def test_reset_password(client, user_info): """A user can reset their password using a link sent to their email.""" new_password = "******" assert new_password != user_info["password"] register_user(client, user_info) log_out_current_user(client) with mail.record_messages() as outbox: rv = client.get(url_for("user.password_recovery")) rv = client.post( url_for("user.password_recovery"), data=dict( csrf_token=csrf_token(rv.data), email=user_info["email"], captcha="xyzzy", ), ) message = outbox.pop() assert message.send_to == {user_info["email"]} soup = BeautifulSoup(message.html, "html.parser") token = soup.a["href"].split("/")[-1] rv = client.get(url_for("user.password_reset", token=token), follow_redirects=True) rv = client.post( url_for("do.reset"), data=dict( csrf_token=csrf_token(rv.data), user=get_value(rv.data, "user"), key=get_value(rv.data, "key"), password=new_password, confirm=new_password, ), ) log_out_current_user(client) user_info["password"] = new_password log_in_user(client, user_info, expect_success=True)
def test_admin_can_ban_and_unban_user(client, user_info, user2_info): register_user(client, user_info) register_user(client, user2_info) promote_user_to_admin(client, user2_info) username = user_info['username'] rv = client.get(url_for('user.view', user=username)) rv = client.post(url_for('do.ban_user', username=username), data=dict(csrf_token=csrf_token(rv.data)), follow_redirects=True) # For now, banning makes you unable to log in. log_out_current_user(client) log_in_user(client, user_info, expect_success=False) log_in_user(client, user2_info, expect_success=True) rv = client.get(url_for('user.view', user=username)) rv = client.post(url_for('do.unban_user', username=username), data=dict(csrf_token=csrf_token(rv.data)), follow_redirects=True) log_out_current_user(client) log_in_user(client, user_info, expect_success=True)
def test_mod_invite_notification(client, user_info, user2_info): "Notifications are sent for mod invites." config.update_value("site.sub_creation_min_level", 0) receiver, mod = user_info, user2_info register_user(client, receiver) receiver_uid = User.get(User.name == receiver["username"]).uid log_out_current_user(client) register_user(client, mod) mod_uid = User.get(User.name == mod["username"]).uid create_sub(client, name="test_janitor") create_sub(client, name="test_mod") # Mod invites receiver as moderator. rv_index = client.get(url_for("home.index", sub="test_mod")) data = { "csrf_token": csrf_token(rv_index.data), "user": receiver["username"], "level": "1", } rv = client.post( url_for("do.inv_mod", sub="test_mod"), data=data, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" # Mod invites receiver as janitor. data = { "csrf_token": csrf_token(rv_index.data), "user": receiver["username"], "level": "2", } rv = client.post( url_for("do.inv_mod", sub="test_janitor"), data=data, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" log_out_current_user(client) # Receiver blocks mod. log_in_user(client, receiver) data = { "csrf_token": csrf_token(rv_index.data), "view_messages": "show", "view_content": "hide", } rv = client.post(url_for("do.edit_ignore", uid=mod_uid), data=data, follow_redirects=True) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" # Receiver checks notifications. They should not be ignored, # because they are mod actions. assert get_notification_count(receiver_uid)["notifications"] == 2 rv = client.get(url_for("messages.view_notifications")) assert b"invited you to moderate" in rv.data soup = BeautifulSoup(rv.data, "html.parser", from_encoding="utf-8") assert soup.find(href=url_for("sub.edit_sub_mods", sub="test_mod")) assert soup.find(href=url_for("sub.edit_sub_mods", sub="test_janitor")) # After checking, the notification is marked read. assert get_notification_count(receiver_uid)["notifications"] == 0 # Receiver unblocks mod. data = { "csrf_token": csrf_token(rv.data), "view_messages": "show", "view_content": "show", } rv = client.post(url_for("do.edit_ignore", uid=mod_uid), data=data, follow_redirects=True) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" # Receiver checks notifications again. rv = client.get(url_for("messages.view_notifications")) assert b"invited you to moderate" in rv.data assert soup.find(href=url_for("sub.edit_sub_mods", sub="test_mod")) assert soup.find(href=url_for("sub.edit_sub_mods", sub="test_janitor"))
