udata 14.0.0__py3-none-any.whl → 14.5.1.dev6__py3-none-any.whl

udata/tests/frontend/test_auth.py

@@ -1,7 +1,7 @@
 from flask import current_app, url_for
 from flask_security.utils import hash_data
 
-from udata.core.user.factories import AdminFactory
+from udata.core.user.factories import AdminFactory, UserFactory
 from udata.tests.api import APITestCase
 
 
@@ -22,3 +22,60 @@ class AuthTest(APITestCase):
 
         user.reload()
         assert user.email == new_email
+
+    def test_change_mail_already_taken(self):
+        """Should not allow changing email to one already taken by another user"""
+        user = self.login(AdminFactory())
+        original_email = user.email
+
+        # Create another user with the target email
+        existing_user = UserFactory(email="taken@example.com")
+        new_email = existing_user.email
+
+        security = current_app.extensions["security"]
+
+        data = [str(user.fs_uniquifier), hash_data(user.email), new_email]
+        token = security.confirm_serializer.dumps(data)
+        confirmation_link = url_for("security.confirm_change_email", token=token)
+
+        resp = self.get(confirmation_link)
+        assert resp.status_code == 302
+        assert "change_email_already_taken" in resp.location
+
+        # Email should not have changed
+        user.reload()
+        assert user.email == original_email
+
+    def test_change_mail_after_password_change(self):
+        """Changing password rotates fs_uniquifier and invalidates email change token"""
+        user = UserFactory(password="Password123")
+        self.login(user)
+        old_uniquifier = user.fs_uniquifier
+
+        new_email = "new@example.com"
+
+        security = current_app.extensions["security"]
+
+        data = [str(user.fs_uniquifier), hash_data(user.email), new_email]
+        token = security.confirm_serializer.dumps(data)
+        confirmation_link = url_for("security.confirm_change_email", token=token)
+
+        # Change password via API
+        resp = self.post(
+            url_for("security.change_password"),
+            {
+                "password": "Password123",
+                "new_password": "NewPassword456",
+                "new_password_confirm": "NewPassword456",
+                "submit": True,
+            },
+        )
+        assert resp.status_code == 200, f"Password change failed: {resp.data}"
+
+        user.reload()
+        assert user.fs_uniquifier != old_uniquifier, "fs_uniquifier should have changed"
+
+        # Now try to use the email change link - should fail
+        resp = self.get(confirmation_link)
+        assert resp.status_code == 302
+        assert "change_email_invalid" in resp.location

udata/tests/frontend/test_csv.py

@@ -269,7 +269,6 @@ class CsvTest(APITestCase):
 
         self.assert200(response)
         self.assertEqual(response.mimetype, "text/csv")
-        self.assertEqual(response.charset, "utf-8")
 
         csvfile = StringIO(response.data.decode("utf8"))
         reader = csv.get_reader(csvfile)
@@ -327,7 +326,6 @@ class CsvTest(APITestCase):
 
         self.assert200(response)
         self.assertEqual(response.mimetype, "text/csv")
-        self.assertEqual(response.charset, "utf-8")
 
         csvfile = StringIO(response.data.decode("utf8"))
         reader = csv.get_reader(csvfile)
@@ -349,7 +347,6 @@ class CsvTest(APITestCase):
 
         self.assert200(response)
         self.assertEqual(response.mimetype, "text/csv")
-        self.assertEqual(response.charset, "utf-8")
 
         csvfile = StringIO(response.data.decode("utf8"))
         reader = csv.get_reader(csvfile)

udata/tests/helpers.py

@@ -4,7 +4,7 @@ from datetime import timedelta
 from io import BytesIO
 from urllib.parse import parse_qs, urlparse
 
-import mock
+import pytest
 from flask import current_app, json
 from flask_security.babel import FsDomain
 from PIL import Image
@@ -12,6 +12,11 @@ from PIL import Image
 from udata.core.spatial.factories import GeoZoneFactory
 from udata.mail import mail_sent
 
