diff --git a/ureport/public/tests.py b/ureport/public/tests.py index 9baa4480b..cf461dcb7 100644 --- a/ureport/public/tests.py +++ b/ureport/public/tests.py @@ -401,6 +401,52 @@ def test_join_engage(self): self.assertEqual(response.context["org"], self.uganda) # self.assertContains(response, "All U-Report services (all msg on 3000) are free.") + def test_poll_results(self): + + poll1 = self.create_poll(self.uganda, "Poll 1", "uuid-1", self.health_uganda, self.admin, has_synced=True) + + question1 = PollQuestion.objects.create( + poll=poll1, title="question poll 1", ruleset_uuid="uuid-101", created_by=self.admin, modified_by=self.admin + ) + + pollquestion_results_url = reverse("public.pollquestion_results", args=[question1.pk]) + + response = self.client.get(pollquestion_results_url, SERVER_NAME="uganda.ureport.io") + self.assertEqual(response.status_code, 200) + self.assertEqual(response.request["PATH_INFO"], f"/pollquestion/{question1.pk}/results/") + + response = self.client.get( + pollquestion_results_url + "?segment=%0D%0ASPIHeader%3A%20SPIValue&", SERVER_NAME="uganda.ureport.io" + ) + self.assertEqual(response.status_code, 200) + self.assertEqual(response.request["PATH_INFO"], f"/pollquestion/{question1.pk}/results/") + + def test_reporter_results(self): + reporter_results_url = reverse("public.contact_field_results") + + response = self.client.get(reporter_results_url, SERVER_NAME="nigeria.ureport.io") + self.assertEqual(response.status_code, 200) + self.assertEqual(response.request["PATH_INFO"], "/contact_field_results/") + + response = self.client.get( + reporter_results_url + "?segment=%0D%0ASPIHeader%3A%20SPIValue&", SERVER_NAME="nigeria.ureport.io" + ) + self.assertEqual(response.status_code, 200) + self.assertEqual(response.request["PATH_INFO"], "/contact_field_results/") + + def test_engagement_data(self): + ureporters_url = reverse("public.engagement_data") + + response = self.client.get(ureporters_url, SERVER_NAME="nigeria.ureport.io") + self.assertEqual(response.status_code, 200) + self.assertEqual(response.request["PATH_INFO"], "/engagement_data/") + + response = self.client.get( + ureporters_url + "?results_params=%0D%0ASPIHeader%3A%20SPIValue&", SERVER_NAME="nigeria.ureport.io" + ) + self.assertEqual(response.status_code, 200) + self.assertEqual(response.request["PATH_INFO"], "/engagement_data/") + @mock.patch("ureport.utils.fetch_old_sites_count") def test_ureporters(self, mock_old_sites_count): mock_old_sites_count.return_value = [] diff --git a/ureport/public/views.py b/ureport/public/views.py index e46be3a4e..5b1436bbf 100644 --- a/ureport/public/views.py +++ b/ureport/public/views.py @@ -294,10 +294,17 @@ def get_object(self): def render_to_response(self, context, **kwargs): output_data = [] - segment = self.request.GET.get("segment", None) - if segment: - segment = json.loads(segment) - output_data = self.get_object().get_ureporters_locations_stats(segment) + try: + segment = self.request.GET.get("segment", None) + if segment: + segment = json.loads(segment) + output_data = self.get_object().get_ureporters_locations_stats(segment) + except json.JSONDecodeError: + output_data = [] + pass + except Exception as e: + output_data = [] + raise e return HttpResponse(json.dumps(output_data)) @@ -312,14 +319,21 @@ def get_object(self): def render_to_response(self, context, **kwargs): output_data = [] - results_params = self.request.GET.get("results_params", None) - if results_params: - results_params = json.loads(results_params) - metric = results_params.get("metric") - segment_slug = results_params.get("segment") - time_filter = int(results_params.get("filter", "12")) - - output_data = PollStats.get_engagement_data(self.get_object(), metric, segment_slug, time_filter) + try: + results_params = self.request.GET.get("results_params", None) + if results_params: + results_params = json.loads(results_params) + metric = results_params.get("metric") + segment_slug = results_params.get("segment") + time_filter = int(results_params.get("filter", "12")) + + output_data = PollStats.get_engagement_data(self.get_object(), metric, segment_slug, time_filter) + except json.JSONDecodeError: + output_data = [] + pass + except Exception as e: + output_data = [] + raise e return HttpResponse(json.dumps(output_data)) @@ -453,11 +467,19 @@ def derive_queryset(self): return queryset def render_to_response(self, context, **kwargs): - segment = self.request.GET.get("segment", None) - if segment: - segment = json.loads(segment) - - results = self.object.get_results(segment=segment) + results = [] + try: + segment = self.request.GET.get("segment", None) + if segment: + segment = json.loads(segment) + + results = self.object.get_results(segment=segment) + except json.JSONDecodeError: + results = [] + pass + except Exception as e: + results = [] + raise e return HttpResponse(json.dumps(results)) diff --git a/ureport/settings.py.prod b/ureport/settings.py.prod index 531a5ee5e..d6ca04281 100644 --- a/ureport/settings.py.prod +++ b/ureport/settings.py.prod @@ -17,12 +17,12 @@ EMPTY_SUBDOMAIN_HOST = 'http://ureport.in' HOSTNAME = 'ureport.in' ALLOWED_HOSTS = ['*'] -SESSION_COOKIE_DOMAIN = 'ureport.in' SESSION_COOKIE_SECURE = True SESSION_EXPIRE_AT_BROWSER_CLOSE = False SESSION_COOKIE_AGE = 1209600 # 2 weeks CSRF_COOKIE_SECURE = True +CSRF_COOKIE_SAMESITE = "Strict" CSRF_COOKIE_AGE = 10800 SECURE_HSTS_SECONDS = 86400 diff --git a/ureport/settings.py.staging b/ureport/settings.py.staging index 460378027..60938347c 100644 --- a/ureport/settings.py.staging +++ b/ureport/settings.py.staging @@ -15,12 +15,12 @@ EMPTY_SUBDOMAIN_HOST = 'http://nigeria.ureport.staging.nyaruka.com' HOSTNAME = 'ureport.staging.nyaruka.com' ALLOWED_HOSTS = ['.nyaruka.com', '.ureport.in'] -SESSION_COOKIE_DOMAIN = 'ureport.staging.nyaruka.com' SESSION_EXPIRE_AT_BROWSER_CLOSE = False SESSION_COOKIE_SECURE = True SESSION_COOKIE_AGE = 1209600 # 2 weeks CSRF_COOKIE_SECURE = True +CSRF_COOKIE_SAMESITE = "Strict" CSRF_COOKIE_AGE = 10800 SECURE_HSTS_SECONDS = 86400