# -*- coding: utf-8 -*- """ Activities Tests This module contains comprehensive tests for the activities app, including unit tests for models, views, forms, signals, and middleware components. Test Classes: - ActivityTypeModelTest: Tests for ActivityType model - ActivityModelTest: Tests for Activity model - AuditLogModelTest: Tests for AuditLog model - SecurityEventModelTest: Tests for SecurityEvent model - ActivityViewTest: Tests for activity views - ActivitySignalTest: Tests for activity signals - ActivityMiddlewareTest: Tests for activity middleware - ActivityFormTest: Tests for activity forms Author: AdTlas Development Team Version: 1.0.0 Last Updated: 2024 """ import json from datetime import datetime, timedelta from unittest.mock import patch, Mock from django.test import TestCase, RequestFactory, override_settings from django.contrib.auth import get_user_model from django.contrib.auth.models import Permission from django.contrib.contenttypes.models import ContentType from django.urls import reverse from django.utils import timezone from django.core.cache import cache from django.contrib.sessions.middleware import SessionMiddleware from django.contrib.auth.middleware import AuthenticationMiddleware from django.contrib.messages.middleware import MessageMiddleware from django.http import HttpResponse from django.test.client import Client from rest_framework.test import APITestCase from rest_framework import status from .models import ActivityType, Activity, AuditLog, SecurityEvent from .forms import ActivityFilterForm, SecurityEventFilterForm, ActivityExportForm from .signals import ( log_user_login, log_user_logout, log_failed_login, log_model_save, log_model_delete, set_current_request ) from .middleware import ( ActivityLoggingMiddleware, SecurityMonitoringMiddleware, RequestTrackingMiddleware ) from apps.accounts.models import Role User = get_user_model() class ActivityTypeModelTest(TestCase): """ Test cases for the ActivityType model. """ def setUp(self): """ Set up test data. """ self.activity_type_data = { 'code': 'test_activity', 'name': 'Test Activity', 'description': 'Test activity type for unit testing', 'is_security_related': True, 'retention_days': 365, } def test_create_activity_type(self): """ Test creating an activity type. """ activity_type = ActivityType.objects.create(**self.activity_type_data) self.assertEqual(activity_type.code, 'test_activity') self.assertEqual(activity_type.name, 'Test Activity') self.assertTrue(activity_type.is_security_related) self.assertEqual(activity_type.retention_days, 365) self.assertTrue(activity_type.is_active) def test_activity_type_str_representation(self): """ Test string representation of activity type. """ activity_type = ActivityType.objects.create(**self.activity_type_data) self.assertEqual(str(activity_type), 'Test Activity') def test_activity_type_unique_code(self): """ Test that activity type codes are unique. """ ActivityType.objects.create(**self.activity_type_data) with self.assertRaises(Exception): ActivityType.objects.create(**self.activity_type_data) def test_activity_type_ordering(self): """ Test activity type ordering. """ type1 = ActivityType.objects.create( code='z_type', name='Z Type', description='Last type' ) type2 = ActivityType.objects.create( code='a_type', name='A Type', description='First type' ) types = list(ActivityType.objects.all()) self.assertEqual(types[0], type2) # A Type should come first self.assertEqual(types[1], type1) # Z Type should come second class ActivityModelTest(TestCase): """ Test cases for the Activity model. """ def setUp(self): """ Set up test data. """ self.user = User.objects.create_user( email='test@example.com', password='testpass123', first_name='Test', last_name='User' ) self.activity_type = ActivityType.objects.create( code='test_activity', name='Test Activity', description='Test activity type' ) def test_create_activity(self): """ Test creating an activity. """ activity = Activity.objects.create( user=self.user, action='test_action', description='Test activity description', activity_type=self.activity_type, ip_address='127.0.0.1', user_agent='Test User Agent' ) self.assertEqual(activity.user, self.user) self.assertEqual(activity.action, 'test_action') self.assertEqual(activity.activity_type, self.activity_type) self.assertTrue(activity.success) self.assertIsNotNone(activity.timestamp) def test_activity_log_activity_method(self): """ Test the log_activity class method. """ activity = Activity.log_activity( user=self.user, action='login', description='User