def test_delete_user(self):
a = push_dummy_user('a', 'a')
b = push_dummy_user('b', 'b')
list_ = push_dummy_list(a, 'list_')
d = list_.get_or_create_days()
e = Entry(day_id=d[0].id)
ls = ListSettings(list_id=list_.id, user_id=a.id)
s = ListPermission(list_id=list_.id, user_id=b.id)
db.session.add_all([e, ls, s])
db.session.commit()
self.assertEqual(User.query.first(), a)
self.assertEqual(List.query.first(), list_)
self.assertEqual(Entry.query.first(), e)
self.assertEqual(Day.query.first(), d[0])
self.assertEqual(ListSettings.query.first(), ls)
self.assertEqual(ListPermission.query.filter_by(
user_id=b.id).first(), s)
db.session.delete(a)
db.session.commit()
self.assertEqual(User.query.first(), b)
self.assertEqual(List.query.first(), None)
self.assertEqual(Entry.query.first(), None)
self.assertEqual(Day.query.first(), None)
self.assertEqual(ListSettings.query.first(), None)
self.assertEqual(ListPermission.query.filter_by(
user_id=a.id).first(), None)
def test_get_shares(self):
u = push_dummy_user()
v = push_dummy_user('test', 'test')
push_dummy_list(u, 'TestyList')
with self.test_client:
self.login(u.username)
rsp = self.test_client.get('/api/lists/1/shares')
data = rsp.get_json()
self.assertEqual(rsp.status, '200 OK')
self.assertEqual(data, [{
'id': 1,
'username': '******',
'permission_level': 'owner'
}])
list_ = List.query.first()
v = User.query.filter_by(username='******').first()
db.session.add(
ListPermission(list_id=list_.id,
user_id=v.id,
permission_level='member'))
db.session.commit()
rsp = self.test_client.get('/api/lists/1/shares')
data = rsp.get_json()
self.assertEqual(rsp.status, '200 OK')
self.assertEqual(data, [{
'id': 1,
'username': '******',
'permission_level': 'owner'
}, {
'id': 2,
'username': '******',
'permission_level': 'member'
}])
def test_entries_access_control(self):
u = push_dummy_user()
no_access_user = push_dummy_user(email='test', username='******')
push_dummy_list(u, 'TestyList')
with self.test_client:
self.login(u.username)
rsp = self.test_client.get('/api/entries')
data = rsp.get_json()
self.assertEqual(rsp.status, '200 OK')
self.logout()
with self.test_client:
no_access_user = User.query.filter_by(username='******').first()
self.login(no_access_user.username)
rsp = self.test_client.get('/api/entries')
data = rsp.get_json()
self.assertEqual(rsp.status, '200 OK')
self.assertEqual(data, [])
rsp = self.test_client.get('/api/lists/1/entries')
self.assertEqual(rsp.status, '403 FORBIDDEN')
rsp = self.test_client.patch('/api/entries/1')
self.assertEqual(rsp.status, '403 FORBIDDEN')
def test_delete_users(self):
u = push_dummy_user('user1', 'user1')
push_dummy_user('user2', 'user2')
# can't delete user when not authenticated
rsp = self.test_client.delete('/api/users/1')
self.assertEqual(rsp.status, '401 UNAUTHORIZED')
push_dummy_list(u, 'TestyList')
with self.test_client:
self.login(u.username)
# can't delete user that does not exist
rsp = self.test_client.delete('/api/users/10')
self.assertEqual(rsp.status, '404 NOT FOUND')
# can't delete another user
rsp = self.test_client.delete('/api/users/2')
self.assertEqual(rsp.status, '403 FORBIDDEN')
# can delete self
rsp = self.test_client.delete('/api/users/1')
