Merge branch 'main' into followers-following-views

2022-07-29 13:09:30 -07:00 · 2022-07-29 13:09:30 -07:00 · 23188dfc5f
commit 23188dfc5f
parent d458001491 3c9c23803e
102 changed files with 16985 additions and 1412 deletions
--- a/bookwyrm/tests/views/landing/test_password.py
+++ b/bookwyrm/tests/views/landing/test_password.py
@ -104,7 +104,9 @@ class PasswordViews(TestCase):
        """reset from code"""
        view = views.PasswordReset.as_view()
        code = models.PasswordReset.objects.create(user=self.local_user)
-        request = self.factory.post("", {"password": "hi", "confirm-password": "hi"})
+        request = self.factory.post(
+            "", {"password": "longwordsecure", "confirm_password": "longwordsecure"}
+        )
        with patch("bookwyrm.views.landing.password.login"):
            resp = view(request, code.code)
        self.assertEqual(resp.status_code, 302)
@ -114,7 +116,9 @@ class PasswordViews(TestCase):
        """reset from code"""
        view = views.PasswordReset.as_view()
        models.PasswordReset.objects.create(user=self.local_user)
-        request = self.factory.post("", {"password": "hi", "confirm-password": "hi"})
+        request = self.factory.post(
+            "", {"password": "longwordsecure", "confirm_password": "longwordsecure"}
+        )
        resp = view(request, "jhgdkfjgdf")
        validate_html(resp.render())
        self.assertTrue(models.PasswordReset.objects.exists())
@ -123,7 +127,18 @@ class PasswordViews(TestCase):
        """reset from code"""
        view = views.PasswordReset.as_view()
        code = models.PasswordReset.objects.create(user=self.local_user)
-        request = self.factory.post("", {"password": "hi", "confirm-password": "hihi"})
+        request = self.factory.post(
+            "", {"password": "longwordsecure", "confirm_password": "hihi"}
+        )
+        resp = view(request, code.code)
+        validate_html(resp.render())
+        self.assertTrue(models.PasswordReset.objects.exists())
+
+    def test_password_reset_invalid(self):
+        """reset from code"""
+        view = views.PasswordReset.as_view()
+        code = models.PasswordReset.objects.create(user=self.local_user)
+        request = self.factory.post("", {"password": "a", "confirm_password": "a"})
        resp = view(request, code.code)
        validate_html(resp.render())
        self.assertTrue(models.PasswordReset.objects.exists())
--- a/bookwyrm/tests/views/landing/test_register.py
+++ b/bookwyrm/tests/views/landing/test_register.py
@ -122,6 +122,17 @@ class RegisterViews(TestCase):
        self.assertEqual(models.User.objects.count(), 1)
        validate_html(response.render())

+    def test_register_invalid_password(self, *_):
+        """gotta have an email"""
+        view = views.Register.as_view()
+        self.assertEqual(models.User.objects.count(), 1)
+        request = self.factory.post(
+            "register/", {"localname": "nutria", "password": "password", "email": "aa"}
+        )
+        response = view(request)
+        self.assertEqual(models.User.objects.count(), 1)
+        validate_html(response.render())
+
    def test_register_error_and_invite(self, *_):
        """redirect to the invite page"""
        view = views.Register.as_view()
--- a/bookwyrm/tests/views/lists/test_lists.py
+++ b/bookwyrm/tests/views/lists/test_lists.py
@ -3,6 +3,7 @@ import json
 from unittest.mock import patch

 from django.contrib.auth.models import AnonymousUser
+from django.core.exceptions import PermissionDenied
 from django.template.response import TemplateResponse
 from django.test import TestCase
 from django.test.client import RequestFactory
@ -28,6 +29,9 @@ class ListViews(TestCase):
                localname="mouse",
                remote_id="https://example.com/users/mouse",
            )
+            self.another_user = models.User.objects.create_user(
+                "rat@local.com", "rat@rat.com", "ratword", local=True, localname="rat"
+            )
        self.anonymous_user = AnonymousUser
        self.anonymous_user.is_authenticated = False

