oca/oca-ocb-core
2
0
Fork 0
mirror of https://github.com/bringout/oca-ocb-core.git synced 2026-04-20 07:52:04 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
oca-ocb-core/odoo-bringout-oca-ocb-web/web/tests/test_login.py
Ernad Husremovic d1963a3c3a vanilla 19.0
2025-10-08 10:49:46 +02:00

67 lines
2.6 KiB
Python
Raw Blame History

# Part of Odoo. See LICENSE file for full copyright and licensing details.
from odoo import http
from odoo.addons.base.tests.common import HttpCaseWithUserDemo
from odoo.tests.common import get_db_name, HOST, HttpCase, new_test_user, Opener, tagged
class TestWebLoginCommon(HttpCase):
@classmethod
def setUpClass(cls):
super().setUpClass()
new_test_user(cls.env, 'internal_user', context={'lang': 'en_US'})
new_test_user(cls.env, 'portal_user', groups='base.group_portal')
def setUp(self):
super().setUp()
self.session = http.root.session_store.new()
self.session.update(http.get_default_session(), db=get_db_name())
self.opener = Opener(self)
self.opener.cookies.set('session_id', self.session.sid, domain=HOST, path='/')
def login(self, username, password, csrf_token=None):
"""Log in with provided credentials and return response to POST request or raises for status."""
res_post = self.url_open('/web/login', data={
'login': username,
'password': password,
'csrf_token':csrf_token or http.Request.csrf_token(self),
})
res_post.raise_for_status()
return res_post
class TestWebLogin(TestWebLoginCommon):
def test_web_login(self):
res_post = self.login('internal_user', 'internal_user')
# ensure we are logged-in
self.url_open(
'/web/session/check',
headers={'Content-Type': 'application/json'},
data='{}'
).raise_for_status()
# ensure we end up on the right page for internal users.
self.assertEqual(res_post.request.path_url, '/odoo')
def test_web_login_external(self):
res_post = self.login('portal_user', 'portal_user')
# ensure we end up on the right page for external users. Valid without portal installed.
self.assertEqual(res_post.request.path_url, '/web/login_successful')
def test_web_login_bad_xhr(self):
# simulate the user downloaded the login form
csrf_token = http.Request.csrf_token(self)
# simulate that the JS sended a bad XHR to a route that is
# auth='none' using the same session (e.g. via a service worker)
bad_xhr = self.url_open('/web/login_successful', allow_redirects=False)
self.assertNotEqual(bad_xhr.status_code, 200)
# log in using the above form, it should still be valid
self.login('internal_user', 'internal_user', csrf_token)
@tagged('post_install', '-at_install')
class TestUserSwitch(HttpCaseWithUserDemo):
def test_user_switch(self):
self.start_tour('/odoo', 'test_user_switch', login='demo')
Reference in a new issue View git blame Copy permalink