arthexis 0.1.9__py3-none-any.whl → 0.1.10__py3-none-any.whl

pages/tests.py

@@ -1,5 +1,14 @@
-from django.test import Client, TestCase, override_settings
+import os
+
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "config.settings")
+
+import django
+
+django.setup()
+
+from django.test import Client, RequestFactory, TestCase, override_settings
 from django.urls import reverse
+from django.templatetags.static import static
 from urllib.parse import quote
 from django.contrib.auth import get_user_model
 from django.contrib.sites.models import Site
@@ -16,7 +25,15 @@ from pages.screenshot_specs import (
 )
 from django.apps import apps as django_apps
 from core import mailer
-from core.models import AdminHistory, InviteLead, Package, ReleaseManager, Todo
+from core.admin import ProfileAdminMixin
+from core.models import (
+    AdminHistory,
+    InviteLead,
+    Package,
+    Reference,
+    ReleaseManager,
+    Todo,
+)
 from django.core.files.uploadedfile import SimpleUploadedFile
 import base64
 import tempfile
@@ -33,6 +50,11 @@ from datetime import date, timedelta
 from django.core import mail
 from django.utils import timezone
 from django.utils.text import slugify
+from django_otp import DEVICE_ID_SESSION_KEY
+from django_otp.oath import TOTP
+from django_otp.plugins.otp_totp.models import TOTPDevice
+from core.backends import TOTP_DEVICE_NAME
+import time
 
 from nodes.models import (
     EmailOutbox,
@@ -58,6 +80,10 @@ class LoginViewTests(TestCase):
         resp = self.client.get(reverse("pages:index"))
         self.assertContains(resp, 'href="/login/"')
 
+    def test_login_page_shows_authenticator_toggle(self):
+        resp = self.client.get(reverse("pages:login"))
+        self.assertContains(resp, "Use Authenticator app")
+
     def test_staff_login_redirects_admin(self):
         resp = self.client.post(
             reverse("pages:login"),
@@ -65,6 +91,49 @@ class LoginViewTests(TestCase):
         )
         self.assertRedirects(resp, reverse("admin:index"))
 
+    def test_login_with_authenticator_code(self):
+        device = TOTPDevice.objects.create(
+            user=self.staff,
+            name=TOTP_DEVICE_NAME,
+            confirmed=True,
+        )
+        totp = TOTP(device.bin_key, device.step, device.t0, device.digits, device.drift)
+        totp.time = time.time()
+        token = f"{totp.token():0{device.digits}d}"
+
+        resp = self.client.post(
+            reverse("pages:login"),
+            {
+                "username": "staff",
+                "auth_method": "otp",
+                "otp_token": token,
+            },
+        )
+
+        self.assertRedirects(resp, reverse("admin:index"))
+        session = self.client.session
+        self.assertIn(DEVICE_ID_SESSION_KEY, session)
+        self.assertEqual(session[DEVICE_ID_SESSION_KEY], device.persistent_id)
+
+    def test_login_with_invalid_authenticator_code(self):
+        TOTPDevice.objects.create(
+            user=self.staff,
+            name=TOTP_DEVICE_NAME,
+            confirmed=True,
+        )
+
+        resp = self.client.post(
+            reverse("pages:login"),
+            {
+                "username": "staff",
+                "auth_method": "otp",
+                "otp_token": "000000",
+            },
+        )
+
+        self.assertEqual(resp.status_code, 200)
+        self.assertContains(resp, "authenticator code is invalid", status_code=200)
+
     def test_already_logged_in_staff_redirects(self):
         self.client.force_login(self.staff)
         resp = self.client.get(reverse("pages:login"))
@@ -84,6 +153,8 @@ class LoginViewTests(TestCase):
         )
         self.assertRedirects(resp, "/nodes/list/")
 
+
+
     @override_settings(EMAIL_BACKEND="django.core.mail.backends.dummy.EmailBackend")
     def test_login_page_hides_request_link_without_email_backend(self):
         resp = self.client.get(reverse("pages:login"))
@@ -97,6 +168,173 @@ class LoginViewTests(TestCase):
         self.assertTrue(resp.context["can_request_invite"])
         self.assertContains(resp, reverse("pages:request-invite"))
 
