async def test_register_failure(
db: Connection,
factory: Factory,
quart_client,
):
factory.user(conn=db)
db.commit()
response = await quart_client.post("/api/register", json={"nickname": "admin"})
assert response.status_code == 401
async def test_has_first_user_true(
factory: Factory,
db: Connection,
quart_client,
):
factory.user(conn=db)
db.commit()
response = await quart_client.get("/api/register/has-first-user")
data = json.loads(await response.get_data())
assert data["hasFirstUser"]
def test_search_user(factory: Factory, db: Connection):
usr, _ = factory.user(conn=db)
unused_usr, _ = factory.user(conn=db)
col1 = factory.collection(type=CollectionType.PERSONAL, user=usr, conn=db)
col2 = factory.collection(type=CollectionType.PERSONAL, user=usr, conn=db)
col3 = factory.collection(type=CollectionType.PERSONAL, user=unused_usr, conn=db)
col4 = factory.collection(conn=db)
cols = collection.search(db, user_ids=[usr.id])
ids = [c.id for c in cols]
assert all(c.id in ids for c in [col1, col2])
assert not any(c.id in ids for c in [col3, col4])
def test_from_name_and_type(factory: Factory, db: Connection):
usr1, _ = factory.user(conn=db)
col1 = factory.collection(
name="test", type=CollectionType.SYSTEM, user=usr1, conn=db
)
usr2, _ = factory.user(conn=db)
col2 = factory.collection(
name="test", type=CollectionType.SYSTEM, user=usr2, conn=db
)
factory.collection(name="other", type=CollectionType.COLLAGE, conn=db)
cols = collection.from_name_and_type("test", CollectionType.SYSTEM, conn=db)
assert {c.id for c in cols} == {col1.id, col2.id}
def test_update_user(factory: Factory, db: Connection):
usr, _ = factory.user(conn=db)
new_usr = user.update(usr, nickname="not admin", conn=db)
assert new_usr.nickname == "not admin"
assert new_usr == user.from_id(usr.id, db)
def test_create(factory: Factory, db: Connection):
usr, _ = factory.user(conn=db)
inv = invite.create(by_user=usr, conn=db)
assert inv.created_by == usr.id
new_inv = invite.from_id(inv.id, db)
assert new_inv == inv
def test_search_user(factory: Factory, db: Connection):
usr, _ = factory.user(conn=db)
unused_usr, _ = factory.user(conn=db)
ply1 = factory.playlist(type=PlaylistType.PERSONAL, user=usr, conn=db)
ply2 = factory.playlist(type=PlaylistType.PERSONAL, user=usr, conn=db)
ply3 = factory.playlist(type=PlaylistType.PERSONAL,
user=unused_usr,
conn=db)
ply3 = factory.playlist(conn=db)
plys = playlist.search(db, user_ids=[usr.id])
ids = [p.id for p in plys]
assert all(p.id in ids for p in [ply1, ply2])
assert not any(p.id in ids for p in [ply3, ply3])
def test_update(factory: Factory, db: Connection):
inv = factory.invite(conn=db)
usr, _ = factory.user(conn=db)
new_inv = invite.update(inv, used_by=usr, conn=db)
assert new_inv.used_by == usr.id
assert new_inv == invite.from_id(inv.id, db)
async def test_get_cover_bad_release_id(factory: Factory, db: Connection,
quart_client):
_, token = factory.user(conn=db)
db.commit()
response = await quart_client.authed_get("/api/files/images/999999",
token=token)
assert response.status_code == 404
def test_from_name_and_type(factory: Factory, db: Connection):
usr1, _ = factory.user(conn=db)
ply1 = factory.playlist(name="test",
type=PlaylistType.SYSTEM,
user=usr1,
conn=db)
usr2, _ = factory.user(conn=db)
ply2 = factory.playlist(name="test",
type=PlaylistType.SYSTEM,
user=usr2,
conn=db)
factory.playlist(name="other", type=PlaylistType.PLAYLIST, conn=db)
plys = playlist.from_name_and_type("test", PlaylistType.SYSTEM, conn=db)
assert {p.id for p in plys} == {ply1.id, ply2.id}
def test_create_personal(factory: Factory, db: Connection):
usr, _ = factory.user(conn=db)
col = collection.create(
"new collection",
CollectionType.PERSONAL,
user_id=usr.id,
conn=db,
)
assert col == collection.from_id(col.id, db)
def test_create_collage_with_user(factory: Factory, db: Connection):
usr, _ = factory.user(conn=db)
with pytest.raises(InvalidArgument):
collection.create(
"new collage",
CollectionType.COLLAGE,
user_id=usr.id,
conn=db,
)
def test_search_created_by(factory: Factory, db: Connection):
usr, _ = factory.user(conn=db)
invs_from_user = [factory.invite(by_user=usr, conn=db) for _ in range(2)]
for _ in range(3):
factory.invite(conn=db)
invs = invite.search(db, created_by=usr.id)
assert set(invs) == set(invs_from_user)
def test_create_general_with_user(factory: Factory, db: Connection):
usr, _ = factory.user(conn=db)
with pytest.raises(InvalidArgument):
playlist.create(
"new plylist",
PlaylistType.PLAYLIST,
user_id=usr.id,
conn=db,
)
def test_create_personal(factory: Factory, db: Connection):
usr, _ = factory.user(conn=db)
ply = playlist.create(
"new plylist",
PlaylistType.PERSONAL,
user_id=usr.id,
conn=db,
)
assert ply == playlist.from_id(ply.id, db)
async def test_create_session(factory: Factory, db: Connection, quart_client):
usr, token = factory.user(conn=db)
db.commit()
response = await quart_client.authed_post("/api/session", token=token)
assert response.status_code == 201
data = json.loads(await response.get_data())
assert data["csrfToken"] == usr.csrf_token.hex()
assert quart.session["user_id"] == usr.id
