def test_retag_no_owner_remove(self): config = CharSettings({'disallow-others-tag-removal'}, {}, {}) owner = db_utils.create_user(config=config) tagger = db_utils.create_user() s = db_utils.create_submission(owner, rating=ratings.GENERAL.code) searchtag.associate(owner, {'orange'}, submitid=s) self.assertEqual( submission.select_view(owner, s, ratings.GENERAL.code)['tags'], ['orange']) searchtag.associate(tagger, {'apple', 'tomato'}, submitid=s) self.assertEqual( submission.select_view(owner, s, ratings.GENERAL.code)['tags'], ['apple', 'orange', 'tomato']) searchtag.associate(tagger, {'tomato'}, submitid=s) self.assertEqual( submission.select_view(owner, s, ratings.GENERAL.code)['tags'], ['orange', 'tomato']) searchtag.associate(owner, {'kale'}, submitid=s) self.assertEqual( submission.select_view(owner, s, ratings.GENERAL.code)['tags'], ['kale'])
def test_reply_when_blocked(app): user1 = db_utils.create_user(username='******') user2 = db_utils.create_user(username='******') session1 = db_utils.create_session(user1) session2 = db_utils.create_session(user2) app.post('/notes/compose', { 'recipient': 'user2', 'title': 'Title', 'content': 'Content', }, headers={'Cookie': session1}, status=303) app.post('/ignoreuser', { 'userid': str(user2), 'action': 'ignore', }, headers={'Cookie': session1}, status=303) def try_send(status): app.post('/notes/compose', { 'recipient': 'user1', 'title': 'Title', 'content': 'Content', }, headers={'Cookie': session2}, status=status) try_send(422) d.engine.execute("UPDATE profile SET config = config || 'z' WHERE userid = %(user)s", user=user1) try_send(422)
def test_block_user_homepage(app): """ Assert that changes to blocked users apply to the home page immediately. """ submitting_user1 = db_utils.create_user() submitting_user2 = db_utils.create_user() viewing_user = db_utils.create_user() db_utils.create_submission(submitting_user1, rating=ratings.GENERAL.code, subtype=1010) db_utils.create_submission(submitting_user2, rating=ratings.GENERAL.code, subtype=1010) cookie = db_utils.create_session(viewing_user) resp = app.get('/', headers={'Cookie': cookie}) assert len(resp.html.select('#home-art .thumb')) == 2 app.post('/ignoreuser', {'userid': str(submitting_user1), 'action': 'ignore'}, headers={'Cookie': cookie}, status=303) resp = app.get('/', headers={'Cookie': cookie}) assert len(resp.html.select('#home-art .thumb')) == 1 app.post('/ignoreuser', {'userid': str(submitting_user1), 'action': 'unignore'}, headers={'Cookie': cookie}, status=303) resp = app.get('/', headers={'Cookie': cookie}) assert len(resp.html.select('#home-art .thumb')) == 2
def test_moderators_and_above_can_add_restricted_tags_successfully(monkeypatch): """ Moderators (and admins, technical, and directors) can add restricted tags to content. Developers are not included in this test, as they are for all intents and purposes just normal user accounts. """ userid_owner = db_utils.create_user() mod_tag_adder = db_utils.create_user() monkeypatch.setattr(staff, 'MODS', frozenset([mod_tag_adder])) journalid = db_utils.create_journal(userid_owner) charid = db_utils.create_character(userid_owner) submitid = db_utils.create_submission(userid_owner) restricted_tag = searchtag.parse_restricted_tags("pearl") searchtag.edit_user_tag_restrictions(userid_owner, restricted_tag) searchtag.associate(mod_tag_adder, tags, submitid=submitid) searchtag.associate(mod_tag_adder, tags, charid=charid) searchtag.associate(mod_tag_adder, tags, journalid=journalid) # Verify that all tags were added successfully. 'pearl' is restricted. submission_tags = searchtag.select(submitid=submitid) assert tags == set(submission_tags) character_tags = searchtag.select(charid=charid) assert tags == set(character_tags) journal_tags = searchtag.select(journalid=journalid) assert tags == set(journal_tags)
