def test_blogpost_title_length(self):
"""Test BLOGPOST model title length has a limit"""
self.configure_fixtures()
valid_title = 'a' * 255
invalid_title = 'a' * 256
blogpost = Blogpost(title=valid_title, body="body", app=self.app)
db.session.add(blogpost)
assert_not_raises(DataError, db.session.commit)
blogpost.title = invalid_title
assert_raises(DataError, db.session.commit)
def test_blogpost_title_length(self):
"""Test BLOGPOST model title length has a limit"""
self.configure_fixtures()
valid_title = 'a' * 255
invalid_title = 'a' * 256
blogpost = Blogpost(title=valid_title, body="body", app=self.app)
db.session.add(blogpost)
assert_not_raises(DataError, db.session.commit)
blogpost.title = invalid_title
assert_raises(DataError, db.session.commit)
def test_blogpost_public_json(self):
"""Test BLOGPOST to public json works."""
self.configure_fixtures()
owner = User(
email_addr="*****@*****.**",
name="johndoe2",
fullname="John Doe2",
locale="en")
blogpost = Blogpost(title='title', body="body", project=self.project, owner=owner)
db.session.add(blogpost)
db.session.commit()
tmp = blogpost.to_public_json()
assert tmp.keys().sort() == Blogpost().public_attributes().sort()
assert Blogpost().public_info_keys() == []
def test_blogpost_update_by_non_owner(self):
"""Test blogpost update by non owner of the app is forbidden"""
user = self.create_users()[1]
app = self.create_app(info=None)
app.owner = user
blogpost = Blogpost(owner=user,
app=app,
title='thisisatitle',
body='body')
db.session.add_all([user, app, blogpost])
db.session.commit()
url = "/app/%s/%s/update" % (app.short_name, blogpost.id)
self.register()
res = self.app.get(url, follow_redirects=True)
assert res.status_code == 403, res.status_code
res = self.app.post(url,
data={
'title': 'new title',
'body': 'body'
},
follow_redirects=True)
assert res.status_code == 403, res.status_code
blogpost = db.session.query(Blogpost).first()
assert blogpost.title == 'thisisatitle', blogpost.title
def test_blogpost_belongs_to_app(self):
"""Test BLOGPOSTS must belong to an app"""
self.configure_fixtures()
blogpost = Blogpost(title='title', app=None)
db.session.add(blogpost)
assert_raises(IntegrityError, db.session.commit)
def test_blogpost_title_presence(self):
"""Test BLOGPOST a blogpost must have a title"""
self.configure_fixtures()
blogpost = Blogpost(title=None, body="body", project=self.project)
db.session.add(blogpost)
assert_raises(IntegrityError, db.session.commit)
def test_blogpost_delete_errors(self):
"""Test blogposts delete for non existing apps raises errors"""
self.register()
user = db.session.query(User).get(1)
app1 = App(name='app1', short_name='app1', description=u'description')
app2 = self.create_app(info=None)
app1.owner = user
app2.owner = user
blogpost = Blogpost(owner=user,
app=app1,
title='thisisatitle',
body='body')
db.session.add_all([app1, app2, blogpost])
db.session.commit()
# To a non-existing app
url = "/app/non-existing-app/%s/delete" % blogpost.id
res = self.app.post(url, follow_redirects=True)
assert res.status_code == 404, res.status_code
# To a non-existing post
url = "/app/%s/999999/delete" % app1.short_name
res = self.app.post(url, follow_redirects=True)
assert res.status_code == 404, res.status_code
# To an existing post but with a project in the URL it does not belong to
url = "/app/%s/%s/delete" % (app2.short_name, blogpost.id)
res = self.app.post(url, follow_redirects=True)
assert res.status_code == 404, res.status_code
def test_blogpost_update_by_anonymous(self):
"""Test blogpost update, anonymous users are redirected to signin"""
user = self.create_users()[1]
app = self.create_app(info=None)
app.owner = user
