diff options
| author | 0livd <github@destras.fr> | 2017-09-04 15:44:20 +0200 |
|---|---|---|
| committer | Alexis Metaireau <alexis@notmyidea.org> | 2017-09-04 15:44:20 +0200 |
| commit | 7a918c93498c2eb4f85b3b0198c03f3c2edf51fe (patch) | |
| tree | 885fe498c3f27acb8fc73f5d37765c7e42669762 /ihatemoney/tests | |
| parent | ee1ecbf3e747daa711744a05027a667a302cc7e9 (diff) | |
| download | ihatemoney-mirror-7a918c93498c2eb4f85b3b0198c03f3c2edf51fe.zip ihatemoney-mirror-7a918c93498c2eb4f85b3b0198c03f3c2edf51fe.tar.gz ihatemoney-mirror-7a918c93498c2eb4f85b3b0198c03f3c2edf51fe.tar.bz2 | |
Enhance the dashboard. (#262)
* Update to a more flexible admin authentication
* Admin can now access any project
* Add delete and edit options in the dashboard
* Add a link to the dashboard in the nav bar
This is a rework of the changes proposed by @Olivd, so they can apply on top of
the latest master without trouble. All credit goes to him for the code.
Diffstat (limited to 'ihatemoney/tests')
| -rw-r--r-- | ihatemoney/tests/tests.py | 31 |
1 files changed, 28 insertions, 3 deletions
diff --git a/ihatemoney/tests/tests.py b/ihatemoney/tests/tests.py index ac3551c..36ca6fc 100644 --- a/ihatemoney/tests/tests.py +++ b/ihatemoney/tests/tests.py @@ -379,8 +379,17 @@ class BudgetTestCase(IhatemoneyTestCase): c.get("/exit") self.assertNotIn('raclette', session) + # test that whith admin credentials, one can access every project + self.app.config['ADMIN_PASSWORD'] = generate_password_hash("pass") + with self.app.test_client() as c: + resp = c.post("/admin?goto=%2Fraclette", data={'admin_password': 'pass'}) + self.assertNotIn("Authentication", resp.data.decode('utf-8')) + self.assertTrue(session['is_admin']) + def test_admin_authentication(self): self.app.config['ADMIN_PASSWORD'] = generate_password_hash("pass") + # Disable public project creation so we have an admin endpoint to test + self.app.config['ALLOW_PUBLIC_PROJECT_CREATION'] = False # test the redirection to the authentication page when trying to access admin endpoints resp = self.client.get("/create") @@ -401,7 +410,8 @@ class BudgetTestCase(IhatemoneyTestCase): def test_login_throttler(self): self.app.config['ADMIN_PASSWORD'] = generate_password_hash("pass") - # Authenticate 3 times with a wrong passsword + # Activate admin login throttling by authenticating 4 times with a wrong passsword + self.client.post("/admin?goto=%2Fcreate", data={'admin_password': 'wrong'}) self.client.post("/admin?goto=%2Fcreate", data={'admin_password': 'wrong'}) self.client.post("/admin?goto=%2Fcreate", data={'admin_password': 'wrong'}) resp = self.client.post("/admin?goto=%2Fcreate", data={'admin_password': 'wrong'}) @@ -624,8 +634,23 @@ class BudgetTestCase(IhatemoneyTestCase): self.assertIn("Invalid email address", resp.data.decode('utf-8')) def test_dashboard(self): - response = self.client.get("/dashboard") - self.assertEqual(response.status_code, 200) + # test that the dashboard is deactivated by default + resp = self.client.post( + "/admin?goto=%2Fdashboard", + data={'admin_password': 'adminpass'}, + follow_redirects=True + ) + self.assertIn('<div class="alert alert-danger">', resp.data.decode('utf-8')) + + # test access to the dashboard when it is activated + self.app.config['ACTIVATE_ADMIN_DASHBOARD'] = True + self.app.config['ADMIN_PASSWORD'] = generate_password_hash("adminpass") + resp = self.client.post( + "/admin?goto=%2Fdashboard", + data={'admin_password': 'adminpass'}, + follow_redirects=True + ) + self.assertIn('<thead><tr><th>Project</th><th>Number of members', resp.data.decode('utf-8')) def test_statistics_page(self): self.post_project("raclette") |