File: test_access_mixins.py

package info (click to toggle)
python-django-braces 1.17.0-1
links: PTS, VCS
area: main
in suites: forky, sid, trixie
size: 484 kB
sloc: python: 2,680; makefile: 138; sh: 6
file content (907 lines) | stat: -rw-r--r-- 33,592 bytes
import datetime

import pytest

from django import test
from django.contrib.auth.models import Permission
from django.test.utils import override_settings
from django.core.exceptions import ImproperlyConfigured, PermissionDenied
from django.http import Http404, HttpResponse
from django.utils.encoding import force_str
from django.utils.timezone import make_aware, get_current_timezone

from django.urls import reverse_lazy

from .factories import (
    GroupFactory,
    UserFactory,
    UserObjectPermissionsFactory,
    ArticleFactory,
)
from .helpers import TestViewHelper
from .views import (
    PermissionRequiredView,
    MultiplePermissionsRequiredView,
    SuperuserRequiredView,
    StaffuserRequiredView,
    LoginRequiredView,
    GroupRequiredView,
    UserPassesTestView,
    UserPassesTestNotImplementedView,
    AnonymousRequiredView,
    SSLRequiredView,
    RecentLoginRequiredView,
    UserPassesTestLoginRequiredView,
)


@pytest.mark.django_db
class _TestAccessBasicsMixin(TestViewHelper):
    """
    A set of basic tests for access mixins.
    """

    view_url = None

    def build_authorized_user(self):
        """
        Returns user authorized to access view.
        """
        raise NotImplementedError

    def build_unauthorized_user(self):
        """
        Returns user not authorized to access view.
        """
        raise NotImplementedError

    def test_success(self):
        """
        If user is authorized then view should return normal response.
        """
        user = self.build_authorized_user()
        self.client.login(username=user.username, password="asdf1234")
        resp = self.client.get(self.view_url)
        self.assertEqual(200, resp.status_code)
        self.assertEqual("OK", force_str(resp.content))

    def test_redirects_to_login(self):
        """
        Browser should be redirected to login page if user is not authorized
        to view this page.
        """
        user = self.build_unauthorized_user()
        self.client.login(username=user.username, password="asdf1234")
        resp = self.client.get(self.view_url)
        self.assertRedirects(resp, "/accounts/login/?next={0}".format(self.view_url))

    def test_raise_permission_denied(self):
        """
        PermissionDenied should be raised if user is not authorized and
        raise_exception attribute is set to True.
        """
        user = self.build_unauthorized_user()
        req = self.build_request(user=user, path=self.view_url)

        with self.assertRaises(PermissionDenied):
            self.dispatch_view(req, raise_exception=True)

    def test_raise_custom_exception(self):
        """
        Http404 should be raised if user is not authorized and
        raise_exception attribute is set to Http404.
        """
        user = self.build_unauthorized_user()
        req = self.build_request(user=user, path=self.view_url)

        with self.assertRaises(Http404):
            self.dispatch_view(req, raise_exception=Http404)

    def test_raise_func_pass(self):
        """
        An exception should be raised if user is not authorized and
        raise_exception attribute is set to a function that returns nothing.
        """
        user = self.build_unauthorized_user()
        req = self.build_request(user=user, path=self.view_url)

        def func(request):
            pass

        with self.assertRaises(PermissionDenied):
            self.dispatch_view(req, raise_exception=func)

    def test_raise_func_response(self):
        """
        A custom response should be returned if user is not authorized and
        raise_exception attribute is set to a function that returns a response.
        """
        user = self.build_unauthorized_user()
        req = self.build_request(user=user, path=self.view_url)

        def func(request):
            return HttpResponse("CUSTOM")

        resp = self.dispatch_view(req, raise_exception=func)
        assert resp.status_code == 200
        assert force_str(resp.content) == "CUSTOM"

    def test_raise_func_false(self):
        """
        PermissionDenied should be raised, if a custom raise_exception
        function does not return HttpResponse or StreamingHttpResponse.
        """
        user = self.build_unauthorized_user()
        req = self.build_request(user=user, path=self.view_url)

        def func(request):
            return False

        with self.assertRaises(PermissionDenied):
            self.dispatch_view(req, raise_exception=func)

    def test_raise_func_raises(self):
        """
        A custom exception should be raised if user is not authorized and
        raise_exception attribute is set to a callable that raises an
        exception.
        """
        user = self.build_unauthorized_user()
        req = self.build_request(user=user, path=self.view_url)

        def func(request):
            raise Http404

        with self.assertRaises(Http404):
            self.dispatch_view(req, raise_exception=func)

    def test_custom_login_url(self):
        """
        Login url should be customizable.
        """
        user = self.build_unauthorized_user()
        req = self.build_request(user=user, path=self.view_url)
        resp = self.dispatch_view(req, login_url="/login/")
        self.assertEqual("/login/?next={0}".format(self.view_url), resp["Location"])

        # Test with reverse_lazy
        resp = self.dispatch_view(req, login_url=reverse_lazy("headline"))
        self.assertEqual("/headline/?next={0}".format(self.view_url), resp["Location"])

    def test_custom_redirect_field_name(self):
        """
        Redirect field name should be customizable.
        """
        user = self.build_unauthorized_user()
        req = self.build_request(user=user, path=self.view_url)
        resp = self.dispatch_view(req, redirect_field_name="foo")
        expected_url = "/accounts/login/?foo={0}".format(self.view_url)
        self.assertEqual(expected_url, resp["Location"])

    @override_settings(LOGIN_URL=None)
    def test_get_login_url_raises_exception(self):
        """
        Test that get_login_url from AccessMixin raises
        ImproperlyConfigured.
        """
        with self.assertRaises(ImproperlyConfigured):
            self.dispatch_view(self.build_request(path=self.view_url), login_url=None)

    def test_get_redirect_field_name_raises_exception(self):
        """
        Test that get_redirect_field_name from AccessMixin raises
        ImproperlyConfigured.
        """
        with self.assertRaises(ImproperlyConfigured):
            self.dispatch_view(
                self.build_request(path=self.view_url),
                redirect_field_name=None,
            )

    @override_settings(LOGIN_URL="/auth/login/")
    def test_overridden_login_url(self):
        """
        Test that login_url is not set in stone on module load but can be
        overridden dynamically.
        """
        user = self.build_unauthorized_user()
        self.client.login(username=user.username, password="asdf1234")
        resp = self.client.get(self.view_url)
        self.assertRedirects(resp, "/auth/login/?next={0}".format(self.view_url))

    def test_redirect_unauthenticated(self):
        resp = self.dispatch_view(
            self.build_request(path=self.view_url),
            raise_exception=True,
            redirect_unauthenticated_users=True,
        )
        assert resp.status_code == 302
        assert resp["Location"] == "/accounts/login/?next={0}".format(self.view_url)

    def test_redirect_unauthenticated_false(self):
        with self.assertRaises(PermissionDenied):
            self.dispatch_view(
                self.build_request(path=self.view_url),
                raise_exception=True,
                redirect_unauthenticated_users=False,
            )


@pytest.mark.django_db
class TestLoginRequiredMixin(TestViewHelper, test.TestCase):
    """Scenarios around requiring an authenticated session"""

    view_class = LoginRequiredView
    view_url = "/login_required/"

    def test_anonymous(self):
        """Anonymous users should be redirected"""
        resp = self.client.get(self.view_url)
        self.assertRedirects(resp, "/accounts/login/?next=/login_required/")

    def test_anonymous_raises_exception(self):
        """Anonymous users should raise an exception"""
        with self.assertRaises(PermissionDenied):
            self.dispatch_view(
                self.build_request(path=self.view_url), raise_exception=True
            )

    def test_authenticated(self):
        """Authenticated users should get 'OK'"""
        user = UserFactory()
        self.client.login(username=user.username, password="asdf1234")
        resp = self.client.get(self.view_url)
        assert resp.status_code == 200
        assert force_str(resp.content) == "OK"

    def test_anonymous_redirects(self):
        """Anonymous users are redirected with a 302"""
        resp = self.dispatch_view(
            self.build_request(path=self.view_url),
            raise_exception=True,
            redirect_unauthenticated_users=True,
        )
        assert resp.status_code == 302
        assert resp["Location"] == "/accounts/login/?next=/login_required/"


