[guivis/KeepPolling#9]

- add some testing to disallow unauthenticated users casting votes - added login required to polls endpoints - requiring csrf token for casting vote
9 months ago · 3efd2d2a22
parent 45050dc4b5
commit 3efd2d2a22
2 changed files with 43 additions and 2 deletions
--- a/polls/tests.py
+++ b/polls/tests.py
@ -72,7 +72,7 @@ class PollDetailsTests(
            self,
    ):
        """
-        If test user has not yet voted, options should be shown
+        If test user has already voted, results should be shown
        """
        test_user = self.fresh_user_logged_in()
        poll = self.create_poll_with_questions()
@ -111,7 +111,7 @@ class PollDetailsTests(
            self,
    ):
        """
-        If test user has not yet voted, options should be shown
+        If test user has already voted, voting again should not change anything
        """
        test_user = self.fresh_user_logged_in()
        poll = self.create_poll_with_questions()
@ -146,3 +146,37 @@ class PollDetailsTests(
            Vote.objects.count(),
            1,
        )
+
+    def test_unauthenticated_user_cant_vote(
+            self,
+    ):
+        """
+        If an unauthenticated user tries to vote it should fail
+        """
+        poll = self.create_poll_with_questions()
+        options = Option.objects.filter(
+            poll=poll,
+        )
+
+        self.assertEqual(
+            Vote.objects.count(),
+            0,
+        )
+
+        response = self.client.post(
+            reverse(
+                "cast-vote",
+                kwargs={
+                    "poll_id": poll.pk,
+                    "option_id": options[0].pk,
+                }
+            ),
+        )
+        self.assertNotEqual(
+            response.status_code,
+            200,
+        )
+        self.assertEqual(
+            Vote.objects.count(),
+            0,
+        )
--- a/polls/views.py
+++ b/polls/views.py
@ -1,9 +1,12 @@
+from django.contrib.auth.decorators import login_required
 from django.db.models import Count
 from django.shortcuts import render, get_object_or_404
+from django.views.decorators.csrf import requires_csrf_token

 from polls.models import Poll, Option, Vote


+@login_required
 def polls(
        request,
 ):
@ -29,6 +32,7 @@ def already_voted(
    return vote.exists()


+@login_required
 def poll_results(
        request,
        poll_id,
@ -56,6 +60,7 @@ def poll_results(
    )


+@login_required
 def poll_details(
        request,
        poll_id,
@ -90,6 +95,8 @@ def poll_details(
    )


+@login_required
+@requires_csrf_token
 def cast_vote(
        request,
        poll_id,