+    @override_settings(ALLOWED_HOSTS=["gway-qk32000"])
+    def test_login_allows_forwarded_https_origin(self):
+        secure_client = Client(enforce_csrf_checks=True)
+        login_url = reverse("pages:login")
+        response = secure_client.get(login_url, HTTP_HOST="gway-qk32000")
+        csrf_cookie = response.cookies["csrftoken"].value
+        submit = secure_client.post(
+            login_url,
+            {
+                "username": "staff",
+                "password": "pwd",
+                "csrfmiddlewaretoken": csrf_cookie,
+            },
+            HTTP_HOST="gway-qk32000",
+            HTTP_ORIGIN="https://gway-qk32000",
+            HTTP_X_FORWARDED_PROTO="https",
+            HTTP_REFERER="https://gway-qk32000/login/",
+        )
+        self.assertRedirects(submit, reverse("admin:index"))
+
+    @override_settings(ALLOWED_HOSTS=["10.42.0.0/16", "gway-qk32000"])
+    def test_login_allows_forwarded_origin_with_private_host_header(self):
+        secure_client = Client(enforce_csrf_checks=True)
+        login_url = reverse("pages:login")
+        response = secure_client.get(login_url, HTTP_HOST="10.42.0.2")
+        csrf_cookie = response.cookies["csrftoken"].value
+        submit = secure_client.post(
+            login_url,
+            {
+                "username": "staff",
+                "password": "pwd",
+                "csrfmiddlewaretoken": csrf_cookie,
+            },
+            HTTP_HOST="10.42.0.2",
+            HTTP_ORIGIN="https://gway-qk32000",
+            HTTP_X_FORWARDED_PROTO="https",
+            HTTP_X_FORWARDED_HOST="gway-qk32000",
+            HTTP_REFERER="https://gway-qk32000/login/",
+        )
+        self.assertRedirects(submit, reverse("admin:index"))
+
+    @override_settings(ALLOWED_HOSTS=["10.42.0.0/16", "gway-qk32000"])
+    def test_login_allows_forwarded_header_host_and_proto(self):
+        secure_client = Client(enforce_csrf_checks=True)
+        login_url = reverse("pages:login")
+        response = secure_client.get(login_url, HTTP_HOST="10.42.0.2")
+        csrf_cookie = response.cookies["csrftoken"].value
+        submit = secure_client.post(
+            login_url,
+            {
+                "username": "staff",
+                "password": "pwd",
+                "csrfmiddlewaretoken": csrf_cookie,
+            },
+            HTTP_HOST="10.42.0.2",
+            HTTP_ORIGIN="https://gway-qk32000",
+            HTTP_FORWARDED="proto=https;host=gway-qk32000",
+            HTTP_REFERER="https://gway-qk32000/login/",
+        )
+        self.assertRedirects(submit, reverse("admin:index"))
+
+    @override_settings(ALLOWED_HOSTS=["10.42.0.0/16", "gway-qk32000"])
+    def test_login_allows_forwarded_referer_without_origin(self):
+        secure_client = Client(enforce_csrf_checks=True)
+        login_url = reverse("pages:login")
+        response = secure_client.get(login_url, HTTP_HOST="10.42.0.2")
+        csrf_cookie = response.cookies["csrftoken"].value
+        submit = secure_client.post(
+            login_url,
+            {
+                "username": "staff",
+                "password": "pwd",
+                "csrfmiddlewaretoken": csrf_cookie,
+            },
+            HTTP_HOST="10.42.0.2",
+            HTTP_X_FORWARDED_PROTO="https",
+            HTTP_X_FORWARDED_HOST="gway-qk32000",
+            HTTP_REFERER="https://gway-qk32000/login/",
+        )
+        self.assertRedirects(submit, reverse("admin:index"))
+
+    @override_settings(ALLOWED_HOSTS=["gway-qk32000"])
+    def test_login_allows_forwarded_origin_with_explicit_port(self):
+        secure_client = Client(enforce_csrf_checks=True)
+        login_url = reverse("pages:login")
+        response = secure_client.get(login_url, HTTP_HOST="gway-qk32000")
+        csrf_cookie = response.cookies["csrftoken"].value
+        submit = secure_client.post(
+            login_url,
+            {
+                "username": "staff",
+                "password": "pwd",
+                "csrfmiddlewaretoken": csrf_cookie,
+            },
+            HTTP_HOST="gway-qk32000",
+            HTTP_ORIGIN="https://gway-qk32000:4443",
+            HTTP_X_FORWARDED_PROTO="https",
+            HTTP_X_FORWARDED_HOST="gway-qk32000:4443",
+            HTTP_REFERER="https://gway-qk32000:4443/login/",
+        )
+        self.assertRedirects(submit, reverse("admin:index"))
+
+
+class AuthenticatorSetupTests(TestCase):
+    def setUp(self):
+        self.client = Client()
+        User = get_user_model()
+        self.staff = User.objects.create_user(
+            username="staffer", password="pwd", is_staff=True
+        )
+        Site.objects.update_or_create(id=1, defaults={"name": "Terminal"})
+        self.client.force_login(self.staff)
+
+    def _current_token(self, device):
+        totp = TOTP(device.bin_key, device.step, device.t0, device.digits, device.drift)
+        totp.time = time.time()
+        return f"{totp.token():0{device.digits}d}"
+
+    def test_generate_creates_pending_device(self):
+        resp = self.client.post(
+            reverse("pages:authenticator-setup"), {"action": "generate"}
+        )
+        self.assertRedirects(resp, reverse("pages:authenticator-setup"))
+        device = TOTPDevice.objects.get(user=self.staff)
+        self.assertFalse(device.confirmed)
+        self.assertEqual(device.name, TOTP_DEVICE_NAME)
+
+    def test_device_config_url_includes_issuer_prefix(self):
+        self.client.post(reverse("pages:authenticator-setup"), {"action": "generate"})
+        device = TOTPDevice.objects.get(user=self.staff)
+        config_url = device.config_url
+        label = quote(f"{settings.OTP_TOTP_ISSUER}:{self.staff.username}")
+        self.assertIn(label, config_url)
+        self.assertIn(f"issuer={quote(settings.OTP_TOTP_ISSUER)}", config_url)
+
+    def test_pending_device_context_includes_qr(self):
+        self.client.post(reverse("pages:authenticator-setup"), {"action": "generate"})
+        resp = self.client.get(reverse("pages:authenticator-setup"))
+        self.assertEqual(resp.status_code, 200)
+        self.assertTrue(resp.context["qr_data_uri"].startswith("data:image/png;base64,"))
+        self.assertTrue(resp.context["manual_key"])
+
+    def test_confirm_pending_device(self):
+        self.client.post(reverse("pages:authenticator-setup"), {"action": "generate"})
+        device = TOTPDevice.objects.get(user=self.staff)
+        token = self._current_token(device)
+        resp = self.client.post(
+            reverse("pages:authenticator-setup"),
+            {"action": "confirm", "token": token},
+        )
+        self.assertRedirects(resp, reverse("pages:authenticator-setup"))
+        device.refresh_from_db()
+        self.assertTrue(device.confirmed)
+
+    def test_remove_device(self):
+        self.client.post(reverse("pages:authenticator-setup"), {"action": "generate"})
+        device = TOTPDevice.objects.get(user=self.staff)
+        token = self._current_token(device)
+        self.client.post(
+            reverse("pages:authenticator-setup"),
+            {"action": "confirm", "token": token},
+        )
+        resp = self.client.post(
+            reverse("pages:authenticator-setup"), {"action": "remove"}
+        )
+        self.assertRedirects(resp, reverse("pages:authenticator-setup"))
+        self.assertFalse(TOTPDevice.objects.filter(user=self.staff).exists())
 
