def test_avatars_hashtag_search(self): """Ensure user avatars appear when searching for posts with a hashtag """ user1 = create_account('user1', '*****@*****.**', 'Password') # Activate it activate(user1) # Signin self.client.post(url_for('auth.signin'), data={ 'username': '******', 'password': '******' }) # Ensure user avatar appear in the search when searching for hashtags image = io.BytesIO(open('tests/upload_test_files/otter.jpg').read()) self.client.post(url_for('users.settings_profile'), data={'upload': (image, 'otter.png')}, follow_redirects=True) # Get the user so we can see if the avatar is appearing user = get_user(user1) # Create a post to search for post1 = create_post(user1, 'user1', 'Hello #pjuuie\'s') resp = self.client.get(url_for('users.search', query='#pjuuie')) self.assertIn('<!-- list:post:%s -->' % post1, resp.data) self.assertIn(url_for('posts.get_upload', filename=user.get('avatar')), resp.data)
def test_avatars_hashtag_search(self): """Ensure user avatars appear when searching for posts with a hashtag """ user1 = create_account('user1', '*****@*****.**', 'Password') # Activate it activate(user1) # Signin self.client.post(url_for('auth.signin'), data={ 'username': '******', 'password': '******' }) # Ensure user avatar appear in the search when searching for hashtags image = io.BytesIO(open('tests/upload_test_files/otter.jpg').read()) self.client.post(url_for('users.settings_profile'), data={ 'upload': (image, 'otter.png') }, follow_redirects=True) # Get the user so we can see if the avatar is appearing user = get_user(user1) # Create a post to search for post1 = create_post(user1, 'user1', 'Hello #pjuuie\'s') resp = self.client.get(url_for('users.search', query='#pjuuie')) self.assertIn('<!-- list:post:%s -->' % post1, resp.data) self.assertIn(url_for('posts.get_upload', filename=user.get('avatar')), resp.data)
def test_get_user(self): """ Tests that a user's account can be returned """ # Get test user user1 = create_account('user1', '*****@*****.**', 'Password') # Attempt to get the users repr user = get_user(user1) # Ensure we got a profile self.assertIsNotNone(user) # Check all the keys are present self.assertEqual(user.get('_id'), user1) self.assertEqual(user.get('username'), 'user1') self.assertEqual(user.get('email'), '*****@*****.**') # Ensure a non-existant user return None self.assertEqual(get_user(k.NIL_VALUE), None)
def test_change_password(self): """Can a user change password? There is no sanity or restrictions on passwords in the backend. """ user1 = create_account('user1', '*****@*****.**', 'Password') # Take current password (is hash don't string compare) current_password = get_user(user1).get('password') # Change password self.assertIsNotNone(change_password(user1, 'Password1')) new_password = get_user(user1).get('password') # Just check the hashed are different self.assertNotEqual(current_password, new_password) # Make sure the old password does not authenticate self.assertIsNone(authenticate('user1', 'Password')) # Check new password lets us log in self.assertEqual(authenticate('user1', 'Password1').get('_id'), user1)
def test_delete_account_basic(self): """Does the basic data go when a user delete their account? ..note: Just checks the auth part. """ user1 = create_account('user1', '*****@*****.**', 'Password') self.assertIsNotNone(user1) delete_account(user1) self.assertIsNone(get_user(user1)) self.assertIsNone(get_uid_username('user1')) self.assertIsNone(get_uid_email('*****@*****.**')) self.assertFalse(authenticate('user1', 'Password')) self.assertIsNone(get_uid_username('user1')) self.assertIsNone(get_uid_email('*****@*****.**'))
def test_change_email(self): """Can a user change their e-mail? """ user1 = create_account('user1', '*****@*****.**', 'Password') # Test email lookup key self.assertEqual(get_uid_email('*****@*****.**'), user1) # Check correct email self.assertEqual(get_user(user1).get('email'), '*****@*****.**') # Change e-mail self.assertIsNotNone(change_email(user1, '*****@*****.**')) # Check new lookup key self.assertEqual(get_uid_email('*****@*****.**'), user1) # Check old lookup key has been nulled self.assertIsNone(get_uid_email('*****@*****.**'))
