def testDeleteOther(self):
user = build_user(user_type='commenter')
other_user = build_user(user_type='user')
username = user.username
self.db.session.add(user)
self.db.session.add(other_user)
self.db.session.commit()
self.login_user(other_user)
user = User.query.filter(User.username == username).first()
resp = self.app.post('/account/' + str(user.id) + '/destroy')
self.assertEqual(resp.status_code, 401)
def testUserEditOtherAsAdmin(self):
user = build_user(user_type='commenter')
other_user = build_user(user_type='admin')
username = user.username
self.db.session.add(user)
self.db.session.add(other_user)
self.db.session.commit()
self.login_user(other_user)
user = User.query.filter(User.username == username).first()
resp = self.app.get('/account/' + str(user.id) + '/edit')
self.assertEqual(resp.status_code, 200)
self.assertTrue(username.encode('utf-8') in resp.data)
def testUsersAdmin(self):
user = build_user(user_type='admin')
other_user = build_user(user_type='user')
username = user.username
other_username = other_user.username
self.db.session.add(user)
self.db.session.add(other_user)
self.db.session.commit()
self.login_user(user)
resp = self.app.get('/admin/users')
self.assertEqual(resp.status_code, 200)
self.assertTrue(username.encode('utf-8') in resp.data)
self.assertTrue(other_username.encode('utf-8') in resp.data)
def testDeleteOtherAdmin(self):
user = build_user(user_type='commenter')
other_user = build_user(user_type='admin')
username = user.username
self.db.session.add(user)
self.db.session.add(other_user)
self.db.session.commit()
self.login_user(other_user)
user = User.query.filter(User.username == username).first()
old_id = user.id
resp = self.app.post('/account/' + str(user.id) + '/destroy')
self.assert_redirected(resp, '/')
deleted_user = User.query.get(old_id)
self.assertIsNone(deleted_user)
def testUpdateSelfUsernameTaken(self):
other_user = build_user()
other_username = other_user.username
user = build_user(user_type='commenter')
username = user.username
self.db.session.add(user)
self.db.session.add(other_user)
self.db.session.commit()
self.login_user(user)
user = User.query.filter(User.username == username).first()
resp = self.app.post('/account/' + str(user.id),
data={'username': other_username})
self.assertEqual(resp.status_code, 200)
self.assertTrue(b'This name has been taken.' in resp.data)
def testUpdateOtherUser(self):
user = build_user(user_type='commenter')
other_user = build_user(user_type='user')
username = user.username
self.db.session.add(user)
self.db.session.add(other_user)
self.db.session.commit()
self.login_user(other_user)
user = User.query.filter(User.username == username).first()
resp = self.app.post('/account/' + str(user.id),
data={
'username': username,
'password': '******'
})
self.assertEqual(resp.status_code, 401)
def testCommentsCommenter(self):
user = build_user(user_type='commenter')
self.db.session.add(user)
self.db.session.commit()
self.login_user(user)
resp = self.app.get('/admin/comments')
self.assertEqual(resp.status_code, 401)
def testPostCommentBadSlug(self):
user = build_user(user_type='commenter')
self.db.session.add(user)
self.db.session.commit()
self.login_user(user)
resp = self.app.post('/posts/not-found/comments')
self.assertEqual(resp.status_code, 404)
def testPageNewLoggedInUser(self):
user = build_user(user_type='user')
self.db.session.add(user)
self.db.session.commit()
self.login_user(user)
resp = self.app.get('/pages/new')
self.assertEqual(resp.status_code, 401)
def testUpdateOtherUserTypeAdmin(self):
user = build_user(user_type='commenter')
other_user = build_user(user_type='admin')
username = user.username
self.db.session.add(user)
self.db.session.add(other_user)
self.db.session.commit()
self.login_user(other_user)
user = User.query.filter(User.username == username).first()
resp = self.app.post('/account/' + str(user.id),
data={
'username': username,
'user_type': 'user'
})
self.assert_redirected(resp, '/')
updated_user = User.query.filter(User.username == username).first()
self.assertEqual(updated_user.user_type, 'user')
def testPostCreateAsCommenter(self):
user = build_user(user_type='commenter')
self.db.session.add(user)
self.db.session.commit()
self.login_user(user)
resp = self.app.post('/posts',
data={'title': 'My post', 'body': 'Posting it'})
self.assertEqual(resp.status_code, 401)
def testPageNewLoggedInAdmin(self):
user = build_user(user_type='admin')
self.db.session.add(user)
self.db.session.commit()
self.login_user(user)
resp = self.app.get('/pages/new')
self.assertEqual(resp.status_code, 200)
self.assertTrue(b'Create Page' in resp.data)
def testPostNewLoggedInUser(self):
user = build_user(user_type='user')
self.db.session.add(user)
self.db.session.commit()
self.login_user(user)
resp = self.app.get('/posts/new')
self.assertEqual(resp.status_code, 200)
self.assertTrue(b'Create Post' in resp.data)
def testImageCreateCommenter(self):
user = build_user(user_type='commenter')
self.db.session.add(user)
self.db.session.commit()
self.login_user(user)
resp = self.app.post('/images',
data={'upload': (BytesIO(b'image'), 'image.png')})
self.assertEqual(resp.status_code, 401)
def testNewSessionLoggedIn(self):
user = build_user()
self.db.session.add(user)
self.db.session.commit()
self.login_user(user)
resp = self.app.get('/sessions/new')
self.assert_redirected(resp, '/')
self.assert_flashes('You are already logged in', 'error')
def testLoginNoPassword(self):
user = build_user()
self.db.session.add(user)
self.db.session.commit()
resp = self.app.post(
'/sessions',
data={'username': user.username, 'password': ''})
self.assertEqual(resp.status_code, 200)
self.assertTrue(b'This field is required' in resp.data)
def testLoginWithExternalReturnTo(self):
password = '******'
user = build_user(password=password)
self.db.session.add(user)
self.db.session.commit()
resp = self.app.post(
'/sessions?return_to=https%3A%2F%2Fwww%2Egoogle%2Ecom',
data={'username': user.username, 'password': password})
self.assert_redirected(resp, '/')
def testLoginWithReturnTo(self):
password = '******'
user = build_user(password=password)
self.db.session.add(user)
self.db.session.commit()
resp = self.app.post(
'/sessions?return_to=%2Fposts',
data={'username': user.username, 'password': password})
self.assert_redirected(resp, '/posts')
def testImageCreateNoUpload(self):
user = build_user(user_type='user')
self.db.session.add(user)
self.db.session.commit()
self.login_user(user)
resp = self.app.post('/images', data={})
self.assertEqual(resp.status_code, 200)
body = json.loads(resp.data.decode('utf-8'))
self.assertEqual(body['error'], 'This field is required.')
