create random token
-        token = generators.generate_random_string(15, True, True, False)
+        token = generators.generate_random_string(15)
        token_used_in = Intervention.objects.filter(access_token=token)
        # Make sure the token is not used anywhere as access_token, yet.
        # Make use of QuerySet lazy method for checking if it exists or not.
--- a/intervention/tests.py
+++ b/intervention/tests.py
@ -0,0 +1,3 @@
 from django.test import TestCase
 # Create your tests here.
--- a/intervention/tests/init.py
+++ b/intervention/tests/init.py
@ -1,7 +0,0 @@
 """
 Author: Michel Peltriaux
 Organization: Struktur- und Genehmigungsdirektion Nord, Rhineland-Palatinate, Germany
 Contact: michel.peltriaux@sgdnord.rlp.de
 Created on: 26.10.21
 """
--- a/intervention/tests/test_views.py
+++ b/intervention/tests/test_views.py
@ -1,252 +0,0 @@
 """
 Author: Michel Peltriaux
 Organization: Struktur- und Genehmigungsdirektion Nord, Rhineland-Palatinate, Germany
 Contact: michel.peltriaux@sgdnord.rlp.de
 Created on: 26.10.21
 """
 from django.test import Client
 from django.contrib.auth.models import Group
 from django.urls import reverse
 from intervention.models import Intervention, LegalData, ResponsibilityData
 from konova.models import Geometry
 from konova.settings import DEFAULT_GROUP, ZB_GROUP, ETS_GROUP
 from konova.tests.test_views import BaseViewTestCase
 from user.models import UserActionLogEntry, UserAction
 class ViewTestCase(BaseViewTestCase):
    intervention = None
    def setUp(self) -> None:
        super().setUp()
        self.create_dummy_data()
        # Prepare urls
        self.index_url = reverse("intervention:index", args=())
        self.new_url = reverse("intervention:new", args=())
        self.new_id_url = reverse("intervention:new-id", args=())
        self.detail_url = reverse("intervention:detail", args=(self.intervention.id,))
        self.log_url = reverse("intervention:log", args=(self.intervention.id,))
        self.edit_url = reverse("intervention:edit", args=(self.intervention.id,))
        self.remove_url = reverse("intervention:remove", args=(self.intervention.id,))
        self.share_url = reverse("intervention:share", args=(self.intervention.id, self.intervention.access_token,))
        self.share_create_url = reverse("intervention:share-create", args=(self.intervention.id,))
        self.run_check_url = reverse("intervention:run-check", args=(self.intervention.id,))
        self.record_url = reverse("intervention:record", args=(self.intervention.id,))
        self.report_url = reverse("intervention:report", args=(self.intervention.id,))
    def create_dummy_data(self):
        """ Creates an intervention which can be used for tests
        Returns:
        """
        # Create dummy data
        # Create log entry
        action = UserActionLogEntry.objects.create(
            user=self.superuser,
            action=UserAction.CREATED,
        )
        # Create legal data object (without M2M laws first)
        legal_data = LegalData.objects.create()
        # Create responsible data object
        responsibility_data = ResponsibilityData.objects.create()
        geometry = Geometry.objects.create()
        # Finally create main object, holding the other objects
        self.intervention = Intervention.objects.create(
            identifier="TEST",
            title="Test_title",
            responsible=responsibility_data,
            legal=legal_data,
            created=action,
            geometry=geometry,
            comment="Test",
        )
        self.intervention.generate_access_token(make_unique=True)
    def test_views_logged_in_no_groups(self):
        """ Check correct status code for all requests
        Assumption: User logged in but has no groups
        Returns:
        """
        # Login client
        client = Client()
        client.login(username=self.superuser.username, password=self.superuser_pw)
        success_urls = [
            self.index_url,
            self.report_url,
            self.detail_url,
        ]
        fail_urls = [
            self.log_url,
            self.new_id_url,
            self.new_url,
            self.edit_url,
            self.remove_url,
            self.share_url,
            self.share_create_url,
            self.run_check_url,
            self.record_url,
        ]
        self.assert_url_success(client, success_urls)
        self.assert_url_fail(client, fail_urls)
    def test_views_anonymous_user(self):
        """ Check correct status code for all requests
        Assumption: User not logged in
        Returns:
        """
        # Unknown client
        client = Client()
        success_urls = [
            self.report_url,
        ]
        login_redirect_base = f"{self.login_url}?next="
        fail_urls = {
            self.detail_url: f"{login_redirect_base}{self.detail_url}",
            self.index_url: f"{login_redirect_base}{self.index_url}",
            self.log_url: f"{login_redirect_base}{self.log_url}",
            self.new_id_url: f"{login_redirect_base}{self.new_id_url}",
            self.new_url: f"{login_redirect_base}{self.new_url}",
            self.edit_url: f"{login_redirect_base}{self.edit_url}",
            self.remove_url: f"{login_redirect_base}{self.remove_url}",
