Move removal of the account_verified permission to the UserOpenID model delete() method. Add tests for creation and deletion of UserOpenID model and related permission changes.

5 files changed, 115 insertions, 11 deletions

diff --git a/django_openid_auth/admin.py b/django_openid_auth/admin.py
index 3bd3839..23b191a 100644
--- a/django_openid_auth/admin.py
+++ b/django_openid_auth/admin.py
@@ -29,7 +29,6 @@
 
 from django.conf import settings
 from django.contrib import admin
-from django.contrib.auth.models import Permission
 from django_openid_auth.models import Nonce, Association, UserOpenID
 from django_openid_auth.store import DjangoOpenIDStore
 
@@ -67,12 +66,6 @@ class UserOpenIDAdmin(admin.ModelAdmin):
     list_display = ('user', 'claimed_id')
     search_fields = ('claimed_id',)
 
-    def log_deletion(self, request, obj, object_repr):
-        permission = Permission.objects.get(codename='account_verified')
-        if obj.user:
-            obj.user.user_permissions.remove(permission)
-        super(UserOpenIDAdmin, self).log_deletion(request, obj, object_repr)
-
 admin.site.register(UserOpenID, UserOpenIDAdmin)
 
 
diff --git a/django_openid_auth/models.py b/django_openid_auth/models.py
index 693634d..c47bba3 100644
--- a/django_openid_auth/models.py
+++ b/django_openid_auth/models.py
@@ -66,8 +66,11 @@ class UserOpenID(models.Model):
             ('account_verified', 'The OpenID has been verified'),
         )
 
+    def _get_permission(self):
+        return Permission.objects.get(codename='account_verified')
+
     def save(self, force_insert=False, force_update=False, using=None):
-        permission = Permission.objects.get(codename='account_verified')
+        permission = self._get_permission()
         perm_label = '%s.%s' % (permission.content_type.app_label,
                                 permission.codename)
         if self.account_verified and not self.user.has_perm(perm_label):
@@ -75,3 +78,8 @@ class UserOpenID(models.Model):
         elif not self.account_verified and self.user.has_perm(perm_label):
             self.user.user_permissions.remove(permission)
         super(UserOpenID, self).save(force_insert, force_update, using)
+
+    def delete(self, using=None):
+        permission = self._get_permission()
+        self.user.user_permissions.remove(permission)
+        super(UserOpenID, self).delete(using)
diff --git a/django_openid_auth/tests/__init__.py b/django_openid_auth/tests/__init__.py
index f76af6f..5b3964a 100644
--- a/django_openid_auth/tests/__init__.py
+++ b/django_openid_auth/tests/__init__.py
@@ -35,7 +35,8 @@ from test_admin import *
 
 def suite():
     suite = unittest.TestSuite()
-    for name in ['test_auth', 'test_store', 'test_views', 'test_admin']:
+    for name in ['test_auth', 'test_models', 'test_store', 'test_views',
+                 'test_admin']:
         mod = __import__('%s.%s' % (__name__, name), {}, {}, ['suite'])
         suite.addTest(mod.suite())
     return suite
diff --git a/django_openid_auth/tests/test_models.py b/django_openid_auth/tests/test_models.py
new file mode 100644
index 0000000..204a318
--- /dev/null
+++ b/django_openid_auth/tests/test_models.py
@@ -0,0 +1,96 @@
+# django-openid-auth -  OpenID integration for django.contrib.auth
+#
+# Copyright (C) 2013 Canonical Ltd.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# * Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+
+import unittest
+
+from django.contrib.auth.models import User
+from django.test import TestCase
+
+from django_openid_auth.models import UserOpenID
+
+
+class UserOpenIDModelTestCase(TestCase):
+
+    def test_create_useropenid(self):
+        user = User.objects.create_user('someuser', 'someuser@example.com',
+                                        password=None)
+        user_openid, created = UserOpenID.objects.get_or_create(
+            user=user,
+            claimed_id='http://example.com/existing_identity',
+            display_id='http://example.com/existing_identity',
+            account_verified=False)
+
+        self.assertEqual('someuser', user_openid.user.username)
+        self.assertEqual(
+            user_openid.claimed_id, 'http://example.com/existing_identity')
+        self.assertEqual(
+            user_openid.display_id, 'http://example.com/existing_identity')
+        self.assertFalse(user_openid.account_verified)
+        self.assertFalse(
+            User.objects.get(username='someuser').has_perm(
+                'django_openid_auth.account_verified'))
+
+    def test_create_verified_useropenid(self):
+        user = User.objects.create_user('someuser', 'someuser@example.com',
+                                        password=None)
+        user_openid, created = UserOpenID.objects.get_or_create(
+            user=user,
+            claimed_id='http://example.com/existing_identity',
+            display_id='http://example.com/existing_identity',
+            account_verified=True)
+
+        self.assertEqual('someuser', user_openid.user.username)
+        self.assertEqual(
+            user_openid.claimed_id, 'http://example.com/existing_identity')
+        self.assertEqual(
+            user_openid.display_id, 'http://example.com/existing_identity')
+        self.assertTrue(user_openid.account_verified)
+        self.assertTrue(
+            User.objects.get(username='someuser').has_perm(
+                'django_openid_auth.account_verified'))
+
+    def test_delete_verified_useropenid(self):
+        user = User.objects.create_user('someuser', 'someuser@example.com',
+                                        password=None)
+        user_openid, created = UserOpenID.objects.get_or_create(
+            user=user,
+            claimed_id='http://example.com/existing_identity',
+            display_id='http://example.com/existing_identity',
+            account_verified=True)
+
+        self.assertTrue(
+            User.objects.get(username='someuser').has_perm(
+                'django_openid_auth.account_verified'))
+        user_openid.delete()
+        self.assertFalse(
+            User.objects.get(username='someuser').has_perm(
+                'django_openid_auth.account_verified'))
+
+
+def suite():
+    return unittest.TestLoader().loadTestsFromName(__name__)
diff --git a/django_openid_auth/tests/test_views.py b/django_openid_auth/tests/test_views.py
index d291cf4..6c21036 100644
--- a/django_openid_auth/tests/test_views.py
+++ b/django_openid_auth/tests/test_views.py
@@ -32,7 +32,7 @@ import unittest
 from urllib import quote_plus
 
 from django.conf import settings
-from django.contrib.auth.models import User, Group
+from django.contrib.auth.models import User, Group, Permission
 from django.http import HttpRequest, HttpResponse
 from django.test import TestCase
 from openid.consumer.consumer import Consumer, SuccessResponse
@@ -1291,15 +1291,21 @@ class RelyingPartyTests(TestCase):
         user = User.objects.create_user('testuser', 'someone@example.com')
         group = Group(name='groupname')
         group.save()
+        # Django creates the add_nonce permission by default
+        group.permissions.add(
+            Permission.objects.get(codename='add_nonce'))
         ogroup = Group(name='othergroup')
         ogroup.save()
+        # Django creates the add_useropenid permission by default
+        ogroup.permissions.add(
+            Permission.objects.get(codename='add_useropenid'))
         user.groups.add(ogroup)
         user.save()
         useropenid = UserOpenID(
             user=user,
             claimed_id='http://example.com/identity',
             display_id='http://example.com/identity',
-            account_verified=False)
+            account_verified=True)
         useropenid.save()
 
         # Posting in an identity URL begins the authentication request: