Make sure only staff members can log in. Successful posts to the login page will redirect to the original url. Unsuccessful attempts will continue to render the login page with a 200 status code.
(self)
| 2478 | } |
| 2479 | |
| 2480 | def test_login(self): |
| 2481 | """ |
| 2482 | Make sure only staff members can log in. |
| 2483 | |
| 2484 | Successful posts to the login page will redirect to the original url. |
| 2485 | Unsuccessful attempts will continue to render the login page with |
| 2486 | a 200 status code. |
| 2487 | """ |
| 2488 | login_url = "%s?next=%s" % (reverse("admin:login"), reverse("admin:index")) |
| 2489 | # Super User |
| 2490 | response = self.client.get(self.index_url) |
| 2491 | self.assertRedirects(response, login_url) |
| 2492 | login = self.client.post(login_url, self.super_login) |
| 2493 | self.assertRedirects(login, self.index_url) |
| 2494 | self.assertFalse(login.context) |
| 2495 | self.client.post(reverse("admin:logout")) |
| 2496 | |
| 2497 | # Test if user enters email address |
| 2498 | response = self.client.get(self.index_url) |
| 2499 | self.assertEqual(response.status_code, 302) |
| 2500 | login = self.client.post(login_url, self.super_email_login) |
| 2501 | self.assertContains(login, ERROR_MESSAGE) |
| 2502 | # only correct passwords get a username hint |
| 2503 | login = self.client.post(login_url, self.super_email_bad_login) |
| 2504 | self.assertContains(login, ERROR_MESSAGE) |
| 2505 | new_user = User(username="jondoe", password="secret", email="super@example.com") |
| 2506 | new_user.save() |
| 2507 | # check to ensure if there are multiple email addresses a user doesn't |
| 2508 | # get a 500 |
| 2509 | login = self.client.post(login_url, self.super_email_login) |
| 2510 | self.assertContains(login, ERROR_MESSAGE) |
| 2511 | |
| 2512 | # View User |
| 2513 | response = self.client.get(self.index_url) |
| 2514 | self.assertEqual(response.status_code, 302) |
| 2515 | login = self.client.post(login_url, self.viewuser_login) |
| 2516 | self.assertRedirects(login, self.index_url) |
| 2517 | self.assertFalse(login.context) |
| 2518 | self.client.post(reverse("admin:logout")) |
| 2519 | |
| 2520 | # Add User |
| 2521 | response = self.client.get(self.index_url) |
| 2522 | self.assertEqual(response.status_code, 302) |
| 2523 | login = self.client.post(login_url, self.adduser_login) |
| 2524 | self.assertRedirects(login, self.index_url) |
| 2525 | self.assertFalse(login.context) |
| 2526 | self.client.post(reverse("admin:logout")) |
| 2527 | |
| 2528 | # Change User |
| 2529 | response = self.client.get(self.index_url) |
| 2530 | self.assertEqual(response.status_code, 302) |
| 2531 | login = self.client.post(login_url, self.changeuser_login) |
| 2532 | self.assertRedirects(login, self.index_url) |
| 2533 | self.assertFalse(login.context) |
| 2534 | self.client.post(reverse("admin:logout")) |
| 2535 | |
| 2536 | # Delete User |
| 2537 | response = self.client.get(self.index_url) |
nothing calls this directly
no test coverage detected