            self.share_url: f"{login_redirect_base}{self.share_url}",
            self.share_create_url: f"{login_redirect_base}{self.share_create_url}",
            self.run_check_url: f"{login_redirect_base}{self.run_check_url}",
            self.record_url: f"{login_redirect_base}{self.record_url}",
        }
        self.assert_url_success(client, success_urls)
        for url in fail_urls:
            response = client.get(url, follow=True)
            self.assertEqual(response.redirect_chain[0], (f"{self.login_url}?next={url}", 302), msg=f"Failed for {url}. Redirect chain is {response.redirect_chain}")
    def test_views_logged_in_default_group(self):
        """ Check correct status code for all requests
        Assumption: User logged in and is default group member
        Returns:
        """
        # Login client
        client = Client()
        client.login(username=self.superuser.username, password=self.superuser_pw)
        # Add user to default group
        default_group = Group.objects.get(name=DEFAULT_GROUP)
        self.superuser.groups.set([default_group])
        success_urls = [
            self.index_url,
            self.report_url,
            self.detail_url,
            self.log_url,
            self.new_id_url,
            self.new_url,
            self.edit_url,
            self.remove_url,
            self.share_create_url,
        ]
        fail_urls = [
            self.run_check_url,
            self.record_url,
        ]
        success_urls_redirect = {
            self.share_url: self.detail_url
        }
        self.assert_url_success(client, success_urls)
        self.assert_url_fail(client, fail_urls)
        self.assert_url_success_redirect(client, success_urls_redirect)
    def test_views_logged_in_zb_group(self):
        """ Check correct status code for all requests
        Assumption: User logged in and is registration office member
        Returns:
        """
        # Login client
        client = Client()
        client.login(username=self.superuser.username, password=self.superuser_pw)
        # Add user to default group
        zb_group = self.groups.get(name=ZB_GROUP)
        self.superuser.groups.set([zb_group])
        success_urls = [
            self.index_url,
            self.report_url,
            self.detail_url,
            self.run_check_url,
        ]
        fail_urls = [
            self.log_url,
            self.new_id_url,
            self.new_url,
            self.edit_url,
            self.remove_url,
            self.share_create_url,
            self.record_url,
        ]
        success_urls_redirect = {
            self.share_url: self.detail_url
        }
        self.assert_url_success(client, success_urls)
        self.assert_url_fail(client, fail_urls)
        self.assert_url_success_redirect(client, success_urls_redirect)
    def test_views_logged_in_ets_group(self):
        """ Check correct status code for all requests
        Assumption: User logged in and is registration office member
        Returns:
        """
        # Login client
        client = Client()
        client.login(username=self.superuser.username, password=self.superuser_pw)
        # Add user to default group
        ets_group = Group.objects.get(name=ETS_GROUP)
        self.superuser.groups.set([ets_group])
        success_urls = [
            self.index_url,
            self.report_url,
            self.detail_url,
            self.record_url,
        ]
        fail_urls = [
            self.log_url,
            self.new_id_url,
            self.new_url,
            self.edit_url,
            self.remove_url,
            self.share_create_url,
            self.run_check_url,
        ]
        success_urls_redirect = {
            self.share_url: self.detail_url
        }
        self.assert_url_success(client, success_urls)
        self.assert_url_fail(client, fail_urls)
        self.assert_url_success_redirect(client, success_urls_redirect)
--- a/intervention/views.py
+++ b/intervention/views.py
@ -93,7 +93,6 @@ def new_view(request: HttpRequest):
@login_required
@default_group_required
 def new_id_view(request: HttpRequest):
    """ JSON endpoint
@ -112,7 +111,6 @@ def new_id_view(request: HttpRequest):
@login_required
@default_group_required
 def new_document_view(request: HttpRequest, id: str):
    """ Renders a form for uploading new documents
@ -131,7 +129,6 @@ def new_document_view(request: HttpRequest, id: str):
@login_required
@default_group_required
 def get_revocation_view(request: HttpRequest, doc_id: str):
    """ Returns the revocation document as downloadable file
@ -145,18 +142,10 @@ def get_revocation_view(request: HttpRequest, doc_id: str):
    """
    doc = get_object_or_404(RevocationDocument, id=doc_id)
    # File download only possible if related instance is shared with user
    if not doc.instance.users.filter(id=request.user.id):
        messages.info(
            request,
            DATA_UNSHARED
        )
        return redirect("intervention:detail", id=doc.instance.id)
    return get_document(doc)
@login_required
@default_group_required
 def get_document_view(request: HttpRequest, doc_id: str):
    """ Returns the document as downloadable file
@ -183,7 +172,6 @@ def get_document_view(request: HttpRequest, doc_id: str):