def test_setting_alias_fails_if_target_alias_exists(): user_id = db_utils.create_user() user_id_existing = db_utils.create_user() d.engine.execute("INSERT INTO useralias VALUES (%(id)s, %(alias)s, 'p')", id=user_id_existing, alias="existingalias") with pytest.raises(WeasylError) as err: useralias.set(user_id, "existingalias") assert 'usernameExists' == err.value.value
def test_recently_popular(self): owner = db_utils.create_user() now = arrow.now() sub1 = db_utils.create_submission(owner, rating=ratings.GENERAL.code, unixtime=now - datetime.timedelta(days=6)) sub2 = db_utils.create_submission(owner, rating=ratings.GENERAL.code, unixtime=now - datetime.timedelta(days=4)) sub3 = db_utils.create_submission(owner, rating=ratings.GENERAL.code, unixtime=now - datetime.timedelta(days=2)) sub4 = db_utils.create_submission(owner, rating=ratings.GENERAL.code, unixtime=now) tag = db_utils.create_tag(u'tag') for s in [sub1, sub2, sub3, sub4]: db_utils.create_submission_tag(tag, s) for i in range(100): favoriter = db_utils.create_user() db_utils.create_favorite(favoriter, submitid=sub2, unixtime=now) recently_popular = submission.select_recently_popular() self.assertEqual([item['submitid'] for item in recently_popular], [sub2, sub4, sub3, sub1])
def test_friends_only(self): user1 = db_utils.create_user() user2 = db_utils.create_user() db_utils.create_submission(user1, rating=ratings.GENERAL.code, settings=CharSettings({'friends-only'}, {}, {})) # poster can view their submission self.assertEqual( 1, len(submission.select_list(user1, ratings.GENERAL.code, 10))) # but a non-friend or a non-logged in user cannot self.assertEqual( 0, len(submission.select_list(None, ratings.GENERAL.code, 10))) self.assertEqual( 0, len(submission.select_list(user2, ratings.GENERAL.code, 10))) # user with a pending friendship cannot view db_utils.create_friendship(user1, user2, settings=CharSettings({'pending'}, {}, {})) self.assertEqual( 0, len(submission.select_list(user2, ratings.GENERAL.code, 10))) # but a friend can d.sessionmaker().query(users.Friendship).delete() db_utils.create_friendship(user1, user2) self.assertEqual( 1, len(submission.select_list(user2, ratings.GENERAL.code, 10)))
def test_passwordInsecure_WeasylError_if_password_length_insufficient(): db_utils.create_user(email_addr=email_addr, username=user_name) password = '' form = Bag(email=email_addr, username=user_name, day=arrow.now().day, month=arrow.now().month, year=arrow.now().year, token=token, password=password, passcheck=password) # Considered insecure... for i in range(0, login._PASSWORD): with pytest.raises(WeasylError) as err: resetpassword.reset(form) assert 'passwordInsecure' == err.value.value password += 'a' form.password = password form.passcheck = password # Considered secure... password += 'a' form.password = password form.passcheck = password # Success at WeasylError/forgotpasswordRecordMissing; we didn't make one yet with pytest.raises(WeasylError) as err: resetpassword.reset(form) assert 'forgotpasswordRecordMissing' == err.value.value
def test_edit_global_tag_restrictions_when_user_is_not_a_director_fails(monkeypatch): normal_user_id = db_utils.create_user() developer_user_id = db_utils.create_user() mod_user_id = db_utils.create_user() admin_user_id = db_utils.create_user() technical_user_id = db_utils.create_user() monkeypatch.setattr(staff, 'DEVELOPERS', frozenset([developer_user_id])) monkeypatch.setattr(staff, 'MODS', frozenset([mod_user_id])) monkeypatch.setattr(staff, 'ADMINS', frozenset([admin_user_id])) monkeypatch.setattr(staff, 'TECHNICAL', frozenset([technical_user_id])) # Function under test; users