Disentangle Django's test client from Oscar's custom webtest class
Before this change, it was conflating WebTest functionality with the
Django test client. This change removes the Django test client
functionality (namely, the login function which was being automatically
called).
A shed-load of tests are adjusted to work with this change.
This almost completes the work for #826 - only a couple more references
to the Django client are left in the test codebase.
It is now replaced with a checkout pre-condition that applies to every
checkout view. If someone's basket becomes invalid while they are in
checkout, then they will be redirected back to the basket page.
Checkout index view enforces basket must be non-empty
This change introduces a new framework for enforcing checkout
pre-conditions. Each view class can define a class attribute
'pre_conditions' which lists method names to run before the class
itself.
Of course, decorators are more conventional for this kind of thing but
they are harder to override and customise.
Incorporate ProductListView into ProductCategoryView
Now that Oscar's simple search has been removed, ProductListView does
nothing but show all products. It's been incorporated into
ProductCategoryView.
ProductListView used to give out an invalid summary; this is now fixed.
ProductCategoryView used to pass 'categories' in the template context,
but it wasn't used.
Previously, the 'key' kwarg was not respected and all products would get
added to the first wishlist.
Thanks to @DanielChu for reporting, and supplying a fix.
Fixes #1216
On my local machine, django-dynamic-fixture created product classes
where the slug and primary key were identical and the tests passed
although the check was wrong. Luckily, Murphy's Law works in our favour
on Travis CI, and that failed and spotted it.
This commit fixes the assumption that the redirect view expects the slug
(which it doesn't since the last commit), and ensures that the generated
product classes are non-numeric.
During the registration and in dashboard, the new password is required
to have min 6 characters and not be in common passwords. Those rules are
not enforced when changing password in the account section or resetting
password.
Extract password validators into core validators as they are used by
multiple apps. `password_validators` now contains all validators applied
to passwords: DRY principle.
Changed auth tests to have a proper password for password reset.
Previously, the test suite ran with a custom user model for Django >=
1.5, but it didn't subclass Oscar's AbstractUser. This commit adjusts
the custom user model to subclass Oscar's so we can test functionality
within the custom user class.
This does require a change to the way tests authenticate as we don't
actually use the username field.
Call signal receivers from models.py (not __init__.py)
This reverts fa1f8403 which moved them from models.py to __init__.py.
As reported by @mvantellingen, importing receivers from __init__.py
breaks the way models are normally overridden as it causes the core
models.py to get imported before the custom one.
We need to move back to the old system and will need to advise that the
debug toolbar needs to be set-up explicitly to avoid circular import
issues with models.
Fixes #1159
Original issue #1125
Stop using home-rolled encryption for basket cookies
For anon users, the basket ID is stored in a cookie. Previously, this
was stored with a simple crc32 hash to prevent users enumerating baskets
by changing their cookies. However, home-rolled encryption is always a
bad idea. In this case, it may have probably exposed too much
information allowing the SECRET_KEY to be determined.
This change switches away from the home-rolled encryption to use
Django's built-in crypto signing functionality to store the basket ID.
Thanks to Raphael Kimmig for reporting this issue and providing this
patch.
This should greatly increase usability of the dashboard product update
page when managing a large amount of products.
Fixes #618
Conflicts:
oscar/apps/dashboard/catalogue/forms.py
oscar/apps/dashboard/catalogue/views.py
oscar/static/oscar/js/oscar/dashboard.js
oscar/views/generic.py
Widgets for product selection using select2 and ajax
To be more consistent with how access to products is handled in the
permission based dashboard, access to orders is now more permissive. As
long as one order line's partner has the current user in it's users,
access is granted.
We no longer need to pass the StockInfo instance as the basket has a
reference to the strategy class and can fetch it for itself. This means
we don't have to break backwards compatibility with Oscar < 0.6.
Prior to this change, it was possible to select child products in the
product dashboard. A new function get_parent_products_queryset was
introduced, analogues to the existing get_related_products_queryset. It
is not based on the BrowsableManager as I can envision scenarios where
that is extended to respect status fields or such like, which we should
ignore when selecting a parent field. Otherwise it wouldn't be possible
to e.g. add a few hidden products with child products.
Two issues in tests with the G library were fixed as well, were
unintentionally child products were created. If the product field is
left unspecified, it seems to pick a product instead of leaving it as
None.
David Winterbottom
Maik Hoepfel
Vladimir Bolshakov
Izidor Matušov
Markus Bertheau
Tim Jacobi
benvand
Xavier Ordoquy
Michael van Tellingen
Skirmantas Jurgaitis
Francis Reyes