def app(): db_fd, db_path = tempfile.mkstemp() app = create_app({ 'TESTING': True, 'DATABASE': db_path, }) with app.app_context(): init_db() get_db().executescript(_data_sql) yield app os.close(db_fd) os.unlink(db_path)
def get_doctor(id): db = get_db() doctor = db.execute('SELECT * FROM doctors WHERE id = ?', (id, )) if doctor is None: abort(404, 'Doctor id {} is invalid.'.format(id)) return doctor
def test_delete(client, auth, app): auth.login() response = client.post('/1/delete') assert response.headers['Location'] == 'http://localhost/' with app.app_context(): db = get_db() post = db.execute('SELECT * FROM post WHERE id = 1').fetchone() assert post is None
def test_update(client, auth, app): auth.login() assert client.get('/1/update').status_code == 200 client.post('/1/update', data={'title': 'updated', 'body': ''}) with app.app_context(): db = get_db() post = db.execute('SELECT * FROM post WHERE id = 1').fetchone() assert post['title'] == 'updated'
def test_create(client, auth, app): auth.login() assert client.get('/create').status_code == 200 client.post('/create', data={'title': 'created', 'body': ''}) with app.app_context(): db = get_db() count = db.execute('SELECT COUNT(id) FROM post').fetchone()[0] assert count == 2
def load_logged_in_user(): user_id = session.get('user_id') login_type = session.get('login_type') if user_id is None: g.user = None else: if login_type == 'admin': g.user = get_db().execute( 'SELECT * FROM administrators WHERE id = ?', (user_id,) ).fetchone() elif login_type == 'patient': g.user = get_db().execute( 'SELECT * FROM patients WHERE id = ?', (user_id,) ).fetchone() else: g.user = get_db().execute( 'SELECT * FROM doctors WHERE id = ?', (user_id,) ).fetchone()
def test_register(client, app): assert client.get('/auth/register').status_code == 200 response = client.post( '/auth/register', data={'username': '******', 'password': '******'} ) assert 'http://localhost/auth/login' == response.headers['Location'] with app.app_context(): assert get_db().execute( "select * from user where username = '******'", ).fetchone() is not None
def test_author_required(app, client, auth): # change the post author to another user with app.app_context(): db = get_db() db.execute('UPDATE post SET author_id = 2 WHERE id = 1') db.commit() auth.login() # current user can't modify other user's post assert client.post('/1/update').status_code == 403 assert client.post('/1/delete').status_code == 403 # current user doesn't see edit link assert b'href="/1/update"' not in client.get('/').data
def register_doctor(): if request.method == 'POST': db = get_db() error = None first_name = request.form["first_name"] last_name = request.form["last_name"] password = request.form["password"] email = request.form["email"] phone_number = request.form["phone_number"] gender = request.form["gender"] field = request.form['field'] introduction = request.form['introduction'] date_of_birth = request.form['birthday'] date_of_join = request.form['date_of_join'] if not last_name or not first_name: error = "name is required." elif not password: error = "password is required." elif not email: error = "email is required." elif not phone_number: error = "phone_number is required." elif not gender: error = "gender is required." elif not field: error = "field is required." elif not date_of_birth: error = "birthday is required." elif not date_of_join: error = "date of join is required." if error is None: db.execute( 'INSERT INTO doctors ' '(password, first_name, last_name, email, phone_number, gender, field, introduction, date_of_birth, date_of_join) VALUES' '(?, ?, ?, ?, ?, ?, ?, ?, ?, ?)', (generate_password_hash(password), first_name, last_name, email, phone_number, gender, field, introduction, date_of_birth, date_of_join)) db.commit() return redirect(url_for('admin.register_doctor')) flash(error) # template not written return render_template('/administrator.html')
def login(): if request.method == 'POST': login_type = request.form['login_type'] email = request.form['email'] password = request.form['password'] db = get_db() error = None if login_type == 'patient': user = db.execute( 'SELECT * FROM patients WHERE email = ?', (email,) ).fetchone() elif login_type == 'admin': user = db.execute( 'SELECT * FROM administrators WHERE email = ?', (email,) ).fetchone() elif login_type == 'doctor': user = db.execute( 'SELECT * FROM doctors WHERE email = ?', (email,) ).fetchone() else: error = 'Unknown type of user.' flash(error) return render_template('/auth/login.html') if user is None: error = 'Incorrect username.' elif not check_password_hash(user['password'], password): error = 'Incorrect password.' if error is None: session.clear() session['user_id'] = user['id'] session['login_type'] = login_type if login_type == 'admin': return redirect(url_for('admin.register_doctor')) elif login_type == 'patient': return redirect(url_for('patient')) else: return redirect(url_for('doctor')) flash(error) return render_template('/auth/login.html')
def register(): if request.method == 'POST': print(request.form) register_type = request.form["register_type"] db = get_db() error = None if register_type != 'admin' and register_type != 'patient': error = 'please choose a correct type of user to register.' flash(error) return render_template('/auth/register.html') first_name = request.form["first_name"] last_name = request.form["last_name"] password = request.form["password"] repeat_password = request.form["repeat_password"] email = request.form["email"] phone_number = request.form["phone_number"] gender = request.form["gender"] if repeat_password != password: error = "two passwords are not the same." flash(error) return render_template('/auth/register.html') if register_type == "patient": height = request.form["height"] weight = request.form["weight"] data_of_birth = request.form["birthday"] emergency_contacts = request.form["emergency_contacts"] if not first_name: error = "first name is required." elif not last_name: error = "last name is required" elif not password: error = "password is required." elif not email: error = "email is required." elif not phone_number: error = "phone_number is required." elif not gender: error = "gender is required." elif not height: error = "height is required." elif not weight: error = "weight is required." elif not data_of_birth: error = "birthday is required." elif db.execute('SELECT id FROM patients WHERE email = ?', (email, )).fetchone() is not None: error = "Email {} has already registered.".format(email) if error is None: db.execute('INSERT INTO patients (last_name, first_name, password, email, phone_number, gender, height, weight, data_of_birth, emergency_contacts) VALUES ' '(?, ?, ?, ?, ?, ?, ?, ?, ?, ?)', (last_name, first_name, generate_password_hash(password), email, phone_number, gender, height, weight, data_of_birth, emergency_contacts) ) db.commit() return redirect(url_for("auth.login")) flash(error) # return render_template('auth/register.html') elif register_type == "admin": secret_key = request.form["secret_key"] if not check_password_hash(SECRET_KEY, secret_key): error = "Wrong key, validation failed." else: if not last_name: error = "last_name is required." elif not first_name: error = "first_name is required." elif not password: error = "password is required." elif not email: error = "email is required." elif not phone_number: error = "phone_number is required." elif not gender: error = "gender is required." if error is None: db.execute('INSERT INTO administrators (last_name, first_name, password, email, phone_number, gender) VALUES ' '(?, ?, ?, ?, ?, ?)', (last_name, first_name, generate_password_hash(password), email, phone_number, gender) ) db.commit() return redirect(url_for('auth.login')) flash(error) return render_template('/auth/register.html')
def delete_doctor(id): get_doctor(id) db = get_db() db.execute('DELETE FROM doctors WHERE id = ?', (id, )) db.commit() return redirect(url_for('admin.show_doctor'))
def show_doctor(): db = get_db() all_doctors = db.execute('SELECT * FROM doctors').fetchall() # template not written return render_template('', all_doctors=all_doctors)