|
4 | 4 |
|
5 | 5 | from __future__ import unicode_literals |
6 | 6 |
|
| 7 | +from unittest.mock import patch |
| 8 | + |
7 | 9 | from django.contrib.admin.sites import AdminSite |
| 10 | +from django.contrib.auth.models import User |
8 | 11 | from django.contrib.messages.storage.fallback import FallbackStorage |
9 | 12 | from django.http import HttpRequest |
10 | 13 | from django.test import TestCase |
11 | 14 |
|
12 | | -from config_models.admin import ConfigurationModelAdmin |
| 15 | +from config_models import admin |
13 | 16 | from config_models.models import ConfigurationModel |
14 | 17 |
|
| 18 | +from example.models import ExampleKeyedConfig |
| 19 | + |
| 20 | + |
| 21 | +class AdminTestCaseMixin: |
| 22 | + """ |
| 23 | + Provide a request factory method. |
| 24 | + """ |
| 25 | + |
| 26 | + def get_request(self): |
| 27 | + request = HttpRequest() |
| 28 | + request.session = "session" |
| 29 | + request._messages = FallbackStorage(request) # pylint: disable=protected-access |
| 30 | + return request |
15 | 31 |
|
16 | | -class AdminTestCase(TestCase): |
| 32 | + |
| 33 | +class AdminTestCase(TestCase, AdminTestCaseMixin): |
17 | 34 | """ |
18 | 35 | Test Case module for ConfigurationModel Admin |
19 | 36 | """ |
| 37 | + |
20 | 38 | def setUp(self): |
21 | 39 | super(AdminTestCase, self).setUp() |
22 | | - self.request = HttpRequest() |
23 | | - self.conf_admin = ConfigurationModelAdmin(ConfigurationModel, AdminSite()) |
24 | | - self.request.session = 'session' |
25 | | - self.request._messages = FallbackStorage(self.request) # pylint: disable=protected-access |
| 40 | + self.conf_admin = admin.ConfigurationModelAdmin(ConfigurationModel, AdminSite()) |
26 | 41 |
|
27 | 42 | def test_default_fields(self): |
28 | 43 | """ |
29 | 44 | Test: checking fields |
30 | 45 | """ |
| 46 | + request = self.get_request() |
31 | 47 | self.assertEqual( |
32 | | - list(self.conf_admin.get_form(self.request).base_fields), |
33 | | - ['enabled'] |
| 48 | + list(self.conf_admin.get_form(request).base_fields), ["enabled"] |
| 49 | + ) |
| 50 | + |
| 51 | + |
| 52 | +class KeyedAdminTestCase(TestCase, AdminTestCaseMixin): |
| 53 | + """ |
| 54 | + Test case module for KeyedConfigurationModelAdmin. |
| 55 | + """ |
| 56 | + |
| 57 | + def get_edit_link(self): |
| 58 | + """ |
| 59 | + Return an edit link from a KeyedConfigurationModelAdmin. Patch the `reverse` |
| 60 | + and `_` methods to modify the return value. |
| 61 | + """ |
| 62 | + conf_admin = admin.KeyedConfigurationModelAdmin(ExampleKeyedConfig, AdminSite()) |
| 63 | + request = self.get_request() |
| 64 | + ExampleKeyedConfig.objects.create(user=User.objects.create()) |
| 65 | + config = conf_admin.get_queryset(request)[0] |
| 66 | + return conf_admin.edit_link(config) |
| 67 | + |
| 68 | + def test_edit_link(self): |
| 69 | + with patch.object(admin, "reverse", return_value="http://google.com"): |
| 70 | + self.assertEqual( |
| 71 | + '<a href="http://google.com?source=1">Update</a>', self.get_edit_link(), |
| 72 | + ) |
| 73 | + |
| 74 | + def test_edit_link_xss_url(self): |
| 75 | + with patch.object( |
| 76 | + admin, "reverse", return_value='"><script>console.log("xss!")</script>' |
| 77 | + ): |
| 78 | + edit_link = self.get_edit_link() |
| 79 | + |
| 80 | + self.assertNotIn( |
| 81 | + "<script>", edit_link, |
| 82 | + ) |
| 83 | + self.assertIn( |
| 84 | + "<script>", edit_link, |
| 85 | + ) |
| 86 | + |
| 87 | + def test_edit_link_xss_translation(self): |
| 88 | + with patch.object(admin, "reverse", return_value=""): |
| 89 | + with patch.object( |
| 90 | + admin, "_", return_value='<script>console.log("xss!")</script>' |
| 91 | + ): |
| 92 | + edit_link = self.get_edit_link() |
| 93 | + |
| 94 | + self.assertNotIn( |
| 95 | + "<script>", edit_link, |
| 96 | + ) |
| 97 | + self.assertIn( |
| 98 | + "<script>", edit_link, |
34 | 99 | ) |
0 commit comments