def test_get_close_db(app):
with app.app_context():
db = get_db()
assert db is get_db()
with pytest.raises(sqlite3.ProgrammingError) as e:
db.execute('SELECT 1')
assert 'closed' in str(e.value)
def test_delete_account(self, app, client, cookie):
"""Testing to ensure that accounts are effectively deleted"""
test_username = '******'
test_password = '******'
# Assert that a logged out user cannot delete an account
with client:
response = client.delete('/api/v1/account')
assert response.status_code == 403
cookie.login(test_username, test_password)
with client:
# Normal test
response = client.delete('/api/v1/account')
assert response.status_code == 204
cur = get_db().cursor()
# Test that an error ocurrs when searching for the deleted account
with pytest.raises(sqlite3.OperationalError) as e:
cur.execute("SELECT * FROM users WHERE username=osagie01")
assert 'no such column' in str(e.value)
with pytest.raises(sqlite3.OperationalError) as e:
cur.execute("SELECT * FROM tweets WHERE owner=osagie01")
assert 'no such column' in str(e.value)
def app():
db_fd, db_path = tempfile.mkstemp()
app = create_app({
'TESTING': True,
'DATABASE': db_path,
})
with app.app_context():
init_db()
get_db().executescript(_test_sql)
yield app
os.close(db_fd)
os.unlink(db_path)
def test_delete_tweet(self, app, client, cookie):
"""Test that a user can delete their own tweet"""
test_username = '******'
test_password = '******'
# Test that a logged out user cannot delete a tweet
with client:
response = client.delete('/api/v1/tweet', json={'tweetid': 1})
assert response.status_code == 403
# Test that a logged in user cannot delete a tweet that isn't theirs
cookie.login('osagie_01', test_password)
with client:
response = client.delete('/api/v1/tweet', json={'tweetid': 1})
assert response.status_code == 403
cookie.logout()
cookie.login(test_username, test_password)
with client:
# Test that a tweet cannot be deleted with an invalid request
response = client.delete('/api/v1/tweet', json={'id': 1})
assert response.status_code == 403
response = client.delete('/api/v1/tweet')
assert response.status_code == 403
# Test that a non existent tweet can't be deleted
response = client.delete('/api/v1/tweet', json={'tweetid': 100000})
assert response.status_code == 404
# Normal test
response = client.patch('/api/v1/tweet', json={'tweetid': 1})
assert response.status_code == 202
response = client.delete('/api/v1/tweet', json={'tweetid': 1})
assert response.status_code == 204
cur = get_db().cursor()
cur.execute("SELECT * FROM tweets WHERE tweetid=1")
data1 = cur.fetchall()
assert len(data1) == 0
# Assert that a like on the deleted tweet is removed from the database
cur.execute(
"SELECT * FROM likes WHERE tweetid='{}' and owner='{}'".format(
1, test_username))
data2 = cur.fetchall()
assert len(data2) == 0
cookie.logout()
def test_add_duplicate(self, app, client):
"""Testing to ensure two users with the same username cannot both exist"""
client.post('/api/v1/account', json={'username': '******', 'fullname': 'Foo Bar', 'email': '*****@*****.**', 'password': '******', 'filename': 'testfile.jpg'})
client.post('/api/v1/account', json={'username': '******', 'fullname': 'Pro Gram', 'email': '*****@*****.**', 'password': '******', 'filename': 'testfile2.jpg'})
with app.app_context():
cursor = get_db()
row = cursor.execute("SELECT * FROM users WHERE username = '******'")
data = row.fetchall()
# Make sure the data is not empty
assert len(data) == 1
def test_post_tweet(self, app, client, cookie):
"""Testing that a user can correctly add to the tweet table."""
test_username = '******'
test_password = '******'
# Test that posting fails when a user is not logged in
with client:
response = client.post('/api/v1/tweet',
json={'body': 'This should fail'})
assert response.status_code == 403
cookie.login(test_username, test_password)
# This is actually the second tweet, test.sql already added one
body = 'The first tweet!'
with client:
# Test that posting fails with no body provided
response = client.post('/api/v1/tweet')
assert response.status_code == 403
response = client.post('/api/v1/tweet', json={'body': body})
client.post('/api/v1/tweet', json={'body': 'The first tweet!'})
assert response.status_code == 201
cursor = get_db()
cur = cursor.execute(
"SELECT * FROM tweets WHERE owner='{}' AND body='{}'".format(
test_username, body))
data1 = cur.fetchall()
assert data1[0]['body'] == body
assert data1[0]['tweetid'] == '2'
# Test to ensure tweets with identical bodies and owners have separate tweetids
cur = cursor.execute(
"SELECT * FROM TWEETS WHERE owner='{}' AND body='{}'".format(
test_username, 'The first tweet!'))
data2 = cur.fetchall()
assert data1[0]['tweetid'] != data2[1]['tweetid']
assert data2[1]['tweetid'] == '3'
cookie.logout()
def test_retweet(self, app, client, cookie):
"""Test that a user can retweet any tweet."""
