def test_change_password(client, user_info): """A user can change their password and log in with the new password.""" register_user(client, user_info) new_password = "******" + "\N{PARTIAL DIFFERENTIAL}" assert new_password != user_info["password"] rv = client.get(url_for("user.edit_account")) rv = client.post( url_for("do.edit_account"), data=dict( csrf_token=csrf_token(rv.data), oldpassword=user_info["password"], password=new_password, confirm=new_password, ), follow_redirects=True, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" log_out_current_user(client) # Try to log in with the old password log_in_user(client, user_info, expect_success=False) new_info = dict(user_info) new_info.update(password=new_password) log_in_user(client, new_info, expect_success=True)
def test_admin_can_ban_email_domain(client, user_info, test_config): register_user(client, user_info) promote_user_to_admin(client, user_info) rv = client.get(url_for("admin.domains", domain_type="email")) rv = client.post( url_for("do.ban_domain", domain_type="email"), data=dict(csrf_token=csrf_token(rv.data), domain="spam4u.com"), follow_redirects=True, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" log_out_current_user(client) rv = client.get(url_for("auth.register")) with mail.record_messages() as outbox: data = dict( csrf_token=csrf_token(rv.data), username="******", password="******", confirm="Safe123#$@lolnot", email_required="*****@*****.**", invitecode="", accept_tos=True, captcha="xyzzy", ) rv = client.post(url_for("auth.register"), data=data, follow_redirects=True) assert len(outbox) == 0 assert b"do not accept emails" in rv.data assert b"Register" in rv.data assert b"Log out" not in rv.data
def test_submit_link_post(client, user_info, test_config): register_user(client, user_info) create_sub(client) rv = client.get(url_for("subs.submit", ptype="text", sub="test")) data = { "csrf_token": csrf_token(rv.data), "title": "Testing link!", "ptype": "link", } rv = client.post( url_for("subs.submit", ptype="link", sub="test"), data=data, follow_redirects=False, ) assert get_error(rv.data) == b"No link provided." data["link"] = "https://google.com" rv = client.post( url_for("subs.submit", ptype="link", sub="test"), data=data, follow_redirects=False, ) assert rv.status_code == 302 assert "/s/test/1" == rv.location # Test anti-repost rv = client.post( url_for("subs.submit", ptype="link", sub="test"), data=data, follow_redirects=False, ) assert (get_error( rv.data ) == b'This link was <a href="/s/test/1">recently posted</a> on this sub.')
def test_submit_text_post(client, user_info, test_config): register_user(client, user_info) create_sub(client) rv = client.get(url_for("subs.submit", ptype="text", sub="test")) data = {"csrf_token": csrf_token(rv.data), "title": "f\u000A\u000A\u000A"} rv = client.post( url_for("subs.submit", ptype="text", sub="does_not_exist"), data=data, follow_redirects=True, ) assert b"Sub does not exist" in get_error(rv.data) rv = client.post( url_for("subs.submit", ptype="text", sub="test"), data=data, follow_redirects=True, ) assert b"Error in the 'Post type' field - This field is required." == get_error( rv.data) data["ptype"] = "text" rv = client.post( url_for("subs.submit", ptype="text", sub="test"), data=data, follow_redirects=True, ) assert b"Title is too short and/or contains whitespace characters." in get_error( rv.data) data["title"] = "Testing!" rv = client.post( url_for("subs.submit", ptype="text", sub="test"), data=data, follow_redirects=True, ) assert not get_error(rv.data) assert b"Testing! | test" in rv.data
def test_admin_totp_auth_flow(client, user_info, test_config): register_user(client, user_info) assert client.get(url_for("admin.auth")).status_code == 404 promote_user_to_admin(client, user_info) rv = client.get(url_for("admin.auth"), follow_redirects=True) assert rv.status_code == 200 assert b"TOTP setup" in rv.data user = User.get(User.name == user_info["username"]) user_secret = UserMetadata.get((UserMetadata.uid == user.uid) & (UserMetadata.key == "totp_secret")) totp = pyotp.TOTP(user_secret.value) data = {"csrf_token": csrf_token(rv.data), "totp": totp.now()} rv = client.post(url_for("admin.auth"), data=data, follow_redirects=False) assert rv.status_code == 302 assert rv.location == url_for("admin.index") # Try again with bad token data["totp"] = "1" rv = client.post(url_for("admin.auth"), data=data, follow_redirects=False) assert rv.status_code == 200 assert b"Invalid or expired token." in rv.data # Check if we're actually logged in. assert client.get(url_for("admin.index")).status_code == 200 # Get QR code after we already set up TOTP assert client.get(url_for("admin.get_totp_image")).status_code == 403 # Try logging out. client.post(url_for("admin.logout"), data=data) assert client.get(url_for("admin.index"), follow_redirects=False).status_code == 302