def test_post_delete_notification(client, user_info, user2_info, user3_info): "Notifications are sent for post delete and undelete." config.update_value("site.sub_creation_min_level", 0) receiver, admin, mod = user_info, user2_info, user3_info register_user(client, receiver) receiver_uid = User.get(User.name == receiver["username"]).uid log_out_current_user(client) register_user(client, admin) promote_user_to_admin(client, admin) log_out_current_user(client) register_user(client, mod) mod_uid = User.get(User.name == mod["username"]).uid create_sub(client) log_out_current_user(client) # Receiver makes a post. log_in_user(client, receiver) rv_post = client.get(url_for("subs.submit", ptype="text", sub="test")) csrf = csrf_token(rv_post.data) data = { "csrf_token": csrf, "title": "the title", "ptype": "text", "content": "the content", } rv = client.post( url_for("subs.submit", ptype="text", sub="test"), data=data, follow_redirects=False, ) assert rv.status == "302 FOUND" soup = BeautifulSoup(rv.data, "html.parser", from_encoding="utf-8") link = soup.a.get_text() pid = link.split("/")[-1] log_out_current_user(client) # Mod deletes the post. log_in_user(client, mod) data = { "csrf_token": csrf, "post": pid, "reason": "serious reason", "send_to_admin": False, } rv = client.post( url_for("do.delete_post"), data=data, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" log_out_current_user(client) # Admin un-deletes the post. log_in_user(client, admin) data = { "csrf_token": csrf, "post": pid, "reason": "frivolous reason", } rv = client.post( url_for("do.undelete_post"), data=data, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" log_out_current_user(client) # Receiver blocks mod. log_in_user(client, receiver) data = { "csrf_token": csrf, "view_messages": "show", "view_content": "hide", } rv = client.post(url_for("do.edit_ignore", uid=mod_uid), data=data, follow_redirects=True) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" # Receiver checks notifications. They should not be ignored, # because they are mod actions. assert get_notification_count(receiver_uid)["notifications"] == 2 rv = client.get(url_for("messages.view_notifications")) assert b" deleted your post" in rv.data assert b"un-deleted your post" in rv.data assert b"serious reason" in rv.data assert b"frivolous reason" in rv.data # After checking, the notification is marked read. assert get_notification_count(receiver_uid)["notifications"] == 0 # Receiver unblocks mod. data = { "csrf_token": csrf_token(rv.data), "view_messages": "show", "view_content": "show", } rv = client.post(url_for("do.edit_ignore", uid=mod_uid), data=data, follow_redirects=True) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" # Receiver checks notifications again. rv = client.get(url_for("messages.view_notifications")) assert b" deleted your post" in rv.data assert b"un-deleted your post" in rv.data assert b"serious reason" in rv.data assert b"frivolous reason" in rv.data
def test_ban_notification(client, user_info, user2_info): "Notifications are sent for sub bans." config.update_value("site.sub_creation_min_level", 0) receiver, mod = user_info, user2_info register_user(client, receiver) receiver_uid = User.get(User.name == receiver["username"]).uid log_out_current_user(client) register_user(client, mod) mod_uid = User.get(User.name == mod["username"]).uid create_sub(client) log_out_current_user(client) # Receiver blocks mod. log_in_user(client, receiver) rv_index = client.get(url_for("home.index", sub="test")) csrf = csrf_token(rv_index.data) data = { "csrf_token": csrf, "view_messages": "show", "view_content": "hide", } rv = client.post(url_for("do.edit_ignore", uid=mod_uid), data=data, follow_redirects=True) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" log_out_current_user(client) # Mod bans receiver. log_in_user(client, mod) data = { "csrf_token": csrf, "user": receiver["username"], "reason": "serious reason", "expires": None, } rv = client.post( url_for("do.ban_user_sub", sub="test"), data=data, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" # Mod un-bans receiver. rv = client.post( url_for("do.remove_sub_ban", sub="test", user=receiver["username"]), data={"csrf_token": csrf}, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" log_out_current_user(client) # Receiver checks notifications. They should not be ignored, # because they are mod actions. log_in_user(client, receiver) assert get_notification_count(receiver_uid)["notifications"] == 2 rv = client.get(url_for("messages.view_notifications")) assert b"banned you from" in rv.data assert b"serious reason" in rv.data assert b"unbanned you from" in rv.data # After checking, the notification is marked read. assert get_notification_count(receiver_uid)["notifications"] == 0 # Receiver unblocks mod. data = { "csrf_token": csrf_token(rv.data), "view_messages": "show", "view_content": "show", } rv = client.post(url_for("do.edit_ignore", uid=mod_uid), data=data, follow_redirects=True) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" # Receiver checks notifications again. rv = client.get(url_for("messages.view_notifications")) assert b"banned you from" in rv.data assert b"serious reason" in rv.data assert b"unbanned you from" in rv.data