def test_change_email(self): """Can a user change their e-mail? """ user1 = create_account('user1', '*****@*****.**', 'Password') # Test email lookup key self.assertEqual(get_uid_email('*****@*****.**'), None) activate(user1) self.assertEqual(get_uid_email('*****@*****.**'), user1) # Check correct email self.assertEqual(get_user(user1).get('email'), '*****@*****.**') # Change e-mail self.assertIsNotNone(change_email(user1, '*****@*****.**')) # Check new lookup key self.assertEqual(get_uid_email('*****@*****.**'), user1) # Check old lookup key has been nulled self.assertIsNone(get_uid_email('*****@*****.**'))
def test_userflags(self): """Ensure user flags are set as expected. """ user1 = create_account('user1', '*****@*****.**', 'Password') self.assertIsNotNone(user1) # Not active by default self.assertFalse(get_user(user1).get('active')) # TTL should be set self.assertIsNotNone(get_user(user1).get('ttl')) # Activate self.assertTrue(activate(user1)) self.assertTrue(get_user(user1).get('active')) self.assertIsNone(get_user(user1).get('ttl')) # Deactivate self.assertTrue(activate(user1, False)) self.assertFalse(get_user(user1).get('active')) # Invalid self.assertFalse(activate(None)) self.assertFalse(activate(K.NIL_VALUE)) # Banning, not by default self.assertFalse(get_user(user1).get('banned')) # Ban self.assertTrue(ban(user1)) self.assertTrue(get_user(user1).get('banned')) # Un-ban self.assertTrue(ban(user1, False)) self.assertFalse(get_user(user1).get('banned')) # Invalid self.assertFalse(ban(None)) self.assertFalse(ban(K.NIL_VALUE)) # OP (Over powered or Operator?) Account should not be op self.assertFalse(get_user(user1).get('op')) # Bite self.assertTrue(bite(user1)) self.assertTrue(get_user(user1).get('op')) # Un-bite self.assertTrue(bite(user1, False)) self.assertFalse(get_user(user1).get('op')) # Invalid self.assertFalse(bite(None)) self.assertFalse(bite(K.NIL_VALUE)) # Muted, can't post, not by default self.assertFalse(get_user(user1).get('muted')) # Mute self.assertTrue(mute(user1)) self.assertTrue(get_user(user1).get('muted')) # Un-mute self.assertTrue(mute(user1, False)) self.assertFalse(get_user(user1).get('muted')) # Invalid self.assertFalse(mute(None)) self.assertFalse(mute(K.NIL_VALUE))
def test_avatars(self): """Can a user set there own avatar?""" # Create a test user user1 = create_account('user1', '*****@*****.**', 'Password') # Activate it activate(user1) # Signin self.client.post(url_for('auth.signin'), data={ 'username': '******', 'password': '******' }) # Check default avatar is present resp = self.client.get(url_for('users.settings_profile', username='******')) self.assertIn('<!-- user:avatar:default -->', resp.data) self.assertIn(url_for('static', filename='img/otter_avatar.png'), resp.data) # Check the avatar for the default # We can't inspect it user = get_user(user1) resp = self.client.get(url_for('static', filename='img/otter_avatar.png')) self.assertEqual(resp.status_code, 200) # Get the users object to check some things user = get_user(user1) # User shouldn't have an avatar self.assertIsNone(user.get('avatar')) # Create the file image = io.BytesIO(open('tests/upload_test_files/otter.jpg').read()) resp = self.client.post(url_for('users.settings_profile'), data={ 'upload': (image, 'otter.png') }, follow_redirects=True) user = get_user(user1) self.assertIsNotNone(user.get('avatar')) self.assertIn('<!-- user:avatar:{} -->'.format(user.get('avatar')), resp.data) grid = gridfs.GridFS(m.db, collection='uploads') self.assertEqual(grid.find({'filename': user.get('avatar')}).count(), 1) resp = self.client.get(url_for('posts.get_upload', filename=user.get('avatar'))) self.assertEqual(resp.status_code, 200) # upload another and ensure there is only one in GridFs image = io.BytesIO(open('tests/upload_test_files/otter.jpg').read()) resp = self.client.post(url_for('users.settings_profile'), data={ 'upload': (image, 'otter.png') }, follow_redirects=True) user = get_user(user1) self.assertEqual(grid.find({'filename': user.get('avatar')}).count(), 1) # This is technically an auth test but if we delete the account we can # ensure the avatar is removed. delete_account(user1) self.assertEqual(grid.find({'filename': user.get('avatar')}).count(), 0)