blogpost = Blogpost(owner=user,
app=app,
title='thisisatitle',
body='body')
db.session.add_all([user, app, blogpost])
db.session.commit()
url = "/app/%s/%s/update" % (app.short_name, blogpost.id)
res = self.app.get(url, follow_redirects=True)
assert res.status_code == 200, res.status_code
assert "Please sign in to access this page" in res.data, res.data
res = self.app.post(url,
data={
'id': blogpost.id,
'title': 'new title',
'body': 'new body'
},
follow_redirects=True)
assert res.status_code == 200, res.status_code
assert "Please sign in to access this page" in res.data
blogpost = db.session.query(Blogpost).first()
assert blogpost.title == 'thisisatitle', blogpost.title
def test_blogpost_update_by_owner(self, mock_redirect):
"""Test blogposts, app owners can update"""
self.register()
user = db.session.query(User).get(1)
app = self.create_app(info=None)
app.owner = user
blogpost = Blogpost(owner=user,
app=app,
title='thisisatitle',
body='body')
db.session.add_all([app, blogpost])
db.session.commit()
url = "/app/%s/%s/update" % (app.short_name, blogpost.id)
res = self.app.get(url, follow_redirects=True)
assert res.status_code == 200, res.status_code
res = self.app.post(url,
data={
'id': blogpost.id,
'title': 'blogpost title',
'body': 'new body'
},
follow_redirects=True)
assert res.status_code == 200, res.status_code
mock_redirect.assert_called_with('/app/%s/blog' % app.short_name)
blogpost = db.session.query(Blogpost).first()
assert blogpost.title == 'blogpost title', blogpost.title
assert blogpost.body == 'new body', blogpost.body
def test_blogpost_body_presence(self):
"""Test BLOGPOST a blogpost must have a body"""
self.configure_fixtures()
blogpost = Blogpost(title='title', body=None, app=self.app)
db.session.add(blogpost)
assert_raises(IntegrityError, db.session.commit)
def test_anonymous_user_create_given_blogpost(self):
"""Test anonymous users cannot create a given blogpost"""
with self.flask_app.test_request_context('/'):
app = db.session.query(App).first()
blogpost = Blogpost(title='title', app_id=app.id, owner=None)
assert_raises(Unauthorized, getattr(require, 'blogpost').create, blogpost)
def test_blogpost_owner_is_nullable(self):
"""Test BLOGPOST a blogpost owner can be none
(if the user is removed from the system)"""
self.configure_fixtures()
blogpost = Blogpost(title='title', body="body", project=self.project, owner=None)
db.session.add(blogpost)
assert_not_raises(IntegrityError, db.session.commit)
def test_anonymous_user_delete_blogpost(self):
"""Test anonymous users cannot delete blogposts"""
with self.flask_app.test_request_context('/'):
app = db.session.query(App).first()
blogpost = Blogpost(title='title', body='body', app_id=app.id, owner=None)
db.session.add(blogpost)
db.session.commit()
assert_raises(Unauthorized, getattr(require, 'blogpost').delete, blogpost)
def test_anonymous_user_read_given_blogpost(self):
"""Test anonymous users can read a given blogpost"""
with self.flask_app.test_request_context('/'):
app = db.session.query(App).first()
blogpost = Blogpost(title='title', body='body', app_id=app.id, owner=None)
db.session.add(blogpost)
db.session.commit()
assert_not_raises(Exception, getattr(require, 'blogpost').read, blogpost)
def test_owner_create_given_blogpost(self):
"""Test authenticated user can create a given blogpost if is app owner"""
with self.flask_app.test_request_context('/'):
app = db.session.query(App).first()
user1 = db.session.query(User).get(2)
blogpost = Blogpost(title='title', body='body',
app_id=app.id, user_id=user1.id)
assert_not_raises(Exception, getattr(require, 'blogpost').create, blogpost)
def test_anonymous_user_read_given_blogpost_hidden_app(self):
