From 7a918c93498c2eb4f85b3b0198c03f3c2edf51fe Mon Sep 17 00:00:00 2001 From: 0livd Date: Mon, 4 Sep 2017 15:44:20 +0200 Subject: Enhance the dashboard. (#262) * Update to a more flexible admin authentication * Admin can now access any project * Add delete and edit options in the dashboard * Add a link to the dashboard in the nav bar This is a rework of the changes proposed by @Olivd, so they can apply on top of the latest master without trouble. All credit goes to him for the code. --- ihatemoney/tests/tests.py | 31 ++++++++++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) (limited to 'ihatemoney/tests') diff --git a/ihatemoney/tests/tests.py b/ihatemoney/tests/tests.py index ac3551c..36ca6fc 100644 --- a/ihatemoney/tests/tests.py +++ b/ihatemoney/tests/tests.py @@ -379,8 +379,17 @@ class BudgetTestCase(IhatemoneyTestCase): c.get("/exit") self.assertNotIn('raclette', session) + # test that whith admin credentials, one can access every project + self.app.config['ADMIN_PASSWORD'] = generate_password_hash("pass") + with self.app.test_client() as c: + resp = c.post("/admin?goto=%2Fraclette", data={'admin_password': 'pass'}) + self.assertNotIn("Authentication", resp.data.decode('utf-8')) + self.assertTrue(session['is_admin']) + def test_admin_authentication(self): self.app.config['ADMIN_PASSWORD'] = generate_password_hash("pass") + # Disable public project creation so we have an admin endpoint to test + self.app.config['ALLOW_PUBLIC_PROJECT_CREATION'] = False # test the redirection to the authentication page when trying to access admin endpoints resp = self.client.get("/create") @@ -401,7 +410,8 @@ class BudgetTestCase(IhatemoneyTestCase): def test_login_throttler(self): self.app.config['ADMIN_PASSWORD'] = generate_password_hash("pass") - # Authenticate 3 times with a wrong passsword + # Activate admin login throttling by authenticating 4 times with a wrong passsword + self.client.post("/admin?goto=%2Fcreate", data={'admin_password': 'wrong'}) self.client.post("/admin?goto=%2Fcreate", data={'admin_password': 'wrong'}) self.client.post("/admin?goto=%2Fcreate", data={'admin_password': 'wrong'}) resp = self.client.post("/admin?goto=%2Fcreate", data={'admin_password': 'wrong'}) @@ -624,8 +634,23 @@ class BudgetTestCase(IhatemoneyTestCase): self.assertIn("Invalid email address", resp.data.decode('utf-8')) def test_dashboard(self): - response = self.client.get("/dashboard") - self.assertEqual(response.status_code, 200) + # test that the dashboard is deactivated by default + resp = self.client.post( + "/admin?goto=%2Fdashboard", + data={'admin_password': 'adminpass'}, + follow_redirects=True + ) + self.assertIn('
', resp.data.decode('utf-8')) + + # test access to the dashboard when it is activated + self.app.config['ACTIVATE_ADMIN_DASHBOARD'] = True + self.app.config['ADMIN_PASSWORD'] = generate_password_hash("adminpass") + resp = self.client.post( + "/admin?goto=%2Fdashboard", + data={'admin_password': 'adminpass'}, + follow_redirects=True + ) + self.assertIn('ProjectNumber of members', resp.data.decode('utf-8')) def test_statistics_page(self): self.post_project("raclette") -- cgit v1.1