def test_reply_notification(client, sub_mod, user_info, user2_info, user3_info): "Notifications are sent for post and comment replies." sender, receiver, mod = user_info, user2_info, user3_info config.update_value("site.sub_creation_min_level", 0) register_user(client, sender) sender_uid = User.get(User.name == sender["username"]).uid if sub_mod == "sender": create_sub(client) log_out_current_user(client) register_user(client, receiver) receiver_uid = User.get(User.name == receiver["username"]).uid if sub_mod == "receiver": create_sub(client) log_out_current_user(client) if sub_mod == "neither": register_user(client, mod) create_sub(client) log_out_current_user(client) # Receiver makes a post that can be replied to log_in_user(client, receiver) rv = client.get(url_for("subs.submit", ptype="text", sub="test")) csrf = csrf_token(rv.data) data = { "csrf_token": csrf, "title": "the title", "ptype": "text", "content": "the content", } rv = client.post( url_for("subs.submit", ptype="text", sub="test"), data=data, follow_redirects=False, ) assert rv.status == "302 FOUND" soup = BeautifulSoup(rv.data, "html.parser", from_encoding="utf-8") link = soup.a.get_text() pid = link.split("/")[-1] # Receiver makes a comment that can be replied to. rv = client.get(link, follow_redirects=True) assert b"the title | test" in rv.data data = { "csrf_token": csrf, "post": pid, "parent": "0", "comment": "OP reply", } rv = client.post(url_for("do.create_comment", pid=pid), data=data, follow_redirects=False) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" cid = reply["cid"] # Receiver blocks sender. data = { "csrf_token": csrf, "view_messages": "show", "view_content": "hide", } rv = client.post(url_for("do.edit_ignore", uid=sender_uid), data=data, follow_redirects=True) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" log_out_current_user(client) # Sender replies to the post. log_in_user(client, sender) rv = client.get(link, follow_redirects=True) assert b"the title | test" in rv.data data = { "csrf_token": csrf, "post": pid, "parent": "0", "comment": "the comment", } rv = client.post(url_for("do.create_comment", pid=pid), data=data, follow_redirects=True) assert b"the comment" in rv.data # Sender replies to the comment. rv = client.get(link, follow_redirects=True) data = { "csrf_token": csrf_token(rv.data), "post": pid, "parent": cid, "comment": "comment reply", } rv = client.post(url_for("do.create_comment", pid=pid), data=data, follow_redirects=True) log_out_current_user(client) # Depending on who is the mod of the sub, should these notifications # be visible when the receiver has the sender blocked? expected = {"sender": True, "receiver": True, "neither": False}[sub_mod] assert get_notification_count(receiver_uid)["notifications"] == ( 2 if expected else 0) # Receiver checks notifications. log_in_user(client, receiver) rv = client.get(url_for("messages.view_notifications")) assert (b"replied to your post" in rv.data) == expected assert (b"the comment" in rv.data) == expected assert (b"replied to your comment" in rv.data) == expected assert (b"comment reply" in rv.data) == expected # Receiver unblocks sender. data = { "csrf_token": csrf, "view_messages": "show", "view_content": "show", } rv = client.post(url_for("do.edit_ignore", uid=sender_uid), data=data, follow_redirects=True) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" # Receiver checks notifications. rv = client.get(url_for("messages.view_notifications")) assert b"replied to your post" in rv.data assert b"the comment" in rv.data assert b"replied to your comment" in rv.data assert b"comment reply" in rv.data # Notifications should be marked read. assert get_notification_count(receiver_uid)["notifications"] == 0
def test_mod_comment_delete(client, user_info, user2_info, user3_info): config.update_value("site.sub_creation_min_level", 0) user, admin, mod = user_info, user2_info, user3_info register_user(client, admin) promote_user_to_admin(client, admin) log_out_current_user(client) register_user(client, mod) create_sub(client) log_out_current_user(client) register_user(client, user) # User makes a post. rv = client.get(url_for("subs.submit", ptype="text", sub="test")) csrf = csrf_token(rv.data) data = { "csrf_token": csrf, "title": "the title", "ptype": "text", "content": "the content", } rv = client.post( url_for("subs.submit", ptype="text", sub="test"), data=data, follow_redirects=False, ) assert rv.status == "302 FOUND" soup = BeautifulSoup(rv.data, "html.parser", from_encoding="utf-8") link = soup.a.get_text() pid = link.split("/")[-1] # User adds some comments. rv = client.get(link, follow_redirects=True) assert b"the title | test" in rv.data cids = {} comments = [ "delete_user", "delete_admin", "delete_then_undelete_by_admin", "delete_mod", "delete_then_undelete_by_mod", "delete_undelete_by_mod_then_admin", ] for comment in comments: data = { "csrf_token": csrf, "post": pid, "parent": "0", "comment": comment, } rv = client.post( url_for("do.create_comment", pid=pid), data=data, follow_redirects=False ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" cids[comment] = reply["cid"] # User reloads the page and can see all the comments. rv = client.get(link, follow_redirects=True) data = rv.data.decode("utf-8") for comment in comments: assert comment in data # Check for the css class on the bottombar delete links. assert len(re.findall("[^n]delete-comment", data)) == len(comments) rv = client.post( url_for("do.delete_comment"), data={"csrf_token": csrf, "cid": cids["delete_user"]}, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" # User can no longer see deleted comment. rv = client.get(link, follow_redirects=True) data = rv.data.decode("utf-8") for comment in comments: if comment == "delete_user": assert comment not in data else: assert comment in data log_out_current_user(client) # Admin sees deleted comment content, and n-1 delete links. log_in_user(client, admin) rv = client.get(link, follow_redirects=True) data = rv.data.decode("utf-8") for comment in comments: assert comment in data # Check for the css class on the bottombar delete links. assert len(re.findall("[^n]delete-comment", data)) == len(comments) - 1 assert "undelete-comment" not in data # Admin tries to remove user's deleted comment. rv = client.post( url_for("do.delete_comment"), data={"csrf_token": csrf, "cid": cids["delete_user"]}, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "error" assert reply["error"] == "Comment is already deleted" # Admin removes two comments. for comment in ["delete_admin", "delete_then_undelete_by_admin"]: rv = client.post( url_for("do.delete_comment"), data={"csrf_token": csrf, "cid": cids[comment]}, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" # Admin can still see all comment content and now has two undelete links. rv = client.get(link, follow_redirects=True) data = rv.data.decode("utf-8") for comment in comments: assert comment in data # Check for the css class on the bottombar delete links. assert len(re.findall("undelete-comment", data)) == 2 assert len(re.findall("[^n]delete-comment", data)) == len(comments) - 3 # Admin undeletes a comment. rv = client.post( url_for("do.undelete_comment"), data={"csrf_token": csrf, "cid": cids["delete_then_undelete_by_admin"]}, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" log_out_current_user(client) # Mod sees content of deleted and undeleted comments. log_in_user(client, mod) rv = client.get(link, follow_redirects=True) data = rv.data.decode("utf-8") for comment in comments: assert comment in data # Mod should see delete links for undeleted comments. assert len(re.findall("[^n]delete-comment", data)) == len(comments) - 2 assert len(re.findall("undelete-comment", data)) == 0 # Mod tries to remove already deleted comments. for comment in ["delete_user", "delete_admin"]: rv = client.post( url_for("do.delete_comment"), data={"csrf_token": csrf, "cid": cids[comment]}, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "error" assert reply["error"] == "Comment is already deleted" # Mod tries to undelete comment deleted by admin. rv = client.post( url_for("do.undelete_comment"), data={"csrf_token": csrf, "cid": cids["delete_admin"]}, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "error" assert reply["error"] == "Not authorized" # Mod removes some comments. for comment in [ "delete_mod", "delete_then_undelete_by_mod", "delete_undelete_by_mod_then_admin", ]: rv = client.post( url_for("do.delete_comment"), data={"csrf_token": csrf, "cid": cids[comment]}, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" # Mod sees content of all comments, and now has two undelete links. rv = client.get(link, follow_redirects=True) data = rv.data.decode("utf-8") for comment in comments: assert comment in data # Mod should see delete links for undeleted comments. assert len(re.findall("[^n]delete-comment", data)) == len(comments) - 5 assert len(re.findall("undelete-comment", data)) == 3 # Mod undeletes a comment. rv = client.post( url_for("do.undelete_comment"), data={"csrf_token": csrf, "cid": cids["delete_then_undelete_by_mod"]}, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" log_out_current_user(client) log_in_user(client, admin) # Admin has undelete links for the content admin deleted as well as # the content the mod deleted. assert len(re.findall("undelete-comment", data)) == 3 # Admin can undelete a comment deleted by the mod. rv = client.post( url_for("do.undelete_comment"), data={"csrf_token": csrf, "cid": cids["delete_undelete_by_mod_then_admin"]}, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" log_out_current_user(client) log_in_user(client, user) # User can see comments which are not deleted. undeleted = [ "delete_then_undelete_by_admin", "delete_then_undelete_by_mod", "delete_undelete_by_mod_then_admin", ] rv = client.get(link, follow_redirects=True) data = rv.data.decode("utf-8") for comment in comments: if comment in undeleted: assert comment in data else: assert comment not in data # User should see delete links for undeleted comments. assert len(re.findall("[^n]delete-comment", data)) == len(undeleted) assert len(re.findall("undelete-comment", data)) == 0 # User can't undelete any comment for comment in comments: rv = client.post( url_for("do.undelete_comment"), data={"csrf_token": csrf, "cid": cids[comment]}, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "error" if comment in undeleted: assert reply["error"] == "Comment is not deleted" elif comment == "delete_user": assert reply["error"] == "Can not un-delete a self-deleted comment" else: assert reply["error"] == "Not authorized"