 @override_settings(EMAIL_BACKEND="django.core.mail.backends.locmem.EmailBackend")
 class InvitationTests(TestCase):
@@ -336,6 +574,56 @@ class AdminBadgesTests(TestCase):
         self.assertContains(resp, f'href="{node_change}"')
 
 
+class AdminDashboardAppListTests(TestCase):
+    def setUp(self):
+        self.client = Client()
+        User = get_user_model()
+        self.admin = User.objects.create_superuser(
+            username="dashboard_admin", password="pwd", email="admin@example.com"
+        )
+        self.client.force_login(self.admin)
+        Site.objects.update_or_create(
+            id=1, defaults={"name": "test", "domain": "testserver"}
+        )
+        self.locks_dir = Path(settings.BASE_DIR) / "locks"
+        self.locks_dir.mkdir(parents=True, exist_ok=True)
+        self.celery_lock = self.locks_dir / "celery.lck"
+        if self.celery_lock.exists():
+            self.celery_lock.unlink()
+        self.addCleanup(self._remove_celery_lock)
+        self.node, _ = Node.objects.update_or_create(
+            mac_address=Node.get_current_mac(),
+            defaults={
+                "hostname": socket.gethostname(),
+                "address": socket.gethostbyname(socket.gethostname()),
+                "base_path": settings.BASE_DIR,
+                "port": 8000,
+            },
+        )
+        self.node.features.clear()
+
+    def _remove_celery_lock(self):
+        try:
+            self.celery_lock.unlink()
+        except FileNotFoundError:
+            pass
+
+    def test_horologia_hidden_without_celery_feature(self):
+        resp = self.client.get(reverse("admin:index"))
+        self.assertNotContains(resp, "5. Horologia MODELS")
+
+    def test_horologia_visible_with_celery_feature(self):
+        feature = NodeFeature.objects.create(slug="celery-queue", display="Celery Queue")
+        NodeFeatureAssignment.objects.create(node=self.node, feature=feature)
+        resp = self.client.get(reverse("admin:index"))
+        self.assertContains(resp, "5. Horologia MODELS")
+
+    def test_horologia_visible_with_celery_lock(self):
+        self.celery_lock.write_text("")
+        resp = self.client.get(reverse("admin:index"))
+        self.assertContains(resp, "5. Horologia MODELS")
+
+
 class AdminSidebarTests(TestCase):
     def setUp(self):
         self.client = Client()
@@ -440,6 +728,7 @@ class ViewHistoryAdminTests(TestCase):
         resp = self.client.get(reverse("admin:pages_viewhistory_traffic_graph"))
         self.assertContains(resp, "viewhistory-chart")
         self.assertContains(resp, reverse("admin:pages_viewhistory_changelist"))
+        self.assertContains(resp, static("core/vendor/chart.umd.min.js"))
 