test_username = '******'
test_password = '******'
cookie.login(test_username, test_password)
with client:
client.post('/api/v1/tweet',
json={'body': 'I hope somone retweets this!'})
cookie.logout()
cookie.login('osagie01', test_password)
with client:
# Test that tweet data is either body or id, but not both
response = client.post('/api/v1/tweet',
json={
'id': 1,
'body': 'This should fail'
})
assert response.status_code == 403
response = client.post('/api/v1/tweet',
json={'tweet': 'This should fail'})
assert response.status_code == 403
client.post('/api/v1/tweet', json={'id': 2})
cur = get_db().cursor()
cur.execute(
"SELECT * FROM TWEETS WHERE owner='{}' AND body='{}'".format(
'osagie01', 'I hope somone retweets this!'))
data = cur.fetchall()
assert data[0]['originalOwner'] == 'osagie_01'
assert data[0]['tweetid'] != 2
cookie.logout()
def test_remove_tweet_like(self, app, client, cookie):
"""Test that a user can remove a like from a tweet"""
test_username = '******'
test_password = '******'
cookie.login(test_username, test_password)
with app.app_context():
client.patch('/api/v1/tweet', json={'tweetid': 1})
cookie.logout()
# Assert that a logged out user cannot remove a like
response = client.delete('/api/v1/tweet', json={'like_tweetid': 1})
assert response.status_code == 403
cookie.login(test_username, test_password)
with client:
# Test that a like cannot be deleted with invalid data
response = client.delete('/api/v1/tweet', json={'likeid': 1})
assert response.status_code == 403
# Test that a like cannot be deleted when the tweet is not found
response = client.delete('/api/v1/tweet',
json={'like_tweetid': 100000})
assert response.status_code == 404
# Normal test
response = client.delete('/api/v1/tweet', json={'like_tweetid': 1})
assert response.status_code == 204
cur = get_db().cursor()
cur.execute(
"SELECT * FROM likes WHERE tweetid='{}' AND owner='{}'".format(
1, test_username))
data1 = cur.fetchall()
assert len(data1) == 0
cookie.logout()
def test_add_user(self, app, client, cookie):
"""Testing adding a new user with no data"""
client.post('/api/v1/account', json={'username': '******', 'fullname': 'Foo Bar', 'email': '*****@*****.**', 'password': '******', 'filename': 'testfile.jpg'})
with app.app_context():
cursor = get_db()
row = cursor.execute("SELECT * FROM users WHERE username = '******'")
data = row.fetchall()
# Make sure the data is not empty
assert data
# Make sure all but password was inserted as expected
assert data[0]['username'] == 'test_user'
assert data[0]['fullname'] == 'Foo Bar'
assert data[0]['email'] == '*****@*****.**'
assert not data[0]['password'] == 'dontStoreInPlaintext'
assert data[0]['password'] == hash_password('dontStoreInPlaintext')
assert data[0]['filename'] == 'testfile.jpg'
assert data[0]['totaltweets'] == 0
#TODO Find a way to test time created
cookie.logout()
def test_like_tweet(self, app, client, cookie):
"""Test that a user can like a tweet."""
test_username = '******'
test_password = '******'
with app.app_context():
cur = get_db().cursor()
# Check that a logged out user cannot like a tweet
response = client.patch('/api/v1/tweet', json={'tweetid': 1})
assert response.status_code == 403
cur.execute("SELECT * FROM tweets WHERE tweetid=1")
data1 = cur.fetchall()
like_check = data1[0]['likes']
assert like_check == 0
cookie.login(test_username, test_password)
cur = get_db().cursor()
# Check that post fails if tweet isn't found
response = client.patch('/api/v1/tweet',
json={'tweetid': 100000000})
assert response.status_code == 404
# Check that post fails with no id field
response = client.patch('/api/v1/tweet', json={'test': 100000000})
assert response.status_code == 403
response = client.patch('/api/v1/tweet', json={})
assert response.status_code == 403
response = client.patch('/api/v1/tweet')
assert response.status_code == 403
# Check that post fails with multiple fields
response = client.patch('/api/v1/tweet',
json={
'tweetid': 1,
'body': 'This should fail'
})
assert response.status_code == 403
# Test normal like
response = client.patch('/api/v1/tweet', json={'tweetid': 1})
assert response.status_code == 202
cur.execute("SELECT * FROM tweets WHERE tweetid=1")
data2 = cur.fetchall()
assert data2[0]['likes'] == 1
cur.execute(
"SELECT * FROM likes WHERE tweetid='{}' and owner='{}'".format(
1, test_username))
data2 = cur.fetchall()
assert len(data2) > 0
# Check that the same user cannot like the same tweet more than once
response = client.patch('/api/v1/tweet', json={'tweetid': 1})
assert response.status_code == 403
cookie.logout()