and staff (except director) should error with pytest.raises(WeasylError) as err: searchtag.edit_global_tag_restrictions(normal_user_id, combined_tags) assert 'InsufficientPermissions' == err.value.value with pytest.raises(WeasylError) as err: searchtag.edit_global_tag_restrictions(developer_user_id, combined_tags) assert 'InsufficientPermissions' == err.value.value with pytest.raises(WeasylError) as err: searchtag.edit_global_tag_restrictions(mod_user_id, combined_tags) assert 'InsufficientPermissions' == err.value.value with pytest.raises(WeasylError) as err: searchtag.edit_global_tag_restrictions(admin_user_id, combined_tags) assert 'InsufficientPermissions' == err.value.value with pytest.raises(WeasylError) as err: searchtag.edit_global_tag_restrictions(technical_user_id, combined_tags) assert 'InsufficientPermissions' == err.value.value
def test_blocked_tag(self): user1 = db_utils.create_user() user2 = db_utils.create_user() # submission s1 has a walrus in it, but user2 does not like walruses s1 = db_utils.create_submission(user1, rating=ratings.GENERAL.code) tag1 = db_utils.create_tag("walrus") db_utils.create_submission_tag(tag1, s1) db_utils.create_blocktag(user2, tag1, ratings.GENERAL.code) self.assertEqual( 0, len(submission.select_list(user2, ratings.GENERAL.code, 10))) # submission s2 has a penguin in it. user2 does not want to see penguins in # adult circumstances, but s2 is general, so visibility is OK s2 = db_utils.create_submission(user1, rating=ratings.GENERAL.code) tag2 = db_utils.create_tag("penguin") db_utils.create_submission_tag(tag2, s2) db_utils.create_blocktag(user2, tag2, ratings.EXPLICIT.code) self.assertEqual( 1, len(submission.select_list(user2, ratings.EXPLICIT.code, 10))) # submission s3 has penguins on it in adult situations, but User2 # is okay with that if it's one of User2's own submissions. s3 = db_utils.create_submission(user2, rating=ratings.EXPLICIT.code) db_utils.create_submission_tag(tag2, s3) self.assertEqual( 2, len(submission.select_list(user2, ratings.EXPLICIT.code, 10)))
def test_reply_to_restricted_notes(app): user1 = db_utils.create_user(username='******') user2 = db_utils.create_user(username='******') session1 = db_utils.create_session(user1) session2 = db_utils.create_session(user2) d.engine.execute( "UPDATE profile SET config = config || 'z' WHERE userid = %(user)s", user=user1) def try_send(status): app.post('/notes/compose', { 'recipient': 'user1', 'title': 'Title', 'content': 'Content', }, headers={'Cookie': session2}, status=status) try_send(422) app.post('/notes/compose', { 'recipient': 'user2', 'title': 'Title', 'content': 'Content', }, headers={'Cookie': session1}, status=303) try_send(303)
def test_attempt_setting_tags_when_some_tags_have_been_restricted(): """ Verify that tags are excluded from being added to a submission's tags if the tag is restricted """ userid_owner = db_utils.create_user() userid_tag_adder = db_utils.create_user() journalid = db_utils.create_journal(userid_owner) charid = db_utils.create_character(userid_owner) submitid = db_utils.create_submission(userid_owner) restricted_tag = searchtag.parse_restricted_tags("pearl") searchtag.edit_user_tag_restrictions(userid_owner, restricted_tag) searchtag.associate(userid_tag_adder, tags, submitid=submitid) searchtag.associate(userid_tag_adder, tags, charid=charid) searchtag.associate(userid_tag_adder, tags, journalid=journalid) # Verify that the "pearl" tag was not added submission_tags = searchtag.select(submitid=submitid) assert tags_two == set(submission_tags) character_tags = searchtag.select(charid=charid) assert tags_two == set(character_tags) journal_tags = searchtag.select(journalid=journalid) assert tags_two == set(journal_tags)
