def test_get_close_db(app):
with app.app_context():
db = get_db()
assert db is get_db()
with pytest.raises(sqlite3.ProgrammingError) as e:
db.execute('SELECT 1')
assert 'closed' in str(e.value)
def upload():
if 'file' not in request.files:
flash('No file part')
return redirect(url_for('docs.index'))
file = request.files['file']
# If the user does not select a file, browsers sometimes
# submit an empty part without a file name.
if file.filename == '':
flash('No file selected')
return redirect(url_for('docs.index'))
if file:
title = file.filename
content = file.read().decode('UTF-8')
db = get_db()
query = '''
INSERT INTO document (title, content, account_id)
VALUES (?, ?, ?)
'''
params = (title, content, g.user['id'])
db.execute(query, params)
db.commit()
return redirect(url_for('docs.index'))
def app():
db_fd, db_path = tempfile.mkstemp()
app = create_app({
'TESTING': True,
'DATABASE': db_path,
})
with app.app_context():
init_db()
get_db().executescript(data_sql)
yield app
os.close(db_fd)
os.unlink(db_path)
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
user = None
if not username:
error = 'Username is required.'
elif not password:
error = 'Password is required.'
else:
query = 'SELECT * FROM account WHERE username = ?'
params = (username, )
user = db.execute(query, params).fetchone()
if user is None or not check_password_hash(user['password'], password):
error = 'Authentication failure.'
if error is None:
session.clear()
session['user_id'] = user['id']
return redirect(url_for('docs.index'))
flash(error)
return render_template('auth/login.html')
def register():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
if not username:
error = 'Username is required.'
elif not password:
error = 'Password is required.'
else:
query = 'SELECT id FROM account WHERE username = ?'
params = (username, )
if db.execute(query, params).fetchone() is not None:
error = f'User {username} is already registered.'
if error is None:
query = 'INSERT INTO account (username, password) VALUES (?, ?)'
params = (username, generate_password_hash(password))
db.execute(query, params)
db.commit()
return redirect(url_for('auth.login'))
flash(error)
return render_template('auth/register.html')
def delete(id):
get_doc(id)
db = get_db()
query = 'DELETE FROM document WHERE id = ?'
params = (id, )
db.execute(query, params)
db.commit()
return redirect(url_for('docs.index'))
def index():
query = '''
SELECT d.id, title, content, created, account_id, username
FROM document d JOIN account a ON d.account_id = a.id
ORDER BY created DESC
'''
docs = get_db().execute(query).fetchall()
return render_template('docs/index.html', docs=docs)
def load_logged_in_user():
user_id = session.get('user_id')
if user_id is None:
g.user = None
else:
query = 'SELECT * FROM account WHERE id = ?'
params = (user_id, )
g.user = get_db().execute(query, params).fetchone()
def test_register(client, app):
url = '/auth/register'
data = {'username': '******', 'password': '******'}
assert client.get(url).status_code == 200
response = client.post(url, data=data)
assert response.headers['Location'] == 'http://localhost/auth/login'
with app.app_context():
query = "SELECT * FROM account WHERE username = '******'"
assert get_db().execute(query).fetchone() is not None
def get_doc(id, check_author=True):
query = '''
SELECT d.id, title, content, created, account_id, username
FROM document d JOIN account a on d.account_id = a.id
WHERE d.id = ?
'''
params = (id, )
doc = get_db().execute(query, params).fetchone()
if doc is None:
abort(404, f'Document id {id} does not exist.')
if check_author and doc['account_id'] != g.user['id']:
abort(403)
return doc
def update(id):
doc = get_doc(id)
if request.method == 'POST':
title = request.form['title']
content = request.form['content']
error = None
if not title:
error = 'Title is required.'
if error is not None:
flash(error)
else:
db = get_db()
query = 'UPDATE document SET title = ?, content = ? WHERE id = ?'
params = (title, content, id)
db.execute(query, params)
db.commit()
return redirect(url_for('docs.index'))
return render_template('docs/update.html', doc=doc)
def create():
if request.method == 'POST':
title = request.form['title']
content = request.form['content']
error = None
if not title:
error = 'Title is required.'
if error is not None:
flash(error)
else:
db = get_db()
query = '''
INSERT INTO document (title, content, account_id)
VALUES (?, ?, ?)
'''
params = (title, content, g.user['id'])
db.execute(query, params)
db.commit()
return redirect(url_for('docs.index'))
return render_template('docs/create.html')