def test_get_totp_image(client, user_info, test_config): register_user(client, user_info) assert client.get(url_for("admin.get_totp_image")).status_code == 404 promote_user_to_admin(client, user_info) rv = client.get(url_for("admin.get_totp_image")) assert rv.status_code == 200 assert rv.content_type == "image/png"
def test_admin_can_ban_email_domain(client, user_info): register_user(client, user_info) promote_user_to_admin(client, user_info) rv = client.get(url_for('admin.domains', domain_type='email')) rv = client.post(url_for('do.ban_domain', domain_type='email'), data=dict(csrf_token=csrf_token(rv.data), domain='spam4u.com'), follow_redirects=True) reply = json.loads(rv.data.decode('utf-8')) assert reply['status'] == 'ok' log_out_current_user(client) rv = client.get(url_for('auth.register')) with mail.record_messages() as outbox: data = dict(csrf_token=csrf_token(rv.data), username='******', password='******', confirm='Safe123#$@lolnot', email_required='*****@*****.**', invitecode='', accept_tos=True, captcha='xyzzy') rv = client.post(url_for('auth.register'), data=data, follow_redirects=True) assert len(outbox) == 0 assert b'do not accept emails' in rv.data assert b'Register' in rv.data assert b'Log out' not in rv.data
def test_reset_password(client, user_info): """A user can reset their password using a link sent to their email.""" new_password = '******' assert new_password != user_info['password'] register_user(client, user_info) log_out_current_user(client) with mail.record_messages() as outbox: rv = client.get(url_for('user.password_recovery')) rv = client.post(url_for('user.password_recovery'), data=dict(csrf_token=csrf_token(rv.data), email=user_info['email'], captcha='xyzzy')) message = outbox.pop() assert message.send_to == {user_info['email']} soup = BeautifulSoup(message.html, 'html.parser') token = soup.a['href'].split('/')[-1] rv = client.get(url_for('user.password_reset', token=token), follow_redirects=True) rv = client.post(url_for('do.reset'), data=dict(csrf_token=csrf_token(rv.data), user=get_value(rv.data, 'user'), key=get_value(rv.data, 'key'), password=new_password, confirm=new_password)) log_out_current_user(client) user_info['password'] = new_password log_in_user(client, user_info, expect_success=True)
def test_admin_can_ban_and_unban_user(client, user_info, user2_info): register_user(client, user_info) register_user(client, user2_info) promote_user_to_admin(client, user2_info) username = user_info["username"] rv = client.get(url_for("user.view", user=username)) client.post( url_for("do.ban_user", username=username), data=dict(csrf_token=csrf_token(rv.data)), follow_redirects=True, ) # For now, banning makes you unable to log in. log_out_current_user(client) log_in_user(client, user_info, expect_success=False) log_in_user(client, user2_info) rv = client.get(url_for("user.view", user=username)) client.post( url_for("do.unban_user", username=username), data=dict(csrf_token=csrf_token(rv.data)), follow_redirects=True, ) log_out_current_user(client) log_in_user(client, user_info)
def test_send_and_receive_pm(client, user_info, user2_info): """Send and receive a private message.""" username = user_info["username"] register_user(client, user_info) register_user(client, user2_info) # User2 sends User a message. rv = client.get(url_for("user.view", user=username)) assert rv.status == "200 OK" client.post( url_for("do.create_sendmsg"), data=dict( csrf_token=csrf_token(rv.data), to=username, subject="Testing", content="Test Content", ), follow_redirects=True, ) # User2 sees the message in Sent Messages. rv = client.get(url_for("messages.view_messages_sent"), follow_redirects=True) assert rv.status == "200 OK" assert substrings_present(rv.data, [username, "Testing", "Test Content"]) log_out_current_user(client, verify=True) log_in_user(client, user_info, expect_success=True) # User has one new message. rv = client.get(url_for("home.index"), follow_redirects=True) assert rv.status == "200 OK" soup = BeautifulSoup(rv.data, "html.parser", from_encoding="utf-8") link = soup.find(href=url_for("messages.inbox_sort")) assert link.get_text().strip() == "1" # User sees the message on the inbox page. rv = client.get(url_for("messages.inbox_sort"), follow_redirects=True) assert rv.status == "200 OK" assert substrings_present( rv.data, [user2_info["username"], "Testing", "Test Content"] ) # User marks the message as read. soup = BeautifulSoup(rv.data, "html.parser", from_encoding="utf-8") tag = soup.find(lambda tag: tag.has_attr("data-mid")) mid = tag.attrs["data-mid"] rv = client.post( url_for("do.read_pm", mid=mid), data=dict(csrf_token=csrf_token(rv.data)), ) # User returns to home page; notifications count now 0. rv = client.get(url_for("home.index"), follow_redirects=True) assert rv.status == "200 OK" soup = BeautifulSoup(rv.data, "html.parser", from_encoding="utf-8") link = soup.find(href=url_for("messages.inbox_sort")) assert link.get_text().strip() == "0"