def test_search_blocked_tags(db, rating, block_rating): owner = db_utils.create_user() viewer = db_utils.create_user() allowed_tag = db_utils.create_tag('walrus') blocked_tag = db_utils.create_tag('penguin') db_utils.create_blocktag(viewer, blocked_tag, block_rating.code) s1 = db_utils.create_submission(owner, rating=rating.code) db_utils.create_submission_tag(allowed_tag, s1) db_utils.create_submission_tag(blocked_tag, s1) s2 = db_utils.create_submission(owner, rating=rating.code) db_utils.create_submission_tag(allowed_tag, s2) s3 = db_utils.create_submission(owner, rating=rating.code) db_utils.create_submission_tag(blocked_tag, s3) def check(term, n_results): results, _, _ = search.select( search=search.Query.parse(term, 'submit'), userid=viewer, rating=ratings.EXPLICIT.code, limit=100, cat=None, subcat=None, within='', backid=None, nextid=None) assert len(results) == n_results if rating < block_rating: check(u'walrus', 2) check(u'penguin', 2) else: check(u'walrus', 1) check(u'penguin', 0)
def test_login_fails_for_incorrect_credentials(): random_password = "******" db_utils.create_user(password=random_password, username=user_name) another_random_password = "******" result = login.authenticate_bcrypt(username=user_name, password=another_random_password) assert result == (0, 'invalid')
def test_blacklist_homepage(app): """ Assert that changes to the blacklist apply to the home page immediately. """ submitting_user = db_utils.create_user() viewing_user = db_utils.create_user() tag1 = db_utils.create_tag('walrus') tag2 = db_utils.create_tag('penguin') s1 = db_utils.create_submission(submitting_user, rating=ratings.GENERAL.code, subtype=1010) db_utils.create_submission_tag(tag1, s1) s2 = db_utils.create_submission(submitting_user, rating=ratings.GENERAL.code, subtype=1010) db_utils.create_submission_tag(tag2, s2) cookie = db_utils.create_session(viewing_user) resp = app.get('/', headers={'Cookie': cookie}) assert len(resp.html.select('#home-art .thumb')) == 2 app.post('/manage/tagfilters', {'title': 'walrus', 'rating': str(ratings.GENERAL.code), 'do': 'create'}, headers={'Cookie': cookie}, status=303) resp = app.get('/', headers={'Cookie': cookie}) assert len(resp.html.select('#home-art .thumb')) == 1 app.post('/manage/tagfilters', {'title': 'walrus', 'rating': str(ratings.GENERAL.code), 'do': 'remove'}, headers={'Cookie': cookie}, status=303) resp = app.get('/', headers={'Cookie': cookie}) assert len(resp.html.select('#home-art .thumb')) == 2
def test_edit_global_tag_restrictions_when_user_is_not_a_director_fails( monkeypatch): normal_user_id = db_utils.create_user() developer_user_id = db_utils.create_user() mod_user_id = db_utils.create_user() admin_user_id = db_utils.create_user() technical_user_id = db_utils.create_user() monkeypatch.setattr(staff, 'DEVELOPERS', frozenset([developer_user_id])) monkeypatch.setattr(staff, 'MODS', frozenset([mod_user_id])) monkeypatch.setattr(staff, 'ADMINS', frozenset([admin_user_id])) monkeypatch.setattr(staff, 'TECHNICAL', frozenset([technical_user_id])) # Function under test; users and staff (except director) should error with pytest.raises(WeasylError) as err: searchtag.edit_global_tag_restrictions(normal_user_id, combined_tags) assert 'InsufficientPermissions' == err.value.value with pytest.raises(WeasylError) as err: searchtag.edit_global_tag_restrictions(developer_user_id, combined_tags) assert 'InsufficientPermissions' == err.value.value with pytest.raises(WeasylError) as err: searchtag.edit_global_tag_restrictions(mod_user_id, combined_tags) assert 'InsufficientPermissions' == err.value.value with pytest.raises(WeasylError) as err: searchtag.edit_global_tag_restrictions(admin_user_id, combined_tags) assert 'InsufficientPermissions' == err.value.value with pytest.raises(WeasylError) as err: searchtag.edit_global_tag_restrictions(technical_user_id, combined_tags) assert 'InsufficientPermissions' == err.value.value