+requires_search_service = pytest.mark.skipif(
+    not os.environ.get("UDATA_TEST_SEARCH_INTEGRATION"),
+    reason="Set UDATA_TEST_SEARCH_INTEGRATION=1 to run search integration tests",
+)
+
 
 def assert_equal_dates(datetime1, datetime2, limit=1):  # Seconds.
     """Lax date comparison, avoid comparing milliseconds and seconds."""
@@ -35,51 +40,50 @@ def assert_json_equal(first, second):
 
 
 @contextmanager
-def mock_signals(callback, *signals):
+def mock_signals(*signals):
     __tracebackhide__ = True
-    specs = []
 
-    def handler(sender, **kwargs):
-        pass
+    callbacks_by_signal = {}
+    calls_kwargs_by_signal = {}
 
-    for signal in signals:
-        m = mock.Mock(spec=handler)
-        signal.connect(m, weak=False)
-        specs.append((signal, m))
+    for requestSignal in signals:
+        # We capture requestSignal with a default argument
+        def callback(*args, requestSignal=requestSignal, **kwargs):
+            calls_kwargs_by_signal.setdefault(requestSignal, [])
+            calls_kwargs_by_signal[requestSignal].append(kwargs)
+
+        callbacks_by_signal[requestSignal] = callback
+        requestSignal.connect(callback, weak=False)
 
-    yield
+    yield calls_kwargs_by_signal
 
-    for signal, mock_handler in specs:
-        signal.disconnect(mock_handler)
-        signal_name = getattr(signal, "name", str(signal))
-        callback(signal_name, mock_handler)
+    for sig in signals:
+        sig.disconnect(callbacks_by_signal[sig])
 
 
 @contextmanager
 def assert_emit(*signals, assertions_callback=None):
     __tracebackhide__ = True
-    msg = 'Signal "{0}" should have been emitted'
 
-    def callback(name, handler):
-        assert handler.called, msg.format(name)
-        if assertions_callback is not None:
-            assertions_callback(handler.call_args)
-
-    with mock_signals(callback, *signals):
+    with mock_signals(*signals) as calls_kwargs_by_signal:
         yield
 
+    for signal in signals:
+        assert signal in calls_kwargs_by_signal, f'Signal "{signal}" should have been emitted'
+        if assertions_callback is not None:
+            for kwargs in calls_kwargs_by_signal[signal]:
+                assertions_callback(kwargs)
+
 
 @contextmanager
 def assert_not_emit(*signals):
     __tracebackhide__ = True
-    msg = 'Signal "{0}" should NOT have been emitted'
-
-    def callback(name, handler):
-        assert not handler.called, msg.format(name)
-
-    with mock_signals(callback, *signals):
+    with mock_signals(*signals) as calls_args_by_signal:
         yield
 
+    for signal in signals:
+        assert signal not in calls_args_by_signal, f'Signal "{signal}" should not have been emitted'
+
 
 @contextmanager
 def capture_mails():

udata/tests/organization/test_notifications.py

@@ -1,8 +1,11 @@
 from udata.core.organization.factories import OrganizationFactory
-from udata.core.organization.notifications import membership_request_notifications
+from udata.core.organization.notifications import (
+    membership_request_notifications,
+)
 from udata.core.user.factories import UserFactory
+from udata.features.notifications.models import Notification
 from udata.models import Member, MembershipRequest
-from udata.tests.api import PytestOnlyDBTestCase
+from udata.tests.api import DBTestCase, PytestOnlyDBTestCase
 from udata.tests.helpers import assert_equal_dates
 