def test_delete_account(client, user_info): """A user can delete their account.""" register_user(client, user_info) # The password has to be right. rv = client.get(url_for("user.delete_account")) rv = client.post( url_for("do.delete_user"), data=dict( csrf_token=csrf_token(rv.data), password="******", consent="YES", ), follow_redirects=True, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "error" # The consent must be given. rv = client.get(url_for("user.delete_account")) rv = client.post( url_for("do.delete_user"), data=dict( csrf_token=csrf_token(rv.data), password="******", consent="NO", ), follow_redirects=True, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "error" rv = client.get(url_for("user.delete_account")) rv = client.post( url_for("do.delete_user"), data=dict( csrf_token=csrf_token(rv.data), password=user_info["password"], consent="YES", ), follow_redirects=True, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" # Deleting your account should log you out. rv = client.get(url_for("home.index")) assert b"Log in" in rv.data # Try to log in to the deleted account. log_in_user(client, user_info, expect_success=False)
def test_create_sub(client, user_info, test_config): register_user(client, user_info) rv = client.get(url_for("subs.create_sub")) assert rv.status_code == 200 data = {"csrf_token": csrf_token(rv.data), "subname": "test", "title": "Testing"} rv = client.post(url_for("subs.create_sub"), data=data, follow_redirects=True) assert not get_error(rv.data) assert b"/s/test" in rv.data # if we try again it should fail rv = client.post(url_for("subs.create_sub"), data=data, follow_redirects=True) assert b"Sub is already registered" == get_error(rv.data)
def test_create_sub_error(client, user_info): register_user(client, user_info) rv = client.get(url_for("subs.create_sub")) assert rv.status_code == 200 data = {"csrf_token": csrf_token(rv.data), "subname": "蛋糕", "title": "Testing"} rv = client.post(url_for("subs.create_sub"), data=data, follow_redirects=True) assert b"Sub name has invalid characters" in get_error(rv.data) data["subname"] = "home" rv = client.post(url_for("subs.create_sub"), data=data, follow_redirects=True) assert b"Invalid sub name" in get_error(rv.data) data["subname"] = "test" rv = client.post(url_for("subs.create_sub"), data=data, follow_redirects=True) assert b"You must be at least level 2." in get_error(rv.data)
def test_submit_invalid_post_type(client, user_info, test_config): register_user(client, user_info) create_sub(client) rv = client.get(url_for("subs.submit", ptype="text", sub="test")) data = { "csrf_token": csrf_token(rv.data), "title": "Testing link!", } rv = client.post( url_for("subs.submit", ptype="toast", sub="test"), data=data, follow_redirects=False, ) assert rv.status_code == 404
def test_submit_page(client, user_info): register_user(client, user_info) rv = client.get(url_for("subs.submit", ptype="text")) assert rv.status_code == 200 rv = client.get(url_for("subs.submit", ptype="link")) assert rv.status_code == 200 rv = client.get(url_for("subs.submit", ptype="poll")) assert rv.status_code == 200 rv = client.get(url_for("subs.submit", ptype="upload")) assert rv.status_code == 200 rv = client.get(url_for("subs.submit", ptype="something_that_does_not_exist")) assert rv.status_code == 404 rv = client.get(url_for("subs.submit", ptype="text", sub="sub_that_does_not_exist")) assert rv.status_code == 404
def test_password_required_to_change_recovery_email(client, user_info, test_config): """Changing the password recovery requires the correct password.""" register_user(client, user_info) wrong_password = "******" new_email = "*****@*****.**" assert wrong_password != user_info["password"] assert new_email != user_info["email"] rv = client.get(url_for("user.edit_account")) data = dict( csrf_token=csrf_token(rv.data), email_required=new_email, oldpassword=wrong_password, password="", confirm="", ) # No confirmation email should be sent. with mail.record_messages() as outbox: rv = client.post(url_for("do.edit_account"), data=data, follow_redirects=True) assert len(outbox) == 0 log_out_current_user(client) # Verify password recovery email goes to the right place. with mail.record_messages() as outbox: rv = client.get(url_for("user.password_recovery")) rv = client.post( url_for("user.password_recovery"), data=dict(csrf_token=csrf_token(rv.data), email=new_email, captcha="xyzzy"), ) assert len(outbox) == 0 rv = client.get(url_for("user.password_recovery")) rv = client.post( url_for("user.password_recovery"), data=dict( csrf_token=csrf_token(rv.data), email=user_info["email"], captcha="xyzzy", ), ) assert len(outbox) == 1