def test_logout_and_login_again(client, user_info): """A logged in user can log out and back in again.""" register_user(client, user_info) assert b"Log out" in client.get(url_for("home.index")).data log_out_current_user(client, verify=True) log_in_user(client, user_info, expect_success=True)
def test_mod_post_delete(client, user_info, user2_info, user3_info): config.update_value("site.sub_creation_min_level", 0) user, admin, mod = user_info, user2_info, user3_info register_user(client, admin) promote_user_to_admin(client, admin) log_out_current_user(client) register_user(client, mod) create_sub(client) log_out_current_user(client) register_user(client, user) # User makes several posts. pids = {} posts = [ "delete_user", "delete_admin", "delete_then_undelete_by_admin", "delete_mod", "delete_then_undelete_by_mod", "delete_undelete_by_mod_then_admin", ] rv = client.get(url_for("subs.submit", ptype="text", sub="test")) csrf = csrf_token(rv.data) for post in posts: rv = client.post( url_for("subs.submit", ptype="text", sub="test"), data={ "csrf_token": csrf, "title": post, "ptype": "text", "content": "the content", }, follow_redirects=False, ) assert rv.status == "302 FOUND" soup = BeautifulSoup(rv.data, "html.parser", from_encoding="utf-8") link = soup.a.get_text() pids[post] = link.split("/")[-1] # User can see all the posts. rv = client.get(url_for("sub.view_sub", sub="test"), follow_redirects=True) data = rv.data.decode("utf-8") for post in posts: assert post in data # User has a delete link on a single-post page. rv = client.get( url_for("sub.view_post", sub="test", pid=pids["delete_user"]), follow_redirects=True, ) assert len(re.findall("[^n]delete-post", rv.data.decode("utf-8"))) == 1 # User deletes a post. rv = client.post( url_for("do.delete_post"), data={"csrf_token": csrf, "post": pids["delete_user"]}, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" # User can now not see deleted post rv = client.get(url_for("sub.view_sub", sub="test"), follow_redirects=True) data = rv.data.decode("utf-8") for post in posts: if post == "delete_user": assert post not in data else: assert post in data # User can go to deleted post page but there is no delete or undelete link. rv = client.get( url_for("sub.view_post", sub="test", pid=pids["delete_user"]), follow_redirects=True, ) data = rv.data.decode("utf-8") assert "the content" not in data assert len(re.findall("delete-post", data)) == 0 log_out_current_user(client) # Admin sees deleted post content, and no delete or undelete link. log_in_user(client, admin) rv = client.get( url_for("sub.view_post", sub="test", pid=pids["delete_user"]), follow_redirects=True, ) data = rv.data.decode("utf-8") assert "the content" in data assert len(re.findall("delete-post", data)) == 0 # Admin tries to remove user's deleted post. rv = client.post( url_for("do.delete_post"), data={"csrf_token": csrf, "post": pids["delete_user"]}, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "error" assert reply["error"] == ["Post was already deleted"] # Admin deletes two posts. for post in ["delete_admin", "delete_then_undelete_by_admin"]: rv = client.post( url_for("do.delete_post"), data={"csrf_token": csrf, "post": pids[post], "reason": "admin"}, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" # Admin can still see the post content and now has undelete links. for post in ["delete_admin", "delete_then_undelete_by_admin"]: rv = client.get( url_for("sub.view_post", sub="test", pid=pids[post]), follow_redirects=True ) data = rv.data.decode("utf-8") assert "the content" in data # Check for the css class on the bottombar delete links. assert len(re.findall("undelete-post", data)) == 1 assert len(re.findall("[^n]delete-post", data)) == 0 # Admin undeletes a post. rv = client.post( url_for("do.undelete_post"), data={ "csrf_token": csrf, "post": pids["delete_then_undelete_by_admin"], "reason": "admin", }, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" log_out_current_user(client) # Mod can see content of all posts. Mod sees delete links for the # posts which are not deleted, and does not have delete or # undelete links for the deleted posts. log_in_user(client, mod) for post in posts: rv = client.get( url_for("sub.view_post", sub="test", pid=pids[post]), follow_redirects=True ) data = rv.data.decode("utf-8") assert post in data assert "the content" in data if post in ["delete_user", "delete_admin"]: assert len(re.findall("delete-post", data)) == 0 else: assert len(re.findall("undelete-post", data)) == 0 assert len(re.findall("[^n]delete-post", data)) == 1 # Mod tries to remove already deleted posts. for post in ["delete_user", "delete_admin"]: rv = client.post( url_for("do.delete_post"), data={"csrf_token": csrf, "post": pids[post], "reason": "mod"}, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "error" assert reply["error"] == ["Post was already