Esempio n. 1
0
def test_get_close_db(app):
    with app.app_context():
        db = get_db()
        assert db is get_db()

    with pytest.raises(sqlite3.ProgrammingError) as e:
        db.execute('SELECT 1')

    assert 'closed' in str(e)
Esempio n. 2
0
def app():
    db_fd, db_path = tempfile.mkstemp()

    app = create_app({
        'TESTING': True,
        'DATABASE': db_path,
    })

    with app.app_context():
        init_db()
        get_db().executescript(_data_sql)

    yield app

    os.close(db_fd)
    os.unlink(db_path)
Esempio n. 3
0
def login():
	if request.method == 'POST':
		username = request.form['username']
		password = request.form['password']
		db = get_db()
		error = None
		user = db.execute(
			'SELECT * FROM user WHERE username = ?', (username,)
		).fetchone()

		if user is None:
			error = 'Incorrect username.'
		elif not check_password_hash(user['password'], password):
			error = 'Incorrect password.'

		if error is None:
			eth = create_id(db)
			token = create_token(user['username'],'user',eth,current_app.config.get('SECRET_KEY'))
			db.execute('UPDATE user SET tokenid = ? WHERE username = ?',(eth,user['username']))
			db.commit()
			response = make_response(redirect(url_for('index')))
			response.headers['Set-Cookie'] = 'token=' + token + '; path=/'
			return response

		flash(error)

	return render_template('auth/login.html')
Esempio n. 4
0
def register():
	if request.method == 'POST':
		username = request.form['username']
		password = request.form['password']
		
		db = get_db()
		error = None

		if not username:
			error = 'Username is required.'
		elif not password:
			error = 'Password is required.'
		elif db.execute(
			'SELECT id FROM user WHERE username = ?', (username,)
		).fetchone() is not None:
			error = 'User {} is already registered.'.format(username)

		if error is None:
			db.execute(
				'INSERT INTO user (username, password) VALUES (?, ?)',
				(username, generate_password_hash(password))
			)
			db.commit()
			return redirect(url_for('auth.login'))

		flash(error)

	return render_template('auth/register.html')
Esempio n. 5
0
def load_logged_in_user():
	if 'token' in request.cookies:
		authToken = request.cookies['token']
		
		try:
			payload = jwt.decode(authToken, current_app.config.get('SECRET_KEY'))
		except (jwt.exceptions.ExpiredSignatureError,jwt.exceptions.InvalidTokenError):
			g.user = None
			g.role = None
		else:
			user = get_db().execute('SELECT * FROM {} WHERE username = ?'.format(payload['role']), (payload['sub'],)).fetchone()
			if user is not None:
				if 'tokenid' in user.keys():
					if user['tokenid'] == payload['jti']:
						g.user = user
						g.role = payload['role']
					else:
						g.user = None
						g.role = None
				else:
					g.user = None
					g.role = None
			else:
				g.user = None
				g.role = None
	else:
		g.user = None
		g.role = None
Esempio n. 6
0
def test_create(client, auth, app):
	auth.login()
	assert client.get('/create').status_code == 200
	client.post('/create', data={'title': 'created', 'body': ''})

	with app.app_context():
		db = get_db()
		count = db.execute('SELECT COUNT(id) FROM post').fetchone()[0]
		assert count == 2
Esempio n. 7
0
def test_update(client, auth, app):
	auth.login()
	assert client.get('/1/update').status_code == 200
	client.post('/1/update', data={'title': 'updated', 'body': ''})

	with app.app_context():
		db = get_db()
		post = db.execute('SELECT * FROM post WHERE id = 1').fetchone()
		assert post['title'] == 'updated'
Esempio n. 8
0
def test_delete(client, auth, app):
	auth.login()
	response = client.post('/1/delete')
	assert response.headers['Location'] == 'http://localhost/'

	with app.app_context():
		db = get_db()
		post = db.execute('SELECT * FROM post WHERE id = 1').fetchone()
		assert post is None
Esempio n. 9
0
def test_author_required(app, client, auth):
	with app.app_context():
		db = get_db()
		db.execute('UPDATE post SET author_id = 2 WHERE id = 1')
		db.commit()