def test_delete_account(client, user_info): """A user can delete their account.""" register_user(client, user_info) # The password has to be right. rv = client.get(url_for('user.delete_account')) rv = client.post(url_for('do.delete_user'), data=dict(csrf_token=csrf_token(rv.data), password='******', consent='YES'), follow_redirects=True) reply = json.loads(rv.data.decode('utf-8')) assert reply['status'] == 'error' # The consent must be given. rv = client.get(url_for('user.delete_account')) rv = client.post(url_for('do.delete_user'), data=dict(csrf_token=csrf_token(rv.data), password='******', consent='NO'), follow_redirects=True) reply = json.loads(rv.data.decode('utf-8')) assert reply['status'] == 'error' rv = client.get(url_for('user.delete_account')) rv = client.post(url_for('do.delete_user'), data=dict(csrf_token=csrf_token(rv.data), password=user_info['password'], consent='YES'), follow_redirects=True) reply = json.loads(rv.data.decode('utf-8')) assert reply['status'] == 'ok' # Deleting your account should log you out. rv = client.get(url_for('home.index')) assert b'Log in' in rv.data # Try to log in to the deleted account. log_in_user(client, user_info, expect_success=False)
def test_reset_password(client, user_info): """A user can reset their password using a link sent to their email.""" new_password = "******" assert new_password != user_info["password"] register_user(client, user_info) log_out_current_user(client) with mail.record_messages() as outbox: rv = client.get(url_for("user.password_recovery")) rv = client.post( url_for("user.password_recovery"), data=dict( csrf_token=csrf_token(rv.data), email=user_info["email"], captcha="xyzzy", ), ) message = outbox.pop() assert message.send_to == {user_info["email"]} soup = BeautifulSoup(message.html, "html.parser") token = soup.a["href"].split("/")[-1] rv = client.get( url_for("user.password_reset", token=token), follow_redirects=True ) rv = client.post( url_for("do.reset"), data=dict( csrf_token=csrf_token(rv.data), user=get_value(rv.data, "user"), key=get_value(rv.data, "key"), password=new_password, confirm=new_password, ), ) log_out_current_user(client) user_info["password"] = new_password log_in_user(client, user_info, expect_success=True)
def test_password_required_to_change_recovery_email(client, user_info): """Changing the password recovery requires the correct password.""" register_user(client, user_info) wrong_password = '******' new_email = '*****@*****.**' assert wrong_password != user_info['password'] assert new_email != user_info['email'] rv = client.get(url_for('user.edit_account')) data = dict(csrf_token=csrf_token(rv.data), email_required=new_email, oldpassword=wrong_password, password='', confirm='') # No confirmation email should be sent. with mail.record_messages() as outbox: rv = client.post(url_for('do.edit_account'), data=data, follow_redirects=True) assert len(outbox) == 0 log_out_current_user(client) # Verify password recovery email goes to the right place. with mail.record_messages() as outbox: rv = client.get(url_for('user.password_recovery')) rv = client.post(url_for('user.password_recovery'), data=dict(csrf_token=csrf_token(rv.data), email=new_email, captcha='xyzzy')) assert len(outbox) == 0 rv = client.get(url_for('user.password_recovery')) rv = client.post(url_for('user.password_recovery'), data=dict(csrf_token=csrf_token(rv.data), email=user_info['email'], captcha='xyzzy')) assert len(outbox) == 1
def test_change_password(client, user_info): """A user can change their password and log in with the new password.""" register_user(client, user_info) new_password = '******' + '\N{PARTIAL DIFFERENTIAL}' assert new_password != user_info['password'] rv = client.get(url_for('user.edit_account')) rv = client.post(url_for('do.edit_account'), data=dict(csrf_token=csrf_token(rv.data), oldpassword=user_info['password'], password=new_password, confirm=new_password), follow_redirects=True) reply = json.loads(rv.data.decode('utf-8')) assert reply['status'] == 'ok' log_out_current_user(client) # Try to log in with the old password log_in_user(client, user_info, expect_success=False) new_info = dict(user_info) new_info.update(password=new_password) log_in_user(client, new_info, expect_success=True)
def test_mod_invite_notification(client, user_info, user2_info): "Notifications are sent for mod invites." config.update_value("site.sub_creation_min_level", 0) receiver, mod = user_info, user2_info register_user(client, receiver) receiver_uid = User.get(User.name == receiver["username"]).uid log_out_current_user(client) register_user(client, mod) mod_uid = User.get(User.name == mod["username"]).uid create_sub(client, name="test_janitor") create_sub(client, name="test_mod") # Mod invites receiver as moderator. rv_index = client.get(url_for("home.index", sub="test_mod")) data = { "csrf_token": csrf_token(rv_index.data), "user": receiver["username"], "level": "1", } rv = client.post( url_for("do.inv_mod", sub="test_mod"), data=data, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" # Mod invites receiver as janitor. data = { "csrf_token": csrf_token(rv_index.data), "user": receiver["username"], "level": "2", } rv = client.post( url_for("do.inv_mod", sub="test_janitor"), data=data, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" log_out_current_user(client) # Receiver blocks mod. log_in_user(client, receiver) data = { "csrf_token": csrf_token(rv_index.data), "view_messages": "show", "view_content": "hide", } rv = client.post(url_for("do.edit_ignore", uid=mod_uid), data=data, follow_redirects=True) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" # Receiver checks notifications. They should not be ignored, # because they are mod actions. assert get_notification_count(receiver_uid)["notifications"] == 2 rv = client.get(url_for("messages.view_notifications")) assert b"invited you to moderate" in rv.data soup = BeautifulSoup(rv.data, "html.parser", from_encoding="utf-8") assert soup.find(href=url_for("sub.edit_sub_mods", sub="test_mod")) assert soup.find(href=url_for("sub.edit_sub_mods", sub="test_janitor")) # After checking, the notification is marked read. assert get_notification_count(receiver_uid)["notifications"] == 0 # Receiver unblocks mod. data = { "csrf_token": csrf_token(rv.data), "view_messages": "show", "view_content": "show", } rv = client.post(url_for("do.edit_ignore", uid=mod_uid), data=data, follow_redirects=True) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" # Receiver checks notifications again. rv = client.get(url_for("messages.view_notifications")) assert b"invited you to moderate" in rv.data assert soup.find(href=url_for("sub.edit_sub_mods", sub="test_mod")) assert soup.find(href=url_for("sub.edit_sub_mods", sub="test_janitor"))
def test_post_delete_notification(client, user_info, user2_info, user3_info): "Notifications are sent for post delete and undelete." config.update_value("site.sub_creation_min_level", 0) receiver, admin, mod = user_info, user2_info, user3_info register_user(client, receiver) receiver_uid = User.get(User.name == receiver["username"]).uid log_out_current_user(client) register_user(client, admin) promote_user_to_admin(client, admin) log_out_current_user(client) register_user(client, mod) mod_uid = User.get(User.name == mod["username"]).uid create_sub(client) log_out_current_user(client) # Receiver makes a post. log_in_user(client, receiver) rv_post = client.get(url_for("subs.submit", ptype="text", sub="test")) csrf = csrf_token(rv_post.data) data = { "csrf_token": csrf, "title": "the title", "ptype": "text", "content": "the content", } rv = client.post( url_for("subs.submit", ptype="text", sub="test"), data=data, follow_redirects=False, ) assert rv.status == "302 FOUND" soup = BeautifulSoup(rv.data, "html.parser", from_encoding="utf-8") link = soup.a.get_text() pid = link.split("/")[-1] log_out_current_user(client) # Mod deletes the post. log_in_user(client, mod) data = { "csrf_token": csrf, "post": pid, "reason": "serious reason", "send_to_admin": False, } rv = client.post( url_for("do.delete_post"), data=data, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" log_out_current_user(client) # Admin un-deletes the post. log_in_user(client, admin) data = { "csrf_token": csrf, "post": pid, "reason": "frivolous reason", } rv = client.post( url_for("do.undelete_post"), data=data, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" log_out_current_user(client) # Receiver blocks mod. log_in_user(client, receiver) data = { "csrf_token": csrf, "view_messages": "show", "view_content": "hide", } rv = client.post(url_for("do.edit_ignore", uid=mod_uid), data=data, follow_redirects=True) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" # Receiver checks notifications. They should not be ignored, # because they are mod actions. assert get_notification_count(receiver_uid)["notifications"] == 2 rv = client.get(url_for("messages.view_notifications")) assert b" deleted your post" in rv.data assert b"un-deleted your post" in rv.data assert b"serious reason" in rv.data assert b"frivolous reason" in rv.data # After checking, the notification is marked read. assert get_notification_count(receiver_uid)["notifications"] == 0 # Receiver unblocks mod. data = { "csrf_token": csrf_token(rv.data), "view_messages": "show", "view_content": "show", } rv = client.post(url_for("do.edit_ignore", uid=mod_uid), data=data, follow_redirects=True) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" # Receiver checks notifications again. rv = client.get(url_for("messages.view_notifications")) assert b" deleted your post" in rv.data assert b"un-deleted your post" in rv.data assert b"serious reason" in rv.data assert b"frivolous reason" in rv.data