@ -167,3 +171,20 @@ class ListViews(TestCase):
        self.assertEqual(new_list.description, "wow")
        self.assertEqual(new_list.privacy, "unlisted")
        self.assertEqual(new_list.curation, "open")
+
+    def test_lists_create_permission_denied(self):
+        """create list view"""
+        view = views.Lists.as_view()
+        request = self.factory.post(
+            "",
+            {
+                "name": "A list",
+                "description": "wow",
+                "privacy": "unlisted",
+                "curation": "open",
+                "user": self.local_user.id,
+            },
+        )
+        request.user = self.another_user
+        with self.assertRaises(PermissionDenied):
+            view(request)
--- a/bookwyrm/tests/views/preferences/test_change_password.py
+++ b/bookwyrm/tests/views/preferences/test_change_password.py
@ -46,14 +46,15 @@ class ChangePasswordViews(TestCase):
            "",
            {
                "current_password": "password",
-                "password": "hi",
-                "confirm-password": "hi",
+                "password": "longwordsecure",
+                "confirm_password": "longwordsecure",
            },
        )
        request.user = self.local_user
        with patch("bookwyrm.views.preferences.change_password.login"):
            result = view(request)
        validate_html(result.render())
+        self.local_user.refresh_from_db()
        self.assertNotEqual(self.local_user.password, password_hash)

    def test_password_change_wrong_current(self):
@ -64,13 +65,14 @@ class ChangePasswordViews(TestCase):
            "",
            {
                "current_password": "not my password",
-                "password": "hi",
-                "confirm-password": "hihi",
+                "password": "longwordsecure",
+                "confirm_password": "hihi",
            },
        )
        request.user = self.local_user
        result = view(request)
        validate_html(result.render())
+        self.local_user.refresh_from_db()
        self.assertEqual(self.local_user.password, password_hash)

    def test_password_change_mismatch(self):
@ -81,11 +83,30 @@ class ChangePasswordViews(TestCase):
            "",
            {
                "current_password": "password",
-                "password": "hi",
-                "confirm-password": "hihi",
+                "password": "longwordsecure",
+                "confirm_password": "hihi",
            },
        )
        request.user = self.local_user
        result = view(request)
        validate_html(result.render())
+        self.local_user.refresh_from_db()
+        self.assertEqual(self.local_user.password, password_hash)
+
+    def test_password_change_invalid(self):
+        """change password"""
+        view = views.ChangePassword.as_view()
+        password_hash = self.local_user.password
+        request = self.factory.post(
+            "",
+            {
+                "current_password": "password",
+                "password": "hi",
+                "confirm_password": "hi",
+            },
+        )
+        request.user = self.local_user
+        result = view(request)
+        validate_html(result.render())
+        self.local_user.refresh_from_db()
        self.assertEqual(self.local_user.password, password_hash)
--- a/bookwyrm/tests/views/shelf/test_shelf_actions.py
+++ b/bookwyrm/tests/views/shelf/test_shelf_actions.py
@ -32,6 +32,14 @@ class ShelfActionViews(TestCase):
                localname="mouse",
                remote_id="https://example.com/users/mouse",
            )
+            self.another_user = models.User.objects.create_user(
+                "rat@local.com",
+                "rat@rat.com",
+                "ratword",
+                local=True,
+                localname="rat",
+                remote_id="https://example.com/users/rat",
+            )
        self.work = models.Work.objects.create(title="Test Work")
        self.book = models.Edition.objects.create(
            title="Example Edition",
@ -66,7 +74,7 @@ class ShelfActionViews(TestCase):

    def test_shelve_to_read(self, *_):
        """special behavior for the to-read shelf"""
-        shelf = models.Shelf.objects.get(identifier="to-read")
+        shelf = models.Shelf.objects.get(user=self.local_user, identifier="to-read")
        request = self.factory.post(
            "", {"book": self.book.id, "shelf": shelf.identifier}
        )
@ -79,7 +87,7 @@ class ShelfActionViews(TestCase):

    def test_shelve_reading(self, *_):
        """special behavior for the reading shelf"""
-        shelf = models.Shelf.objects.get(identifier="reading")
+        shelf = models.Shelf.objects.get(user=self.local_user, identifier="reading")
        request = self.factory.post(
            "", {"book": self.book.id, "shelf": shelf.identifier}
        )
@ -92,7 +100,7 @@ class ShelfActionViews(TestCase):

    def test_shelve_read(self, *_):
        """special behavior for the read shelf"""
-        shelf = models.Shelf.objects.get(identifier="read")
+        shelf = models.Shelf.objects.get(user=self.local_user, identifier="read")
        request = self.factory.post(
            "", {"book": self.book.id, "shelf": shelf.identifier}
        )
@ -105,11 +113,13 @@ class ShelfActionViews(TestCase):

    def test_shelve_read_with_change_shelf(self, *_):
        """special behavior for the read shelf"""
-        previous_shelf = models.Shelf.objects.get(identifier="reading")
+        previous_shelf = models.Shelf.objects.get(
+            user=self.local_user, identifier="reading"
+        )
        models.ShelfBook.objects.create(
            shelf=previous_shelf, user=self.local_user, book=self.book
        )
-        shelf = models.Shelf.objects.get(identifier="read")
+        shelf = models.Shelf.objects.get(user=self.local_user, identifier="read")

        request = self.factory.post(
            "",
@ -160,11 +170,24 @@ class ShelfActionViews(TestCase):

        views.create_shelf(request)