logged in', activity_type_code='test_activity', ip_address='192.168.1.1' ) self.assertIsInstance(activity, Activity) self.assertEqual(activity.user, self.user) self.assertEqual(activity.action, 'login') self.assertEqual(activity.activity_type, self.activity_type) def test_activity_with_content_object(self): """ Test activity with content object. """ activity = Activity.objects.create( user=self.user, action='update', description='Updated user profile', activity_type=self.activity_type, content_object=self.user ) self.assertEqual(activity.content_object, self.user) self.assertEqual(activity.object_id, str(self.user.pk)) def test_activity_str_representation(self): """ Test string representation of activity. """ activity = Activity.objects.create( user=self.user, action='test_action', description='Test activity', activity_type=self.activity_type ) expected = f'{self.user.email} - test_action' self.assertEqual(str(activity), expected) def test_activity_manager_recent(self): """ Test the recent method of activity manager. """ # Create activities with different timestamps old_activity = Activity.objects.create( user=self.user, action='old_action', description='Old activity', activity_type=self.activity_type ) old_activity.timestamp = timezone.now() - timedelta(days=10) old_activity.save() recent_activity = Activity.objects.create( user=self.user, action='recent_action', description='Recent activity', activity_type=self.activity_type ) recent_activities = Activity.objects.recent(days=7) self.assertIn(recent_activity, recent_activities) self.assertNotIn(old_activity, recent_activities) def test_activity_manager_by_user(self): """ Test the by_user method of activity manager. """ other_user = User.objects.create_user( email='other@example.com', password='testpass123' ) user_activity = Activity.objects.create( user=self.user, action='user_action', description='User activity', activity_type=self.activity_type ) other_activity = Activity.objects.create( user=other_user, action='other_action', description='Other activity', activity_type=self.activity_type ) user_activities = Activity.objects.by_user(self.user) self.assertIn(user_activity, user_activities) self.assertNotIn(other_activity, user_activities) class AuditLogModelTest(TestCase): """ Test cases for the AuditLog model. """ def setUp(self): """ Set up test data. """ self.user = User.objects.create_user( email='test@example.com', password='testpass123' ) def test_create_audit_log(self): """ Test creating an audit log entry. """ changes = { 'email': { 'old': 'old@example.com', 'new': 'new@example.com' } } audit_log = AuditLog.objects.create( user=self.user, action='update', model_name='User', object_id='1', object_repr='Test User', changes=changes, before_state={'email': 'old@example.com'}, after_state={'email': 'new@example.com'} ) self.assertEqual(audit_log.user, self.user) self.assertEqual(audit_log.action, 'update') self.assertEqual(audit_log.model_name, 'User') self.assertEqual(audit_log.changes, changes) def test_audit_log_str_representation(self): """ Test string representation of audit log. """ audit_log = AuditLog.objects.create( user=self.user, action='create', model_name='User', object_id='1', object_repr='Test User' ) expected = f'{self.user.email} - create User (Test User)' self.assertEqual(str(audit_log), expected) class SecurityEventModelTest(TestCase): """ Test cases for the SecurityEvent model. """ def setUp(self): """ Set up test data. """ self.user = User.objects.create_user( email='test@example.com', password='testpass123' ) def test_create_security_event(self): """ Test creating a security event. """ security_event = SecurityEvent.objects.create( event_type='failed_login', severity='medium', description='Failed login attempt', user=self.user, ip_address='192.168.1.100', details={'attempted_email': 'test@example.com'} ) self.assertEqual(security_event.event_type, 'failed_login') self.assertEqual(security_event.severity, 'medium') self.assertEqual(security_event.status, 'open') self.assertEqual(security_event.user, self.user) def test_security_event_str_representation(self): """ Test string representation of security event. """ security_event = SecurityEvent.objects.create( event_type='suspicious_activity', severity='high', description='Suspicious activity detected' ) expected = 'suspicious_activity - high - Suspicious activity detected' self.assertEqual(str(security_event), expected) def test_security_event_is_resolved_property(self): """ Test the is_resolved property. """ security_event = SecurityEvent.objects.create( event_type='test_event', severity='low', description='Test event', status='open' ) self.assertFalse(security_event.is_resolved) security_event.status = 'resolved' security_event.save() self.assertTrue(security_event.is_resolved) class ActivityViewTest(TestCase): """ Test cases for activity views. """ def setUp(self): """ Set up test data. """ self.user = User.objects.create_user( email='test@example.com', password='testpass123', is_staff=True ) self.activity_type = ActivityType.objects.create( code='test_activity', name='Test Activity', description='Test activity type' ) self.activity = Activity.objects.create( user=self.user, action='test_action', description='Test activity', activity_type=self.activity_type ) self.client = Client() def test_activity_list_view_requires_login(self): """ Test that activity list view requires authentication. """ response = self.client.get(reverse('activities:activity_list')) self.assertEqual(response.status_code, 302) # Redirect to login def test_activity_list_view_authenticated(self): """ Test activity list view with authenticated user. """ self.client.login(email='test@example.com', password='testpass123') response = self.client.get(reverse('activities:activity_list')) self.assertEqual(response.status_code, 200) self.assertContains(response, 'Test activity') def test_activity_detail_view(self): """ Test activity detail view. """ self.client.login(email='test@example.com', password='testpass123') response = self.client.get( reverse('activities:activity_detail', kwargs={'pk': self.activity.pk}) ) self.assertEqual(response.status_code, 200) self.assertContains(response, 'test_action') def test_user_activity_list_view(self): """ Test user activity list view. """ self.client.login(email='test@example.com', password='testpass123') response = self.client.get(reverse('activities:user_activities')) self.assertEqual(response.status_code, 200) self.assertContains(response, 'Test activity') class ActivityAPITest(APITestCase): """ Test cases for activity API views. """ def setUp(self): """ Set up test data. """ self.user = User.objects.create_user( email='test@example.com', password='testpass123', is_staff=True ) self.activity_type = ActivityType.objects.create( code='test_activity', name='Test Activity', description='Test activity type' ) self.activity = Activity.objects.create( user=self.user, action='test_action', description='Test activity', activity_type=self.activity_type ) def test_activity_api_list_requires_authentication(self): """ Test that activity API requires authentication. """ response = self.client.get('/api/activities/') self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) def test_activity_api_list_authenticated(self): """ Test activity API list with authenticated user. """ self.client.force_authenticate(user=self.user) response = self.client.get('/api/activities/') self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(len(response.data['results']), 1) def test_activity_api_create(self): """ Test creating activity via API. """ self.client.force_authenticate(user=self.user) data = { 'action': 'api_test', 'description': 'API test activity', 'activity_type_code': 'test_activity' } response = self.client.post('/api/activities/log/', data) self.assertEqual(response.status_code, status.HTTP_201_CREATED) # Verify activity was created activity = Activity.objects.get(action='api_test') self.assertEqual(activity.description, 'API test activity') class ActivitySignalTest(TestCase): """ Test cases for activity signals. """ def setUp(self): """ Set up test data. """ self.user = User.objects.create_user( email='test@example.com', password='testpass123' ) self.factory = RequestFactory() # Create default activity types ActivityType.objects.create( code='authentication', name='Authentication', description='Authentication activities' ) ActivityType.objects.create( code='security', name='Security', description='Security activities' ) def test_log_user_login_signal(self): """ Test user login signal logging. """ request = self.factory.get('/') request.user = self.user request.session = {} # Simulate login signal log_user_login(sender=User, request=request, user=self.user) # Check if activity was logged activity = Activity.objects.filter( user=self.user, action='login' ).first() self.assertIsNotNone(activity) self.assertEqual(activity.user, self.user) self.assertEqual(activity.action, 'login') def test_log_user_logout_signal(self): """ Test user logout signal logging. """ request = self.factory.get('/') request.user = self.user