deleted"] # Mod can't undelete post deleted by admin. rv = client.post( url_for("do.undelete_post"), data={"csrf_token": csrf, "post": pids["delete_admin"], "reason": "mod"}, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "error" assert reply["error"] == ["Not authorized"] # Mod deletes some posts. for post in [ "delete_mod", "delete_then_undelete_by_mod", "delete_undelete_by_mod_then_admin", ]: rv = client.post( url_for("do.delete_post"), data={"csrf_token": csrf, "post": pids[post], "reason": "mod"}, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" # Mod sees content of all posts, and now has two undelete links. for post in posts: rv = client.get( url_for("sub.view_post", sub="test", pid=pids[post]), follow_redirects=True ) data = rv.data.decode("utf-8") assert post in data assert "the content" in data if post in ["delete_user", "delete_admin"]: assert len(re.findall("delete-post", data)) == 0 elif post in [ "delete_mod", "delete_then_undelete_by_mod", "delete_undelete_by_mod_then_admin", ]: assert len(re.findall("[^n]delete-post", data)) == 0 assert len(re.findall("undelete-post", data)) == 1 else: assert len(re.findall("undelete-post", data)) == 0 assert len(re.findall("[^n]delete-post", data)) == 1 # Mod undeletes a post. rv = client.post( url_for("do.undelete_post"), data={ "csrf_token": csrf, "post": pids["delete_then_undelete_by_mod"], "reason": "mod", }, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" log_out_current_user(client) log_in_user(client, admin) # Admin has undelete links for the content admin deleted as well as # the content the mod deleted. for post in posts: rv = client.get( url_for("sub.view_post", sub="test", pid=pids[post]), follow_redirects=True ) data = rv.data.decode("utf-8") assert post in data assert "the content" in data if post == "delete_user": assert len(re.findall("delete-post", data)) == 0 elif post in [ "delete_admin", "delete_mod", "delete_undelete_by_mod_then_admin", ]: assert len(re.findall("[^n]delete-post", data)) == 0 assert len(re.findall("undelete-post", data)) == 1 else: assert len(re.findall("undelete-post", data)) == 0 assert len(re.findall("[^n]delete-post", data)) == 1 # Admin can undelete a post deleted by the mod. rv = client.post( url_for("do.undelete_post"), data={ "csrf_token": csrf, "post": pids["delete_undelete_by_mod_then_admin"], "reason": "admin", }, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" log_out_current_user(client) log_in_user(client, user) # User can see posts which were deleted by mod or admin. undeleted = [ "delete_then_undelete_by_admin", "delete_then_undelete_by_mod", "delete_undelete_by_mod_then_admin", ] for post in posts: rv = client.get( url_for("sub.view_post", sub="test", pid=pids[post]), follow_redirects=True ) data = rv.data.decode("utf-8") assert post in data if post != "delete_user": assert "the content" in data # User has a delete link for posts which are not deleted, and # no undelete links. if post in undeleted: assert len(re.findall("[^n]delete-post", data)) == 1 else: assert len(re.findall("[^n]delete-post", data)) == 0 assert len(re.findall("undelete-post", data)) == 0 for post in posts: if post not in undeleted: # User can't delete anything which has already been deleted. rv = client.post( url_for("do.delete_post"), data={ "csrf_token": csrf, "post": pids["delete_user"], "reason": "user", }, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "error" assert reply["error"] == ["Post was already deleted"] # User can't undelete any posts. for post in posts: rv = client.post( url_for("do.undelete_post"), data={"csrf_token": csrf, "post": pids[post], "reason": "user"}, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "error" if post == "delete_user": assert reply["error"] == ["Can not un-delete a self-deleted post"] elif "undelete" in post: assert reply["error"] == ["Post is not deleted"] else: assert reply["error"] == ["Not authorized"]
def test_block_pm(client, user_info, user2_info): """Block and unblock private messages from a user.""" username = user_info["username"] register_user(client, user_info) register_user(client, user2_info) # User2 sends User a message. rv = client.get(url_for("user.view", user=username)) assert rv.status == "200 OK" client.post( url_for("do.create_sendmsg"), data=dict( csrf_token=csrf_token(rv.data), to=username, subject="Testing", content="Test Content", ), follow_redirects=True, ) log_out_current_user(client, verify=True) log_in_user(client, user_info, expect_success=True) # User blocks User2. user2 = User.get(User.name == user2_info["username"]) rv = client.post( url_for("do.ignore_user", uid=user2.uid), data=dict(csrf_token=csrf_token(rv.data)), ) # User doesn't have a notification for blocked message. rv = client.get(url_for("home.index"), follow_redirects=True) assert rv.status == "200 OK" soup = BeautifulSoup(rv.data, "html.parser", from_encoding="utf-8") link = soup.find(href=url_for("messages.inbox_sort")) assert link.get_text().strip() == "0" # Message not visible in User's inbox. rv = client.get(url_for("messages.inbox_sort"), follow_redirects=True) assert rv.status == "200 OK" assert substrings_present( rv.data, [user2_info["username"], "Testing", "Test Content"], exclude=True ) # User2 shows up on User's ignore page. rv = client.get(url_for("user.view_ignores")) assert rv.status == "200 OK" assert user2_info["username"].encode("utf-8") in rv.data # User unblocks User2. rv = client.post( url_for("do.ignore_user", uid=user2.uid), data=dict(csrf_token=csrf_token(rv.data)), ) # User now has a notification for message. rv = client.get(url_for("home.index"), follow_redirects=True) assert rv.status == "200 OK" soup = BeautifulSoup(rv.data, "html.parser", from_encoding="utf-8") link = soup.find(href=url_for("messages.inbox_sort")) assert link.get_text().strip() == "1" # Message now visible in User's inbox. rv = client.get(url_for("messages.inbox_sort"), follow_redirects=True) assert rv.status == "200 OK" assert substrings_present( rv.data, [user2_info["username"], "Testing", "Test Content"] )
def test_exchange_pm(client, user_info, user2_info): """Send a private message and have an exchange of replies.""" username = user_info["username"] register_user(client, user_info) register_user(client, user2_info) # User2 sends User a message. rv = client.get(url_for("user.view", user=username)) assert rv.status == "200 OK" rv = client.post( url_for("do.create_sendmsg"), data=dict( csrf_token=csrf_token(rv.data), to=username, subject="Testing", content="Test Content", ), follow_redirects=True, ) assert b"error" not in rv.data log_out_current_user(client, verify=True) log_in_user(client, user_info, expect_success=True) # User sees the message on the inbox page. rv = client.get(url_for("messages.inbox_sort"), follow_redirects=True) assert rv.status == "200 OK" assert substrings_present( rv.data, [user2_info["username"], "Testing", "Test Content"] ) # User replies to the message. soup = BeautifulSoup(rv.data, "html.parser", from_encoding="utf-8") tag = soup.find(lambda tag: tag.has_attr("data-mid")) mid = tag.attrs["data-mid"] rv = client.post( url_for("do.create_replymsg"), data=dict( csrf_token=csrf_token(rv.data), mid=mid, content="Test reply content" ), ) assert b"error" not in rv.data # User sees the message in Sent Messages. rv = client.get(url_for("messages.view_messages_sent"), follow_redirects=True) assert rv.status == "200 OK" assert substrings_present( rv.data, [user2_info["username"], "Re: Testing", "Test reply content"] ) log_out_current_user(client, verify=True) log_in_user(client, user2_info, expect_success=True) # User2 has one new message. rv = client.get(url_for("home.index"), follow_redirects=True) assert rv.status == "200 OK" soup = BeautifulSoup(rv.data, "html.parser", from_encoding="utf-8") link = soup.find(href=url_for("messages.inbox_sort")) assert link.get_text().strip() == "1" # User2 sees the message on the inbox page. rv = client.get(url_for("messages.inbox_sort"), follow_redirects=True) assert rv.status == "200 OK" assert substrings_present( rv.data, [user_info["username"], "Re: Testing", "Test reply content"] ) # User2 replies to the reply. soup = BeautifulSoup(rv.data, "html.parser", from_encoding="utf-8") tag = soup.find(lambda tag: tag.has_attr("data-mid")) mid = tag.attrs["data-mid"] rv = client.post( url_for("do.create_replymsg"), data=dict( csrf_token=csrf_token(rv.data), mid=mid, content="Test 2nd reply content" ), ) assert b"error" not in rv.data # User2 sees reply in Sent Messages. rv = client.get(url_for("messages.view_messages_sent"), follow_redirects=True) assert rv.status == "200 OK" assert substrings_present( rv.data, [user_info["username"], "Re: Testing", "Test 2nd reply content"] ) assert b"Re: Re: Testing" not in rv.data log_out_current_user(client, verify=True) log_in_user(client, user_info, expect_success=True) # User now has two new messages. rv = client.get(url_for("home.index"), follow_redirects=True) assert rv.status == "200 OK" soup = BeautifulSoup(rv.data, "html.parser", from_encoding="utf-8") link = soup.find(href=url_for("messages.inbox_sort")) assert link.get_text().strip() == "2" # User sees the message on the inbox page. rv = client.get(url_for("messages.inbox_sort"), follow_redirects=True) assert rv.status == "200 OK" assert b"Test 2nd reply content" in rv.data # User uses the mark all as read link. rv = client.post(url_for("do.readall_msgs"), data={}) assert b"error" not in rv.data # User now has no new messages. rv = client.get(url_for("home.index"), follow_redirects=True) assert rv.status == "200 OK" soup = BeautifulSoup(rv.data, "html.parser", from_encoding="utf-8") link = soup.find(href=url_for("messages.inbox_sort")) assert link.get_text().strip() == "0"