def test_settings_profile(self): """Ensure users have the ability to see some information about there account and can change there about message and display options. """ # Let's try and access the endpoint feature when we are not logged in # We should not be able to see it resp = self.client.get('settings_profile', follow_redirects=True) self.assertIn('You need to be logged in to view that', resp.data) # Create a test user user1 = create_account('user1', '*****@*****.**', 'Password') # Activate it activate(user1) # Signin self.client.post(url_for('auth.signin'), data={ 'username': '******', 'password': '******' }) # If the user profile hasn't been saved the sort order should user = m.db.users.find_one({'username': '******'}) self.assertIsNone(user.get('reply_sort_order')) # Go to our settings page and ensure everything is there resp = self.client.get(url_for('users.settings_profile')) self.assertIn('<div class="content">user1</div>', resp.data) self.assertIn('<div class="content">[email protected]</div>', resp.data) # Post to the form and update our about. We should also be this on # this page resp = self.client.post(url_for('users.settings_profile'), data={ 'about': 'Otters love fish!' }, follow_redirects=True) self.assertIn('Otters love fish!', resp.data) # Try posting a MASSIVE about ('Otter' * 100) resp = self.client.post(url_for('users.settings_profile'), data={ 'about': 'Otters' * 100 }, follow_redirects=True) # Check we get the form error self.assertIn('Oh no! There are errors in your form', resp.data) # Ensure the about did not change self.assertIn('Otters love fish!', resp.data) resp = self.client.post(url_for('users.settings_profile'), data={ 'about': 'Test display settings', 'hide_feed_images': True, }, follow_redirects=True) self.assertIn('Test display settings', resp.data) # Not sure it's good to check for a checked checkbox so test the user # account user = get_user(user1) self.assertTrue(user.get('hide_feed_images')) # Ensure you can unset it resp = self.client.post(url_for('users.settings_profile'), data={ 'about': 'Test display settings', }, follow_redirects=True) # Get the user again. This should have been updated from the database user = get_user(user1) self.assertFalse(user.get('hide_feed_images')) # Test setting a homepage and location works as expected resp = self.client.post(url_for('users.settings_profile'), data={ 'about': 'Test display settings', 'homepage': 'pjuu.com', 'location': 'England' }, follow_redirects=True) user = get_user(user1) self.assertEqual(user.get('homepage'), 'http://pjuu.com') self.assertEqual(user.get('location'), 'England') # Ensure you can't set an invalid URL resp = self.client.post(url_for('users.settings_profile'), data={ 'about': 'Test display settings', 'homepage': 'pjuu.cheese', }, follow_redirects=True) self.assertIn('Please ensure the home page is a valid URL or empty', resp.data) # Test a URL that doesn't need to be prefixed resp = self.client.post(url_for('users.settings_profile'), data={ 'about': 'Test display settings', 'homepage': 'https://pjuu.com', }, follow_redirects=True) user = get_user(user1) self.assertEqual(user.get('homepage'), 'https://pjuu.com') resp = self.client.post(url_for('users.settings_profile'), data={ 'homepage': 'https://pjuu.com', 'location': 'England', }, follow_redirects=True) # Ensure the users profile reflects the changes resp = self.client.get(url_for('users.profile', username='******')) self.assertIn('<i class="fa fa-map-marker fa-lg"></i> England', resp.data) self.assertIn( '<a href="https://pjuu.com"><i class="fa fa-globe