def admin_users_add(): user = User() user.id = '' user.firstname = '' user.lastname = '' user.email = '' return render_admin('user.html', user=user)
def test_user_password(self, testapp): """ Test password hashing and checking """ admin = User(username="******", password="******") assert admin.username == 'admin' assert admin.check_password('supersafepassword')
def testapp(request): app = create_app('impression.settings.TestConfig') client = app.test_client() db.app = app db.create_all() if getattr(request.module, "create_user", True): admin = User(username="******", password="******") admin.insert() my_role = Role(name='admin') my_role.insert() admin.add_roles('admin') non_admin = User(username="******", password="******") non_admin.insert() safe_commit() def teardown(): db.session.remove() db.drop_all() request.addfinalizer(teardown) return client
def sample_data(): """ Creates a set of sample data """ from impression.models import Role user = User(username="******", password="******") my_role = Role(name='admin') my_role.add_abilities('create_users', 'delete_users') user.add_roles('admin', 'superadmin') db.session.add(user) db.session.add(my_role) db.session.commit()
def test_user_update(self): api_key = self.s.sign(self.api_key.name) ''' UPDATE ''' post_data = { 'name': 'New Person', 'email': '*****@*****.**', 'password': '******', 'id': self.user.id } # Try to update the user with no API key rv = self.app.post('/user_update', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertFalse(data['success']) # update the user. This should work fine. post_data['api_key'] = api_key rv = self.app.post('/user_update', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertTrue(data['success']) self.assertTrue(data['user']) self.assertIsNotNone(data['messages']) self.assertEquals(data['messages'][0], 'The user was updated.') # Make sure that we can grab the user from the DB. user = User.get(self.user.id) self.assertIsNotNone(user) self.assertEquals(data['user']['name'], 'New Person') self.assertEquals(user.name, 'New Person') self.assertTrue(check_password_hash(user.password, 'newperson123'))
def create_user(): return_value = success('The user was created.') payload = get_payload(request) user = User(username=payload.get('email'), password=payload.get('password'), name=payload.get('name')) valid = user.validate() if valid['success']: user.insert() safe_commit() return_value['id'] = user.id else: del(user) return_value = valid return jsonify(return_value)
def admin_users_edit_post(): payload = get_payload(request) user_id = payload.get('user_id') if user_id: user = User.get(user_id) return_value = success('All profile values have been updated.') else: user = User() user.insert() return_value = success('User created.') if not payload.get('password'): return jsonify(failure('You must set a password for new users')) if not payload.get('email'): return jsonify(failure('You must set an email for new users')) if not payload.get('name'): return jsonify(failure('You must set a name for new users')) for key in payload: if key == 'password': user.set_password(payload[key]) elif key != 'user_id': setattr(user, key, payload[key]) g.user.insert() safe_commit() return jsonify(return_value)
def retrieve_user(): return_value = success('The user was retrieved.') payload = get_payload(request) user = User.get(payload.get('id')) if not user: return_value = failure('That user does not exist.') else: return_value['user'] = user.to_dict(camel_case=True) return_value['user'].pop('password') return_value['user'].pop('openid') return jsonify(return_value)
def setUp(self): impression.app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///test.db' impression.app.config['TESTING'] = True self.app = impression.app.test_client() # Drop and create DB. impression.db.drop_all(bind=[None]) impression.db.create_all(bind=[None]) key = '{0:02X}'.format(randrange(36**50)) self.api_key = ApiKey(key=key, name='test-key') self.api_key.insert() self.s = TimestampSigner(key) safe_commit() hashed_password = generate_password_hash('password-123') # Create a user to update and delete later. self.user = User(name="Test User", email='*****@*****.**', admin=True, openid='', password=hashed_password) self.user.insert() safe_commit()
def delete_user(): return_value = success('The user was deleted.') payload = get_payload(request) if not g.user or g.user.id != payload.get('id'): user = User.filter(User.id == payload.get('id')).first() if user: user.delete() safe_commit() else: return_value = failure('That user does not exist.') else: return_value = failure('You cannot delete the current user.') return jsonify(return_value)