def test_create_invalid_type_override(factory: Factory, db: Connection):
usr, _ = factory.user(conn=db)
col = collection.create(
"new collage",
CollectionType.SYSTEM,
user_id=usr.id,
conn=db,
override_immutable=True,
)
assert col is not None
def test_create_invalid_type_override(factory: Factory, db: Connection):
usr, _ = factory.user(conn=db)
ply = playlist.create(
"new playlist",
PlaylistType.SYSTEM,
user_id=usr.id,
conn=db,
override_immutable=True,
)
assert ply is not None
async def test_register_second_user(db: Connection, factory: Factory, quart_client):
factory.user(conn=db)
inv = factory.invite(conn=db)
db.commit()
response = await quart_client.post(
"/api/register",
json={
"nickname": "new user",
"inviteCode": inv.code.hex(),
},
)
data = json.loads(await response.get_data())
assert data["token"] is not None
usr = user.from_token(bytes.fromhex(data["token"]), db)
assert usr is not None
assert usr.id != 1
assert usr.nickname == "new user"
async def test_token_csrf_bypass(
factory: Factory,
db: Connection,
check_csrf_app: Quart,
quart_client,
):
usr, token = factory.user(nickname="admin", conn=db)
db.commit()
response = await quart_client.authed_post("/testing", token=token)
assert b"admin" == await response.get_data()
async def test_database_handler(factory: Factory, db: Connection, quart_app):
usr, _ = factory.user(nickname="admin", conn=db)
db.commit()
async with quart_app.test_request_context("/", method="GET"):
await quart_app.preprocess_request()
cursor = quart.g.db.execute(
"SELECT nickname FROM system__users WHERE id = ?",
(usr.id, ),
)
assert "admin" == cursor.fetchone()[0]
async def test_get_cover(factory: Factory, db: Connection, quart_client):
path = Path.cwd() / "cover01.png"
with path.open("wb") as f:
f.write(b"owo")
factory.mock_image(path=path, conn=db)
_, token = factory.user(conn=db)
db.commit()
response = await quart_client.authed_get("/api/files/images/1",
token=token)
assert b"owo" == await response.get_data()
def test_insert_into_inbox_collection(factory: Factory, db: Connection):
# Create two new inboxes.
usr1, _ = factory.user(conn=db)
usr2, _ = factory.user(conn=db)
rls = factory.release(conn=db)
_insert_into_inbox_collections(rls, db)
inbox1 = collection.inbox_of(usr1.id, db)
inbox2 = collection.inbox_of(usr2.id, db)
assert rls in collection.releases(inbox1, db)
assert rls in collection.releases(inbox2, db)
def test_generate_new_token(factory: Factory, db: Connection):
usr, old_token = factory.user(conn=db)
cursor = db.execute("SELECT token_hash FROM system__users WHERE id = 1")
old_hash = cursor.fetchone()["token_hash"]
new_token = user.new_token(usr, db)
cursor = db.execute("SELECT token_hash FROM system__users WHERE id = 1")
new_hash = cursor.fetchone()["token_hash"]
assert not check_password_hash(old_hash, new_token.hex())
assert not check_password_hash(new_hash, old_token.hex())
assert check_password_hash(new_hash, new_token.hex())
async def test_session_csrf_failure(
factory: Factory,
db: Connection,
check_csrf_app: Quart,
quart_client,
):
usr, _ = factory.user(conn=db)
db.commit()
async with quart_client.session_transaction() as sess:
sess["user_id"] = usr.id
response = await quart_client.post("/testing")
assert response.status_code == 400
async def test_check_auth_session_success(
factory: Factory,
db: Connection,
check_auth_app: Quart,
quart_client,
):
usr, _ = factory.user(nickname="admin", conn=db)
db.commit()
async with quart_client.session_transaction() as sess:
sess["user_id"] = usr.id
response = await quart_client.get("/testing")
assert b"admin" == await response.get_data()
async def test_get_track_nonexistent_file(
factory: Factory,
db: Connection,
quart_client,
):
path = Path.cwd() / "nonexistent.flac"
factory.track(filepath=path, conn=db)
_, token = factory.user(conn=db)
db.commit()
response = await quart_client.authed_get("/api/files/tracks/1",
token=token)
assert response.status_code == 404
async def test_delete_session(factory: Factory, db: Connection, quart_client):
usr, token = factory.user(conn=db)
db.commit()
async with quart_client.session_transaction() as sess:
sess["user_id"] = usr.id
response = await quart_client.authed_delete(
"/api/session",
token=token,
headers={"X-CSRF-Token": usr.csrf_token.hex()},
)
assert b"success" == await response.get_data()
assert quart.session == {}
async def test_get_track(factory: Factory, db: Connection, quart_client):
path = Path.cwd() / "track01.flac"
with path.open("wb") as f:
f.write(b"owo")
trk = factory.track(filepath=path, conn=db)
_, token = factory.user(conn=db)
db.commit()
response = await quart_client.authed_get(
f"/api/files/tracks/{trk.id}",
token=token,
)
assert b"owo" == await response.get_data()
async def test_delete_session_invalid_csrf(
factory: Factory,
db: Connection,
quart_client,
):
usr, token = factory.user(conn=db)
db.commit()
async with quart_client.session_transaction() as sess:
sess["user_id"] = usr.id
response = await quart_client.authed_delete(
"/api/session",
token=token,
headers={"X-CSRF-Token": "99" * 32},
)
assert response.status_code == 400