self.assertEqual(rsp.status, '401 UNAUTHORIZED')
data = rsp.get_json()
self.assertEqual(data['msg'], 'User deleted')
with self.test_client:
self.login('user2')
rsp = self.test_client.get('/api/users')
data = rsp.get_json()
self.assertFalse('user1' in [i['username'] for i in data])
self.assertTrue('user2' in [i['username'] for i in data])
def test_delete_share(self):
u = push_dummy_user()
v = push_dummy_user('test', 'test')
push_dummy_list(u, 'TestyList')
with self.test_client:
self.login(u.username)
# set up the new share
list_ = List.query.first()
v = User.query.filter_by(username='******').first()
db.session.add(
ListPermission(list_id=list_.id,
user_id=v.id,
permission_level='member'))
db.session.commit()
listperm = ListPermission.query.filter_by(user_id=v.id).first()
# delete the share
rsp = self.test_client.delete('/api/lists/1/shares/' +
str(listperm.id))
data = rsp.get_json()
self.assertEqual(rsp.status, '200 OK')
self.assertEqual(data, [{
'id': 1,
'username': '******',
'permission_level': 'owner'
}])
# and now it's gone
rsp = self.test_client.delete('/api/lists/1/shares/' +
str(listperm.id))
self.assertEqual(rsp.status, '404 NOT FOUND')
def test_delete_list(self, mock_get_settings):
mock_get_settings.return_value = ListSettings(
start_day_of_week=-1, days_to_display=7)
a = push_dummy_user('a', 'a')
b = push_dummy_user('b', 'b')
list_ = push_dummy_list(a, 'list_')
d = list_.get_or_create_days()
e = Entry(day_id=d[0].id)
ls = ListSettings(list_id=list_.id, user_id=a.id)
s = ListPermission(
list_id=list_.id, permission_level='member', user_id=b.id)
db.session.add_all([e, ls, s])
db.session.commit()
self.assertEqual(List.query.first(), list_)
self.assertEqual(Entry.query.first(), e)
self.assertEqual(Day.query.first(), d[0])
self.assertEqual(ListSettings.query.first(), ls)
self.assertEqual(ListPermission.query.filter_by(
user_id=b.id).first(), s)
db.session.delete(list_)
db.session.commit()
self.assertEqual(List.query.first(), None)
self.assertEqual(Entry.query.first(), None)
self.assertEqual(Day.query.first(), None)
self.assertEqual(ListSettings.query.first(), None)
self.assertEqual(ListPermission.query.first(), None)
def test_auth_login_logout(self):
push_dummy_user()
rsp = self.test_client.get('/api/auth/user')
self.assertEqual(rsp.status, '401 UNAUTHORIZED')
with self.test_client:
rsp = self.login('doodle')
self.assertEqual(rsp.status, '200 OK')
rsp = self.test_client.get('/api/auth/user')
self.assertEqual(rsp.status, '200 OK')
data = rsp.get_json()
self.assertEqual(
data, {
'msg': 'Session still valid',
'email': '*****@*****.**',
'firstname': None,
'id': 1,
'lastname': None,
'username': '******'
})
self.logout()
rsp = self.test_client.get('/api/auth/user')
self.assertEqual(rsp.status, '401 UNAUTHORIZED')
def test_put_list_settings_for_other_users_list(self):
u = push_dummy_user()
no_access_user = push_dummy_user(email='test', username='******')
push_dummy_list(u, 'TestyList')
with self.test_client:
self.login(no_access_user.username)
rsp = self.test_client.put('/api/lists/1/settings',
json=dict(days_to_display=5,
start_day_of_week="Friday"))
self.assertEqual(rsp.status, '403 FORBIDDEN')
def test_list_get_settings_for_user(self):
a = push_dummy_user('a', 'a')