def test_passwordMismatch_WeasylError_if_supplied_passwords_dont_match(): db_utils.create_user(email_addr=email_addr, username=user_name) form = Bag(email=email_addr, username=user_name, day=arrow.now().day, month=arrow.now().month, year=arrow.now().year, token=token, password='******', passcheck='asd') with pytest.raises(WeasylError) as err: resetpassword.reset(form) assert 'passwordMismatch' == err.value.value
def test_usernames_must_be_unique(): db_utils.create_user(username=user_name, email_addr="*****@*****.**") form = Bag(username=user_name, password='******', passcheck='0123456789', email=email_addr, emailcheck=email_addr, day='12', month='12', year=arrow.now().year - 19) with pytest.raises(WeasylError) as err: login.create(form) assert 'usernameExists' == err.value.value
def setUp(self): self.user1 = db_utils.create_user() self.user2 = db_utils.create_user() self.friend1 = db_utils.create_user() db_utils.create_friendship(self.user1, self.friend1) self.count = 20 self.pivot = 5 s = db_utils.create_characters(self.count, self.user1, ratings.GENERAL.code) self.pivotid = s[self.pivot]
def setUp(self): self.user1 = db_utils.create_user() self.user2 = db_utils.create_user() self.friend1 = db_utils.create_user() db_utils.create_friendship(self.user1, self.friend1) self.count = 20 self.pivot = 5 s = db_utils.create_journals(self.count, self.user1, ratings.GENERAL.code) self.pivotid = s[self.pivot]
def test_forgotpasswordRecordMissing_WeasylError_if_reset_record_not_found(): db_utils.create_user(email_addr=email_addr, username=user_name) password = '******' form = Bag(email=email_addr, username=user_name, day=arrow.now().day, month=arrow.now().month, year=arrow.now().year, token=token, password=password, passcheck=password) # Technically we did this in the above test, but for completeness, target it alone with pytest.raises(WeasylError) as err: resetpassword.reset(form) assert 'forgotpasswordRecordMissing' == err.value.value
def test_content_view_twice(db, create_func, model, feature): """ Two users viewing the same content increments the view count twice. """ user1 = db_utils.create_user() user2 = db_utils.create_user() thing = create_func() assert d.common_view_content(user1, thing, feature) assert d.common_view_content(user2, thing, feature) assert db.query(model).get(thing).page_views == 2
def test_email_must_match_email_stored_in_DB(): user_name = "test" email_addr = "*****@*****.**" db_utils.create_user(email_addr=email_addr, username=user_name) email_addr = "*****@*****.**" form = Bag(email=email_addr, username=user_name, day=arrow.now().day, month=arrow.now().month, year=arrow.now().year) with pytest.raises(WeasylError) as err: resetpassword.request(form) assert 'emailInvalid' == err.value.value
def test_insert_ignores(self): user1 = db_utils.create_user() user2 = db_utils.create_user() # user1 ignores user2 db_utils.create_ignoreuser(user1, user2) # attempts to follow in either direction throw a WeasylError self.assertRaises(WeasylError, followuser.insert, user1, user2) self.assertRaises(WeasylError, followuser.insert, user2, user1) self.assertFalse(profile.select_relation(user1, user2)["follow"]) self.assertFalse(profile.select_relation(user2, user1)["follower"])
def setUp(self): self.user1 = db_utils.create_user() self.user2 = db_utils.create_user() self.count = 20 self.pivot = 5 s = db_utils.create_submissions(self.count, self.user1, ratings.GENERAL.code) self.pivotid = s[self.pivot] f = [] time = 100 for submitid in s: time = time + 1 f.append(db_utils.create_favorite(self.user2, submitid, 's', unixtime=arrow.get(time)))
def test_mutual_follow(self): user1 = db_utils.create_user() user2 = db_utils.create_user() # user1 watches user2 followuser.insert(user1, user2) # user2 watches user1 followuser.insert(user2, user1) self.assertTrue(profile.select_relation(user1, user2)["follow"]) self.assertTrue(profile.select_relation(user2, user1)["follower"]) self.assertTrue(profile.select_relation(user2, user1)["follow"]) self.assertTrue(profile.select_relation(user1, user2)["follower"])
def test_insert_s_only(self, followuser_insert, followuser_remove, get_config): user1 = db_utils.create_user() user2 = db_utils.create_user() get_config.side_effect = lambda userid: "s" # user1 watches user2 followuser.insert(user1, user2) self.assertTrue(profile.select_relation(user1, user2)["follow"]) self.assertTrue(profile.select_relation(user2, user1)["follower"]) self.assertEqual(1, d.sessionmaker().query(orm.Follow).count()) followuser_remove.assert_called_once_with(user1, user2) followuser_insert.assert_called_once_with(user1, user2) self.assertEqual("s", d.sessionmaker().query(orm.Follow).first().settings)
def test_create_notifications(app, monkeypatch): admin_user = db_utils.create_user() normal_user = db_utils.create_user() admin_cookie = db_utils.create_session(admin_user) monkeypatch.setattr(staff, 'ADMINS', frozenset([admin_user])) resp = app.post('/admincontrol/siteupdate', _FORM, headers={'Cookie': admin_cookie}).follow() assert resp.html.find(None, 'content').h3.string == _FORM['title'] normal_cookie = db_utils.create_session(normal_user) resp = app.get('/messages/notifications', headers={'Cookie': normal_cookie}) assert list(resp.html.find(id='header-messages').find(title='Notifications').stripped_strings)[1] == '1' assert resp.html.find(id='site_updates').find(None, 'item').a.string == _FORM['title']
def test_create_fails_if_another_account_has_email_linked_to_their_account(): """ Test checks to see if an email is tied to an active user account. If so, login.create() will not permit another account to be made for the same address. """ db_utils.create_user(username=user_name, email_addr=email_addr) form = Bag(username=user_name, password='******', passcheck='0123456789', email=email_addr, emailcheck=email_addr, day='12', month='12', year=arrow.now().year - 19) with pytest.raises(WeasylError) as err: login.create(form) assert 'emailExists' == err.value.value
def test_ignored_user(self): user1 = db_utils.create_user() user2 = db_utils.create_user() db_utils.create_submission(user1, rating=ratings.GENERAL.code) # can view the submission self.assertEqual( 1, len(submission.select_list(user2, ratings.GENERAL.code, 10))) # user2 blocks user1 db_utils.create_ignoreuser(user2, user1) # user2 can no longer view the submission self.assertEqual( 0, len(submission.select_list(user2, ratings.GENERAL.code, 10))) # but a non-logged in user can self.assertEqual( 1, len(submission.select_list(None, ratings.GENERAL.code, 10)))
def test_create_fails_if_another_account_has_email_linked_to_their_account(): """ Test checks to see if an email is tied to an active user account. If so, login.create() will not permit another account to be made for the same address. """ db_utils.create_user(username=user_name, email_addr=email_addr) form = Bag(username="******", password='******', passcheck='0123456789', email=email_addr, emailcheck=email_addr, day='12', month='12', year=arrow.now().year - 19) login.create(form) query = d.engine.scalar(""" SELECT username FROM logincreate WHERE username = %(username)s AND invalid IS TRUE """, username=form.username) assert query == "user"