"""Test anonymous users cannot read a given blogpost of a hidden app"""
with self.flask_app.test_request_context('/'):
app = db.session.query(App).first()
app.hidden = 1
blogpost = Blogpost(title='title', body='body', app_id=app.id, owner=None)
db.session.add(blogpost)
db.session.commit()
assert_raises(Unauthorized, getattr(require, 'blogpost').read, blogpost)
def test_admin_authenticated_user_delete_blogpost(self):
"""Test authenticated user can delete a blogpost if is admin"""
with self.flask_app.test_request_context('/'):
app = db.session.query(App).first()
user1 = db.session.query(User).get(2)
blogpost = Blogpost(title='title', body='body', app_id=app.id, user_id=user1.id)
db.session.add(blogpost)
db.session.commit()
assert_not_raises(Exception, getattr(require, 'blogpost').delete, blogpost)
def test_owner_create_blogpost_as_other_user(self):
"""Test authenticated user cannot create blogpost if is app owner but
sets another person as the author of the blogpost"""
with self.flask_app.test_request_context('/'):
app = db.session.query(App).first()
user2 = db.session.query(User).get(3)
blogpost = Blogpost(title='title', body='body',
app_id=app.id, user_id=user2.id)
assert_raises(Forbidden, getattr(require, 'blogpost').create, blogpost)
def test_non_owner_authenticated_user_create_given_blogpost(self):
"""Test authenticated user cannot create a given blogpost if is not the
app owner, even if is admin"""
with self.flask_app.app_context():
app = db.session.query(App).first()
root = db.session.query(User).first()
blogpost = Blogpost(title='title', body='body',
app_id=app.id, user_id=root.id)
assert_raises(Forbidden, getattr(require, 'blogpost').create, blogpost)
def test_non_owner_authenticated_user_delete_blogpost(self):
"""Test authenticated user cannot delete a blogpost if is not the post
owner or is not admin"""
with self.flask_app.test_request_context('/'):
app = db.session.query(App).first()
root = db.session.query(User).get(1)
blogpost = Blogpost(title='title', body='body', app_id=app.id, user_id=root.id)
db.session.add(blogpost)
db.session.commit()
assert_raises(Forbidden, getattr(require, 'blogpost').delete, blogpost)
def test_admin_read_given_blogpost_hidden_app(self):
"""Test admin can read a given blogpost of a hidden app"""
with self.flask_app.test_request_context('/'):
app = db.session.query(App).first()
app.hidden = 1
user1 = db.session.query(User).get(2)
blogpost = Blogpost(title='title', body='body', app_id=app.id, user_id=user1.id)
db.session.add(blogpost)
db.session.commit()
assert_not_raises(Exception, getattr(require, 'blogpost').read, blogpost)
def test_non_owner_authenticated_user_read_given_blogpost(self):
"""Test authenticated user can read a given blogpost if is not the app owner"""
with self.flask_app.test_request_context('/'):
app = db.session.query(App).first()
root = db.session.query(User).get(1)
app.owner = root
blogpost = Blogpost(title='title', body='body', app_id=app.id, user_id=root.id)
db.session.add(blogpost)
db.session.commit()
assert_not_raises(Exception, getattr(require, 'blogpost').read, blogpost)
def test_blogpost_deletion_doesnt_delete_app(self):
"""Test BLOGPOST when deleting a blogpost it's parent app is not affected"""
self.configure_fixtures()
blogpost = Blogpost(title='title', body="body", app=self.app)
db.session.add(blogpost)
db.session.commit()
assert self.app in db.session
assert blogpost in db.session
db.session.delete(blogpost)
db.session.commit()
assert self.app in db.session
assert blogpost not in db.session
def test_blogpost_is_deleted_after_app_deletion(self):
"""Test BLOGPOST no blogposts can exist after it's app has been removed"""