b = push_dummy_user('b', 'b')
list_ = push_dummy_list(a, 'list_')
ls = ListSettings(list_id=list_.id, user_id=a.id,
start_day_of_week=6, days_to_display=21)
db.session.add(ls)
db.session.commit()
self.assertEqual(list_.get_settings_for_user(a), ls)
self.assertTrue(list_.get_settings_for_user(b).start_day_of_week == -1)
self.assertTrue(list_.get_settings_for_user(b).days_to_display == 7)
def test_repr_listpermission(self):
a = push_dummy_user('a', 'a')
b = push_dummy_user('b', 'b')
list_ = push_dummy_list(a, 'list_')
lpm = ListPermission(list_id=list_.id,
user_id=b.id,
permission_level='member')
db.session.add(lpm)
db.session.commit()
self.assertEqual(
lpm.__repr__(),
'<ListPermission 2 of List list_ to User b at level member>')
def test_days_access_control(self):
u = push_dummy_user()
no_access_user = push_dummy_user(email='test', username='******')
push_dummy_list(u, 'TestyList')
with self.test_client:
self.login(no_access_user.username)
rsp = self.test_client.get('/api/days')
data = rsp.get_json()
self.assertEqual(rsp.status, '200 OK')
self.assertEqual(data, [])
rsp = self.test_client.get('/api/lists/1/days')
self.assertEqual(rsp.status, '403 FORBIDDEN')
def test_patch_meals(self):
u = push_dummy_user()
push_dummy_list(u, 'TestyList')
with self.test_client:
self.login(u.username)
rsp = self.test_client.post('/api/lists/1/meals',
json=dict(name="MyMeal"))
self.assertEqual(rsp.status, '201 CREATED')
rsp = self.test_client.patch('/api/lists/1/meals/1',
json=dict(name="NEW_STUFF"))
self.assertEqual(rsp.status, '200 OK')
data = rsp.get_json()
self.assertEqual(data, [{'id': 1, 'name': 'NEW_STUFF'}])
rsp = self.test_client.patch('/api/lists/1/meals/1',
json=dict(no_name="NEW_STUFF"))
self.assertEqual(rsp.status, '400 BAD REQUEST')
rsp = self.test_client.patch('/api/lists/1/meals/1',
data=dict(name="NEW_STUFF"))
self.assertEqual(rsp.status, '400 BAD REQUEST')
rsp = self.test_client.patch('/api/lists/1/meals/6',
json=dict(name="NEW_STUFF"))
self.assertEqual(rsp.status, '404 NOT FOUND')
def test_get_days_limit(self):
u = push_dummy_user()
push_dummy_list(u, 'TestyList')
with self.test_client:
self.login(u.username)
rsp = self.test_client.get('/api/days?limit=1')
data = rsp.get_json()
self.assertEqual(rsp.status, '200 OK')
self.assertEqual(data, [{
'id': 1,
'day': date.today().isoformat(),
'entries': [1, 2]
}])
rsp = self.test_client.get('/api/days?limit=30')
data = rsp.get_json()
self.assertEqual(rsp.status, '400 BAD REQUEST')
rsp = self.test_client.get('/api/lists/1/days?limit=1')
data = rsp.get_json()
self.assertEqual(rsp.status, '200 OK')
self.assertEqual(
data,
[{
'id': 1,
'day': date.today().strftime('%a, %d %b %Y 00:00:00 GMT'),
'entries': [1, 2]
}])
rsp = self.test_client.get('/api/lists/1/days?limit=30')
data = rsp.get_json()
self.assertEqual(rsp.status, '400 BAD REQUEST')
def test_days_member_access(self):
u = push_dummy_user()
shared_to_user = push_dummy_user(email='test', username='******')
list_ = push_dummy_list(u, 'TestyList')
db.session.add(
ListPermission(list_id=list_.id,
user_id=shared_to_user.id,
permission_level='member'))
db.session.commit()
with self.test_client:
self.login(shared_to_user.username)
rsp = self.test_client.get('/api/days')
