From 9be613e3cefc4ed37d4160f2299b9986dfd43db2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alexis=20M=C3=A9taireau?= <alexis@notmyidea.org>
Date: Mon, 13 May 2024 17:58:39 +0200
Subject: [PATCH] feat(sync): add tests for the websocket token view

---
 umap/tests/integration/test_owned_map.py |  5 +++
 umap/tests/test_views.py                 | 53 ++++++++++++++++++++++++
 2 files changed, 58 insertions(+)

diff --git a/umap/tests/integration/test_owned_map.py b/umap/tests/integration/test_owned_map.py
index d197ff0d..abdc7175 100644
--- a/umap/tests/integration/test_owned_map.py
+++ b/umap/tests/integration/test_owned_map.py
@@ -249,3 +249,8 @@ def test_can_delete_datalayer(live_server, map, login, datalayer):
     expect(markers).to_have_count(0)
     # FIXME does not work, resolve to 1 element, even if this command is empty:
     expect(layers).to_have_count(0)
+
+
+def test_something(live_server, map, login, user):
+    page = login(user)
+    page.goto(f"{live_server.url}/map/{map.id}/ws-token")
diff --git a/umap/tests/test_views.py b/umap/tests/test_views.py
index 86904cdc..97f0b13f 100644
--- a/umap/tests/test_views.py
+++ b/umap/tests/test_views.py
@@ -5,6 +5,7 @@ from datetime import datetime, timedelta
 import pytest
 from django.conf import settings
 from django.contrib.auth import get_user, get_user_model
+from django.core.signing import TimestampSigner
 from django.test import RequestFactory
 from django.urls import reverse
 from django.utils.timezone import make_aware
@@ -430,3 +431,55 @@ def test_home_feed(client, settings, user, tilelayer):
     assert "A public map starred by non staff" not in content
     assert "A private map starred by staff" not in content
     assert "A reserved map starred by staff" not in content
+
+
+@pytest.mark.django_db
+def test_websocket_token_returns_login_required_if_not_connected(client, user, map):
+    token_url = reverse("map_websocket_auth_token", kwargs={"map_id": map.id})
+    resp = client.get(token_url)
+    assert "login_required" in resp.json()
+
+
+@pytest.mark.django_db
+def test_websocket_token_returns_403_if_unauthorized(client, user, user2, map):
+    client.login(username=map.owner.username, password="123123")
+    map.owner = user2
+    map.save()
+
+    token_url = reverse("map_websocket_auth_token", kwargs={"map_id": map.id})
+    resp = client.get(token_url)
+    assert resp.status_code == 403
+
+
+@pytest.mark.django_db
+def test_websocker_token_is_generated_for_anonymous(client, user, user2, map):
+    map.edit_status = Map.ANONYMOUS
+    map.save()
+
+    token_url = reverse("map_websocket_auth_token", kwargs={"map_id": map.id})
+    resp = client.get(token_url)
+    token = resp.json().get("token")
+    assert TimestampSigner().unsign_object(token, max_age=30)
+
+
+@pytest.mark.django_db
+def test_websocket_token_returns_a_valid_token_when_authorized(client, user, map):
+    client.login(username=map.owner.username, password="123123")
+    token_url = reverse("map_websocket_auth_token", kwargs={"map_id": map.id})
+    resp = client.get(token_url)
+    assert resp.status_code == 200
+    token = resp.json().get("token")
+    assert TimestampSigner().unsign_object(token, max_age=30)
+
+
+@pytest.mark.django_db
+def test_websocket_token_is_generated_for_editors(client, user, user2, map):
+    map.edit_status = Map.EDITORS
+    map.editors.add(user2)
+    map.save()
+
+    assert client.login(username=user2.username, password="456456")
+    token_url = reverse("map_websocket_auth_token", kwargs={"map_id": map.id})
+    resp = client.get(token_url)
+    token = resp.json().get("token")
+    assert TimestampSigner().unsign_object(token, max_age=30)