@pytest.mark.django_db
class TestChainedLoginRequiredMixin(TestViewHelper, test.TestCase):
    """
    Tests for LoginRequiredMixin combined with another AccessMixin.
    """

    view_class = UserPassesTestLoginRequiredView
    view_url = "/chained_view/"

    def assert_redirect_to_login(self, response):
        """
        Check that the response is a redirect to the login view.
        """
        assert response.status_code == 302
        assert response["Location"] == "/accounts/login/?next=/chained_view/"

    def test_anonymous(self):
        """
        Check that anonymous users redirect to login by default.
        """
        resp = self.dispatch_view(self.build_request(path=self.view_url))
        self.assert_redirect_to_login(resp)

    def test_anonymous_raises_exception(self):
        """
        Check that when anonymous users hit a view that has only
        raise_exception set, they get a PermissionDenied.
        """
        with self.assertRaises(PermissionDenied):
            self.dispatch_view(
                self.build_request(path=self.view_url), raise_exception=True
            )

    def test_authenticated_raises_exception(self):
        """
        Check that when authenticated users hit a view that has raise_exception
        set, they get a PermissionDenied.
        """
        user = UserFactory()
        with self.assertRaises(PermissionDenied):
            self.dispatch_view(
                self.build_request(path=self.view_url, user=user),
                raise_exception=True,
            )
        with self.assertRaises(PermissionDenied):
            self.dispatch_view(
                self.build_request(path=self.view_url, user=user),
                raise_exception=True,
                redirect_unauthenticated_users=True,
            )

    def test_anonymous_redirects(self):
        """
        Check that anonymous users are redirected to login when raise_exception
        is overridden by redirect_unauthenticated_users.
        """
        resp = self.dispatch_view(
            self.build_request(path=self.view_url),
            raise_exception=True,
            redirect_unauthenticated_users=True,
        )
        self.assert_redirect_to_login(resp)


@pytest.mark.django_db
class TestAnonymousRequiredMixin(TestViewHelper, test.TestCase):
    """
    Tests for AnonymousRequiredMixin.
    """

    view_class = AnonymousRequiredView
    view_url = "/unauthenticated_view/"

    def test_anonymous(self):
        """
        As a non-authenticated user, it should be possible to access
        the URL.
        """
        resp = self.client.get(self.view_url)
        self.assertEqual(200, resp.status_code)
        self.assertEqual("OK", force_str(resp.content))

        # Test with reverse_lazy
        resp = self.dispatch_view(
            self.build_request(), login_url=reverse_lazy(self.view_url)
        )
        self.assertEqual(200, resp.status_code)
        self.assertEqual("OK", force_str(resp.content))

    def test_authenticated(self):
        """
        Check that the authenticated user has been successfully directed
        to the appropriate view.
        """
        user = UserFactory()
        self.client.login(username=user.username, password="asdf1234")
        resp = self.client.get(self.view_url)
        self.assertEqual(302, resp.status_code)

        resp = self.client.get(self.view_url, follow=True)
        self.assertRedirects(resp, "/authenticated_view/")

    def test_no_url(self):
        """View should raise an exception if no URL is provided"""
        self.view_class.authenticated_redirect_url = None
        user = UserFactory()
        self.client.login(username=user.username, password="asdf1234")
        with self.assertRaises(ImproperlyConfigured):
            self.client.get(self.view_url)

    def test_bad_url(self):
        """Redirection can be misconfigured"""
        self.view_class.authenticated_redirect_url = "/epicfailurl/"
        user = UserFactory()
        self.client.login(username=user.username, password="asdf1234")
        resp = self.client.get(self.view_url, follow=True)
        self.assertEqual(404, resp.status_code)


@pytest.mark.django_db
class TestPermissionRequiredMixin(_TestAccessBasicsMixin, test.TestCase):
    """Scenarios around requiring a permission"""

    view_class = PermissionRequiredView
    view_url = "/permission_required/"

    def build_authorized_user(self):
        """Create a user with permissions"""
        return UserFactory(permissions=["auth.add_user"])

    def build_unauthorized_user(self):
        """Create a user without permissions"""
        return UserFactory()

    def test_invalid_permission(self):
        """
        ImproperlyConfigured exception should be raised in two situations:
        if permission is None or if permission has invalid name.
        """
        with self.assertRaises(ImproperlyConfigured):
            self.dispatch_view(self.build_request(), permission_required=None)