@login_required
@default_group_required
 def remove_document_view(request: HttpRequest, doc_id: str):
    """ Removes the document from the database and file system
@ -263,7 +251,6 @@ def detail_view(request: HttpRequest, id: str):
@login_required
@default_group_required
 def edit_view(request: HttpRequest, id: str):
    """
    Renders a view for editing interventions
@ -387,7 +374,6 @@ def share_view(request: HttpRequest, id: str, token: str):
@login_required
@default_group_required
 def create_share_view(request: HttpRequest, id: str):
    """ Renders sharing form for an intervention
@ -407,7 +393,6 @@ def create_share_view(request: HttpRequest, id: str):
@login_required
@registration_office_group_required
 def run_check_view(request: HttpRequest, id: str):
    """ Renders check form for an intervention
@ -428,7 +413,6 @@ def run_check_view(request: HttpRequest, id: str):
@login_required
@default_group_required
 def new_revocation_view(request: HttpRequest, id: str):
    """ Renders sharing form for an intervention
@ -448,7 +432,6 @@ def new_revocation_view(request: HttpRequest, id: str):
@login_required
@default_group_required
 def log_view(request: HttpRequest, id: str):
    """ Renders a log view using modal
--- a/konova/autocompletes.py
+++ b/konova/autocompletes.py
@ -29,13 +29,14 @@ class EcoAccountAutocomplete(Select2QuerySetView):
            deleted=None,
            recorded__isnull=False,
            users__in=[self.request.user],
        ).order_by(
            "identifier"
        )
        if self.q:
            qs = qs.filter(
                identifier__icontains=self.q
            )
            qs = qs.order_by(
                "identifier"
            )
        return qs
@ -51,13 +52,14 @@ class InterventionAutocomplete(Select2QuerySetView):
        qs = Intervention.objects.filter(
            deleted=None,
            users__in=[self.request.user],
        ).order_by(
            "identifier"
        )
        if self.q:
            qs = qs.filter(
                identifier__icontains=self.q
            )
            qs = qs.order_by(
                "identifier"
            )
        return qs
--- a/konova/settings.py
+++ b/konova/settings.py
@ -50,7 +50,7 @@ PAGE_DEFAULT = 1
 # SSO settings
 SSO_SERVER_BASE = "http://127.0.0.1:8000/"
-SSO_SERVER = f"{SSO_SERVER_BASE}sso/"
+SSO_SERVER = "{}sso/".format(SSO_SERVER_BASE)
 SSO_PRIVATE_KEY = "QuziFeih7U8DZvQQ1riPv2MXz0ZABupHED9wjoqZAqeMQaqkqTfxJDRXgSIyASwJ"
 SSO_PUBLIC_KEY = "AGGK7E8eT5X5u2GD38ygGG3GpAefmIldJiiWW7gldRPqCG1CzmUfGdvPSGDbEY2n"
--- a/konova/tests/init.py
+++ b/konova/tests/init.py
@ -1,7 +0,0 @@
 """
 Author: Michel Peltriaux
 Organization: Struktur- und Genehmigungsdirektion Nord, Rhineland-Palatinate, Germany
 Contact: michel.peltriaux@sgdnord.rlp.de
 Created on: 26.10.21
 """
--- a/konova/tests/test_views.py
+++ b/konova/tests/test_views.py
@ -1,209 +0,0 @@
 """
 Author: Michel Peltriaux
 Organization: Struktur- und Genehmigungsdirektion Nord, Rhineland-Palatinate, Germany
 Contact: michel.peltriaux@sgdnord.rlp.de
 Created on: 26.10.21
 """
 from abc import abstractmethod
 from django.contrib.auth.models import User, Group
 from django.test import TestCase, Client
 from django.urls import reverse
 from konova.management.commands.setup_data import GROUPS_DATA
 class BaseTestCase(TestCase):
    """ Provides reusable functionality for specialized test cases
    """
    users = None
    groups = None
    superuser = None
    user = None
    superuser_pw = "root"
    user_pw = "root"
    @abstractmethod
    def setUp(self) -> None:
        # To be implemented in the inheriting classes
        raise NotImplementedError
    def create_users(self):
        # Create superuser and regular user
        self.superuser = User.objects.create_superuser(
            username="root",
            email="root@root.com",
            password=self.superuser_pw,
        )
        self.user = User.objects.create_user(
            username="user1",
            email="user@root.com",
            password=self.user_pw
        )
        self.users = User.objects.all()
    def create_groups(self):
        # Create groups
        for group_data in GROUPS_DATA:
            name = group_data.get("name")
            Group.objects.get_or_create(
                name=name,
            )
        self.groups = Group.objects.all()
    class Meta:
        abstract = True
 class BaseViewTestCase(BaseTestCase):
    """ Wraps basic test functionality, reusable for every specialized ViewTestCase
    """
    login_url = None
    def setUp(self) -> None:
        self.create_users()
        self.create_groups()
        self.login_url = reverse("simple-sso-login")
    def assert_url_success(self, client: Client, urls: list):
        """ Assert for all given urls a direct 200 response
        Args:
            client (Client): The performing client
            urls (list): An iterable list of urls to be checked
        Returns:
        """
        for url in urls:
            response = client.get(url)
            self.assertEqual(response.status_code, 200, msg=f"Failed for {url}")
    def assert_url_success_redirect(self, client: Client, urls: dict):
        """ Assert for all given urls a 302 response to a certain location.