fa-lg"></i></a>', resp.data) # If the view before has been saved the default is -1 (unchecked) user = m.db.users.find_one({'username': '******'}) self.assertEqual(user.get('reply_sort_order'), -1) resp = self.client.post(url_for('users.settings_profile'), data={ 'reply_sort_order': True, }, follow_redirects=True) user = m.db.users.find_one({'username': '******'}) self.assertEqual(user.get('reply_sort_order'), 1) # You can not post the field as thats classed as a True value resp = self.client.post(url_for('users.settings_profile'), data={'about': 'Test'}, follow_redirects=True) user = m.db.users.find_one({'username': '******'}) self.assertEqual(user.get('reply_sort_order'), -1)
def test_settings_profile(self): """Ensure users have the ability to see some information about there account and can change there about message and display options. """ # Let's try and access the endpoint feature when we are not logged in # We should not be able to see it resp = self.client.get(url_for('users.settings_profile'), follow_redirects=True) self.assertIn('You need to be logged in to view that', resp.data) # Create a test user user1 = create_account('user1', '*****@*****.**', 'Password') # Activate it activate(user1) # Signin self.client.post(url_for('auth.signin'), data={ 'username': '******', 'password': '******' }) # If the user profile hasn't been saved the sort order should user = m.db.users.find_one({'username': '******'}) self.assertIsNone(user.get('reply_sort_order')) # Go to our settings page and ensure everything is there resp = self.client.get(url_for('users.settings_profile')) self.assertIn('<div class="content">user1</div>', resp.data) self.assertIn('<div class="content">[email protected]</div>', resp.data) # Post to the form and update our about. We should also be this on # this page resp = self.client.post(url_for('users.settings_profile'), data={'about': 'Otters love fish!'}, follow_redirects=True) self.assertIn('Otters love fish!', resp.data) # Try posting a MASSIVE about ('Otter' * 100) resp = self.client.post(url_for('users.settings_profile'), data={'about': 'Otters' * 100}, follow_redirects=True) # Check we get the form error self.assertIn('Oh no! There are errors in your form', resp.data) # Ensure the about did not change self.assertIn('Otters love fish!', resp.data) resp = self.client.post(url_for('users.settings_profile'), data={ 'about': 'Test display settings', 'hide_feed_images': True, }, follow_redirects=True) self.assertIn('Test display settings', resp.data) # Not sure it's good to check for a checked checkbox so test the user # account user = get_user(user1) self.assertTrue(user.get('hide_feed_images')) # Ensure you can unset it resp = self.client.post(url_for('users.settings_profile'), data={ 'about': 'Test display settings', }, follow_redirects=True) # Get the user again. This should have been updated from the database user = get_user(user1) self.assertFalse(user.get('hide_feed_images')) # Test setting a homepage and location works as expected resp = self.client.post(url_for('users.settings_profile'), data={ 'about': 'Test display settings', 'homepage': 'pjuu.com', 'location': 'England' }, follow_redirects=True) user = get_user(user1) self.assertEqual(user.get('homepage'), 'http://pjuu.com') self.assertEqual(user.get('location'), 'England') # Ensure you can't set an invalid URL resp = self.client.post(url_for('users.settings_profile'), data={ 'about': 'Test display settings', 'homepage': 'pjuu.cheese', }, follow_redirects=True) self.assertIn('Please ensure the home page is a valid URL or empty', resp.data) # Test a URL that doesn't need to be prefixed resp = self.client.post(url_for('users.settings_profile'), data={ 'about': 'Test display settings', 'homepage': 'https://pjuu.com', }, follow_redirects=True) user = get_user(user1) self.assertEqual(user.get('homepage'), 'https://pjuu.com') resp = self.client.post(url_for('users.settings_profile'), data={ 'homepage': 'https://pjuu.com', 'location': 'England', }, follow_redirects=True) # Ensure