def users_cant_see_other_users_expenses(tester):
"""Check that the expenses are displayed only for the correct owner"""
username, password = Helpers.create_user(tester)
# Frank can create a category to log his expenses
cat_name = Helpers.generate_string()
Helpers.create_a_category(tester, category_name=cat_name, is_income=False)
amount = random.randint(1, 90000)
expense_date = str(date.today())
note = Helpers.generate_string()
# Frank enters some data
Helpers.create_entry(tester,
amount,
category_name=cat_name,
note=note,
expense_date=expense_date,
is_income=False,
verify_creation=True)
Helpers.logout_user(tester)
# Guido can not see Frank's expense
Helpers.create_user(tester)
Helpers.visit_and_verify_expense(tester,
amount=amount,
category_name=cat_name,
note=note,
should_exist=False)
Helpers.logout_user(tester)
def test_can_create_multiple_expense_categories(tester):
"""Check that creation pf multiple categories is successful"""
# Frank can create a category to log expenses related to his rent
cat_name1 = Helpers.generate_string()
Helpers.create_a_category(tester, cat_name1)
# Frank can create a category to log his food expenses
cat_name2 = Helpers.generate_string()
Helpers.create_a_category(tester, cat_name2)
def test_can_create_multiple_monthly_budgets(tester):
# Frank creates a category to log expenses related his rent
category_name = Helpers.generate_string()
Helpers.create_a_category(tester, category_name)
budget_date = datetime.date.today().replace(day=1)
amount = 7000
Helpers.create_a_monthly_budget(tester, category_name=category_name,
amount=amount, date=budget_date)
# Frank logs a fraction of his rent (he got confused with this previous
# apartment)
wrong_amt = 4000
note = 'First month of rent'
rent_date = datetime.date.today().replace(day=1).strftime("%Y-%m-%d")
is_income = False
Helpers.create_entry(tester, amount=wrong_amt, category_name=category_name,
note=note, expense_date=rent_date, is_income=is_income)
# FIX ME: we're not displaying the monthly bugets anymore!!!
# Frank notices the home page shows that amount he has set
# url = reverse('budgets:home')
# tester.browser.get(f"{tester.live_server_url}{url}")
# table = tester.browser.find_element_by_id('id_expenses_total')
# Helpers.find_text_inside_table(tester, str(amount), table)
# Helpers.find_text_inside_table(tester, category_name, table)
# # Frank notices that the home page is showing he still has room for
# # spending, in the Rent category
# url = reverse('budgets:home')
# tester.browser.get(f"{tester.live_server_url}{url}")
# remainder = amount - wrong_amt
# table = tester.browser.find_element_by_id('id_expenses_total')
# formatted_amount = f'{remainder:n}'
# Helpers.find_text_inside_table(tester, str(formatted_amount), table)
# Frank also notices the amount is green, meaning he still has room for
# spending!
# TODO, check for "text-danger" class
# Frank notices his error and logs the full amount of the rent
# creating a new expenses (Frank can't find how to edit an entry)
remainder = 5000
note = Helpers.generate_string()
rent_date = datetime.date.today().replace(day=1).strftime("%Y-%m-%d")
is_income = False
Helpers.create_entry(tester, amount=remainder, category_name=category_name,
note=note, expense_date=rent_date,
is_income=is_income)
def test_cant_create_duplicate_expense_categories(tester):
# Frank can create a category to log expenses related to his rent
text = Helpers.generate_string()
Helpers.create_a_category(tester, category_name=text, is_income=True)
# Frank is not paying attention to what he is doing, and he tries
# to create the same category
Helpers.create_a_category(tester,
category_name=text,
is_income=True,
create_check=False,
midway_check=True)
def test_users_cant_see_other_users_monthly_balance_entry(tester):
# Frank can create a category to log his balance
cat_name = Helpers.generate_string()
Helpers.create_user(tester)
Helpers.create_a_category(tester, category_name=cat_name, is_balance=True)
Helpers.logout_user(tester)
# Guido can not see Frank's balance income category
Helpers.create_user(tester)
Helpers.visit_and_verify_categories(tester,
cat_name,
is_balance=True,
should_exist=False)
Helpers.logout_user(tester)
def test_different_users_can_create_categories_with_the_same_name(tester):