data = rsp.get_json()
self.assertEqual(rsp.status, '200 OK')
self.assertEqual(data[0]['day'], date.today().isoformat())
def test_patch_entries(self):
u = push_dummy_user()
push_dummy_list(u, 'TestyList')
with self.test_client:
self.login(u.username)
rsp = self.test_client.get('/api/entries')
data = rsp.get_json()
self.assertEqual(rsp.status, '200 OK')
self.assertTrue(len(data) == 14)
rsp = self.test_client.patch('/api/entries/1',
json=dict(value='Test'))
data = rsp.get_json()
self.assertEqual(rsp.status, '200 OK')
self.assertEqual(data, {'key': 'Lunch', 'id': 1, 'value': 'Test'})
rsp = self.test_client.get('/api/entries')
data = rsp.get_json()
self.assertEqual(rsp.status, '200 OK')
self.assertTrue(data[0]['value'], 'Test')
rsp = self.test_client.patch('/api/entries/1',
data=dict(value='Test'))
self.assertEqual(rsp.status, '400 BAD REQUEST')
def test_foodcat_repr(self):
u = push_dummy_user()
list_ = push_dummy_list(u, 'List')
a = FoodCategory(list_id=list_.id, name='Category')
db.session.add(a)
db.session.commit()
self.assertEqual(a.__repr__(), '<FoodCategory Category of List List>')
def test_meal_repr(self):
u = push_dummy_user()
list_ = push_dummy_list(u, 'List')
a = Meal(list_id=list_.id, name='Meal', order=0)
db.session.add(a)
db.session.commit()
self.assertEqual(a.__repr__(), '<Meal Meal of List List>')
def test_meal_to_dict(self):
u = push_dummy_user()
list_ = push_dummy_list(u, 'List')
a = Meal(list_id=list_.id, name='Meal', order=0)
db.session.add(a)
db.session.commit()
self.assertEqual(a.to_dict(), {'id': 1, 'name': 'Meal'})
def test_food_repr(self):
u = push_dummy_user()
list_ = push_dummy_list(u, 'List')
a = Food(list_id=list_.id, name='Food')
db.session.add(a)
db.session.commit()
self.assertEqual(a.__repr__(), '<Food Food of List List>')
def test_reset_password_tokens(self):
u = push_dummy_user()
a = u.get_reset_password_token()
self.assertEqual(u.verify_reset_password_token(a), u)
a += 'boo'
self.assertFalse(u.verify_reset_password_token(a))
self.assertFalse(u.verify_reset_password_token(''))
def test_get_meals(self):
u = push_dummy_user()
push_dummy_list(u, 'TestyList')
with self.test_client:
self.login(u.username)
rsp = self.test_client.get('/api/lists/1/meals')
data = rsp.get_json()
self.assertEqual(rsp.status, '200 OK')
self.assertEqual(data, [{
'id': 1,
'name': 'Lunch'
}, {
'id': 2,
'name': 'Dinner'
}])
list_ = List.query.first()
db.session.add(Meal(list_id=list_.id, name='Test', order=2))
db.session.commit()
rsp = self.test_client.get('/api/lists/1/meals')
data = rsp.get_json()
self.assertEqual(rsp.status, '200 OK')
self.assertEqual(data, [{
'id': 1,
'name': 'Lunch'
}, {
'id': 2,
'name': 'Dinner'
}, {
'id': 3,
'name': 'Test'
}])
def test_put_list_settings_anonymous(self):
u = push_dummy_user()
push_dummy_list(u, 'TestyList')
rsp = self.test_client.put('/api/lists/1/settings',
json=dict(days_to_display=5,
start_day_of_week="Friday"))
self.assertEqual(rsp.status, '401 UNAUTHORIZED')
def test_get_category_by_food(self):
u = push_dummy_user()
push_dummy_list(u, 'TestyList')
with self.test_client:
self.login(u.username)
rsp = self.test_client.get('/api/foods/1/categories')
self.assertEqual(rsp.status, '404 NOT FOUND')