def test_ban_notification(client, user_info, user2_info): "Notifications are sent for sub bans." config.update_value("site.sub_creation_min_level", 0) receiver, mod = user_info, user2_info register_user(client, receiver) receiver_uid = User.get(User.name == receiver["username"]).uid log_out_current_user(client) register_user(client, mod) mod_uid = User.get(User.name == mod["username"]).uid create_sub(client) log_out_current_user(client) # Receiver blocks mod. log_in_user(client, receiver) rv_index = client.get(url_for("home.index", sub="test")) csrf = csrf_token(rv_index.data) data = { "csrf_token": csrf, "view_messages": "show", "view_content": "hide", } rv = client.post(url_for("do.edit_ignore", uid=mod_uid), data=data, follow_redirects=True) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" log_out_current_user(client) # Mod bans receiver. log_in_user(client, mod) data = { "csrf_token": csrf, "user": receiver["username"], "reason": "serious reason", "expires": None, } rv = client.post( url_for("do.ban_user_sub", sub="test"), data=data, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" # Mod un-bans receiver. rv = client.post( url_for("do.remove_sub_ban", sub="test", user=receiver["username"]), data={"csrf_token": csrf}, ) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" log_out_current_user(client) # Receiver checks notifications. They should not be ignored, # because they are mod actions. log_in_user(client, receiver) assert get_notification_count(receiver_uid)["notifications"] == 2 rv = client.get(url_for("messages.view_notifications")) assert b"banned you from" in rv.data assert b"serious reason" in rv.data assert b"unbanned you from" in rv.data # After checking, the notification is marked read. assert get_notification_count(receiver_uid)["notifications"] == 0 # Receiver unblocks mod. data = { "csrf_token": csrf_token(rv.data), "view_messages": "show", "view_content": "show", } rv = client.post(url_for("do.edit_ignore", uid=mod_uid), data=data, follow_redirects=True) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" # Receiver checks notifications again. rv = client.get(url_for("messages.view_notifications")) assert b"banned you from" in rv.data assert b"serious reason" in rv.data assert b"unbanned you from" in rv.data
def test_reply_notification(client, sub_mod, user_info, user2_info, user3_info): "Notifications are sent for post and comment replies." sender, receiver, mod = user_info, user2_info, user3_info config.update_value("site.sub_creation_min_level", 0) register_user(client, sender) sender_uid = User.get(User.name == sender["username"]).uid if sub_mod == "sender": create_sub(client) log_out_current_user(client) register_user(client, receiver) receiver_uid = User.get(User.name == receiver["username"]).uid if sub_mod == "receiver": create_sub(client) log_out_current_user(client) if sub_mod == "neither": register_user(client, mod) create_sub(client) log_out_current_user(client) # Receiver makes a post that can be replied to log_in_user(client, receiver) rv = client.get(url_for("subs.submit", ptype="text", sub="test")) csrf = csrf_token(rv.data) data = { "csrf_token": csrf, "title": "the title", "ptype": "text", "content": "the content", } rv = client.post( url_for("subs.submit", ptype="text", sub="test"), data=data, follow_redirects=False, ) assert rv.status == "302 FOUND" soup = BeautifulSoup(rv.data, "html.parser", from_encoding="utf-8") link = soup.a.get_text() pid = link.split("/")[-1] # Receiver makes a comment that can be replied to. rv = client.get(link, follow_redirects=True) assert b"the title | test" in rv.data data = { "csrf_token": csrf, "post": pid, "parent": "0", "comment": "OP reply", } rv = client.post(url_for("do.create_comment", pid=pid), data=data, follow_redirects=False) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" cid = reply["cid"] # Receiver blocks sender. data = { "csrf_token": csrf, "view_messages": "show", "view_content": "hide", } rv = client.post(url_for("do.edit_ignore", uid=sender_uid), data=data, follow_redirects=True) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" log_out_current_user(client) # Sender replies to the post. log_in_user(client, sender) rv = client.get(link, follow_redirects=True) assert b"the title | test" in rv.data data = { "csrf_token": csrf, "post": pid, "parent": "0", "comment": "the comment", } rv = client.post(url_for("do.create_comment", pid=pid), data=data, follow_redirects=True) assert b"the comment" in rv.data # Sender replies to the comment. rv = client.get(link, follow_redirects=True) data = { "csrf_token": csrf_token(rv.data), "post": pid, "parent": cid, "comment": "comment reply", } rv = client.post(url_for("do.create_comment", pid=pid), data=data, follow_redirects=True) log_out_current_user(client) # Depending on who is the mod of the sub, should these notifications # be visible when the receiver has the sender blocked? expected = {"sender": True, "receiver": True, "neither": False}[sub_mod] assert get_notification_count(receiver_uid)["notifications"] == ( 2 if expected else 0) # Receiver checks notifications. log_in_user(client, receiver) rv = client.get(url_for("messages.view_notifications")) assert (b"replied to your post" in rv.data) == expected assert (b"the comment" in rv.data) == expected assert (b"replied to your comment" in rv.data) == expected assert (b"comment reply" in rv.data) == expected # Receiver unblocks sender. data = { "csrf_token": csrf, "view_messages": "show", "view_content": "show", } rv = client.post(url_for("do.edit_ignore", uid=sender_uid), data=data, follow_redirects=True) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" # Receiver checks notifications. rv = client.get(url_for("messages.view_notifications")) assert b"replied to your post" in rv.data assert b"the comment" in rv.data assert b"replied to your comment" in rv.data assert b"comment reply" in rv.data # Notifications should be marked read. assert get_notification_count(receiver_uid)["notifications"] == 0
def test_settings_page(client, user_info): register_user(client, user_info) username = user_info["username"] assert client.get(url_for("user.edit_user", user=username)).status_code == 200
def test_invite_code_required_for_registration(client, user_info, user2_info): """If invite codes are required, trying to register without one will fail.""" register_user(client, user_info) promote_user_to_admin(client, user_info) # Enable invite codes. rv = client.get(url_for("admin.invitecodes")) data = dict(csrf_token=csrf_token(rv.data), enableinvitecode=True, minlevel=3, maxcodes=10) rv = client.post(url_for("do.use_invite_code"), data=data, follow_redirects=True) reply = json.loads(rv.data.decode("utf-8")) assert reply["status"] == "ok" # Create an invite code. rv = client.get(url_for("admin.invitecodes")) data = dict(csrf_token=csrf_token(rv.data), code="abcde", uses=10, expires="") client.post(url_for("admin.invitecodes"), data=data, follow_redirects=True) log_out_current_user(client) # Now try to register a new user without an invite code. rv = client.get(url_for("auth.register")) data = dict( csrf_token=csrf_token(rv.data), username=user2_info["username"], password=user2_info["password"], confirm=user2_info["password"], invitecode="", email_optional=user2_info["email"], accept_tos=True, captcha="xyzzy", ) rv = client.post(url_for("auth.register"), data=data, follow_redirects=True) assert b"Invalid invite code" in rv.data # Now try to register a new user with an incorrect invite code. rv = client.get(url_for("auth.register")) data = dict( csrf_token=csrf_token(rv.data), username=user2_info["username"], password=user2_info["password"], confirm=user2_info["password"], invitecode="xyzzy", email_optional=user2_info["email"], accept_tos=True, captcha="xyzzy", ) rv = client.post(url_for("auth.register"), data=data, follow_redirects=True) assert b"Invalid invite code" in rv.data # Now try to register a new user with a valid invite code. rv = client.get(url_for("auth.register")) data = dict( csrf_token=csrf_token(rv.data), username=user2_info["username"], password=user2_info["password"], confirm=user2_info["password"], invitecode="abcde", email_optional=user2_info["email"], accept_tos=True, captcha="xyzzy", ) rv = client.post(url_for("auth.register"), data=data, follow_redirects=True) assert b"Log out" in rv.data
def test_change_password_recovery_email(client, user_info): """The user can change their password recovery email.""" register_user(client, user_info) new_email = '*****@*****.**' assert new_email != user_info['email'] rv = client.get(url_for('user.edit_account')) data = dict(csrf_token=csrf_token(rv.data), oldpassword=user_info['password'], password='', confirm='') if email_validation_is_required(): data['email_required'] = new_email else: data['email_optional'] = new_email with mail.record_messages() as outbox: rv = client.post(url_for('do.edit_account'), data=data, follow_redirects=True) log_out_current_user(client) if email_validation_is_required(): message = outbox.pop() # Make sure that password recovery emails go to the former address # if the new one has not yet been confirmed. rv = client.get(url_for('user.password_recovery')) rv = client.post(url_for('user.password_recovery'), data=dict(csrf_token=csrf_token(rv.data), email=new_email, captcha='xyzzy')) assert len(outbox) == 0 rv = client.get(url_for('user.password_recovery')) rv = client.post(url_for('user.password_recovery'), data=dict(csrf_token=csrf_token(rv.data), email=user_info['email'], captcha='xyzzy')) assert outbox.pop().send_to == {user_info['email']} # Now click the confirm link. assert message.send_to == {new_email} soup = BeautifulSoup(message.html, 'html.parser') token = soup.a['href'].split('/')[-1] rv = client.get(url_for('user.confirm_email_change', token=token), follow_redirects=True) else: assert len(outbox) == 0 # Verify password recovery email goes to the right place. with mail.record_messages() as outbox: rv = client.get(url_for('user.password_recovery')) rv = client.post(url_for('user.password_recovery'), data=dict(csrf_token=csrf_token(rv.data), email=user_info['email'], captcha='xyzzy')) assert len(outbox) == 0 rv = client.get(url_for('user.password_recovery')) rv = client.post(url_for('user.password_recovery'), data=dict(csrf_token=csrf_token(rv.data), email=new_email, captcha='xyzzy')) assert outbox.pop().send_to == {new_email}
