lingo: improve error handling of basket item removal view (#14112)

combo/apps/lingo/views.py

@@ -559,13 +559,17 @@ class CancelItemView(DetailView):
         return context
 
     def get_queryset(self):
-        return BasketItem.objects.filter(user=self.request.user,
+        return BasketItem.objects.filter(user=self.request.user.id,
                 payment_date__isnull=True,
                 cancellation_date__isnull=True)
 
     def post(self, request, *args, **kwargs):
+        if not request.user.is_authenticated():
+            messages.error(request, _('An error occured when removing the item. '
+                                      '(no authenticated user)'))
+            return HttpResponseRedirect(get_basket_url())
         if not self.get_object().user_cancellable:
-            messages.error(request, _('This item cannot be removed'))
+            messages.error(request, _('This item cannot be removed.'))
             return HttpResponseRedirect(get_basket_url())
         try:
             self.get_object().notify_cancellation()

tests/settings.py

@@ -16,6 +16,8 @@ KNOWN_SERVICES = {
     }
 }
 
+MESSAGE_STORAGE = 'django.contrib.messages.storage.session.SessionStorage'
+
 LINGO_API_SIGN_KEY = '12345'
 LINGO_SIGNATURE_KEY = '54321'
 

tests/test_lingo_payment.py

@@ -12,12 +12,14 @@ from django.core.urlresolvers import reverse
 from django.core.wsgi import get_wsgi_application
 from django.conf import settings
 from django.utils import timezone
+from django.contrib.messages.storage.session import SessionStorage
 from webtest import TestApp
 
 from django.test import Client
 
+from combo.data.models import Page
 from combo.apps.lingo.models import (Regie, BasketItem, Transaction,
-        TransactionOperation, RemoteItem, EXPIRED)
+        TransactionOperation, RemoteItem, EXPIRED, LingoBasketCell)
 from combo.apps.lingo.management.commands.update_transactions import Command as UpdateTransactionsCommand
 from combo.utils import sign_url
 
@@ -45,7 +47,8 @@ def user():
     try:
         user = User.objects.get(username='admin')
     except User.DoesNotExist:
-        user = User.objects.create_user('admin', email=None, password='admin')
+        user = User.objects.create_user('admin', password='admin',
+                email='foo@example.com')
     return user
 
 @pytest.fixture(params=['orig', 'sign_key'])
@@ -55,6 +58,7 @@ def key(request, settings):
         settings.KNOWN_SERVICES = {
             'wcs': {
                 'wcs1': {
+                    'url': 'http://example.org/',
                     'verif_orig': 'wcs',
                     'secret': key,
                 },
@@ -238,6 +242,64 @@ def test_cancel_basket_item(key, regie, user):
     assert not BasketItem.objects.filter(amount=42, cancellation_date__isnull=True).exists()
     assert BasketItem.objects.filter(amount=21, cancellation_date__isnull=True).exists()
 
+def test_cancel_basket_item_from_cell(key, regie, user):
+    page = Page(title='xxx', slug='test_basket_cell', template_name='standard')
+    page.save()
+    cell = LingoBasketCell(page=page, placeholder='content', order=0)
+    cell.save()
+
+    url = '%s?email=%s&orig=wcs' % (reverse('api-add-basket-item'), user.email)
+    url = sign_url(url, key)
+    data = {'amount': 42, 'display_name': 'test amount', 'url': 'http://example.org/testitem/'}
+    resp = client.post(url, json.dumps(data), content_type='application/json')
+    assert resp.status_code == 200
+    assert json.loads(resp.content)['result'] == 'success'
+    assert BasketItem.objects.filter(amount=42, cancellation_date__isnull=True).exists()
+    basket_item_id = json.loads(resp.content)['id']
+
+    # check while not logged in
+    client.post(reverse('lingo-cancel-item', kwargs={'pk': basket_item_id}))
+    assert BasketItem.objects.filter(id=basket_item_id).exists()
+    assert (SessionStorage(client).deserialize_messages(client.session['_messages'])[-1].message
+            == 'An error occured when removing the item. (no authenticated user)')
+
+    # check a successful case
+    login()
+    with mock.patch('combo.utils.RequestsSession.request') as request:
+        client.post(reverse('lingo-cancel-item', kwargs={'pk': basket_item_id}))
+        url = request.call_args[0][1]
+        assert url.startswith('http://example.org/testitem/jump/trigger/cancelled')
+    assert BasketItem.objects.filter(id=basket_item_id, cancellation_date__isnull=False).exists()
+
+    # check removal of an item that is not cancellable
+    url = '%s?email=%s&cancellable=no&orig=wcs' % (reverse('api-add-basket-item'), user.email)
+    url = sign_url(url, key)
+    data = {'amount': 21, 'display_name': 'test amount',
+            'url': 'http://example.org/testitem/'}
+    resp = client.post(url, json.dumps(data), content_type='application/json')
+    basket_item2_id = json.loads(resp.content)['id']
+    assert resp.status_code == 200
+    assert json.loads(resp.content)['result'] == 'success'
+    assert BasketItem.objects.filter(amount=21, cancellation_date__isnull=True).exists()
+
+    resp = client.post(reverse('lingo-cancel-item', kwargs={'pk': basket_item2_id}))
+    assert (SessionStorage(client).deserialize_messages(client.session['_messages'])[-1].message
+            == 'This item cannot be removed.')
+
+    # check removal of the item of another user
+    user_email = 'bar@example.com'
+    User.objects.get_or_create(email=user_email)
+    url = '%s?email=%s&orig=wcs' % (reverse('api-add-basket-item'), user_email)
+    url = sign_url(url, key)
+    data = {'amount': 42, 'display_name': 'test amount', 'url': 'http://example.org/testitem/'}
+    resp = client.post(url, json.dumps(data), content_type='application/json')
+    assert resp.status_code == 200
+    assert json.loads(resp.content)['result'] == 'success'
+    basket_item_id = json.loads(resp.content)['id']
+
+    resp = client.post(reverse('lingo-cancel-item', kwargs={'pk': basket_item_id}))
+    assert resp.status_code == 404
+
 def test_payment_callback(regie, user):
     item = BasketItem.objects.create(user=user, regie=regie,
                         subject='test_item', amount='10.5',