# Frank can create a category to log his expenses
cat_name = Helpers.generate_string()
Helpers.create_user(tester)
Helpers.create_a_category(tester, category_name=cat_name)
Helpers.logout_user(tester)
# Guido can create a category with the same name
Helpers.create_user(tester)
Helpers.create_a_category(tester,
category_name=cat_name,
midway_check=True,
create_check=False,
lack_of_error=True)
Helpers.logout_user(tester)
def test_cant_create_multiple_monthly_budgets_for_same_month(tester):
# Frank creates a category to log expenses related his rent
category_name = Helpers.generate_string()
Helpers.create_a_category(tester, category_name)
# Frank knows he also has to create a budget for the current month
# so he proceeds to create one
budget_date = datetime.date.today().replace(day=1)
amount = 7000
Helpers.create_a_monthly_budget(tester, category_name=category_name,
amount=amount, date=budget_date)
# Frank however has been up till very late the day before, and is quite
# distracted. Accidentally he repeats the same procedure again
Helpers.create_a_monthly_budget(tester, category_name=category_name,
amount=amount, date=budget_date,
create_check=False)
# However an error promtply notifies him that this is not allowed
Helpers.wait_for_page_to_reload(tester)
error = 'Monthly budget with this Category and Date already exists.'
Helpers.find_error(tester, error)
def test_users_can_not_see_other_users_categories(tester):
"""Check that only current user categories are returned (in json format)"""
# Frank can create a category to log his expenses
cat_name = Helpers.generate_string()
Helpers.create_user(tester)
Helpers.create_a_category(tester, category_name=cat_name)
Helpers.logout_user(tester)
# Guido registers to the site
Helpers.create_user(tester)
url = reverse('api:categories')
# Guido has knowledge of how to force the site to display json
secret_url = f"{tester.live_server_url}{url}?format=json&json=true'"
tester.browser.get(secret_url)
html = tester.browser.find_element_by_tag_name('html')
json_res = json.loads(html.text)
# Guido, however, can not see Frank's category
tester.assertEqual(len(json_res), 0)
Helpers.logout_user(tester)
def test_users_cant_see_other_users_monthly_budgets(tester):
Helpers.create_user(tester)
# Frank creates a category to log expenses related his rent
category_name = Helpers.generate_string()
Helpers.create_a_category(tester, category_name)
# Frank knows he also has to create a budget for the current month
# ...so he proceeds to create one
budget_date = datetime.date.today().replace(day=1)
amount = random.randint(1, 90000)
Helpers.create_a_monthly_budget(tester, category_name=category_name,
amount=amount, date=budget_date)
Helpers.logout_user(tester)
# Guido can not see Frank's monthly budget
Helpers.create_user(tester)
Helpers.visit_and_verify_month_budget_creation(tester=tester,
category_name=category_name,
amount=amount,
date=budget_date,
should_exist=False)
Helpers.logout_user(tester)
def users_cant_create_expenses_with_other_users_categories(tester):
"""Check that the expenses can not be created with other users's categories
"""
# Frank logs in
Helpers.create_user(tester)
# Frank creates multiple categories
for _ in range(3):
cat_name = Helpers.generate_string()
Helpers.create_a_category(tester,
category_name=cat_name,
is_income=False)
category_id = Helpers.get_category_id_from_category_name(
tester, cat_name)
# Frank confirm the id of the last category he created... he "has a plan"
category_id = Helpers.get_category_id_from_category_name(tester, cat_name)
# Frank knows some javascript, and he tries to fiddle with the form values
# ## ES6 syntax, will work in recent (2015/2016+ versions) FF and Chromium
js_function = 'Array.from(document.getElementsByTagName("option")).forEach(function(item) {item.value = "X"});'
js_function = js_function.replace('X', str(category_id))
tester.browser.execute_script(js_function)
amount = random.randint(1, 90000)
expense_date = str(date.today())
note = Helpers.generate_string()
# Frank enters some data, he wants to make sure his js does not break the
# app
# Frank also confirm that even after executing this js, the expense was
# created correctly
Helpers.create_entry(tester,
amount,
category_name=cat_name,
note=note,
expense_date=expense_date,
is_income=False,
verify_creation=True,
js_to_execute=js_function)