def delete_user(): return_value = success('The user was deleted.') payload = get_payload(request) if not g.user or g.user.id != payload.get('id'): user = User.filter(User.id == payload.get('id')).first() if user: user.active = False user.insert() safe_commit() else: return_value = failure('That user does not exist.') else: return_value = failure('You cannot delete the current user.') return jsonify(return_value)
def index(): user_count = User.count() print(user_count) if user_count == 0: # Run setup wizard. print('Redirecting to setup.') return redirect(url_for('.setup')) custom_front_page = get_setting('custom-front-page', '') if custom_front_page: try: return render(custom_front_page) except TemplateNotFound: return render("error.html", title="Custom Front Page", error="You have configured a custom front page but the file ({}) was not found in your theme's template directory.".format(custom_front_page)) return redirect('/blog/')
def post_login(): payload = get_payload(request) user = User.filter(User.email == payload.get('email')).first() if user: if check_password_hash(user.password, payload['password']): session['userid'] = user.id next_url = request.args.get('next', '') if next_url: return redirect(next_url) else: return redirect(url_for('admin')) else: flash("Incorrect password") else: flash("Invalid user") return redirect(url_for('login'))
def create_user(): return_value = success('The user was created.') payload = get_payload(request) hashed_password = generate_password_hash(payload.get('password')) user = User() user.email = payload.get('email') user.name = payload.get('name') user.password = hashed_password valid = user.validate() if valid['success']: user.insert() safe_commit() return_value['id'] = user.id else: del(user) return_value = valid return jsonify(return_value)
def update_user(): return_value = success('The user was updated.') payload = get_payload(request) user = User.get(payload.get('id')) if not user: return_value = failure('That user does not exist.') else: if payload.get('password'): user.set_password(payload.get('password')) if payload.get('email'): user.email = payload.get('email') if payload.get('name'): user.name = payload.get('name') safe_commit() return_value['user'] = user.to_dict(camel_case=True) return jsonify(return_value)
def update_user(): return_value = success('The user was updated.') payload = get_payload(request) user = User.get(payload.get('id')) if not user: return_value = failure('That user does not exist.') else: if payload.get('password'): hashed_password = generate_password_hash(payload.get('password')) if payload.get('email'): user.email = payload.get('email') if payload.get('name'): user.name = payload.get('name') user.password = hashed_password safe_commit() return_value['user'] = user.to_dict(camel_case=True) return jsonify(return_value)
def test_user_create(self): api_key = self.s.sign(self.api_key.name) ''' CREATE ''' post_data = { 'name': 'Testy McTesterson', 'email': '*****@*****.**', 'password': '******', } # Try to create the user with no API key rv = self.app.post('/user_create', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertFalse(data['success']) # Create the user. This should work fine. post_data['api_key'] = api_key rv = self.app.post('/user_create', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertTrue(data['success']) self.assertTrue(data['id']) self.assertIsNotNone(data['messages']) self.assertEquals(data['messages'][0], 'The user was created.') user_id = data['id'] # Make sure that we can grab the user from the DB. user = User.get(user_id) self.assertIsNotNone(user) self.assertEquals(user.name, 'Testy McTesterson') # Try to create the same user again. This should fail. rv = self.app.post('/user_create', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertFalse(data['success']) self.assertIsNotNone(data['messages']) self.assertEquals(data['messages'][0], 'That user exists already.') # Clean up! user.delete() safe_commit()
def test_user_delete(self): api_key = self.s.sign(self.api_key.name) ''' DELETE ''' # Delete the user. post_data = { 'id': self.user.id } # Try to delete the user with no API key rv = self.app.post('/user_delete', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertFalse(data['success']) # Removing should work now. post_data['api_key'] = api_key rv = self.app.post('/user_delete', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertTrue(data['success']) user = User.get(self.user.id) self.assertIsNone(user)