    def test_object_level_permissions(self):
        """
        Tests that object level permissions perform as expected, where object level permissions and
        global level permissions
        """
        # Arrange
        article = ArticleFactory()
        self.view_class = PermissionRequiredView
        self.view_url = f"/object_level_permission_required/?pk={article.pk}"
        tests_add_article = Permission.objects.get(codename="add_article")
        permissions = "tests.add_article"
        valid_user = UserFactory(permissions=[permissions])
        invalid_user_1 = UserFactory(permissions=["auth.add_user"])
        invalid_user_2 = UserFactory(permissions=[permissions])
        UserObjectPermissionsFactory(
            user=valid_user, permission=tests_add_article, article_object=article
        )
        # Act
        valid_req = self.build_request(path=self.view_url, user=valid_user)
        valid_resp = self.dispatch_view(
            valid_req,
            permission_required=permissions,
            object_level_permissions=True,
            raise_exception=True,
        )
        invalid_req_1 = self.build_request(path=self.view_url, user=invalid_user_1)
        invalid_req_2 = self.build_request(path=self.view_url, user=invalid_user_2)
        # Assert
        self.assertEqual(valid_resp.status_code, 200)
        with self.assertRaises(PermissionDenied):
            self.dispatch_view(
                invalid_req_1,
                permission_required=permissions,
                object_level_permissions=True,
                raise_exception=True,
            )
        with self.assertRaises(PermissionDenied):
            self.dispatch_view(
                invalid_req_2,
                permission_required=permissions,
                object_level_permissions=True,
                raise_exception=True,
            )


@pytest.mark.django_db
class TestMultiplePermissionsRequiredMixin(_TestAccessBasicsMixin, test.TestCase):
    """Scenarios around requiring multiple permissions"""

    view_class = MultiplePermissionsRequiredView
    view_url = "/multiple_permissions_required/"

    def build_authorized_user(self):
        """Get a user with permissions"""
        return UserFactory(
            permissions=[
                "tests.add_article",
                "tests.change_article",
                "auth.change_user",
            ]
        )

    def build_unauthorized_user(self):
        """Get a user without the important permissions"""
        return UserFactory(permissions=["tests.add_article"])

    def test_redirects_to_login(self):
        """
        User should be redirected to login page if he or she does not have
        sufficient permissions.
        """
        url = "/multiple_permissions_required/"
        test_cases = (
            # missing one permission from 'any'
            ["tests.add_article", "tests.change_article"],
            # missing one permission from 'all'
            ["tests.add_article", "auth.add_user"],
            # no permissions at all
            [],
        )

        for permissions in test_cases:
            user = UserFactory(permissions=permissions)
            self.client.login(username=user.username, password="asdf1234")
            resp = self.client.get(url)
            self.assertRedirects(resp, "/accounts/login/?next={0}".format(url))

    def test_invalid_permissions(self):
        """
        ImproperlyConfigured exception should be raised if permissions
        attribute is set incorrectly.
        """
        permissions = (
            None,  # permissions must be set
            (),  # and they must be a dict
            {},  # at least one of 'all', 'any' keys must be present
            {"all": None},  # both all and any must be list or a tuple
            {"all": {"a": 1}},
            {"any": None},
            {"any": {"a": 1}},
        )

        for attr in permissions:
            with self.assertRaises(ImproperlyConfigured):
                self.dispatch_view(self.build_request(), permissions=attr)

    def test_raise_permission_denied(self):
        """
        PermissionDenied should be raised if user does not have sufficient
        permissions and raise_exception is set to True.
        """
        test_cases = (
            # missing one permission from 'any'
            ["tests.add_article", "tests.change_article"],
            # missing one permission from 'all'
            ["tests.add_article", "auth.add_user"],
            # no permissions at all
            [],
        )

        for permissions in test_cases:
            user = UserFactory(permissions=permissions)
            req = self.build_request(user=user)
            with self.assertRaises(PermissionDenied):
                self.dispatch_view(req, raise_exception=True)

    def test_all_permissions_key(self):
        """
        Tests if everything works if only 'all' permissions has been set.
        """
        permissions = {"all": ["auth.add_user", "tests.add_article"]}
        user = UserFactory(permissions=permissions["all"])
        req = self.build_request(user=user)