def testLoginBadPassword(self):
password = '******'
user = build_user(password=password)
self.db.session.add(user)
self.db.session.commit()
resp = self.app.post(
'/sessions',
data={'username': user.username, 'password': password + '1'})
self.assertEqual(resp.status_code, 200)
self.assertTrue(b'Invalid password' in resp.data)
def testPostDeleteWrongUser(self):
user = build_user(user_type='user')
post = build_post()
slug = post.slug
self.db.session.add(user)
self.db.session.add(post)
self.db.session.commit()
self.login_user(user)
resp = self.app.post('/posts/' + slug + '/destroy')
self.assertEqual(resp.status_code, 401)
def testPostEditAsAuthor(self):
user = build_user(user_type='user')
post = build_post(user=user)
slug = post.slug
self.db.session.add(post)
self.db.session.commit()
self.login_user(user)
resp = self.app.get('/posts/' + slug + '/edit')
self.assertEqual(resp.status_code, 200)
self.assertTrue(slug.encode('utf-8') in resp.data)
def testPageCreateAsAdminMissingData(self):
user = build_user(user_type='admin')
self.db.session.add(user)
self.db.session.commit()
self.login_user(user)
resp = self.app.post('/pages', data={'title': 'About', 'body': ''})
self.assertEqual(resp.status_code, 200)
self.assertTrue(b'This field is required' in resp.data)
page = Page.query.filter(Page.slug == 'about').first()
self.assertIsNone(page)
def testPostEditAsUserNotAuthor(self):
user = build_user(user_type='user')
post = build_post()
slug = post.slug
self.db.session.add(user)
self.db.session.add(post)
self.db.session.commit()
self.login_user(user)
resp = self.app.get('/posts/' + slug + '/edit')
self.assertEqual(resp.status_code, 401)
def testPageDeleteNotAdmin(self):
user = build_user(user_type='user')
page = build_page()
slug = page.slug
self.db.session.add(user)
self.db.session.add(page)
self.db.session.commit()
self.login_user(user)
resp = self.app.post('/pages/' + slug + '/destroy')
self.assertEqual(resp.status_code, 401)
def testPageEditAsUser(self):
user = build_user(user_type='user')
page = build_page()
slug = page.slug
self.db.session.add(user)
self.db.session.add(page)
self.db.session.commit()
self.login_user(user)
resp = self.app.get('/pages/' + slug + '/edit')
self.assertEqual(resp.status_code, 401)
def testDeleteCommentCommenter(self):
user = build_user(user_type='commenter')
comment = build_comment()
self.db.session.add(user)
self.db.session.add(comment)
self.db.session.commit()
comment_id = comment.id
self.login_user(user)
resp = self.app.post('/comments/' + str(comment_id) + '/destroy')
self.assertEqual(resp.status_code, 401)
def testPostShowUnpublishedAdmin(self):
post = build_post(published_at=None)
slug = post.slug
user = build_user(user_type='admin')
self.db.session.add(post)
self.db.session.add(user)
self.db.session.commit()
self.login_user(user)
resp = self.app.get('/posts/' + slug)
self.assertEqual(resp.status_code, 200)
def testPageCreateAsUser(self):
user = build_user(user_type='user')
self.db.session.add(user)
self.db.session.commit()
self.login_user(user)
resp = self.app.post('/pages',
data={
'title': 'About',
'body': 'About'
})
self.assertEqual(resp.status_code, 401)
def testPageEditAsAdmin(self):
user = build_user(user_type='admin')
page = build_page()
slug = page.slug
self.db.session.add(user)
self.db.session.add(page)
self.db.session.commit()
self.login_user(user)
resp = self.app.get('/pages/' + slug + '/edit')
self.assertEqual(resp.status_code, 200)
self.assertTrue(slug.encode('utf-8') in resp.data)