def setUp(self): app.config["CACHE_TYPE"] = "null" # Use memory DB app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///:memory:' app.config['TESTING'] = True self.app = app.test_client() # Create DB. db.drop_all() db.create_all() safe_commit() key = '{0:02X}'.format(randrange(36**50)) self.api_key = ApiKey(key=key, name='test-key') self.api_key.insert() self.s = TimestampSigner(key) hashed_password = generate_password_hash('password-123') # Create a user to update and delete later. self.user = User(name="Test User", email='*****@*****.**', admin=True, openid='', password=hashed_password) self.user.insert() # Available Themes themes = ['Stock Bootstrap 3', 'amelia', 'cerulean', 'cosmo', 'cyborg', 'darkly', 'flatly', 'lumen', 'readable', 'simplex', 'slate', 'spacelab', 'superhero', 'united', 'yeti'] syntax_themes = ['autumn.css', 'borland.css', 'bw.css', 'colorful.css', 'default.css', 'emacs.css', 'friendly.css', 'fruity.css', 'github.css', 'manni.css', 'monokai.css', 'murphy.css', 'native.css', 'pastie.css', 'perldoc.css', 'tango.css', 'trac.css', 'vim.css', 'vs.css', 'zenburn.css'] # Create some system settings Setting(name='blog-title', vartype='str', system=True).insert() Setting(name='blog-copyright', vartype='str', system=True).insert() Setting(name='cache-timeout', vartype='int', system=True, value=0).insert() Setting(name='posts-per-page', vartype='int', system=True, value=4).insert() Setting(name='bootstrap-theme', vartype='str', system=True, value='yeti', allowed=json.dumps(themes)).insert() Setting(name='syntax-highlighting-theme', vartype='str', system=True, value='monokai.css', allowed=json.dumps(syntax_themes)).insert() Setting(name='custom-front-page', vartype='str', system=True).insert() safe_commit()
def test_user_delete(self): api_key = self.s.sign(self.api_key.name) ''' DELETE ''' # Delete the user. post_data = { 'id': self.user.id } # Try to delete the user with no API key rv = self.app.post('/admin/users/delete', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertFalse(data['success']) # Removing should work now. post_data['api_key'] = api_key rv = self.app.post('/user_delete', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertTrue(data['success']) user = User.get(self.user.id) self.assertIsNone(user)
def admin_users_list(): users = User.filter(User.active == True).all() return render_admin('users_list.html', users=users, content_type="Pages")
def setup(): import shlex import subprocess user_count = User.count() # print(user_count) if user_count > 0: # We already have a user. No running setup. return redirect(url_for('.index')) if request.method == 'POST': payload = get_payload(request) if payload.get('email') and payload.get('password'): user = User(username=payload.get('email'), password=payload.get('password'), firstname=payload.get('firstname'), lastname=payload.get('lastname')) my_role = Role(name='admin') my_role.add_abilities('create_users', 'delete_users', 'create_content', 'delete_content', 'upload_files', 'delete_files', 'change_settings') user.add_roles('admin', 'superadmin') login_user(user) args = shlex.split("alembic history") p = subprocess.Popen(args, stdout=subprocess.PIPE) output, error = p.communicate() data = output.split('\n') latest_alembic = None for row in data: if "(head)" in row: cols = row.split(" ") latest_alembic = cols[2].strip() if latest_alembic: print("Stamping with latest Alembic revision: %s" % latest_alembic) args = shlex.split("alembic stamp %s" % latest_alembic) subprocess.Popen(args, stdout=subprocess.PIPE) from impression.upgrade import THEMES, SYNTAX_THEMES # Create some system settings Setting(name='blog-title', vartype='str', system=True).insert() Setting(name='blog-copyright', vartype='str', system=True).insert() Setting(name='blog-theme', vartype='str', system=True, value='impression').insert() Setting(name='posts-per-page', vartype='int', system=True, value=4).insert() Setting(name='bootstrap-theme', vartype='str', system=True, value='sandstone', allowed=json.dumps(THEMES)).insert() Setting(name='syntax-highlighting-theme', vartype='str', system=True, value='monokai.css', allowed=json.dumps(SYNTAX_THEMES)).insert() Setting(name='custom-front-page', vartype='str', system=True).insert() Setting(name='allowed-extensions', vartype='list', system=True, value="['txt', 'pdf', 'png', 'jpg', 'jpeg', 'gif', 'tiff']").insert() Setting(name='upload-directory', vartype='str', system=True, value='uploads/').insert() Setting(name='max-file-size', vartype='int', system=True, value=16777216).insert() safe_commit() flash("Initial Setup Complete", "success") return redirect(url_for('admin_controller.admin_settings')) return render('setup.html')