        resp = self.dispatch_view(req, permissions=permissions)
        self.assertEqual("OK", force_str(resp.content))

        user = UserFactory(permissions=["auth.add_user"])
        with self.assertRaises(PermissionDenied):
            self.dispatch_view(
                self.build_request(user=user),
                raise_exception=True,
                permissions=permissions,
            )

    def test_any_permissions_key(self):
        """
        Tests if everything works if only 'any' permissions has been set.
        """
        permissions = {"any": ["auth.add_user", "tests.add_article"]}
        user = UserFactory(permissions=["tests.add_article"])
        req = self.build_request(user=user)

        resp = self.dispatch_view(req, permissions=permissions)
        self.assertEqual("OK", force_str(resp.content))

        user = UserFactory(permissions=[])
        with self.assertRaises(PermissionDenied):
            self.dispatch_view(
                self.build_request(user=user),
                raise_exception=True,
                permissions=permissions,
            )

    def test_all_object_level_permissions_key(self):
        """
        Tests that when a user has all the correct object level permissions, response is OK,
        else forbidden.
        """
        # Arrange
        article = ArticleFactory()
        self.view_class = MultiplePermissionsRequiredView
        self.view_url = f"/multiple_object_level_permissions_required/?pk={article.pk}"
        auth_add_user = Permission.objects.get(codename="add_user")
        tests_add_article = Permission.objects.get(codename="add_article")
        permissions = {"all": ["auth.add_user", "tests.add_article"]}
        valid_user = UserFactory(permissions=permissions["all"])
        invalid_user = UserFactory(permissions=["auth.add_user"])
        UserObjectPermissionsFactory(
            user=valid_user, permission=auth_add_user, article_object=article
        )
        UserObjectPermissionsFactory(
            user=valid_user, permission=tests_add_article, article_object=article
        )
        # Act
        valid_req = self.build_request(path=self.view_url, user=valid_user)
        valid_resp = self.dispatch_view(
            valid_req, permissions=permissions, object_level_permissions=True
        )
        invalid_req = self.build_request(path=self.view_url, user=invalid_user)
        # Arrange
        self.assertEqual(valid_resp.status_code, 200)
        with self.assertRaises(PermissionDenied):
            self.dispatch_view(
                invalid_req,
                permissions=permissions,
                object_level_permissions=True,
                raise_exception=True,
            )

    def test_any_object_level_permissions_key(self):
        """
        Tests that when a user has any the correct object level permissions, response is OK,
        else forbidden.
        """
        # Arrange
        article = ArticleFactory()
        self.view_url = f"/multiple_object_level_permissions_required/?pk={article.pk}"
        self.view_class = MultiplePermissionsRequiredView
        auth_add_user = Permission.objects.get(codename="add_user")
        tests_add_article = Permission.objects.get(codename="add_article")
        permissions = {"any": ["auth.add_user", "tests.add_article"]}
        user = UserFactory(permissions=[permissions["any"][0]])
        user_1 = UserFactory()
        user_2 = UserFactory(permissions=permissions["any"])
        UserObjectPermissionsFactory(
            user=user, permission=auth_add_user, article_object=article
        )
        UserObjectPermissionsFactory(
            user=user, permission=tests_add_article, article_object=article
        )
        # Act
        valid_req = self.build_request(path=self.view_url, user=user)
        valid_resp = self.dispatch_view(
            valid_req,
            permissions=permissions,
            object_level_permissions=True,
            raise_exception=True,
        )
        invalid_req_1 = self.build_request(path=self.view_url, user=user_1)
        invalid_req_2 = self.build_request(path=self.view_url, user=user_2)
        # Assert
        self.assertEqual(valid_resp.status_code, 200)
        with self.assertRaises(PermissionDenied):
            self.dispatch_view(
                invalid_req_1,
                permissions=permissions,
                object_level_permissions=True,
                raise_exception=True,
            )
        with self.assertRaises(PermissionDenied):
            self.dispatch_view(
                invalid_req_2,
                permissions=permissions,
                object_level_permissions=True,
                raise_exception=True,
            )