the users profile reflects the changes resp = self.client.get(url_for('users.profile', username='******')) self.assertIn('<i class="fa fa-map-marker fa-lg"></i> England', resp.data) self.assertIn( '<a href="https://pjuu.com"><i class="fa fa-globe fa-lg"></i></a>', resp.data) # If the view before has been saved the default is -1 (unchecked) user = m.db.users.find_one({'username': '******'}) self.assertEqual(user.get('reply_sort_order'), -1) resp = self.client.post(url_for('users.settings_profile'), data={ 'reply_sort_order': True, }, follow_redirects=True) user = m.db.users.find_one({'username': '******'}) self.assertEqual(user.get('reply_sort_order'), 1) # You can not post the field as thats classed as a True value resp = self.client.post(url_for('users.settings_profile'), data={'about': 'Test'}, follow_redirects=True) user = m.db.users.find_one({'username': '******'}) self.assertEqual(user.get('reply_sort_order'), -1)
def test_create_user(self): """Check basic user creation stuffs. This also in turn tests check_username(), check_username_pattern(), check_email(), check_email_pattern(), get_username() and get_email(). """ user1 = create_account('user1', '*****@*****.**', 'Password') self.assertIsNotNone(user1) # Duplicate username self.assertIsNone(create_account('user1', '*****@*****.**', 'Password')) # Duplicate email self.assertIsNone(create_account('userX', '*****@*****.**', 'Password')) # Invalid username self.assertIsNone(create_account('u', '*****@*****.**', 'Password')) # Invalid email self.assertIsNone(create_account('userX', 'userX', 'Password')) # Reserved username self.assertIsNone(create_account('help', '*****@*****.**', 'Password')) # You can't get a UID for a non-activated user self.assertEqual(get_uid('user1'), None) activate(user1) self.assertEqual(get_uid('user1'), user1) self.assertEqual(get_uid('*****@*****.**'), user1) # Shouldn't work wiht invali users self.assertIsNone(get_user(K.NIL_VALUE)) # Ensure if works with a valid user self.assertIsNotNone(get_user(user1)) self.assertIsNotNone(type(get_user(user1))) self.assertEqual(type(get_user(user1)), dict) self.assertEqual(get_user(user1).get('username'), 'user1') self.assertEqual(get_user(user1).get('email'), '*****@*****.**') # Check get_uid_* with invalid entries self.assertIsNone(get_uid_username('testymctest')) self.assertIsNone(get_uid_email('*****@*****.**')) # With valid self.assertEqual(get_uid_username('user1'), user1) self.assertEqual(get_uid_email('*****@*****.**'), user1) # Create a new user to check the defaults user2 = create_account('user2', '*****@*****.**', 'Password') # Are values set as expected? user = get_user(user2) self.assertIsNotNone(user) self.assertEqual(user.get('_id'), user2) self.assertEqual(user.get('username'), 'user2') self.assertEqual(user.get('email'), '*****@*****.**') self.assertEqual(user.get('last_login'), -1) self.assertFalse(user.get('active')) self.assertFalse(user.get('banned')) self.assertFalse(user.get('op')) self.assertFalse(user.get('muted')) self.assertEqual(user.get('about'), '') self.assertEqual(user.get('score'), 0) self.assertEqual(user.get('alerts_last_checked'), -1) self.assertIsNotNone(user.get('ttl')) # Generated values, we don't know what they SHOULD be self.assertIsNotNone(user.get('password')) self.assertIsNotNone(user.get('created')) # Check user_exists works self.assertTrue(user_exists(user1)) # Check it fails when invalid value self.assertFalse(user_exists(K.NIL_VALUE))
