# -*- coding: utf-8 -*- # Part of Odoo. See LICENSE file for full copyright and licensing details. from werkzeug.urls import url_parse, url_decode, url_encode, url_unparse import json from odoo import http from odoo.addons.auth_signup.models.res_partner import ResPartner from odoo.addons.mail.tests.common import MailCommon from odoo.addons.test_mail_full.tests.common import TestMailFullCommon from odoo.addons.test_mail_sms.tests.common import TestSMSRecipients from odoo.tests import tagged, users from odoo.tests.common import HttpCase from odoo.tools import html_escape @tagged('portal') class TestPortal(HttpCase, TestMailFullCommon, TestSMSRecipients): def setUp(self): super(TestPortal, self).setUp() self.record_portal = self.env['mail.test.portal'].create({ 'partner_id': self.partner_1.id, 'name': 'Test Portal Record', }) self.record_portal._portal_ensure_token() @tagged('-at_install', 'post_install', 'portal') class TestPortalControllers(TestPortal): def test_redirect_to_records(self): """ Test redirection of portal-enabled records """ # Test Case 0: as anonymous, cannot access, redirect to web/login response = self.url_open('/mail/view?model=%s&res_id=%s' % ( self.record_portal._name, self.record_portal.id), timeout=15) path = url_parse(response.url).path self.assertEqual(path, '/web/login') # Test Case 1: as admin, can access record self.authenticate(self.user_admin.login, self.user_admin.login) response = self.url_open('/mail/view?model=%s&res_id=%s' % ( self.record_portal._name, self.record_portal.id), timeout=15) self.assertEqual(response.status_code, 200) self.assertEqual(response.request._cookies.get('cids'), '%s' % self.user_admin.company_id.id) path = url_parse(response.url).path self.assertEqual(path, f'/odoo/mail.test.portal/{self.record_portal.id}') def test_redirect_to_records_norecord(self): """ Check specific use case of missing model, should directly redirect to login page. """ for model, res_id in [ (False, self.record_portal.id), ('', self.record_portal.id), (self.record_portal._name, False), (self.record_portal._name, ''), (False, False), ('wrong.model', self.record_portal.id), (self.record_portal._name, -4), ]: response = self.url_open( '/mail/view?model=%s&res_id=%s' % (model, res_id), timeout=15 ) path = url_parse(response.url).path self.assertEqual( path, '/web/login', 'Failed with %s - %s' % (model, res_id) ) def test_portal_avatar_with_access_token(self): mail_record = self.env['mail.message'].create({ 'author_id': self.record_portal.partner_id.id, 'model': self.record_portal._name, 'res_id': self.record_portal.id, }) token = self.record_portal.access_token formatted_record = mail_record.portal_message_format(options={"token": token})[0] self.assertEqual( formatted_record.get("author_avatar_url"), f"/mail/avatar/mail.message/{mail_record.id}/author_avatar/50x50?access_token={token}", ) response = self.url_open( f"/mail/avatar/mail.message/{mail_record.id}/author_avatar/50x50?access_token={token}" ) self.assertEqual(response.status_code, 200) self.assertEqual(response.headers.get('Content-Type'), 'image/png') self.assertRegex(response.headers.get('Content-Disposition', ''), r'mail_message-\d+-author_avatar\.png') placeholder_response = self.url_open( f'/mail/avatar/mail.message/{mail_record.id}/author_avatar/50x50?access_token={token + "a"}' ) # false token self.assertEqual(placeholder_response.status_code, 200) self.assertEqual(placeholder_response.headers.get('Content-Type'), 'image/png') self.assertRegex(placeholder_response.headers.get('Content-Disposition', ''), r'placeholder\.png') no_token_response = self.url_open(f'/mail/avatar/mail.message/{mail_record.id}/author_avatar/50x50') self.assertEqual(no_token_response.status_code, 200) self.assertEqual(no_token_response.headers.get('Content-Type'), 'image/png') self.assertRegex(no_token_response.headers.get('Content-Disposition', ''), r'placeholder\.png') def test_portal_avatar_with_hash_pid(self): self.authenticate(None, None) post_url = f"{self.record_portal.get_base_url()}/mail/message/post" pid = self.partner_2.id _hash = self.record_portal._sign_token(pid) res = self.opener.post( url=post_url, json={ 'params': { 'thread_model': self.record_portal._name, 'thread_id': self.record_portal.id, 'post_data': {'body': "Test"}, 'hash': _hash, 'pid': pid, }, }, ) res.raise_for_status() self.assertNotIn("error", res.json()) message = self.record_portal.message_ids[0] formatted_message = message.portal_message_format(options={"hash": _hash, "pid": pid})[0] self.assertEqual( formatted_message.get("author_avatar_url"), f"/mail/avatar/mail.message/{message.id}/author_avatar/50x50?