def test_filters(self): # Test filters of the following: # userid, folderid, category, hidden user1 = db_utils.create_user() user2 = db_utils.create_user() folder = db_utils.create_folder(user1) db_utils.create_submission(user1, rating=ratings.GENERAL.code, folderid=folder) db_utils.create_submission(user1, rating=ratings.GENERAL.code, subtype=1010) db_utils.create_submission(user1, rating=ratings.GENERAL.code, settings=CharSettings({'hidden'}, {}, {})) db_utils.create_submission(user2, rating=ratings.GENERAL.code) self.assertEqual(3, len(submission.select_list(user1, ratings.EXPLICIT.code, 10))) self.assertEqual(1, len(submission.select_list(user1, ratings.EXPLICIT.code, 10, otherid=user2))) self.assertEqual(1, len(submission.select_list(user1, ratings.EXPLICIT.code, 10, folderid=folder))) self.assertEqual(1, len(submission.select_list(user1, ratings.EXPLICIT.code, 10, subcat=1010)))
def test_remove(self, followuser_remove): user1 = db_utils.create_user() user2 = db_utils.create_user() # user1 watches user2 followuser.insert(user1, user2) self.assertEqual(1, d.sessionmaker().query(orm.Follow).count()) followuser_remove.reset_mock() # user1 changed their mind followuser.remove(user1, user2) self.assertFalse(profile.select_relation(user1, user2)["follow"]) self.assertFalse(profile.select_relation(user2, user1)["follower"]) self.assertEqual(0, d.sessionmaker().query(orm.Follow).count()) followuser_remove.assert_called_once_with(user1, user2)
def test_update(self): user1 = db_utils.create_user() user2 = db_utils.create_user() # user1 watches user2 followuser.insert(user1, user2) # user1 updates watch settings followuser.update(user1, user2, followuser.WatchSettings.from_code("cf")) self.assertEqual("cf", d.sessionmaker().query(orm.Follow).first().settings) # again followuser.update(user1, user2, followuser.WatchSettings.from_code("st")) self.assertTrue(profile.select_relation(user1, user2)["follow"]) self.assertTrue(profile.select_relation(user2, user1)["follower"]) self.assertEqual("st", d.sessionmaker().query(orm.Follow).first().settings)
def test_commish_search(args, result_order): # searcher u1 = db_utils.create_user(username="******") # user open for commissions create_commish_searchable_user("u2", submittime=arrow.now()) # user sometimes open for commissions (should behave same as above) create_commish_searchable_user("u3", commish_status='s', submittime=arrow.now() - datetime.timedelta(days=1)) # user open for commissions, with blacklisted tags u4 = create_commish_searchable_user("u4", submittime=arrow.now() - datetime.timedelta(days=2)) searchtag.associate(u4, optout_tags_userid=u4, tags={'cat'}) # user with a different commish class and a preference tag u5 = create_commish_searchable_user("u5", commishclass="sketch", submittime=arrow.now() - datetime.timedelta(days=3)) searchtag.associate(u5, preferred_tags_userid=u5, tags={'cat'}) # user with a different price create_commish_searchable_user("u6", minprice="100.0", maxprice="100.0", submittime=arrow.now() - datetime.timedelta(days=4)) results = commishinfo.select_commissionable(userid=u1, limit=10, offset=0, **args) rids = [r['username'] for r in results] assert rids == result_order
def test_viewing_own_profile(db): """ Viewing one's own profile does not increment the view count. """ user = db_utils.create_user() assert not d.common_view_content(user, user, 'profile') assert db.query(users.Profile).get(user).page_views == 0