def test_avatars(self): """Can a user set there own avatar?""" # Create a test user user1 = create_account('user1', '*****@*****.**', 'Password') # Activate it activate(user1) # Signin self.client.post(url_for('auth.signin'), data={ 'username': '******', 'password': '******' }) # Check default avatar is present resp = self.client.get( url_for('users.settings_profile', username='******')) self.assertIn('<!-- user:avatar:default -->', resp.data) self.assertIn(url_for('static', filename='img/otter_avatar.png'), resp.data) # Check the avatar for the default # We can't inspect it user = get_user(user1) resp = self.client.get( url_for('static', filename='img/otter_avatar.png')) self.assertEqual(resp.status_code, 200) # Get the users object to check some things user = get_user(user1) # User shouldn't have an avatar self.assertIsNone(user.get('avatar')) # Create the file image = io.BytesIO(open('tests/upload_test_files/otter.jpg').read()) resp = self.client.post(url_for('users.settings_profile'), data={'upload': (image, 'otter.png')}, follow_redirects=True) user = get_user(user1) self.assertIsNotNone(user.get('avatar')) self.assertIn('<!-- user:avatar:{} -->'.format(user.get('avatar')), resp.data) grid = gridfs.GridFS(m.db, collection='uploads') self.assertEqual( grid.find({ 'filename': user.get('avatar') }).count(), 1) resp = self.client.get( url_for('posts.get_upload', filename=user.get('avatar'))) self.assertEqual(resp.status_code, 200) # upload another and ensure there is only one in GridFs image = io.BytesIO(open('tests/upload_test_files/otter.jpg').read()) resp = self.client.post(url_for('users.settings_profile'), data={'upload': (image, 'otter.png')}, follow_redirects=True) user = get_user(user1) self.assertEqual( grid.find({ 'filename': user.get('avatar') }).count(), 1) # This is technically an auth test but if we delete the account we can # ensure the avatar is removed. delete_account(user1) self.assertEqual( grid.find({ 'filename': user.get('avatar') }).count(), 0)
def test_create_user(self): """Check basic user creation stuffs. This also in turn tests check_username(), check_username_pattern(), check_email(), check_email_pattern(), get_username() and get_email(). """ user1 = create_account('user1', '*****@*****.**', 'Password') self.assertIsNotNone(user1) # Duplicate username self.assertIsNone( create_account('user1', '*****@*****.**', 'Password')) # Duplicate email self.assertIsNone( create_account('userX', '*****@*****.**', 'Password')) # Invalid username self.assertIsNone( create_account('u', '*****@*****.**', 'Password')) # Invalid email self.assertIsNone( create_account('userX', 'userX', 'Password')) # Reserved username self.assertIsNone( create_account('help', '*****@*****.**', 'Password')) # You can't get a UID for a non-activated user self.assertEqual(get_uid('user1'), None) activate(user1) self.assertEqual(get_uid('user1'), user1) self.assertEqual(get_uid('*****@*****.**'), user1) # Shouldn't work wiht invali users self.assertIsNone(get_user(K.NIL_VALUE)) # Ensure if works with a valid user self.assertIsNotNone(get_user(user1)) self.assertIsNotNone(type(get_user(user1))) self.assertEqual(type(get_user(user1)), dict) self.assertEqual(get_user(user1).get('username'), 'user1') self.assertEqual(get_user(user1).get('email'), '*****@*****.**') # Check get_uid_* with invalid entries self.assertIsNone(get_uid_username('testymctest')) self.assertIsNone(get_uid_email('*****@*****.**')) # With valid self.assertEqual(get_uid_username('user1'), user1) self.assertEqual(get_uid_email('*****@*****.**'), user1) # Create a new user to check the defaults user2 = create_account('user2', '*****@*****.**', 'Password') # Are values set as expected? user = get_user(user2) self.assertIsNotNone(user) self.assertEqual(user.get('_id'), user2) self.assertEqual(user.get('username'), 'user2') self.assertEqual(user.get('email'), '*****@*****.**') self.assertEqual(user.get('last_login'), -1) self.assertFalse(user.get('active')) self.assertFalse(user.get('banned')) self.assertFalse(user.get('op')) self.assertFalse(user.get('muted')) self.assertEqual(user.get('about'), '') self.assertEqual(user.get('score'), 0) self.assertEqual(user.get('alerts_last_checked'), -1) self.assertIsNotNone(user.get('ttl')) # Generated values, we don't know what they SHOULD be self.assertIsNotNone(user.get('password')) self.assertIsNotNone(user.get('created')) # Check user_exists works self.assertTrue(user_exists(user1)) # Check it fails when invalid value self.assertFalse(user_exists(K.NIL_VALUE))