request.session = {} # Simulate logout signal log_user_logout(sender=User, request=request, user=self.user) # Check if activity was logged activity = Activity.objects.filter( user=self.user, action='logout' ).first() self.assertIsNotNone(activity) self.assertEqual(activity.user, self.user) self.assertEqual(activity.action, 'logout') def test_log_failed_login_signal(self): """ Test failed login signal logging. """ request = self.factory.post('/login/') credentials = {'email': 'test@example.com', 'password': 'wrongpass'} # Simulate failed login signal log_failed_login( sender=None, credentials=credentials, request=request ) # Check if activity was logged activity = Activity.objects.filter( action='login', success=False ).first() self.assertIsNotNone(activity) self.assertFalse(activity.success) self.assertIn('Failed login attempt', activity.description) # Check if security event was created security_event = SecurityEvent.objects.filter( event_type='failed_login' ).first() self.assertIsNotNone(security_event) @patch('apps.activities.signals.get_current_request') def test_log_model_save_signal(self, mock_get_request): """ Test model save signal logging. """ request = self.factory.get('/') request.user = self.user mock_get_request.return_value = request # Create activity type for model changes ActivityType.objects.create( code='model_change', name='Model Changes', description='Model change activities' ) # Create a new user (this should trigger the signal) new_user = User.objects.create_user( email='new@example.com', password='testpass123' ) # Check if activity was logged activity = Activity.objects.filter( user=self.user, action='create' ).first() # Note: This might not work in test environment due to signal handling # In real application, this would create an activity log class ActivityMiddlewareTest(TestCase): """ Test cases for activity middleware. """ def setUp(self): """ Set up test data. """ self.factory = RequestFactory() self.middleware = ActivityLoggingMiddleware(lambda r: HttpResponse()) self.security_middleware = SecurityMonitoringMiddleware(lambda r: HttpResponse()) def test_activity_logging_middleware_process_request(self): """ Test activity logging middleware request processing. """ request = self.factory.get('/') # Process request response = self.middleware.process_request(request) # Should return None and set start time self.assertIsNone(response) self.assertTrue(hasattr(request, '_activity_start_time')) def test_activity_logging_middleware_process_response(self): """ Test activity logging middleware response processing. """ request = self.factory.get('/') request._activity_start_time = timezone.now().timestamp() response = HttpResponse() # Process response processed_response = self.middleware.process_response(request, response) # Should return the same response self.assertEqual(processed_response, response) @override_settings(MAX_REQUESTS_PER_MINUTE=1) def test_security_middleware_rate_limiting(self): """ Test security middleware rate limiting. """ request = self.factory.get('/') # Clear cache cache.clear() # First request should pass response = self.security_middleware.process_request(request) self.assertIsNone(response) # Second request should be rate limited response = self.security_middleware.process_request(request) # Note: In test environment, this might not work exactly as expected # due to cache backend differences def test_security_middleware_suspicious_path_detection(self): """ Test security middleware suspicious path detection. """ request = self.factory.get('/admin/secret/') # This should detect suspicious path response = self.security_middleware.process_request(request) # Should not block the request but log it self.assertIsNone(response) class ActivityFormTest(TestCase): """ Test cases for activity forms. """ def setUp(self): """ Set up test data. """ self.user = User.objects.create_user( email='test@example.com', password='testpass123' ) self.activity_type = ActivityType.objects.create( code='test_activity', name='Test Activity', description='Test activity type' ) def test_activity_filter_form_valid_data(self): """ Test activity filter form with valid data. """ form_data = { 'quick_range': 'last_7_days', 'user': self.user.id, 'activity_type': self.activity_type.id, 'action': 'login', 'success': 'true' } form = ActivityFilterForm(data=form_data) self.assertTrue(form.is_valid()) # Test filter generation filters = form.get_queryset_filters() self.assertIn('user', filters) self.assertIn('activity_type', filters) self.assertIn('action__icontains', filters) def