PPHA-475: Protect all pages behind login

Author: Themitchell

lung_cancer_screening/core/tests/__init__.py

@@ -0,0 +1 @@
+

lung_cancer_screening/questions/tests/factories/__init__.py

@@ -0,0 +1,11 @@
+import factory
+
+from ...models.user import User
+
+
+class UserFactory(factory.django.DjangoModelFactory):
+    class Meta:
+        model = User
+
+    nhs_number = factory.Sequence(lambda n: f"9{str(n).zfill(9)}")
+    password = factory.django.Password(None)

lung_cancer_screening/questions/tests/factories/user_factory.py

@@ -28,6 +28,7 @@ def test_has_updated_at_as_a_datetime(self):
             datetime
         )
 
+
     def test_nhs_number_has_a_max_length_of_10(self):
         with self.assertRaises(ValidationError) as context:
             User.objects.create_user("1"*11)

lung_cancer_screening/questions/tests/unit/models/test_user.py

@@ -0,0 +1,7 @@
+from ....factories.user_factory import UserFactory
+
+def login_user(client):
+    current_user = UserFactory()
+    client.force_login(current_user)
+
+    return current_user

lung_cancer_screening/questions/tests/unit/views/helpers/__init__.py

@@ -1,16 +1,35 @@
 from django.test import TestCase
 from django.urls import reverse
 
+from .helpers.authentication import login_user
+
 from lung_cancer_screening.questions.models.participant import Participant
 
 class TestPostAgeRangeExit(TestCase):
     def setUp(self):
+        login_user(self.client)
+
         participant = Participant.objects.create(unique_id="12345")
 
         session = self.client.session
         session['participant_id'] = participant.unique_id
         session.save()
 
+    def test_get_redirects_if_the_user_is_not_logged_in(self):
+        self.client.logout()
+
+        participant = Participant.objects.create(unique_id="abcdef")
+
+        session = self.client.session
+        session['participant_id'] = participant.unique_id
+        session.save()
+
+        response = self.client.get(
+            reverse("questions:age_range_exit")
+        )
+
+        self.assertRedirects(response, "/oidc/authenticate/?next=/age-range-exit", fetch_redirect_response=False)
+
     def test_get_redirects_if_the_particpant_does_not_exist(self):
         session = self.client.session
         session['participant_id'] = "somebody none existant participant"

lung_cancer_screening/questions/tests/unit/views/helpers/authentication.py

@@ -1,11 +1,15 @@
 from django.test import TestCase
 from django.urls import reverse
+from django.conf import settings
 
+from .helpers.authentication import login_user
 from lung_cancer_screening.questions.models.participant import Participant
 
 
 class TestAsbestosExposure(TestCase):
     def setUp(self):
+        login_user(self.client)
+
         self.participant = Participant.objects.create(unique_id="12345")
         self.participant.responseset_set.create()
         self.valid_params = {"asbestos_exposure": True}
@@ -14,6 +18,19 @@ def setUp(self):
         session['participant_id'] = self.participant.unique_id
         session.save()
 
+    def test_get_redirects_if_the_user_is_not_logged_in(self):
+        participant = Participant.objects.create(unique_id="abcdef")
+        self.client.logout()
+        session = self.client.session
+        session['participant_id'] = participant.unique_id
+        session.save()
+
+        response = self.client.get(
+            reverse("questions:asbestos_exposure")
+        )
+
+        self.assertRedirects(response, "/oidc/authenticate/?next=/asbestos-exposure", fetch_redirect_response=False)
+
     def test_get_redirects_if_the_participant_does_not_exist(self):
         session = self.client.session
         session['participant_id'] = "somebody none existant participant"
@@ -33,6 +50,21 @@ def test_get_contains_the_correct_form_fields(self):
         response = self.client.get(reverse("questions:asbestos_exposure"))
         self.assertContains(response, "Have you ever worked in a job where you might have been exposed to asbestos?")
 