def test_submission_search(db, term, n_results): user = db_utils.create_user() tag1 = db_utils.create_tag('walrus') tag2 = db_utils.create_tag('penguin') s1 = db_utils.create_submission(user, rating=ratings.GENERAL.code) db_utils.create_submission_tag(tag1, s1) db_utils.create_submission_tag(tag2, s1) s2 = db_utils.create_submission(user, rating=ratings.EXPLICIT.code) db_utils.create_submission_tag(tag1, s2) s3 = db_utils.create_submission(user, rating=ratings.GENERAL.code) db_utils.create_submission_tag(tag2, s3) s4 = db_utils.create_submission(user, rating=ratings.GENERAL.code) db_utils.create_submission_tag(tag2, s4) results, _, _ = search.select(search=search.Query.parse(term, 'submit'), userid=user, rating=ratings.EXPLICIT.code, limit=100, cat=None, subcat=None, within='', backid=None, nextid=None) assert len(results) == n_results
def test_login_fails_for_invalid_auth_and_logs_failure_if_mod_account( tmpdir, monkeypatch): # Required: Monkeypatch the log directory, and the staff.MODS frozenset monkeypatch.setenv(macro.MACRO_SYS_LOG_PATH, tmpdir + "/") log_path = '%s%s.%s.log' % (macro.MACRO_SYS_LOG_PATH, 'login.fail', d.get_timestamp()) user_id = db_utils.create_user(username='******', password=raw_password) # Set the moderators in libweasyl/staff.py via monkeypatch monkeypatch.setattr(staff, 'MODS', frozenset([user_id])) # Ensure we are actually writing to the file by counting the file's lines prerun_loglines = 0 # The file might not exist; this is fine; ignore try: with open(log_path, 'r') as log: for line in log: prerun_loglines += 1 log.close() except IOError: pass postrun_loglines = 0 # Item under test result = login.authenticate_bcrypt(username='******', password='******', request=None) # Verify we are writing to the log file as expected with open(log_path, 'r') as log: for line in log: postrun_loglines += 1 last_line = line log.close() last_line_dict = json.loads(last_line) assert postrun_loglines > prerun_loglines assert last_line_dict['userid'] == user_id assert result == (0, 'invalid')
def test_commish_search_invalid(): # searcher u1 = db_utils.create_user(username="******") # user not open for commissions, but with submissions and commish classes defined create_commish_searchable_user("u2", commish_status='c') # user open for commission but without any commish classes u3 = create_commish_searchable_user("u3") classid = commishinfo.select_list(u3)["class"][0]["classid"] commishinfo.remove_class(u3, classid) # user meets all requirements, but is suspended u4 = create_commish_searchable_user("u4") db_utils.create_suspenduser(u4, "", d.get_time() + 604800) # user meets all requirements, but is banned u5 = create_commish_searchable_user("u5") db_utils.create_banuser(u5, "") # user meets all requirements, but is ignored by searching user u6 = create_commish_searchable_user("u6") db_utils.create_ignoreuser(u1, u6) results = commishinfo.select_commissionable(userid=u1, limit=10, offset=0, q="", commishclass="", min_price=None, max_price=None, currency='') assert not results
def test_user_change_changes_token(app): user = db_utils.create_user(username='******', password='******') resp = app.get('/') old_cookie = app.cookies['WZL'] csrf = resp.html.find('html')['data-csrf-token'] resp = app.get('/') assert resp.html.find('html')['data-csrf-token'] == csrf resp = app.post('/signin', {'token': csrf, 'username': '******', 'password': '******'}) new_cookie = app.cookies['WZL'] resp = resp.follow() new_csrf = resp.html.find('html')['data-csrf-token'] assert new_cookie != old_cookie assert new_csrf != csrf sessionid = d.engine.scalar("SELECT sessionid FROM sessions WHERE userid = %(user)s", user=user) assert sessionid is not None resp = app.get('/signout?token=' + new_csrf[:8]) new_cookie_2 = app.cookies['WZL'] resp = resp.follow() new_csrf_2 = resp.html.find('html')['data-csrf-token'] assert new_cookie_2 != new_cookie assert new_cookie_2 != old_cookie assert new_csrf_2 != new_csrf assert new_csrf_2 != csrf assert not d.engine.scalar("SELECT EXISTS (SELECT 0 FROM sessions WHERE sessionid = %(id)s)", id=sessionid)