class impressionTestCase(unittest.TestCase): def setUp(self): app.config["CACHE_TYPE"] = "null" # Use memory DB app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///:memory:' app.config['TESTING'] = True self.app = app.test_client() # Create DB. db.drop_all() db.create_all() safe_commit() key = '{0:02X}'.format(randrange(36**50)) self.api_key = ApiKey(key=key, name='test-key') self.api_key.insert() self.s = TimestampSigner(key) hashed_password = generate_password_hash('password-123') # Create a user to update and delete later. self.user = User(name="Test User", email='*****@*****.**', admin=True, openid='', password=hashed_password) self.user.insert() # Available Themes themes = ['Stock Bootstrap 3', 'amelia', 'cerulean', 'cosmo', 'cyborg', 'darkly', 'flatly', 'lumen', 'readable', 'simplex', 'slate', 'spacelab', 'superhero', 'united', 'yeti'] syntax_themes = ['autumn.css', 'borland.css', 'bw.css', 'colorful.css', 'default.css', 'emacs.css', 'friendly.css', 'fruity.css', 'github.css', 'manni.css', 'monokai.css', 'murphy.css', 'native.css', 'pastie.css', 'perldoc.css', 'tango.css', 'trac.css', 'vim.css', 'vs.css', 'zenburn.css'] # Create some system settings Setting(name='blog-title', vartype='str', system=True).insert() Setting(name='blog-copyright', vartype='str', system=True).insert() Setting(name='cache-timeout', vartype='int', system=True, value=0).insert() Setting(name='posts-per-page', vartype='int', system=True, value=4).insert() Setting(name='bootstrap-theme', vartype='str', system=True, value='yeti', allowed=json.dumps(themes)).insert() Setting(name='syntax-highlighting-theme', vartype='str', system=True, value='monokai.css', allowed=json.dumps(syntax_themes)).insert() Setting(name='custom-front-page', vartype='str', system=True).insert() safe_commit() def tearDown(self): db.drop_all() db.session.commit() def test_upload(self): filename = 'test.txt' the_file = os.path.join(app.config['UPLOAD_FOLDER'], filename) if os.path.isfile(the_file): os.unlink(the_file) post_data = { 'file': (StringIO("This is a test file."), filename), 'name': 'Test File', 'user_id': self.user.id } rv = self.app.post('/upload_ajax', data=post_data, follow_redirects=True) self.assertEquals(rv.status_code, 200) data = json.loads(rv.data) self.assertEquals(data['messages'][0], 'The file was uploaded.') afile = File.get(data['id']) self.assertEquals(data['id'], afile.id) self.assertTrue(os.path.isfile(the_file)) # Delete the file we uploaded os.unlink(the_file) def test_content_create(self): api_key = self.s.sign(self.api_key.name) ''' CREATE ''' post_data = { 'title': 'This is a test page', 'body': 'Blah blah blah', 'type': 'post', 'published': 1, 'user_id': self.user.id } # Try to create the content with no API key rv = self.app.post('/content_create', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertFalse(data['success']) # Create the content. This should work fine. post_data['api_key'] = api_key rv = self.app.post('/content_create', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertTrue(data['success']) self.assertTrue(data['id']) self.assertIsNotNone(data['messages']) self.assertEquals(data['messages'][0], 'The content was created.') content_id = data['id'] # Make sure that we can grab the content from the DB. content = Content.get(content_id) self.assertIsNotNone(content) self.assertEquals(content.title, post_data['title']) # Try to create the same content again. This should fail. rv = self.app.post('/content_create', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertFalse(data['success']) self.assertIsNotNone(data['messages']) self.assertEquals(data['messages'][0], 'That post or page exists already.') # Clean up! content.delete() safe_commit() # Create the content. This should work fine. post_data['api_key'] = api_key post_data['type'] = 'page' rv = self.app.post('/content_create', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertTrue(data['success']) self.assertTrue(data['id']) self.assertIsNotNone(data['messages']) self.assertEquals(data['messages'][0], 'The content was created.') content_id = data['id'] # Make sure that we can grab the content from the DB. content = Content.get(content_id) self.assertIsNotNone(content) self.assertEquals(content.title, post_data['title']) # Try to create the same content again. This should fail. rv = self.app.post('/content_create', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertFalse(data['success']) self.assertIsNotNone(data['messages']) self.assertEquals(data['messages'][0], 'That post or page exists already.') # Clean up! content.delete() safe_commit() def test_content_retrieve(self): user_id = self.user.id ''' RETRIEVE ''' # Create some content using the model directly... content = Content(title="Test Content", published=True, type="post", body="blah blah blah", user_id=self.user.id) content.insert() content1 = content.to_dict() content2 = Content(title="Test Content 2", published=True, type="post", body="blah blah blah", user_id=self.user.id) content2.insert() content2 = content2.to_dict() content3 = Content(title="Test Content 3", published=True, type="post", body="blah