def test_save_and_delete_pm(client, user_info, user2_info): """Save and delete a private message.""" username = user_info["username"] register_user(client, user_info) register_user(client, user2_info) # User2 sends User a message. rv = client.get(url_for("user.view", user=username)) assert rv.status == "200 OK" client.post( url_for("do.create_sendmsg"), data=dict( csrf_token=csrf_token(rv.data), to=username, subject="Testing", content="Test Content", ), follow_redirects=True, ) # Switch users. log_out_current_user(client, verify=True) log_in_user(client, user_info, expect_success=True) # Message visible in User's inbox. rv = client.get(url_for("messages.inbox_sort"), follow_redirects=True) assert rv.status == "200 OK" assert substrings_present( rv.data, [user2_info["username"], "Testing", "Test Content"] ) # User saves the message. soup = BeautifulSoup(rv.data, "html.parser", from_encoding="utf-8") tag = soup.find(lambda tag: tag.has_attr("data-mid")) mid = tag.attrs["data-mid"] rv = client.post( url_for("do.save_pm", mid=mid), data=dict(csrf_token=csrf_token(rv.data)), follow_redirects=True, ) assert b"error" not in rv.data # Message now no longer appears in inbox. rv = client.get(url_for("messages.inbox_sort"), follow_redirects=True) assert rv.status == "200 OK" assert substrings_present( rv.data, [user2_info["username"], "Testing", "Test Content"], exclude=True ) # Message appears in saved messages. rv = client.get(url_for("messages.view_saved_messages"), follow_redirects=True) assert rv.status == "200 OK" assert substrings_present( rv.data, [user2_info["username"], "Testing", "Test Content"] ) # User deletes message from saved messages. rv = client.post( url_for("do.delete_pm", mid=mid), data=dict(csrf_token=csrf_token(rv.data)), follow_redirects=True, ) assert b"error" not in rv.data # Message is no longer in saved messages. rv = client.get(url_for("messages.view_saved_messages"), follow_redirects=True) assert rv.status == "200 OK" assert substrings_present( rv.data, [user2_info["username"], "Testing", "Test Content"], exclude=True ) # Message is not in User's inbox either. rv = client.get(url_for("messages.inbox_sort"), follow_redirects=True) assert rv.status == "200 OK" assert substrings_present( rv.data, [user2_info["username"], "Testing", "Test Content"], exclude=True )
def test_comment_sort(client, user_info): "Comments can be sorted by best, top and new." config.update_value("site.sub_creation_min_level", 0) # Create a mod and a sub. mod = user_info register_user(client, mod) create_sub(client) log_out_current_user(client) # Create some users to read and vote. users = [ dict(username=f"user{i}", email=f"user{i}@example.com", password="******") for i in range(10) ] for user in users: register_user(client, user) log_out_current_user(client) # Mod makes a post and adds three comments to it. log_in_user(client, mod) rv = client.get(url_for("subs.submit", ptype="text", sub="test")) csrf = csrf_token(rv.data) data = { "csrf_token": csrf, "title": "the title", "ptype": "text", "content": "the content", } rv = client.post( url_for("subs.submit", ptype="text", sub="test"), data=data, follow_redirects=False, ) assert rv.status == "302 FOUND" soup = BeautifulSoup(rv.data, "html.parser", from_encoding="utf-8") link = soup.a.get_text() pid = link.split("/")[-1] rv = client.get(link, follow_redirects=True) assert b"the title | test" in rv.data cids = {} for comment in ["oldest", "middle", "newest"]: data = { "csrf_token": csrf, "post": pid, "parent": "0", "comment": "This comment is: " + comment, } rv = client.post(url_for("do.create_comment", pid=pid), data=data, follow_redirects=False) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" cids[comment] = reply["cid"] log_out_current_user(client) # The other users visit and vote the comments as follows: # oldest - 10 visits, 5 upvotes, 1 downvote # middle - 2 visits, 2 upvotes # newest - 0 visits, 0 upvotes expected_results = { "new": ["newest", "middle", "oldest"], "top": ["oldest", "middle", "newest"], "best": ["middle", "newest", "oldest"], } for num, user in enumerate(users): log_in_user(client, user) # View some comments. if num < 2: views = [cids["oldest"], cids["middle"]] else: views = [cids["oldest"]] rv = client.post( url_for("do.mark_comments_viewed"), data={ "csrf_token": csrf, "cids": json.dumps(views) }, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" # Upvote some comments. if num < 5: rv = client.post( url_for("do.upvotecomment", cid=cids["oldest"], value="up"), data={"csrf_token": csrf}, ) assert rv.status == "200 OK" if num < 2: rv = client.post( url_for("do.upvotecomment", cid=cids["middle"], value="up"), data={"csrf_token": csrf}, ) assert rv.status == "200 OK" # Downvote a comment if num == 0: rv = client.post( url_for("do.upvotecomment", cid=cids["oldest"], value="down"), data={"csrf_token": csrf}, ) assert rv.status == "200 OK" log_out_current_user(client) for sort, order in expected_results.items(): rv = client.get( url_for("sub.view_post", pid=pid, sub="test", slug="", sort=sort), follow_redirects=True, ) assert rv.status == "200 OK" soup = BeautifulSoup(rv.data, "html.parser", from_encoding="utf-8") comments = [ c.get_text() for c in soup.find_all("div", class_="content") ] for expected, comment in zip(order, comments): assert comment.find(expected) != -1