 
@@ -27,3 +30,65 @@ class OrganizationNotificationsTest(PytestOnlyDBTestCase):
         assert details["user"]["id"] == applicant.id
         assert details["user"]["fullname"] == applicant.fullname
         assert details["user"]["avatar"] == str(applicant.avatar)
+
+
+class MembershipRequestNotificationTest(DBTestCase):
+    def test_notification_created_for_admins_only(self):
+        """Notifications are created for all admin users, not editors"""
+        admin1 = UserFactory()
+        admin2 = UserFactory()
+        editor = UserFactory()
+        applicant = UserFactory()
+        members = [
+            Member(user=editor, role="editor"),
+            Member(user=admin1, role="admin"),
+            Member(user=admin2, role="admin"),
+        ]
+        org = OrganizationFactory(members=members)
+
+        request = MembershipRequest(user=applicant, comment="test")
+        org.add_membership_request(request)
+
+        notifications = Notification.objects.all()
+        assert len(notifications) == 2
+
+        admin_users = [notif.user for notif in notifications]
+        self.assertIn(admin1, admin_users)
+        self.assertIn(admin2, admin_users)
+
+        for notification in notifications:
+            assert notification.details.request_organization == org
+            assert notification.details.request_user == applicant
+            assert_equal_dates(notification.created_at, request.created)
+
+    def test_no_duplicate_notifications(self):
+        """Duplicate notifications are not created on subsequent saves"""
+        admin = UserFactory()
+        applicant = UserFactory()
+        org = OrganizationFactory(members=[Member(user=admin, role="admin")])
+
+        request = MembershipRequest(user=applicant, comment="test")
+        org.add_membership_request(request)
+        org.add_membership_request(request)
+
+        assert Notification.objects.count() == 1
+
+    def test_multiple_requests_create_separate_notifications(self):
+        """Multiple requests from different users create separate notifications"""
+        admin = UserFactory()
+        applicant1 = UserFactory()
+        applicant2 = UserFactory()
+        org = OrganizationFactory(members=[Member(user=admin, role="admin")])
+
+        request1 = MembershipRequest(user=applicant1, comment="test 1")
+        org.add_membership_request(request1)
+
+        request2 = MembershipRequest(user=applicant2, comment="test 2")
+        org.add_membership_request(request2)
+
+        notifications = Notification.objects.all()
+        assert len(notifications) == 2
+
+        request_users = [notif.details.request_user for notif in notifications]
+        self.assertIn(applicant1, request_users)
+        self.assertIn(applicant2, request_users)

udata/tests/plugin.py

@@ -1,147 +1,20 @@
-import shlex
-from contextlib import contextmanager
-
 import pytest
-from flask import current_app, json, template_rendered, url_for
-from flask.testing import FlaskClient
-from flask_principal import Identity, identity_changed
-from lxml import etree
-
-from udata.core.user.factories import UserFactory
-
-from .helpers import assert200, assert_command_ok
-
-
-class TestClient(FlaskClient):
-    """
-    The goal of these `post`, `put` and `delete` functions is to
-    switch from `data` in kwargs to `data` in args and be able to
-    `client.post(url, data)` without doing `client.post(url, data=data)`
-
-    Same as in :TestClientOverride
-    """
-
-    def post(self, url, data=None, **kwargs):
-        return super(TestClient, self).post(url, data=data, **kwargs)
-
-    def put(self, url, data=None, **kwargs):
-        return super(TestClient, self).put(url, data=data, **kwargs)
-
-    def delete(self, url, data=None, **kwargs):
-        return super(TestClient, self).delete(url, data=data, **kwargs)
-
-    def login(self, user=None):
-        user = user or UserFactory()
-        with self.session_transaction() as session:
-            # Since flask-security-too 4.0.0, the user.fs_uniquifier is used instead of user.id for auth
-            user_id = getattr(user, current_app.login_manager.id_attribute)()
-            session["user_id"] = user_id
-            session["_fresh"] = True
-            session["_id"] = current_app.login_manager._session_identifier_generator()
-            current_app.login_manager._update_request_context_with_user(user)
-            identity_changed.send(current_app._get_current_object(), identity=Identity(user.id))
-        return user
-
-    def logout(self):
-        with self.session_transaction() as session:
-            del session["user_id"]
-            del session["_fresh"]
-            del session["_id"]
 