@pytest.mark.django_db
class TestSuperuserRequiredMixin(_TestAccessBasicsMixin, test.TestCase):
    """Scenarios requiring a superuser"""

    view_class = SuperuserRequiredView
    view_url = "/superuser_required/"

    def build_authorized_user(self):
        """Make a superuser"""
        return UserFactory(is_superuser=True, is_staff=True)

    def build_unauthorized_user(self):
        """Make a non-superuser"""
        return UserFactory()


@pytest.mark.django_db
class TestStaffuserRequiredMixin(_TestAccessBasicsMixin, test.TestCase):
    """Scenarios requiring a staff user"""

    view_class = StaffuserRequiredView
    view_url = "/staffuser_required/"

    def build_authorized_user(self):
        """Hire a user"""
        return UserFactory(is_staff=True)

    def build_unauthorized_user(self):
        """Get a customer"""
        return UserFactory()


@pytest.mark.django_db
class TestGroupRequiredMixin(_TestAccessBasicsMixin, test.TestCase):
    """Scenarios requiring membership in a certain group"""

    view_class = GroupRequiredView
    view_url = "/group_required/"

    def build_authorized_user(self):
        """Get a user with the right group"""
        user = UserFactory()
        group = GroupFactory(name="test_group")
        user.groups.add(group)
        return user

    def build_superuser(self):
        """Get a superuser"""
        user = UserFactory()
        user.is_superuser = True
        user.save()
        return user

    def build_unauthorized_user(self):
        """Just a normal users, not super and no groups"""
        return UserFactory()

    def test_with_string(self):
        """A group name as a string should restrict access"""
        self.assertEqual("test_group", self.view_class.group_required)
        user = self.build_authorized_user()
        self.client.login(username=user.username, password="asdf1234")
        resp = self.client.get(self.view_url)
        self.assertEqual(200, resp.status_code)
        self.assertEqual("OK", force_str(resp.content))

    def test_with_group_list(self):
        """A list of group names should restrict access"""
        group_list = ["test_group", "editors"]
        # the test client will instantiate a new view on request, so we have to
        # modify the class variable (and restore it when the test finished)
        self.view_class.group_required = group_list
        self.assertEqual(group_list, self.view_class.group_required)
        user = self.build_authorized_user()
        self.client.login(username=user.username, password="asdf1234")
        resp = self.client.get(self.view_url)
        self.assertEqual(200, resp.status_code)
        self.assertEqual("OK", force_str(resp.content))
        self.view_class.group_required = "test_group"
        self.assertEqual("test_group", self.view_class.group_required)

    def test_superuser_allowed(self):
        """Superusers should always be allowed, regardless of group rules"""
        user = self.build_superuser()
        self.client.login(username=user.username, password="asdf1234")
        resp = self.client.get(self.view_url)
        self.assertEqual(200, resp.status_code)
        self.assertEqual("OK", force_str(resp.content))

    def test_improperly_configured(self):
        """No group(s) specified should raise ImproperlyConfigured"""
        view = self.view_class()
        view.group_required = None
        with self.assertRaises(ImproperlyConfigured):
            view.get_group_required()

        view.group_required = {"foo": "bar"}
        with self.assertRaises(ImproperlyConfigured):
            view.get_group_required()

    def test_with_unicode(self):
        """Unicode in group names should restrict access"""
        self.view_class.group_required = "niño"
        self.assertEqual("niño", self.view_class.group_required)

        user = self.build_authorized_user()
        group = user.groups.all()[0]
        group.name = "niño"
        group.save()
        self.assertEqual("niño", user.groups.all()[0].name)

        self.client.login(username=user.username, password="asdf1234")
        resp = self.client.get(self.view_url)
        self.assertEqual(200, resp.status_code)
        self.assertEqual("OK", force_str(resp.content))
        self.view_class.group_required = "test_group"
        self.assertEqual("test_group", self.view_class.group_required)


@pytest.mark.django_db
class TestUserPassesTestMixin(_TestAccessBasicsMixin, test.TestCase):
    """Scenarios requiring a user to pass a test"""

    view_class = UserPassesTestView
    view_url = "/user_passes_test/"
    view_not_implemented_class = UserPassesTestNotImplementedView
    view_not_implemented_url = "/user_passes_test_not_implemented/"