_hash={_hash}&pid={pid}", ) response = self.url_open( f"/mail/avatar/mail.message/{message.id}/author_avatar/50x50?_hash={_hash}&pid={pid}" ) self.assertEqual(response.status_code, 200) self.assertEqual(response.headers.get('Content-Type'), 'image/png') self.assertRegex(response.headers.get('Content-Disposition', ''), r'mail_message-\d+-author_avatar\.png') placeholder_response = self.url_open( f'/mail/avatar/mail.message/{message.id}/author_avatar/50x50?_hash={_hash + "a"}&pid={pid}' ) # false hash self.assertEqual(placeholder_response.status_code, 200) self.assertEqual(placeholder_response.headers.get('Content-Type'), 'image/png') self.assertRegex(placeholder_response.headers.get('Content-Disposition', ''), r'placeholder\.png') def test_portal_share_comment(self): """ Test posting through portal controller allowing to use a hash to post wihtout access rights. """ self.authenticate(None, None) post_url = f"{self.record_portal.get_base_url()}/mail/message/post" # test as not logged self.opener.post( url=post_url, json={ 'params': { 'thread_model': self.record_portal._name, 'thread_id': self.record_portal.id, 'post_data': {'body': "Test"}, 'token': self.record_portal.access_token, 'hash': self.record_portal._sign_token(self.partner_2.id), 'pid': self.partner_2.id, }, }, ) # Only messages from the current user not OdooBot messages = self.record_portal.message_ids.filtered(lambda msg: msg.author_id == self.partner_2) self.assertIn('Test', messages[0].body) @tagged('portal') class TestPortalFlow(MailCommon, HttpCase): """Share a link by email to a customer without an account for viewing a record through the portal. The tests consist in sending a mail related to a record to a customer and checking that the record can be viewed through the embedded link: - either in the backend if the user is connected and has the right to - or in the portal otherwise """ @classmethod def setUpClass(cls): super().setUpClass() cls.customer = cls.env['res.partner'].create({ 'country_id': cls.env.ref('base.fr').id, 'email': 'mdelvaux34@example.com', 'lang': 'en_US', 'mobile': '+33639982325', 'name': 'Mathias Delvaux', 'phone': '+33353011823', }) cls.record_portal = cls.env['mail.test.portal'].create({ 'name': 'Test Portal Record', 'partner_id': cls.customer.id, 'user_id': cls.user_admin.id, }) cls.mail_template = cls.env['mail.template'].create({ 'auto_delete': True, 'body_html': '
Hello
Hello Mathias Delvaux, your quotation is ready for review.
', 'partner_ids': self.customer.ids, 'subject': 'Your Quotation "a white table"', }) with self.mock_mail_gateway(mail_unlink_sent=True): composer._action_send_mail() self.assertEqual(len(self._mails), 1) self.assertIn(f'"{html_escape(self.record_access_url)}"', self._mails[0].get('body')) # Check that the template is not used (not the same subject) self.assertEqual('Your Quotation "a white table"', self._mails[0].get('subject')) self.assertIn('Hello Mathias Delvaux', self._mails[0].get('body')) @users('employee') def test_send_message_to_customer_using_template(self): """Send a mail to a customer without an account and check that it contains a link to view the record. Other tests below check that that same link has the correct behavior. This test follows the common use case by using a template while the next send the mail without a template.""" composer = self._get_composer_with_context(self.mail_template.id).create({}) with self.mock_mail_gateway(mail_unlink_sent=True): composer._action_send_mail() self.assertEqual(len(self._mails), 1) self.assertIn(f'"{html_escape(self.record_access_url)}"', self._mails[0].get('body')) self.assertEqual(f'Your quotation "{self.record_portal.name}"', self._mails[0].get('subject')) # Check that the template is used @tagged('portal') class TestPortalMixin(TestPortal): @users('employee') def test_portal_mixin(self): """ Test internals of portal mixin """ customer = self.partner_1.with_env(self.env) record_portal = self.env['mail.test.portal'].create({ 'partner_id': customer.id, 'name': 'Test Portal Record', }) self.assertFalse(record_portal.access_token) self.assertEqual(record_portal.access_url, '/my/test_portal/%s' % record_portal.id) record_portal._portal_ensure_token() self.assertTrue(record_portal.access_token)