        Assert the redirect being the expected behaviour.
        Args:
            client (Client): The performing client
            urls (dict): An iterable dict of (urls, redirect_to_url) pairs to be checked
        Returns:
        """
        for url, redirect_to in urls.items():
            response = client.get(url, follow=True)
            # Expect redirects to the landing page
            self.assertEqual(response.redirect_chain[0], (redirect_to, 302), msg=f"Failed for {url}")
    def assert_url_fail(self, client: Client, urls: list):
        """ Assert for all given urls a direct 302 response
        Args:
            client (Client): The performing client
            urls (list): An iterable list of urls to be checked
        Returns:
        """
        for url in urls:
            response = client.get(url)
            self.assertEqual(response.status_code, 302, msg=f"Failed for {url}")
 class KonovaViewTestCase(BaseViewTestCase):
    """ Holds tests for all regular views, which are not app specific
    """
    def setUp(self) -> None:
        super().setUp()
        self.home_url = reverse("home")
    def test_views_logged_in_no_groups(self):
        """ Check correct status code for all requests
        Assumption: User logged in but has no groups
        Returns:
        """
        # User logged in
        client = Client()
        client.login(username=self.superuser.username, password=self.superuser_pw)
        self.superuser.groups.set([])
        success_urls = [
            self.home_url
        ]
        self.assert_url_success(client, success_urls)
    def test_views_anonymous_user(self):
        """ Check correct status code for all requests
        Assumption: User logged in but has no groups
        Returns:
        """
        # User not logged in
        client = Client()
        urls = [
            self.home_url
        ]
        self.assert_url_fail(client, urls)
 class AutocompleteTestCase(BaseViewTestCase):
    def setUp(self) -> None:
        super().setUp()
        self.atcmplt_accs = reverse("accounts-autocomplete")
        self.atcmplt_interventions = reverse("interventions-autocomplete")
        self.atcmplt_code_comp_action = reverse("codes-compensation-action-autocomplete")
        self.atcmplt_code_comp_funding = reverse("codes-compensation-funding-autocomplete")
        self.atcmplt_code_comp_biotope = reverse("codes-biotope-autocomplete")
        self.atcmplt_code_comp_law = reverse("codes-law-autocomplete")
        self.atcmplt_code_comp_process = reverse("codes-process-type-autocomplete")
        self.atcmplt_code_comp_reg_off = reverse("codes-registration-office-autocomplete")
        self.atcmplt_code_comp_cons_off = reverse("codes-conservation-office-autocomplete")
    def _test_views_anonymous_user(self):
        # ATTENTION: As of the current state of django-autocomplete-light, there is no way to check on authenticated
        # users in a way like @loing_required or anything else. The documentation considers to check on the user's
        # authentication state during get_queryset() of the call. Therefore this test method here will stay here
        # for future clarification but won't be run due to the prefix '_'
        # User not logged in
        client = Client()
        urls = [
            self.atcmplt_accs,
            self.atcmplt_interventions,
            self.atcmplt_code_comp_action,
            self.atcmplt_code_comp_funding,
            self.atcmplt_code_comp_biotope,
            self.atcmplt_code_comp_law,
            self.atcmplt_code_comp_process,
            self.atcmplt_code_comp_reg_off,
            self.atcmplt_code_comp_cons_off,
        ]
        self.assert_url_fail(client, urls)
    def test_views_logged_in_no_groups(self):
        # User logged in
        client = Client()
        client.login(username=self.superuser.username, password=self.superuser_pw)
        self.superuser.groups.set([])
        urls = [
            self.atcmplt_accs,
            self.atcmplt_interventions,
            self.atcmplt_code_comp_action,
            self.atcmplt_code_comp_funding,
            self.atcmplt_code_comp_biotope,
            self.atcmplt_code_comp_law,
            self.atcmplt_code_comp_process,
            self.atcmplt_code_comp_reg_off,
            self.atcmplt_code_comp_cons_off,
        ]
        self.assert_url_success(client, urls)
		`@ -0,0 +1,3 @@`
							`from django.test import TestCase`

							`# Create your tests here.`