	auth.login() 
	assert client.post('/1/update').status_code == 403
	assert client.post('/1/delete').status_code == 403
	assert b'href="/1/update"' not in client.get('/').data
Esempio n. 10
0
def issue_token(response):
	db = get_db()
	if g.user is not None:
		eth = create_id(db)
		token = create_token(g.user['username'],g.role,eth,current_app.config.get('SECRET_KEY'))
		db.execute('UPDATE {} SET tokenid = ? WHERE username = ?'.format(g.role),(eth,g.user['username']))
		db.commit()
		response.headers['Set-Cookie'] = 'token=' + token + '; path=/'
		return response
	else:
		return response
Esempio n. 11
0
def test_register(client, app):
    assert client.get('/auth/register').status_code == 200
    response = client.post('/auth/register',
                           data={
                               'username': '******',
                               'password': '******'
                           })
    assert 'http://localhost/auth/login' == response.headers['Location']

    with app.app_context():
        assert get_db().execute(
            "SELECT * FROM user WHERE username = '******'", ).fetchone() is not None
Esempio n. 12
0
def drop():
    pin = request.form['pin']
    if pin == '1234':
        db = get_db()
        db.executescript('''
            DROP TABLE IF EXISTS user;
            DROP TABLE IF EXISTS admins;
            DROP TABLE IF EXISTS post;
            DROP TABLE IF EXISTS server_variables;
            '''  
        )
        db.commit()
    return render_template('admin/control.html')
Esempio n. 13
0
def get_post(id, check_author=True):
    post = get_db().execute(
        'SELECT p.id, title, body, created, author_id, username'
        ' FROM post p JOIN user u ON p.author_id = u.id'
        ' WHERE p.id = ?', (id, )).fetchone()

    if post is None:
        abort(404, "Post id {0} doesn't exist.".format(id))

    if check_author and post['author_id'] != g.user['id']:
        abort(403)

    return post
Esempio n. 14
0
def logout():
	db = get_db()
	eth = create_id(db)
	db.execute('UPDATE {} SET tokenid = ? WHERE username = ?'.format(g.role),(eth,g.user['username']))
	db.commit()

	exp = datetime.datetime.utcnow()
	conv = exp.strftime('%a, %d %b %Y %H:%M:%S GMT')
	response = make_response(redirect(url_for('index')))
	response.headers['Set-Cookie'] = 'token=expired; path=/; expires=' + conv

	g.user = None
	g.role = None
	return response
Esempio n. 15
0
def create():
    if request.method == 'POST':
        title = request.form['title']
        body = request.form['body']
        error = None

        if not title:
            error = 'Title is required.'

        if error is not None:
            flash(error)
        else:
            db = get_db()
            db.execute(
                'INSERT INTO post (title, body, author_id)'
                ' VALUES (?, ?, ?)', (title, body, g.user['id']))
            db.commit()
            return redirect(url_for('blog.index'))

    return render_template('blog/create.html')
Esempio n. 16
0
def update(id):
    post = get_post(id)

    if request.method == 'POST':
        title = request.form['title']
        body = request.form['body']
        error = None

        if not title:
            error = 'Title is required.'

        if error is not None:
            flash(error)
        else:
            db = get_db()
            db.execute('UPDATE post SET title = ?, body = ?'
                       ' WHERE id = ?', (title, body, id))
            db.commit()
            return redirect(url_for('blog.index'))

    return render_template('blog/update.html', post=post)
Esempio n. 17
0
def login():
    if request.method == 'POST':
        username = request.form['username']
        password = request.form['password']
        db = get_db()
        error = None
        admin = db.execute(
            'SELECT * FROM admins WHERE username = ?', (username,)
        ).fetchone()
    
        if admin is None:
            error = 'You are not an administrator!'
        elif not check_password_hash(admin['password'], password):
            error = 'Incorrect password.'
    
        if error is None:
            token = create_token(admin['username'],'admins',current_app.config.get('SECRET_KEY'))
            response = make_response(redirect(url_for('admin.control')))
            response.headers['Set-Cookie'] = 'token=' + token + '; path=/'
            return response
    
        flash(error)

    return render_template('admin/login.html')
Esempio n. 18
0
def index():
    db = get_db()
    posts = db.execute('SELECT p.id, title, body, created, author_id, username'
                       ' FROM post p JOIN user u ON p.author_id = u.id'
                       ' ORDER BY created DESC').fetchall()
    return render_template('blog/index.html', posts=posts)
Esempio n. 19
0
def profile(id):
    db = get_db()
    user = db.execute('SELECT * FROM user WHERE id = ?', (id, )).fetchone()
    entity = dict(user)
    return render_template('blog/profile.html', entity=entity)
Esempio n. 20
0
def delete(id):
    get_post(id)
    db = get_db()
    db.execute('DELETE FROM post WHERE id = ?', (id, ))
    db.commit()
    return redirect(url_for('blog.index'))