self.configure_fixtures()
blogpost = Blogpost(title='title', body="body", app=self.app)
db.session.add(blogpost)
db.session.commit()
assert self.app in db.session
assert blogpost in db.session
db.session.delete(self.app)
db.session.commit()
assert self.app not in db.session
assert blogpost not in db.session
def test_blogpost_delete_by_owner(self, mock_redirect):
"""Test blogposts, app owners can delete"""
self.register()
user = db.session.query(User).get(1)
app = self.create_app(info=None)
app.owner = user
blogpost = Blogpost(owner=user,
app=app,
title='thisisatitle',
body='body')
db.session.add_all([app, blogpost])
db.session.commit()
url = "/app/%s/blog/%s/delete" % (app.short_name, blogpost.id)
redirect_url = '/app/%s/blog' % app.short_name
res = self.app.post(url, follow_redirects=True)
assert res.status_code == 200, res.status_code
mock_redirect.assert_called_with(redirect_url)
blogpost = db.session.query(Blogpost).first()
assert blogpost is None, blogpost
def test_blogpost_is_not_deleted_after_owner_deletion(self):
"""Test BLOGPOST a blogpost remains when its owner user is removed
from the system"""
self.configure_fixtures()
owner = User(
email_addr="*****@*****.**",
name="johndoe2",
fullname="John Doe2",
locale="en")
blogpost = Blogpost(title='title', body="body", project=self.project, owner=owner)
db.session.add(blogpost)
db.session.commit()
assert owner in db.session
assert blogpost in db.session
db.session.delete(owner)
db.session.commit()
assert owner not in db.session
assert blogpost in db.session
assert blogpost.owner == None, blogpost.owner
def test_blogposts_get_all_with_hidden_app(self):
"""Test blogpost GET does not show hidden projects"""
self.register()
admin = db.session.query(User).get(1)
self.signout()
self.register(name='user', email='*****@*****.**')
user = db.session.query(User).get(2)
app = self.create_app(info=None)
app.owner = user
app.hidden = 1
blogpost = Blogpost(owner=user,
app=app,
title='thisisatitle',
body='body')
db.session.add_all([app, blogpost])
db.session.commit()
url = "/app/%s/blog" % app.short_name
# As app owner
res = self.app.get(url, follow_redirects=True)
assert res.status_code == 200, res.status_code
assert 'thisisatitle' in res.data
# As authenticated
self.signout()
self.register(name='notowner', email='*****@*****.**')
res = self.app.get(url, follow_redirects=True)
assert res.status_code == 403, res.status_code
# As anonymous
self.signout()
res = self.app.get(url, follow_redirects=True)
assert res.status_code == 401, res.status_code
# As admin
self.signin()
res = self.app.get(url, follow_redirects=True)
assert res.status_code == 200, res.status_code
assert 'thisisatitle' in res.data
def test_blogposts_get_all(self):
"""Test blogpost GET all blogposts"""
user = self.create_users()[1]
app = self.create_app(info=None)
app.owner = user
blogpost = Blogpost(owner=user,
app=app,
title='thisisatitle',
body='body')
db.session.add_all([user, app, blogpost])
db.session.commit()
url = "/app/%s/blog" % app.short_name
# As anonymous
res = self.app.get(url, follow_redirects=True)
assert res.status_code == 200, res.status_code
assert 'thisisatitle' in res.data
# As authenticated
self.register()
res = self.app.get(url, follow_redirects=True)
assert res.status_code == 200, res.status_code
assert 'thisisatitle' in res.data
def test_blogpost_belongs_to_app(self):
"""Test BLOGPOSTS must belong to an app"""
self.configure_fixtures()
blogpost = Blogpost(title='title', body="body", app=None)
def test_blogpost_belongs_to_project(self):
"""Test BLOGPOSTS must belong to a project"""
self.configure_fixtures()
blogpost = Blogpost(title='title', body="body", project=None)