def test_change_password_recovery_email(client, user_info, test_config): """The user can change their password recovery email.""" register_user(client, user_info) new_email = "*****@*****.**" assert new_email != user_info["email"] rv = client.get(url_for("user.edit_account")) data = dict( csrf_token=csrf_token(rv.data), oldpassword=user_info["password"], password="", confirm="", ) if email_validation_is_required(): data["email_required"] = new_email else: data["email_optional"] = new_email with mail.record_messages() as outbox: rv = client.post(url_for("do.edit_account"), data=data, follow_redirects=True) log_out_current_user(client) if email_validation_is_required(): message = outbox.pop() # Make sure that password recovery emails go to the former address # if the new one has not yet been confirmed. rv = client.get(url_for("user.password_recovery")) rv = client.post( url_for("user.password_recovery"), data=dict(csrf_token=csrf_token(rv.data), email=new_email, captcha="xyzzy"), ) assert len(outbox) == 0 rv = client.get(url_for("user.password_recovery")) rv = client.post( url_for("user.password_recovery"), data=dict( csrf_token=csrf_token(rv.data), email=user_info["email"], captcha="xyzzy", ), ) assert outbox.pop().send_to == {user_info["email"]} # Now click the confirm link. assert message.send_to == {new_email} soup = BeautifulSoup(message.html, "html.parser") token = soup.a["href"].split("/")[-1] rv = client.get(url_for("user.confirm_email_change", token=token), follow_redirects=True) else: assert len(outbox) == 0 # Verify password recovery email goes to the right place. with mail.record_messages() as outbox: rv = client.get(url_for("user.password_recovery")) rv = client.post( url_for("user.password_recovery"), data=dict( csrf_token=csrf_token(rv.data), email=user_info["email"], captcha="xyzzy", ), ) assert len(outbox) == 0 rv = client.get(url_for("user.password_recovery")) rv = client.post( url_for("user.password_recovery"), data=dict(csrf_token=csrf_token(rv.data), email=new_email, captcha="xyzzy"), ) assert outbox.pop().send_to == {new_email}
def test_invite_code_required_for_registration(client, user_info, user2_info): "If invite codes are required, trying to register without one will fail." register_user(client, user_info) promote_user_to_admin(client, user_info) # Enable invite codes. rv = client.get(url_for('admin.invitecodes')) data = dict(csrf_token=csrf_token(rv.data), enableinvitecode=True, minlevel=3, maxcodes=10) rv = client.post(url_for('do.use_invite_code'), data=data, follow_redirects=True) reply = json.loads(rv.data.decode('utf-8')) assert reply['status'] == 'ok' # Create an invite code. rv = client.get(url_for('admin.invitecodes')) data = dict(csrf_token=csrf_token(rv.data), code="abcde", uses=10, expires='') rv = client.post(url_for('admin.invitecodes'), data=data, follow_redirects=True) log_out_current_user(client) # Now try to register a new user without an invite code. rv = client.get(url_for('auth.register')) data = dict(csrf_token=csrf_token(rv.data), username=user2_info['username'], password=user2_info['password'], confirm=user2_info['password'], invitecode='', email_optional=user2_info['email'], accept_tos=True, captcha='xyzzy') rv = client.post(url_for('auth.register'), data=data, follow_redirects=True) assert b'Invalid invite code' in rv.data # Now try to register a new user with an incorrect invite code. rv = client.get(url_for('auth.register')) data = dict(csrf_token=csrf_token(rv.data), username=user2_info['username'], password=user2_info['password'], confirm=user2_info['password'], invitecode='xyzzy', email_optional=user2_info['email'], accept_tos=True, captcha='xyzzy') rv = client.post(url_for('auth.register'), data=data, follow_redirects=True) assert b'Invalid invite code' in rv.data # Now try to register a new user with a valid invite code. rv = client.get(url_for('auth.register')) data = dict(csrf_token=csrf_token(rv.data), username=user2_info['username'], password=user2_info['password'], confirm=user2_info['password'], invitecode='abcde', email_optional=user2_info['email'], accept_tos=True, captcha='xyzzy') rv = client.post(url_for('auth.register'), data=data, follow_redirects=True) assert b'Log out' in rv.data
def test_logout_and_login_again(client, user_info): """A logged in user can log out and back in again.""" register_user(client, user_info) assert b"Log out" in client.get(url_for("home.index")).data log_out_current_user(client, verify=True) log_in_user(client, user_info, expect_success=True)