+    def test_post_redirects_if_the_user_is_not_logged_in(self):
+        self.client.logout()
+        participant = Participant.objects.create(unique_id="abcdef")
+
+        session = self.client.session
+        session['participant_id'] = participant.unique_id
+        session.save()
+
+        response = self.client.post(
+            reverse("questions:asbestos_exposure"),
+            self.valid_params
+        )
+
+        self.assertRedirects(response, "/oidc/authenticate/?next=/asbestos-exposure", fetch_redirect_response=False)
+
     def test_post_redirects_if_the_participant_does_not_exist(self):
         session = self.client.session
         session['participant_id'] = "somebody none existant participant"

lung_cancer_screening/questions/tests/unit/views/test_age_range_exit.py

@@ -3,10 +3,13 @@
 from datetime import date
 from dateutil.relativedelta import relativedelta
 
+from .helpers.authentication import login_user
 from ....models.participant import Participant
 
 class TestPostDateOfBirth(TestCase):
     def setUp(self):
+        login_user(self.client)
+
         self.participant = Participant.objects.create(unique_id="12345")
         self.participant.responseset_set.create()
         self.valid_age = date.today() - relativedelta(years=55)
@@ -27,6 +30,19 @@ def setUp(self):
         session['participant_id'] = self.participant.unique_id
         session.save()
 
+    def test_get_redirects_if_the_user_is_not_logged_in(self):
+        participant = Participant.objects.create(unique_id="abcdef")
+        self.client.logout()
+        session = self.client.session
+        session['participant_id'] = participant.unique_id
+        session.save()
+
+        response = self.client.get(
+            reverse("questions:date_of_birth")
+        )
+
+        self.assertRedirects(response, "/oidc/authenticate/?next=/date-of-birth", fetch_redirect_response=False)
+
     def test_get_redirects_if_the_particpant_does_not_exist(self):
         session = self.client.session
         session['participant_id'] = "somebody none existant participant"
@@ -43,6 +59,21 @@ def test_get_responds_successfully(self):
 
         self.assertEqual(response.status_code, 200)
 
+    def test_post_redirects_if_the_user_is_not_logged_in(self):
+        self.client.logout()
+        participant = Participant.objects.create(unique_id="abcdef")
+
+        session = self.client.session
+        session['participant_id'] = participant.unique_id
+        session.save()
+
+        response = self.client.post(
+            reverse("questions:date_of_birth"),
+            self.valid_params
+        )
+
+        self.assertRedirects(response, "/oidc/authenticate/?next=/date-of-birth", fetch_redirect_response=False)
+
     def test_post_redirects_if_the_particpant_does_not_exist(self):
         session = self.client.session
         session['participant_id'] = "somebody none existant participant"

lung_cancer_screening/questions/tests/unit/views/test_asbestos_exposure.py

@@ -1,12 +1,15 @@
 from django.test import TestCase
 from django.urls import reverse
 
+from .helpers.authentication import login_user
+
 from lung_cancer_screening.questions.models.participant import Participant
 from lung_cancer_screening.questions.models.response_set import EthnicityValues
 
-
 class TestEthnicity(TestCase):
     def setUp(self):
+        login_user(self.client)
+
         self.participant = Participant.objects.create(unique_id="12345")
         self.participant.responseset_set.create()
         self.valid_params = { "ethnicity": EthnicityValues.WHITE }
@@ -16,6 +19,18 @@ def setUp(self):
         session.save()
 
 ### Test GET request
+    def test_get_redirects_if_the_user_is_not_logged_in(self):
+        participant = Participant.objects.create(unique_id="abcdef")
+        self.client.logout()
+        session = self.client.session
+        session['participant_id'] = participant.unique_id
+        session.save()
+
+        response = self.client.get(
+            reverse("questions:ethnicity")
+        )
+
+        self.assertRedirects(response, "/oidc/authenticate/?next=/ethnicity", fetch_redirect_response=False)
 
     def test_get_redirects_if_the_participant_does_not_exist(self):
         session = self.client.session
@@ -40,6 +55,22 @@ def test_get_contains_the_correct_form_fields(self):
 
 ### Test POST request
 
+    def test_post_redirects_if_the_user_is_not_logged_in(self):
+        self.client.logout()
+        participant = Participant.objects.create(unique_id="abcdef")
+
+        session = self.client.session
+        session['participant_id'] = participant.unique_id
+        session.save()
+
+        response = self.client.post(
+            reverse("questions:ethnicity"),
+            self.valid_params
+        )
+
+        self.assertRedirects(response, "/oidc/authenticate/?next=/ethnicity", fetch_redirect_response=False)
+
+
     def test_post_redirects_if_the_participant_does_not_exist(self):
         session = self.client.session
         session['participant_id'] = "somebody none existant participant"