# Franks challenges Guido to create an expense with a category he made
# Franks share his js script with Guido (Guido does not know any js!)
# Guido accepts to test out Frank's js and verify the app works correctly
Helpers.create_user(tester)
# Guido creates a category
cat_name = Helpers.generate_string()
Helpers.create_a_category(tester, category_name=cat_name, is_income=False)
# Guido enters some data, and execute the js code he got from Frank
# If the app is not checking for tampering the form values, this will fail
Helpers.create_entry(tester,
amount,
category_name=cat_name,
note=note,
expense_date=expense_date,
is_income=False,
verify_creation=False,
js_to_execute=js_function)
# Guido confirms the app is not deceived by this trivial attack
Helpers.visit_and_verify_expense(tester,
amount=amount,
category_name=cat_name,
note=note,
should_exist=False)
def test_only_expenses_in_range_are_shown(tester):
"""Check that expenses are correctly filtered when using a given url"""
# Frank creates 2 expenses for January 2020
text = Helpers.generate_string()
Helpers.create_a_category(tester, category_name=text)
# Frank is not going to check if the expenses are created as he always does
# Frank now believes into this sowftware!
is_income = False
# We skip verication because...the function is old and broke down due to
# the new redirect to /expense/create on success ?
# TODO: check if this is the case, and fix it if needed
verify_creation = False
amount = 4000
note = Helpers.generate_string()
date = "2020-01-01"
Helpers.create_entry(tester,
amount,
category_name=text,
note=note,
expense_date=date,
is_income=is_income,
verify_creation=verify_creation)
second_amount = 4200
second_date = "2020-01-07"
second_note = Helpers.generate_string()
Helpers.create_entry(tester,
second_amount,
category_name=text,
note=second_note,
expense_date=date,
is_income=is_income,
verify_creation=verify_creation)
# Frank has changed his mind: "Testing is important" he says.
# Frank then enters a special URL to check the expenses creation...but he
# enters the wrong end date
expense_url = reverse('budgets:expenses')
url = f"{tester.live_server_url}{expense_url}/2020-01-01/2020-01-02"
tester.browser.get(url)
# Frank notices the first expenses is shown. Frank is so happy
formatted_amount = f'{amount:,}'
Helpers.verify_expense_was_created(tester,
amount=formatted_amount,
category_name=text,
note=note)
# TODO: verify the second expenses is NOT shown
# Frank can not see the second expenses! Frank wonders whether the
# software has really saved the second expenses or not
# Frank then gets very anxious... but then Frank breathes, and re-types the
# URL. He notices he had typed the wrong one: "Silly me!" he mumbles.
expense_url = reverse('budgets:expenses')
url = f"{tester.live_server_url}{expense_url}/2020-01-01/2020-01-07"
tester.browser.get(url)
formatted_second_amount = f'{second_amount:,}'
# Frank now sees both expenses, he smiles. Frank is so relieved now
Helpers.verify_expense_was_created(tester,
formatted_amount,
category_name=text,
note=note)
Helpers.verify_expense_was_created(tester,
amount=formatted_second_amount,
category_name=text,
note=second_note)
# Then, Frank remembers he also bought something during December 2019
# He really wants to keep track of all his expenses!
third_amount = 4200
third_note = Helpers.generate_string()
older_date = "2019-12-31"
Helpers.create_entry(tester,
amount=third_amount,
category_name=text,
note=third_note,
expense_date=older_date,
is_income=is_income,
verify_creation=verify_creation)
# Frank then enters a special URL that allows him to only show expenses
# broken down by months
expense_url = reverse('budgets:expenses')
url = f"{tester.live_server_url}{expense_url}/2019-12-01/2019-12-31"
tester.browser.get(url)
formatted_third_amount = f'{third_amount:,}'
Helpers.verify_expense_was_created(tester,
amount=formatted_third_amount,
category_name=text,
note=third_note)
# TODO: Frank then want to see all expenses
expense_url = reverse('budgets:expenses')
url = f"{tester.live_server_url}{expense_url}/2019-12-01/2020-01-31"