 
 @pytest.fixture
-def client(app):
-    """
-    Fixes https://github.com/pytest-dev/pytest-flask/issues/42
-    """
-    return app.test_client()
-
-
-class ApiClient(object):
-    def __init__(self, client):
-        self.client = client
-        self._user = None
-
-    def login(self, *args, **kwargs):
-        return self.client.login(*args, **kwargs)
-
-    @contextmanager
-    def user(self, user=None):
-        self._user = user or UserFactory()
-        if not self._user.apikey:
-            self._user.generate_api_key()
-            self._user.save()
-        yield self._user
-
-    def perform(self, verb, url, **kwargs):
-        headers = kwargs.pop("headers", {})
-        headers["Content-Type"] = "application/json"
-
-        data = kwargs.get("data")
-        if data is not None:
-            data = json.dumps(data)
-            headers["Content-Length"] = len(data)
-            kwargs["data"] = data
-
-        if self._user:
-            headers["X-API-KEY"] = kwargs.get("X-API-KEY", self._user.apikey)
-
-        kwargs["headers"] = headers
-        method = getattr(self.client, verb)
-        return method(url, **kwargs)
-
-    def get(self, url, *args, **kwargs):
-        return self.perform("get", url, *args, **kwargs)
-
-    def post(self, url, data=None, json=True, *args, **kwargs):
-        if not json:
-            return self.client.post(url, data or {}, *args, **kwargs)
-        return self.perform("post", url, data=data or {}, *args, **kwargs)
-
-    def put(self, url, data=None, json=True, *args, **kwargs):
-        if not json:
-            return self.client.put(url, data or {}, *args, **kwargs)
-        return self.perform("put", url, data=data or {}, *args, **kwargs)
-
-    def patch(self, url, data=None, json=True, *args, **kwargs):
-        if not json:
-            return self.client.patch(url, data or {}, *args, **kwargs)
-        return self.perform("patch", url, data=data or {}, *args, **kwargs)
-
-    def delete(self, url, data=None, *args, **kwargs):
-        return self.perform("delete", url, data=data or {}, *args, **kwargs)
-
-    def options(self, url, data=None, *args, **kwargs):
-        return self.perform("options", url, data=data or {}, *args, **kwargs)
-
-
-@pytest.fixture
-def api(client):
-    api_client = ApiClient(client)
-    return api_client
-
-
-@pytest.fixture(name="cli")
-def cli_fixture(app):
-    def mock_runner(*args, **kwargs):
-        from udata.commands import cli
-
-        if len(args) == 1 and " " in args[0]:
-            args = shlex.split(args[0])
-        runner = app.test_cli_runner()
-        result = runner.invoke(cli, args, catch_exceptions=False)
-        if kwargs.get("check", True):
-            assert_command_ok(result)
-        return result
+def rmock():
+    """A requests-mock fixture"""
+    import requests_mock
 
-    return mock_runner
+    with requests_mock.Mocker() as m:
+        m.ANY = requests_mock.ANY
+        yield m
 
 
 @pytest.fixture
 def instance_path(app, tmpdir):
     """Use temporary application instance_path"""
     from udata.core import storages
-    from udata.core.storages.views import blueprint
 
     app.instance_path = str(tmpdir)
     app.config["FS_ROOT"] = str(tmpdir / "fs")
@@ -152,133 +25,5 @@ def instance_path(app, tmpdir):
         app.config.pop(key.format("ROOT"), None)
 
     storages.init_app(app)
-    app.register_blueprint(blueprint, name="test-storage")
 