test_activity_filter_form_date_validation(self): """ Test activity filter form date validation. """ # Test invalid date range (from > to) form_data = { 'date_from': timezone.now(), 'date_to': timezone.now() - timedelta(days=1) } form = ActivityFilterForm(data=form_data) self.assertFalse(form.is_valid()) self.assertIn('From date must be before to date', str(form.errors)) def test_security_event_filter_form(self): """ Test security event filter form. """ form_data = { 'event_type': 'failed_login', 'severity': 'high', 'status': 'open' } form = SecurityEventFilterForm(data=form_data) self.assertTrue(form.is_valid()) def test_activity_export_form_validation(self): """ Test activity export form validation. """ # Test valid export range form_data = { 'format': 'csv', 'date_from': timezone.now() - timedelta(days=30), 'date_to': timezone.now(), 'include_user_details': True } form = ActivityExportForm(data=form_data) self.assertTrue(form.is_valid()) # Test invalid export range (too large) form_data['date_from'] = timezone.now() - timedelta(days=100) form = ActivityExportForm(data=form_data) self.assertFalse(form.is_valid()) self.assertIn('Export range cannot exceed 90 days', str(form.errors)) class ActivityIntegrationTest(TestCase): """ Integration tests for the activities app. """ def setUp(self): """ Set up test data. """ self.user = User.objects.create_user( email='test@example.com', password='testpass123', is_staff=True ) # Create default activity types from .signals import create_default_activity_types create_default_activity_types() def test_full_activity_logging_workflow(self): """ Test complete activity logging workflow. """ # 1. Log an activity activity = Activity.log_activity( user=self.user, action='test_workflow', description='Testing full workflow', activity_type_code='general', ip_address='127.0.0.1' ) self.assertIsNotNone(activity) self.assertEqual(activity.action, 'test_workflow') # 2. Create a security event security_event = SecurityEvent.objects.create( event_type='test_event', severity='medium', description='Test security event', user=self.user ) self.assertEqual(security_event.status, 'open') # 3. Update security event status security_event.status = 'resolved' security_event.save() self.assertTrue(security_event.is_resolved) # 4. Create audit log audit_log = AuditLog.objects.create( user=self.user, action='update', model_name='SecurityEvent', object_id=str(security_event.pk), object_repr=str(security_event), changes={'status': {'old': 'open', 'new': 'resolved'}} ) self.assertEqual(audit_log.action, 'update') # 5. Verify all records exist self.assertEqual(Activity.objects.count(), 1) self.assertEqual(SecurityEvent.objects.count(), 1) self.assertEqual(AuditLog.objects.count(), 1) def test_activity_retention_cleanup(self): """ Test activity retention and cleanup. """ # Create old activity old_activity = Activity.objects.create( user=self.user, action='old_action', description='Old activity', activity_type=ActivityType.objects.get(code='general') ) # Set timestamp to old date old_activity.timestamp = timezone.now() - timedelta(days=400) old_activity.save() # Create recent activity recent_activity = Activity.objects.create( user=self.user, action='recent_action', description='Recent activity', activity_type=ActivityType.objects.get(code='general') ) # Test recent query recent_activities = Activity.objects.recent(days=30) self.assertIn(recent_activity, recent_activities) self.assertNotIn(old_activity, recent_activities) def test_activity_search_and_filtering(self): """ Test activity search and filtering functionality. """ # Create test activities Activity.objects.create( user=self.user, action='login', description='User login successful', activity_type=ActivityType.objects.get(code='authentication') ) Activity.objects.create( user=self.user, action='logout', description='User logout', activity_type=ActivityType.objects.get(code='authentication') ) Activity.objects.create( user=self.user, action='update_profile', description='Profile updated', activity_type=ActivityType.objects.get(code='general') ) # Test filtering by action login_activities = Activity.objects.filter(action='login') self.assertEqual(login_activities.count(), 1) # Test filtering by activity type auth_activities = Activity.objects.filter( activity_type__code='authentication' ) self.assertEqual(auth_activities.count(), 2) # Test search in description profile_activities = Activity.objects.filter( description__icontains='profile' ) self.assertEqual(profile_activities.count(), 1)