list_ = List.query.first()
food = Food(list_id=list_.id, name='Food')
db.session.add(food)
db.session.commit()
rsp = self.test_client.get('/api/foods/1/categories')
data = rsp.get_json()
self.assertEqual(rsp.status, '200 OK')
self.assertEqual(data, [])
foodcat = FoodCategory(list_id=list_.id, name='Cat')
db.session.add(foodcat)
db.session.commit()
foodcatass = FoodCategoryAssociation(food_id=food.id,
category_id=foodcat.id)
db.session.add(foodcatass)
db.session.commit()
rsp = self.test_client.get('/api/foods/1/categories')
data = rsp.get_json()
self.assertEqual(rsp.status, '200 OK')
self.assertEqual(data, [{'id': 1, 'name': 'Cat'}])
def test_post_categories(self):
u = push_dummy_user()
push_dummy_list(u, 'TestyList')
with self.test_client:
self.login(u.username)
rsp = self.test_client.post('/api/lists/1/categories',
json=dict(name="NewCat"))
data = rsp.get_json()
self.assertEqual(rsp.status, '201 CREATED')
self.assertEqual(data, [{'id': 1, 'name': 'NewCat'}])
rsp = self.test_client.get('/api/lists/1/categories')
data = rsp.get_json()
self.assertEqual(rsp.status, '200 OK')
self.assertEqual(data, [{'id': 1, 'name': 'NewCat'}])
# same category can't be created again
rsp = self.test_client.post('/api/lists/1/categories',
json=dict(name="NewCat"))
self.assertEqual(rsp.status, '400 BAD REQUEST')
# mssing Name parameter
rsp = self.test_client.post('/api/lists/1/categories',
json=dict(asdasd="NewCat"))
self.assertEqual(rsp.status, '400 BAD REQUEST')
# not json
rsp = self.test_client.post('/api/lists/1/categories',
data=dict(name="NewCat"))
self.assertEqual(rsp.status, '400 BAD REQUEST')
def test_repr_day(self, mock_get_settings):
mock_get_settings.return_value = ListSettings(
start_day_of_week=-1, days_to_display=7)
a = push_dummy_user('a', 'a')
list_ = push_dummy_list(a, 'list_')
d = list_.get_or_create_days()[0]
self.assertEqual(
d.__repr__(), '<Day {} of List list_>'.format(d.day))
def test_get_days_no_list(self):
u = push_dummy_user()
with self.test_client:
self.login(u.username)
rsp = self.test_client.get('/api/days')
data = rsp.get_json()
self.assertEqual(rsp.status, '200 OK')
self.assertEqual(data, [])
def test_put_list_settings_nonexistant_list(self):
u = push_dummy_user()
with self.test_client:
self.login(u.username)
rsp = self.test_client.put('/api/lists/2/settings',
json=dict(days_to_display=5,
start_day_of_week="Friday"))
self.assertEqual(rsp.status, '404 NOT FOUND')
def test_repr_listsettings(self):
a = push_dummy_user('a', 'a')
list_ = push_dummy_list(a, 'list_')
ls = ListSettings(list_id=list_.id, user_id=a.id)
db.session.add(ls)
db.session.commit()
self.assertEqual(ls.__repr__(),
'<ListSettings 1 of List list_ for User a>')
def test_get_days(self):
u = push_dummy_user()
push_dummy_list(u, 'TestyList')
with self.test_client:
self.login(u.username)
rsp = self.test_client.get('/api/days')
data = rsp.get_json()
self.assertEqual(rsp.status, '200 OK')
self.assertEqual(data[0]['day'], date.today().isoformat())
def test_list_permission_to_dict(self):
u = push_dummy_user()
push_dummy_list(u, 'List')
listperm = ListPermission.query.first()
self.assertEqual(listperm.to_dict(), {
'id': 1,
'username': u.username,
'permission_level': 'owner'
})