blah blah", user_id=self.user.id) content3.insert() content3 = content3.to_dict() content4 = Content(title="Test Content 4", published=True, type="post", body="blah blah blah", user_id=self.user.id) content4.insert() content4 = content4.to_dict() safe_commit() post_data = { 'id': content.id } # retrieve the content. This should work fine. rv = self.app.post('/content_retrieve', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertTrue(data['success']) self.assertTrue(data['contents'][0]) self.assertIsNotNone(data['messages']) content = Content.get(data['contents'][0]['id']) self.assertEquals(content.title, data['contents'][0]['title']) self.assertEquals(content.body, data['contents'][0]['body']) self.assertEquals(user_id, data['contents'][0]['user_id']) post_data = { 'content_type': 'post', 'page_size': 3 } # retrieve the content. This should work fine. rv = self.app.post('/content_retrieve', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertTrue(data['success']) # There should be three posts. self.assertEquals(data['contents'][0]['title'], content4['title']) self.assertEquals(data['contents'][1]['title'], content3['title']) self.assertEquals(data['contents'][2]['title'], content2['title']) # And only three posts returned self.assertTrue(len(data['contents']) == 3) # Posts should be in the right order self.assertTrue(data['contents'][1]['published_on'] < data['contents'][0]['published_on']) self.assertIsNotNone(data['messages']) post_data = { 'content_type': 'post', 'current_page': 2, 'page_size': 3 } # retrieve the content. This should work fine. rv = self.app.post('/content_retrieve', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertTrue(data['success']) # There should be one post. self.assertEquals(data['contents'][0]['title'], content1['title']) # And only one post returned self.assertTrue(len(data['contents']) == 1) def test_user_create(self): api_key = self.s.sign(self.api_key.name) ''' CREATE ''' post_data = { 'name': 'Testy McTesterson', 'email': '*****@*****.**', 'password': '******', } # Try to create the user with no API key rv = self.app.post('/user_create', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertFalse(data['success']) # Create the user. This should work fine. post_data['api_key'] = api_key rv = self.app.post('/user_create', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertTrue(data['success']) self.assertTrue(data['id']) self.assertIsNotNone(data['messages']) self.assertEquals(data['messages'][0], 'The user was created.') user_id = data['id'] # Make sure that we can grab the user from the DB. user = User.get(user_id) self.assertIsNotNone(user) self.assertEquals(user.name, 'Testy McTesterson') # Try to create the same user again. This should fail. rv = self.app.post('/user_create', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertFalse(data['success']) self.assertIsNotNone(data['messages']) self.assertEquals(data['messages'][0], 'That user exists already.') # Clean up! user.delete() safe_commit() def test_user_retrieve(self): api_key = self.s.sign(self.api_key.name) ''' RETRIEVE ''' post_data = { 'id': self.user.id } # Try to retrieve the user with no API key rv = self.app.post('/user_retrieve', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertFalse(data['success']) # Retrieve the user. This should work fine. post_data['api_key'] = api_key rv = self.app.post('/user_retrieve', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertTrue(data['success']) self.assertTrue(data['user']) self.assertEquals(data['user']['name'], 'Test User') def test_user_update(self): api_key = self.s.sign(self.api_key.name) ''' UPDATE ''' post_data = { 'name': 'New Person', 'email': '*****@*****.**', 'password': '******', 'id': self.user.id } # Try to update the user with no API key rv = self.app.post('/user_update', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertFalse(data['success']) # update the user. This should work fine. post_data['api_key'] = api_key rv = self.app.post('/user_update', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertTrue(data['success']) self.assertTrue(data['user']) self.assertIsNotNone(data['messages']) self.assertEquals(data['messages'][0], 'The user was updated.') # Make sure that we can grab the user from the DB. user = User.get(self.user.id) self.assertIsNotNone(user) self.assertEquals(data['user']['name'], 'New Person') self.assertEquals(user.name, 'New Person') self.assertTrue(check_password_hash(user.password, 'newperson123')) @unittest.skip("Skipping this since the API is changing") def test_user_delete(self): api_key = self.s.sign(self.api_key.name) ''' DELETE ''' # Delete the user. post_data = { 'id': self.user.id } # Try to delete the user with no API key rv = self.app.post('/admin/users/delete', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertFalse(data['success']) # Removing should work now. post_data['api_key'] = api_key rv = self.app.post('/user_delete', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertTrue(data['success']) user = User.get(self.user.id) self.assertIsNone(user)