    # for testing with passing and not passing func_test
    def build_authorized_user(self, is_superuser=False):
        """Get a test-passing user"""
        return UserFactory(
            is_superuser=is_superuser, is_staff=True, email="user@mydomain.com"
        )

    def build_unauthorized_user(self):
        """Get a blank user"""
        return UserFactory()

    def test_with_user_pass(self):
        """Valid username and password should pass the test"""
        user = self.build_authorized_user()
        self.client.login(username=user.username, password="asdf1234")
        resp = self.client.get(self.view_url)

        self.assertEqual(200, resp.status_code)
        self.assertEqual("OK", force_str(resp.content))

    def test_with_user_not_pass(self):
        """A failing user should be redirected"""
        user = self.build_authorized_user(is_superuser=True)
        self.client.login(username=user.username, password="asdf1234")
        resp = self.client.get(self.view_url)

        self.assertRedirects(resp, "/accounts/login/?next=/user_passes_test/")

    def test_with_user_raise_exception(self):
        """PermissionDenied should be raised"""
        with self.assertRaises(PermissionDenied):
            self.dispatch_view(
                self.build_request(path=self.view_url), raise_exception=True
            )

    def test_not_implemented(self):
        """NotImplemented should be raised"""
        view = self.view_not_implemented_class()
        with self.assertRaises(NotImplementedError):
            view.dispatch(
                self.build_request(path=self.view_not_implemented_url),
                raise_exception=True,
            )


@pytest.mark.django_db
class TestSSLRequiredMixin(test.TestCase):
    """Scenarios around requiring SSL"""

    view_class = SSLRequiredView
    view_url = "/sslrequired/"

    def test_ssl_redirection(self):
        """Should redirect if not SSL"""
        self.view_url = f"https://testserver{self.view_url}"
        self.view_class.raise_exception = False
        resp = self.client.get(self.view_url)
        self.assertRedirects(resp, self.view_url, status_code=301)
        resp = self.client.get(self.view_url, follow=True)
        self.assertEqual(200, resp.status_code)
        self.assertEqual("https", resp.request.get("wsgi.url_scheme"))

    def test_raises_exception(self):
        """Should return 404"""
        self.view_class.raise_exception = True
        resp = self.client.get(self.view_url)
        self.assertEqual(404, resp.status_code)

    @override_settings(DEBUG=True)
    def test_debug_bypasses_redirect(self):
        """Debug mode should not require SSL"""
        self.view_class.raise_exception = False
        resp = self.client.get(self.view_url)
        self.assertEqual(200, resp.status_code)

    def test_https_does_not_redirect(self):
        """SSL requests should not redirect"""
        self.view_class.raise_exception = False
        resp = self.client.get(self.view_url, secure=True)
        self.assertEqual(200, resp.status_code)
        self.assertEqual("https", resp.request.get("wsgi.url_scheme"))


@pytest.mark.django_db
class TestRecentLoginRequiredMixin(test.TestCase):
    """Scenarios requiring a recent login"""

    view_class = RecentLoginRequiredView
    recent_view_url = "/recent_login/"
    outdated_view_url = "/outdated_login/"

    def test_recent_login(self):
        """A recent login should get a 200"""
        self.view_class.max_last_login_delta = 1800
        last_login = datetime.datetime.now()
        last_login = make_aware(last_login, get_current_timezone())
        user = UserFactory(last_login=last_login)
        self.client.login(username=user.username, password="asdf1234")
        resp = self.client.get(self.recent_view_url)
        assert resp.status_code == 200
        assert force_str(resp.content) == "OK"

    def test_outdated_login(self):
        """An outdated login should get a 302"""
        self.view_class.max_last_login_delta = 0
        last_login = datetime.datetime.now() - datetime.timedelta(hours=2)
        last_login = make_aware(last_login, get_current_timezone())
        user = UserFactory(last_login=last_login)
        self.client.login(username=user.username, password="asdf1234")
        resp = self.client.get(self.outdated_view_url)
        assert resp.status_code in [
            302,
            405,
        ]  # 302 is for Django < 5, while 405 is for Django >= 5

    def test_not_logged_in(self):
        """Anonymous requests should be handled appropriately"""
        last_login = datetime.datetime.now()
        last_login = make_aware(last_login, get_current_timezone())
        resp = self.client.get(self.recent_view_url)
        assert resp.status_code != 200