def test_get_close_db(app):
with app.app_context():
db = get_db()
assert db is get_db()
with pytest.raises(sqlite3.ProgrammingError) as e:
db.execute('SELECT 1')
assert 'closed' in str(e.value)
def app():
db_fd, db_path = tempfile.mkstemp()
app = create_app({
'TESTING': True,
'DATABASE': db_path,
})
with app.app_context():
init_db()
get_db().executescript(_data_sql)
yield app
os.close(db_fd)
os.unlink(db_path)
def login():
if request.method == "POST":
username = request.form.get("username")
password = request.form.get("password")
db = get_db()
error = None
#try to fetch the user
user = db.execute('SELECT * FROM users WHERE username = ?',
(username, )).fetchone()
if user is None:
error = "Username not found"
elif not check_password_hash(user["password"], password):
error = "Incorrect password"
if error is None:
session.clear()
session["user_id"] = user["id"]
return redirect(url_for("index"))
flash(error)
return render_template("auth/login.html")
def register():
if request.method == "POST":
#then get the variables from the post
username = request.form.get("username")
password = request.form.get("password")
db = get_db()
#error handling
error = None
if not username:
error = "Username required"
elif not password:
error = "Password required"
elif db.execute('SELECT id FROM users WHERE username = ?',
(username, )).fetchone() is not None:
error = "User {} is already registered.".format(username)
#if everything is fine, proceed
if error is None:
db.execute("INSERT INTO users (username, password) VALUES (?,?)",
(username, generate_password_hash(password)))
db.commit()
return redirect(url_for("auth.login"))
flash(error)
return render_template("auth/register.html")
def index():
db = get_db()
posts = db.execute(
'SELECT p.id, title, body, created, author_id, username'
' FROM posts p JOIN users u ON p.author_id = u.id'
' ORDER BY created DESC'
).fetchall()
return render_template('blog/index.html', posts=posts)
def test_delete(client, auth, app):
auth.login()
response = client.post('/1/delete')
assert response.headers['Location'] == 'http://localhost/'
with app.app_context():
db = get_db()
post = db.execute('SELECT * FROM posts WHERE id = 1').fetchone()
assert post is None
def test_update(client, auth, app):
auth.login()
assert client.get('/1/update').status_code == 200
client.post('/1/update', data={'title': 'updated', 'body': ''})
with app.app_context():
db = get_db()
post = db.execute('SELECT * FROM posts WHERE id = 1').fetchone()
assert post['title'] == 'updated'
def test_create(client, auth, app):
auth.login()
assert client.get('/create').status_code == 200
client.post('/create', data={'title': 'created', 'body': ''})
with app.app_context():
db = get_db()
count = db.execute('SELECT COUNT(id) FROM posts').fetchone()[0]
assert count == 2
def load_logged_in_user():
"""
- This function runs before the view function no matter what url is requested.
- It checks if user id is stored in the session and gets that user's data from the db
and stores it in g.user which lasts for the duration of the request.
"""
user_id = session.get("user_id")
if user_id is None:
g.user = None
else:
g.user = get_db().execute("SELECT * FROM users WHERE id = ?",
(user_id, )).fetchone()
def test_register(client, app):
assert client.get('/auth/register').status_code == 200
response = client.post('/auth/register',
data={
'username': '******',
'password': '******'
})
assert 'http://localhost/auth/login' == response.headers['Location']
with app.app_context():
assert get_db().execute("select * from users where username = '******'",
).fetchone() is not None
def test_author_required(app, client, auth):
# change the post author to another user
with app.app_context():
db = get_db()
db.execute('UPDATE posts SET author_id = 2 WHERE id = 1')
db.commit()
auth.login()
# current user can't modify other user's post
assert client.post('/1/update').status_code == 403
assert client.post('/1/delete').status_code == 403
# current user doesn't see edit link
assert b'href="/1/update"' not in client.get('/').data
def get_post(id, check_author=True):
post = get_db().execute(
'SELECT p.id, title, body, created, author_id, username'
' FROM posts p JOIN users u ON p.author_id = u.id'
' WHERE p.id = ?',
(id,)
).fetchone()
if post is None:
abort(404, "Post id {0} doesn't exist.".format(id))
if check_author and post['author_id'] != g.user['id']:
abort(403)
return post
def create():
if request.method == 'POST':
title = request.form['title']
body = request.form['body']
error = None
if not title:
error = 'Title is required.'
if error is not None:
flash(error)
else:
db = get_db()
db.execute(
'INSERT INTO posts (title, body, author_id)'
' VALUES (?, ?, ?)',
(title, body, g.user['id'])
)
db.commit()
return redirect(url_for('blog.index'))
return render_template('blog/create.html')
def update(id):
post = get_post(id)
if request.method == 'POST':
title = request.form['title']
body = request.form['body']
error = None
if not title:
error = 'Title is required.'
if error is not None:
flash(error)
else:
db = get_db()
db.execute(
'UPDATE posts SET title = ?, body = ?'
' WHERE id = ?',
(title, body, id)
)
db.commit()
return redirect(url_for('blog.index'))
return render_template('blog/update.html', post=post)
def delete(id):
get_post(id)
db = get_db()
db.execute('DELETE FROM post WHERE id = ?', (id,))
db.commit()
return redirect(url_for('blog.index'))