def admin_users_edit(user_id=''): user = User.get(user_id) return render_admin('user.html', user=user)
class impressionTestCase(unittest.TestCase): def setUp(self): impression.app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///test.db' impression.app.config['TESTING'] = True self.app = impression.app.test_client() # Drop and create DB. impression.db.drop_all(bind=[None]) impression.db.create_all(bind=[None]) key = '{0:02X}'.format(randrange(36**50)) self.api_key = ApiKey(key=key, name='test-key') self.api_key.insert() self.s = TimestampSigner(key) safe_commit() hashed_password = generate_password_hash('password-123') # Create a user to update and delete later. self.user = User(name="Test User", email='*****@*****.**', admin=True, openid='', password=hashed_password) self.user.insert() safe_commit() def tearDown(self): impression.db.drop_all(bind=[None]) def test_upload(self): filename = 'test.txt' post_data = { 'file': (StringIO("This is a test file."), filename), 'name': 'Test File', 'user_id': self.user.id } rv = self.app.post('/upload_ajax', data=post_data, follow_redirects=True) self.assertEquals(rv.status_code, 200) data = json.loads(rv.data) self.assertEquals(data['messages'][0], 'The file was uploaded.') afile = File.get(data['id']) self.assertEquals(data['id'], afile.id) the_file = os.path.join(impression.app.config['UPLOAD_FOLDER'], filename) self.assertTrue(os.path.isfile(the_file)) # Delete the file we uploaded os.unlink(the_file) def test_content_create(self): api_key = self.s.sign(self.api_key.name) ''' CREATE ''' post_data = { 'title': 'This is a test page', 'body': 'Blah blah blah', 'type': 'post', 'user_id': self.user.id } # Try to create the content with no API key rv = self.app.post('/content_create', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertFalse(data['success']) # Create the content. This should work fine. post_data['api_key'] = api_key rv = self.app.post('/content_create', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertTrue(data['success']) self.assertTrue(data['id']) self.assertIsNotNone(data['messages']) self.assertEquals(data['messages'][0], 'The content was created.') content_id = data['id'] # Make sure that we can grab the content from the DB. content = Content.get(content_id) self.assertIsNotNone(content) self.assertEquals(content.title, post_data['title']) # Try to create the same content again. This should fail. rv = self.app.post('/content_create', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertFalse(data['success']) self.assertIsNotNone(data['messages']) self.assertEquals(data['messages'][0], 'That post or page exists already.') # Clean up! content.delete() safe_commit() # Create the content. This should work fine. post_data['api_key'] = api_key post_data['type'] = 'page' rv = self.app.post('/content_create', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertTrue(data['success']) self.assertTrue(data['id']) self.assertIsNotNone(data['messages']) self.assertEquals(data['messages'][0], 'The content was created.') content_id = data['id'] # Make sure that we can grab the content from the DB. content = Content.get(content_id) self.assertIsNotNone(content) self.assertEquals(content.title, post_data['title']) # Try to create the same content again. This should fail. rv = self.app.post('/content_create', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertFalse(data['success']) self.assertIsNotNone(data['messages']) self.assertEquals(data['messages'][0], 'That post or page exists already.') # Clean up! content.delete() safe_commit() def test_content_retrieve(self): user_id = self.user.id ''' RETRIEVE ''' # Create some content using the model directly... content = Content(title="Test Content", published=True, type="post", body="blah blah blah", user_id=self.user.id) content.insert() content1 = content.to_dict() content2 = Content(title="Test Content 2", published=True, type="post", body="blah blah blah", user_id=self.user.id) content2.insert() content2 = content2.to_dict() content3 = Content(title="Test Content 3", published=True, type="post", body="blah blah blah", user_id=self.user.id) content3.insert() content3 = content3.to_dict() content4 = Content(title="Test Content 4", published=True, type="post", body="blah blah blah", user_id=self.user.id) content4.insert() content4 = content4.to_dict() safe_commit() post_data = { 'id': content.id } # retrieve the content. This should work fine. rv = self.app.post('/content_retrieve', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertTrue(data['success']) self.assertTrue(data['contents'][0]) self.assertIsNotNone(data['messages']) content = Content.get(data['contents'][0]['id']) self.assertEquals(content.title, data['contents'][0]['title']) self.assertEquals(content.body, data['contents'][0]['body']) self.assertEquals(user_id, data['contents'][0]['user_id']) post_data = { 'content_type': 'post', 'page_size': 3 } # retrieve the content. This should work fine. rv = self.app.post('/content_retrieve', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertTrue(data['success']) # There should be three posts. self.assertEquals(data['contents'][0]['title'], content4['title']) self.assertEquals(data['contents'][1]['title'], content3['title']) self.assertEquals(data['contents'][2]['title'], content2['title']) # And only three posts returned self.assertTrue(len(data['contents']) == 3) # Posts should be in the right order self.assertTrue(data['contents'][1]['published_on'] < data['contents'][0]['published_on']) self.assertIsNotNone(data['messages']) post_data = { 'content_type': 'post', 'current_page': 2, 'page_size': 3 } # retrieve the content. This should work fine. rv = self.app.post('/content_retrieve', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertTrue(data['success']) # There should be one post. self.assertEquals(data['contents'][0]['title'], content1['title']) # And only one post returned self.assertTrue(len(data['contents']) == 1) def test_user_create(self): api_key = self.s.sign(self.api_key.name) ''' CREATE ''' post_data = { 'name': 'Testy McTesterson', 'email': '*****@*****.**', 'password': '******', } # Try to create the user with no API key rv = self.app.post('/user_create', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertFalse(data['success']) # Create the user. This should work fine. post_data['api_key'] = api_key rv = self.app.post('/user_create', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertTrue(data['success']) self.assertTrue(data['id']) self.assertIsNotNone(data['messages']) self.assertEquals(data['messages'][0], 'The user was created.') user_id = data['id'] # Make sure that we can grab the user from the DB. user = User.get(user_id) self.assertIsNotNone(user) self.assertEquals(user.name, 'Testy McTesterson') # Try to create the same user again. This should fail. rv = self.app.post('/user_create', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertFalse(data['success']) self.assertIsNotNone(data['messages']) self.assertEquals(data['messages'][0], 'That user exists already.') # Clean up! user.delete() safe_commit() def test_user_retrieve(self): api_key = self.s.sign(self.api_key.name) ''' RETRIEVE ''' post_data = { 'id': self.user.id } # Try to retrieve the user with no API key rv = self.app.post('/user_retrieve', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertFalse(data['success']) # Retrieve the user. This should work fine. post_data['api_key'] = api_key rv = self.app.post('/user_retrieve', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertTrue(data['success']) self.assertTrue(data['user']) self.assertEquals(data['user']['name'], 'Test User') def test_user_update(self): api_key = self.s.sign(self.api_key.name) ''' UPDATE ''' post_data = { 'name': 'New Person', 'email': '*****@*****.**', 'password': '******', 'id': self.user.id } # Try to update the user with no API key rv = self.app.post('/user_update', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertFalse(data['success']) # update the user. This should work fine. post_data['api_key'] = api_key rv = self.app.post('/user_update', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertTrue(data['success']) self.assertTrue(data['user']) self.assertIsNotNone(data['messages']) self.assertEquals(data['messages'][0], 'The user was updated.') # Make sure that we can grab the user from the DB. user = User.get(self.user.id) self.assertIsNotNone(user) self.assertEquals(data['user']['name'], 'New Person') self.assertEquals(user.name, 'New Person') self.assertTrue(check_password_hash(user.password, 'newperson123')) def test_user_delete(self): api_key = self.s.sign(self.api_key.name) ''' DELETE ''' # Delete the user. post_data = { 'id': self.user.id } # Try to delete the user with no API key rv = self.app.post('/user_delete', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertFalse(data['success']) # Removing should work now. post_data['api_key'] = api_key rv = self.app.post('/user_delete', data=post_data, follow_redirects=True) data = json.loads(rv.data) self.assertTrue(data['success']) user = User.get(self.user.id) self.assertIsNone(user)