     return tmpdir
-
-
-class ContextVariableDoesNotExist(Exception):
-    pass
-
-
-class TemplateRecorder:
-    @contextmanager
-    def capture(self):
-        self.templates = []
-        template_rendered.connect(self._add_template)
-        yield
-        template_rendered.disconnect(self._add_template)
-
-    def _add_template(self, app, template, context):
-        self.templates.append((template, context))
-
-    def assert_used(self, name):
-        """
-        Checks if a given template is used in the request.
-
-        :param name: template name
-        """
-        __tracebackhide__ = True
-
-        used_templates = []
-
-        for template, context in self.templates:
-            if template.name == name:
-                return True
-
-            used_templates.append(template)
-
-        msg = "Template %s not used. Templates were used: %s" % (
-            name,
-            " ".join(repr(used_templates)),
-        )
-        raise AssertionError(msg)
-
-    def get_context_variable(self, name):
-        """
-        Returns a variable from the context passed to the template.
-
-        :param name: name of variable
-        :raises ContextVariableDoesNotExist: if does not exist.
-        """
-        for template, context in self.templates:
-            if name in context:
-                return context[name]
-        raise ContextVariableDoesNotExist()
-
-
-@pytest.fixture
-def templates():
-    recorder = TemplateRecorder()
-    with recorder.capture():
-        yield recorder
-
-
-@pytest.fixture
-def httpretty():
-    import httpretty
-
-    httpretty.reset()
-    httpretty.enable()
-    yield httpretty
-    httpretty.disable()
-
-
-@pytest.fixture
-def rmock():
-    """A requests-mock fixture"""
-    import requests_mock
-
-    with requests_mock.Mocker() as m:
-        m.ANY = requests_mock.ANY
-        yield m
-
-
-class SitemapClient:
-    # Needed for lxml XPath not supporting default namespace
-    NAMESPACES = {"s": "http://www.sitemaps.org/schemas/sitemap/0.9"}
-    MISMATCH = 'URL "{0}" {1} mismatch: expected "{2}" found "{3}"'
-
-    def __init__(self, client):
-        self.client = client
-        self._sitemap = None
-
-    def fetch(self, secure=False):
-        base_url = "{0}://local.test".format("https" if secure else "http")
-        response = self.client.get("sitemap.xml", base_url=base_url)
-        assert200(response)
-        self._sitemap = etree.fromstring(response.data)
-        return self._sitemap
-
-    def xpath(self, query):
-        return self._sitemap.xpath(query, namespaces=self.NAMESPACES)
-
-    def get_by_url(self, endpoint, **kwargs):
-        url = url_for(endpoint, _external=True, **kwargs)
-        query = 's:url[s:loc="{url}"]'.format(url=url)
-        result = self.xpath(query)
-        return result[0] if result else None
-
-    def assert_url(self, url, priority, changefreq):
-        """
-        Check than a URL is present in the sitemap
-        with given `priority` and `changefreq`
-        """
-        __tracebackhide__ = True
-        r = url.xpath("s:priority", namespaces=self.NAMESPACES)
-        assert len(r) == 1, 'URL "{0}" should have one priority'.format(url)
-        found = r[0].text
-        msg = self.MISMATCH.format(url, "priority", priority, found)
-        assert found == str(priority), msg
-
-        r = url.xpath("s:changefreq", namespaces=self.NAMESPACES)
-        assert len(r) == 1, 'URL "{0}" should have one changefreq'.format(url)
-        found = r[0].text
-        msg = self.MISMATCH.format(url, "changefreq", changefreq, found)
-        assert found == changefreq, msg
-
-
-@pytest.fixture
-def sitemap(client):
-    sitemap_client = SitemapClient(client)
-    return sitemap_client

udata/tests/search/test_search_integration.py

@@ -0,0 +1,33 @@
+import time
+
+import pytest
+
+from udata.core.dataset.factories import DatasetFactory
+from udata.tests.api import APITestCase
+from udata.tests.helpers import requires_search_service
+
+
+@requires_search_service
+@pytest.mark.options(SEARCH_SERVICE_API_URL="http://localhost:5000/api/1/", AUTO_INDEX=True)
+class SearchIntegrationTest(APITestCase):
+    """Integration tests that require a running search-service and Elasticsearch."""
+
+    def test_dataset_fuzzy_search(self):
+        """
+        Test that Elasticsearch fuzzy search works.
+
+        A typo in the search query ("spectakulaire" instead of "spectaculaire")
+        should still find the dataset thanks to ES fuzzy matching.
+        """
+        DatasetFactory(title="Données spectaculaires sur les transports")
+
+        # Small delay to let ES index the document
+        time.sleep(1)
+
+        # Search with a typo - only ES fuzzy search can handle this
+        response = self.get("/api/2/datasets/search/?q=spectakulaire")
+        self.assert200(response)
+        assert response.json["total"] >= 1
+
+        titles = [d["title"] for d in response.json["data"]]
+        assert "Données spectaculaires sur les transports" in titles