-        shelf = models.Shelf.objects.get(name="new shelf name")
+        shelf = models.Shelf.objects.get(user=self.local_user, name="new shelf name")
        self.assertEqual(shelf.privacy, "unlisted")
        self.assertEqual(shelf.description, "desc")
        self.assertEqual(shelf.user, self.local_user)

+    def test_create_shelf_wrong_user(self, *_):
+        """a brand new custom shelf"""
+        form = forms.ShelfForm()
+        form.data["user"] = self.another_user.id
+        form.data["name"] = "new shelf name"
+        form.data["description"] = "desc"
+        form.data["privacy"] = "unlisted"
+        request = self.factory.post("", form.data)
+        request.user = self.local_user
+
+        with self.assertRaises(PermissionDenied):
+            views.create_shelf(request)
+
    def test_delete_shelf(self, *_):
        """delete a brand new custom shelf"""
        request = self.factory.post("")
@ -177,18 +200,8 @@ class ShelfActionViews(TestCase):

    def test_delete_shelf_unauthorized(self, *_):
        """delete a brand new custom shelf"""
-        with patch("bookwyrm.suggested_users.rerank_suggestions_task.delay"), patch(
-            "bookwyrm.activitystreams.populate_stream_task.delay"
-        ), patch("bookwyrm.lists_stream.populate_lists_task.delay"):
-            rat = models.User.objects.create_user(
-                "rat@local.com",
-                "rat@mouse.mouse",
-                "password",
-                local=True,
-                localname="rat",
-            )
        request = self.factory.post("")
-        request.user = rat
+        request.user = self.another_user

        with self.assertRaises(PermissionDenied):
            views.delete_shelf(request, self.shelf.id)
--- a/bookwyrm/tests/views/test_status.py
+++ b/bookwyrm/tests/views/test_status.py
@ -10,12 +10,13 @@ from bookwyrm.settings import DOMAIN
 from bookwyrm.tests.validate_html import validate_html


-# pylint: disable=invalid-name
@patch("bookwyrm.suggested_users.rerank_suggestions_task.delay")
@patch("bookwyrm.activitystreams.populate_stream_task.delay")
@patch("bookwyrm.lists_stream.populate_lists_task.delay")
@patch("bookwyrm.activitystreams.remove_status_task.delay")
@patch("bookwyrm.models.activitypub_mixin.broadcast_task.apply_async")
+# pylint: disable=invalid-name
+# pylint: disable=too-many-public-methods
 class StatusViews(TestCase):
    """viewing and creating statuses"""

@ -75,6 +76,44 @@ class StatusViews(TestCase):
        self.assertEqual(status.book, self.book)
        self.assertIsNone(status.edited_date)

+    def test_create_status_rating(self, *_):
+        """create a status"""
+        view = views.CreateStatus.as_view()
+        form = forms.RatingForm(
+            {
+                "user": self.local_user.id,
+                "rating": 4,
+                "book": self.book.id,
+                "privacy": "public",
+            }
+        )
+        request = self.factory.post("", form.data)
+        request.user = self.local_user
+
+        view(request, "rating")
+
+        status = models.ReviewRating.objects.get()
+        self.assertEqual(status.user, self.local_user)
+        self.assertEqual(status.book, self.book)
+        self.assertEqual(status.rating, 4.0)
+        self.assertIsNone(status.edited_date)
+
+    def test_create_status_wrong_user(self, *_):
+        """You can't compose statuses for someone else"""
+        view = views.CreateStatus.as_view()
+        form = forms.CommentForm(
+            {
+                "content": "hi",
+                "user": self.remote_user.id,
+                "book": self.book.id,
+                "privacy": "public",
+            }
+        )
+        request = self.factory.post("", form.data)
+        request.user = self.local_user
+        with self.assertRaises(PermissionDenied):
+            view(request, "comment")
+
    def test_create_status_reply(self, *_):
        """create a status in reply to an existing status"""
        view = views.CreateStatus.as_view()