     def test_graph_data_endpoint(self):
         self._create_history("/", count=2)
@@ -461,6 +750,7 @@ class ViewHistoryAdminTests(TestCase):
         resp = self.client.get(reverse("admin:index"))
         self.assertContains(resp, "viewhistory-mini-module")
         self.assertContains(resp, reverse("admin:pages_viewhistory_traffic_graph"))
+        self.assertContains(resp, static("core/vendor/chart.umd.min.js"))
 
 
 class AdminModelStatusTests(TestCase):
@@ -657,12 +947,6 @@ class ConstellationNavTests(TestCase):
                 "fixtures",
                 "constellation__module_ocpp.json",
             ),
-            Path(
-                settings.BASE_DIR,
-                "pages",
-                "fixtures",
-                "constellation__module_rfid.json",
-            ),
             Path(
                 settings.BASE_DIR,
                 "pages",
@@ -702,6 +986,106 @@ class ConstellationNavTests(TestCase):
                 is_deleted=False,
             ).exists()
         )
+        ocpp_module = next(
+            module
+            for module in resp.context["nav_modules"]
+            if module.menu_label.upper() == "CHARGERS"
+        )
+        landing_labels = [landing.label for landing in ocpp_module.enabled_landings]
+        self.assertIn("RFID Tag Validator", landing_labels)
+
+    def test_ocpp_dashboard_visible(self):
+        resp = self.client.get(reverse("pages:index"))
+        self.assertContains(resp, 'href="/ocpp/"')
+
+    def test_header_links_visible_when_defined(self):
+        Reference.objects.create(
+            alt_text="Console",
+            value="https://example.com/console",
+            show_in_header=True,
+        )
+
+        resp = self.client.get(reverse("pages:index"))
+
+        self.assertIn("header_references", resp.context)
+        self.assertTrue(resp.context["header_references"])
+        self.assertContains(resp, "LINKS")
+        self.assertContains(resp, 'href="https://example.com/console"')
+
+    def test_header_links_hidden_when_flag_false(self):
+        Reference.objects.create(
+            alt_text="Hidden",
+            value="https://example.com/hidden",
+            show_in_header=False,
+        )
+
+        resp = self.client.get(reverse("pages:index"))
+
+        self.assertIn("header_references", resp.context)
+        self.assertFalse(resp.context["header_references"])
+        self.assertNotContains(resp, "https://example.com/hidden")
+
+
+class PowerNavTests(TestCase):
+    def setUp(self):
+        self.client = Client()
+        role, _ = NodeRole.objects.get_or_create(name="Terminal")
+        Node.objects.update_or_create(
+            mac_address=Node.get_current_mac(),
+            defaults={"hostname": "localhost", "address": "127.0.0.1", "role": role},
+        )
+        Site.objects.update_or_create(
+            id=1, defaults={"domain": "testserver", "name": ""}
+        )
+        awg_app, _ = Application.objects.get_or_create(name="awg")
+        awg_module, _ = Module.objects.get_or_create(
+            node_role=role, application=awg_app, path="/awg/"
+        )
+        awg_module.create_landings()
+        man_app, _ = Application.objects.get_or_create(name="man")
+        man_module, _ = Module.objects.get_or_create(
+            node_role=role, application=man_app, path="/man/"
+        )
+        man_module.create_landings()
+        User = get_user_model()
+        self.user = User.objects.create_user("user", password="pw")
+
+    def test_power_pill_lists_calculators(self):
+        resp = self.client.get(reverse("pages:index"))
+        power_module = None
+        for module in resp.context["nav_modules"]:
+            if module.path == "/awg/":
+                power_module = module
+                break
+        self.assertIsNotNone(power_module)
+        self.assertEqual(power_module.menu_label.upper(), "CALCULATE")
+        landing_labels = {landing.label for landing in power_module.enabled_landings}
+        self.assertIn("AWG Calculator", landing_labels)
+
+    def test_manual_pill_label(self):
+        resp = self.client.get(reverse("pages:index"))
+        manuals_module = None
+        for module in resp.context["nav_modules"]:
+            if module.path == "/man/":
+                manuals_module = module
+                break
+        self.assertIsNotNone(manuals_module)
+        self.assertEqual(manuals_module.menu_label.upper(), "MANUALS")
+        landing_labels = {landing.label for landing in manuals_module.enabled_landings}
+        self.assertIn("Manuals", landing_labels)
+
+    def test_energy_tariff_visible_when_logged_in(self):
+        self.client.force_login(self.user)
+        resp = self.client.get(reverse("pages:index"))
+        power_module = None
+        for module in resp.context["nav_modules"]:
+            if module.path == "/awg/":
+                power_module = module
+                break
+        self.assertIsNotNone(power_module)
+        landing_labels = {landing.label for landing in power_module.enabled_landings}
+        self.assertIn("AWG Calculator", landing_labels)
+        self.assertIn("Energy Tariff Calculator", landing_labels)
 
