From 3cb4b01c7c6528e252cfe71421967960d0514368 Mon Sep 17 00:00:00 2001
From: Nicolas ROCHE <nroche@entrouvert.com>
Date: Thu, 12 Mar 2020 13:50:17 +0100
Subject: [PATCH] tests: add tests on views (#40664)

---
 tests/test_views.py | 78 +++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 76 insertions(+), 2 deletions(-)

diff --git a/tests/test_views.py b/tests/test_views.py
index 38a391e..000bbfc 100644
--- a/tests/test_views.py
+++ b/tests/test_views.py
@@ -15,14 +15,17 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import copy
+import hashlib
 import json
 
 import pytest
 from webtest import Upload
 
 from django.urls import reverse
+from django.utils.encoding import force_bytes
 
 from bijoe.visualization.models import Visualization
+from bijoe.visualization.signature import sign_url
 
 from utils import login
 
@@ -52,15 +55,46 @@ def test_superuser(app, admin):
     resp = app.get('/manage/menu.json', status=200)
     assert len(resp.json) == 1
     assert resp.json[0]['slug'] == 'statistics'
+    resp = app.get('/manage/menu.json?callback=foo', status=200)
+    assert resp.content_type == 'application/javascript'
+    assert 'foo([{' in resp.text
     app.get('/', status=200)
     app.get('/visualization/', status=200)
+    resp = app.get('/accounts/logout/', status=302)
+    assert resp.location == '/'
 
 
-def test_visualizations_json_api(schema1, app, admin):
+def test_visualizations_json_api(schema1, app, admin, settings):
     Visualization(name='test', parameters={'warehouse': 'schema1', 'cube': 'test'}).save()
     Visualization(name='test', parameters={'warehouse': 'schema1', 'cube': 'test'}).save()
     Visualization(name='test', parameters={'warehouse': 'schema1', 'cube': 'test'}).save()
     Visualization(name='test', parameters={'warehouse_slug': 'schema1_slug', 'cube': 'test'}).save()
+
+    # using signature
+    key = 'xxx'
+    orig = 'other.example.net'
+    settings.KNOWN_SERVICES = {
+        'wcs': {
+            'default': {
+                'verif_orig': orig,
+                'secret': key,
+            }}}
+    url = '%s?orig=%s' % (reverse('visualizations-json'), orig)
+    url = sign_url(url, key)
+    resp = app.get(url, status=200)
+    assert set([x['slug'] for x in resp.json]) == set(['test', 'test-2', 'test-3', 'test-4'])
+
+    url = '%s?orig=%s' % (reverse('visualizations-json'), orig)
+    url = sign_url(url, 'wrong-key')
+    app.get(url, status=403)
+
+    url = '%s?orig=%s' % (reverse('visualizations-json'), 'wrong-orig')
+    url = sign_url(url, key)
+    app.get(url, status=403)
+
+    # without signature
+    app.get(reverse('visualizations-json'), status=403)
+
     login(app, admin)
     resp = app.get(reverse('visualizations-json'))
     assert set([x['slug'] for x in resp.json]) == set(['test', 'test-2', 'test-3', 'test-4'])
@@ -122,7 +156,19 @@ def test_visualization_creation_view(schema1, app, admin):
     assert visu.parameters['warehouse_slug'] == 'schema1_slug'
 
 
-def test_import_visualization(schema1, app, admin, visualization):
+def test_visualization_warehouse_view_errors(app, admin):
+    login(app, admin)
+    app.get('/visualization/warehouse/not-a-schema/', status=404)
+
+
+def test_visualization_cube_view_errors(schema1, app, admin):
+    login(app, admin)
+    app.get('/visualization/warehouse/not-a-schema/fact1/', status=404)
+    app.get('/visualization/warehouse/schema1/fact1/', status=404)
+
+
+def test_import_visualization(schema1, app, admin, visualization, settings):
+    settings.LANGUAGE_CODE = 'en-us'
     login(app, admin)
     resp = app.get('/visualization/%s/' % visualization.id)
     resp = resp.click('Export as JSON')
@@ -201,3 +247,31 @@ def test_save_as(schema1, app, admin, visualization):
     assert Visualization.objects.count() == 2
     new_visualization = Visualization.objects.get(name='zob')
     assert new_visualization.parameters == visualization.parameters
+
+
+def test_iframe_view(schema1, app, admin, visualization, settings):
+    # using signature
+    base_url = '/visualization/%s/iframe/' % visualization.id
+    signature = hashlib.sha1(force_bytes(base_url + settings.SECRET_KEY)).hexdigest()
+    resp = app.get('%s?signature=%s' % (base_url, signature), status=200)
+    resp = app.get('%s?signature=%s' % (base_url, 'no-good'), status=302)
+    assert '/accounts/login/?next=' in resp.location
+
+    # without signature
+    resp = app.get(base_url, status=302)
+    assert '/accounts/login/?next=' in resp.location
+    login(app, admin)
+    resp = app.get(base_url, status=200)
+
+
+def test_ods_view(schema1, app, admin, visualization, settings):
+    login(app, admin)
+    resp = app.get('/visualization/%s/ods/' % visualization.id)
+    assert resp.content_type == 'application/vnd.oasis.opendocument.spreadsheet'
+
+
+def test_geojson_view(schema1, app, admin, visualization, settings):
+    login(app, admin)
+    resp = app.get('/visualization/%s/geojson/' % visualization.id)
+    assert resp.content_type == 'application/json'
+    assert len(resp.json) == 8