 
 class StaffNavVisibilityTests(TestCase):
@@ -1116,16 +1500,22 @@ class FavoriteTests(TestCase):
             ).exists()
         )
 
-    def test_dashboard_uses_browse_label(self):
+    def test_dashboard_uses_change_label(self):
         ct = ContentType.objects.get_by_natural_key("pages", "application")
         Favorite.objects.create(user=self.user, content_type=ct)
         resp = self.client.get(reverse("admin:index"))
-        self.assertContains(resp, "Browse Applications")
+        self.assertContains(resp, "Change Applications")
+        self.assertContains(resp, 'target="_blank" rel="noopener noreferrer"')
 
-    def test_dashboard_uses_todo_url_if_set(self):
-        Todo.objects.create(request="Check docs", url="/docs/")
+    def test_dashboard_links_to_focus_view(self):
+        todo = Todo.objects.create(request="Check docs", url="/docs/")
         resp = self.client.get(reverse("admin:index"))
-        self.assertContains(resp, 'href="/docs/"')
+        focus_url = reverse("todo-focus", args=[todo.pk])
+        expected_next = quote(reverse("admin:index"))
+        self.assertContains(
+            resp,
+            f'href="{focus_url}?next={expected_next}"',
+        )
 
     def test_dashboard_shows_todo_with_done_button(self):
         todo = Todo.objects.create(request="Do thing")
@@ -1200,6 +1590,37 @@ class FavoriteTests(TestCase):
         self.assertContains(resp, todo.request)
 
 
+class AdminActionListTests(TestCase):
+    def setUp(self):
+        User = get_user_model()
+        User.objects.filter(username="action-admin").delete()
+        self.user = User.objects.create_superuser(
+            username="action-admin",
+            password="pwd",
+            email="action@example.com",
+        )
+        self.factory = RequestFactory()
+
+    def test_profile_actions_available_without_selection(self):
+        from pages.templatetags.admin_extras import model_admin_actions
+
+        request = self.factory.get("/")
+        request.user = self.user
+        context = {"request": request}
+
+        registered = [
+            (model._meta.app_label, model._meta.object_name)
+            for model, admin_instance in admin.site._registry.items()
+            if isinstance(admin_instance, ProfileAdminMixin)
+        ]
+
+        for app_label, object_name in registered:
+            with self.subTest(model=f"{app_label}.{object_name}"):
+                actions = model_admin_actions(context, app_label, object_name)
+                labels = {action["label"] for action in actions}
+                self.assertIn("Active Profile", labels)
+
+
 class AdminModelGraphViewTests(TestCase):
     def setUp(self):
         self.client = Client()

pages/urls.py

@@ -10,6 +10,7 @@ urlpatterns = [
     path("client-report/", views.client_report, name="client-report"),
     path("release-checklist", views.release_checklist, name="release-checklist"),
     path("login/", views.login_view, name="login"),
+    path("authenticator/setup/", views.authenticator_setup, name="authenticator-setup"),
     path("request-invite/", views.request_invite, name="request-invite"),
     path(
         "invitation/<uidb64>/<token>/",