def test_retag_no_owner_remove(self):
config = CharSettings({'disallow-others-tag-removal'}, {}, {})
owner = db_utils.create_user(config=config)
tagger = db_utils.create_user()
s = db_utils.create_submission(owner, rating=ratings.GENERAL.code)
searchtag.associate(owner, {'orange'}, submitid=s)
self.assertEqual(
submission.select_view(owner, s, ratings.GENERAL.code)['tags'],
['orange'])
searchtag.associate(tagger, {'apple', 'tomato'}, submitid=s)
self.assertEqual(
submission.select_view(owner, s, ratings.GENERAL.code)['tags'],
['apple', 'orange', 'tomato'])
searchtag.associate(tagger, {'tomato'}, submitid=s)
self.assertEqual(
submission.select_view(owner, s, ratings.GENERAL.code)['tags'],
['orange', 'tomato'])
searchtag.associate(owner, {'kale'}, submitid=s)
self.assertEqual(
submission.select_view(owner, s, ratings.GENERAL.code)['tags'],
['kale'])
def test_reply_when_blocked(app):
user1 = db_utils.create_user(username='******')
user2 = db_utils.create_user(username='******')
session1 = db_utils.create_session(user1)
session2 = db_utils.create_session(user2)
app.post('/notes/compose', {
'recipient': 'user2',
'title': 'Title',
'content': 'Content',
}, headers={'Cookie': session1}, status=303)
app.post('/ignoreuser', {
'userid': str(user2),
'action': 'ignore',
}, headers={'Cookie': session1}, status=303)
def try_send(status):
app.post('/notes/compose', {
'recipient': 'user1',
'title': 'Title',
'content': 'Content',
}, headers={'Cookie': session2}, status=status)
try_send(422)
d.engine.execute("UPDATE profile SET config = config || 'z' WHERE userid = %(user)s", user=user1)
try_send(422)
def test_block_user_homepage(app):
"""
Assert that changes to blocked users apply to the home page immediately.
"""
submitting_user1 = db_utils.create_user()
submitting_user2 = db_utils.create_user()
viewing_user = db_utils.create_user()
db_utils.create_submission(submitting_user1, rating=ratings.GENERAL.code, subtype=1010)
db_utils.create_submission(submitting_user2, rating=ratings.GENERAL.code, subtype=1010)
cookie = db_utils.create_session(viewing_user)
resp = app.get('/', headers={'Cookie': cookie})
assert len(resp.html.select('#home-art .thumb')) == 2
app.post('/ignoreuser',
{'userid': str(submitting_user1), 'action': 'ignore'},
headers={'Cookie': cookie}, status=303)
resp = app.get('/', headers={'Cookie': cookie})
assert len(resp.html.select('#home-art .thumb')) == 1
app.post('/ignoreuser',
{'userid': str(submitting_user1), 'action': 'unignore'},
headers={'Cookie': cookie}, status=303)
resp = app.get('/', headers={'Cookie': cookie})
assert len(resp.html.select('#home-art .thumb')) == 2
def test_moderators_and_above_can_add_restricted_tags_successfully(monkeypatch):
"""
Moderators (and admins, technical, and directors) can add restricted tags to content.
Developers are not included in this test, as they are for all intents and purposes just
normal user accounts.
"""
userid_owner = db_utils.create_user()
mod_tag_adder = db_utils.create_user()
monkeypatch.setattr(staff, 'MODS', frozenset([mod_tag_adder]))
journalid = db_utils.create_journal(userid_owner)
charid = db_utils.create_character(userid_owner)
submitid = db_utils.create_submission(userid_owner)
restricted_tag = searchtag.parse_restricted_tags("pearl")
searchtag.edit_user_tag_restrictions(userid_owner, restricted_tag)
searchtag.associate(mod_tag_adder, tags, submitid=submitid)
searchtag.associate(mod_tag_adder, tags, charid=charid)
searchtag.associate(mod_tag_adder, tags, journalid=journalid)
# Verify that all tags were added successfully. 'pearl' is restricted.
submission_tags = searchtag.select(submitid=submitid)
assert tags == set(submission_tags)
character_tags = searchtag.select(charid=charid)
assert tags == set(character_tags)
journal_tags = searchtag.select(journalid=journalid)
assert tags == set(journal_tags)
def test_setting_alias_fails_if_target_alias_exists():
user_id = db_utils.create_user()
user_id_existing = db_utils.create_user()
d.engine.execute("INSERT INTO useralias VALUES (%(id)s, %(alias)s, 'p')", id=user_id_existing, alias="existingalias")
with pytest.raises(WeasylError) as err:
useralias.set(user_id, "existingalias")
assert 'usernameExists' == err.value.value
def test_retag_no_owner_remove(self):
config = CharSettings({'disallow-others-tag-removal'}, {}, {})
owner = db_utils.create_user(config=config)
tagger = db_utils.create_user()
s = db_utils.create_submission(owner, rating=ratings.GENERAL.code)
searchtag.associate(owner, {'orange'}, submitid=s)
self.assertEqual(
submission.select_view(owner, s, ratings.GENERAL.code)['tags'],
['orange'])
searchtag.associate(tagger, {'apple', 'tomato'}, submitid=s)
self.assertEqual(
submission.select_view(owner, s, ratings.GENERAL.code)['tags'],
['apple', 'orange', 'tomato'])
searchtag.associate(tagger, {'tomato'}, submitid=s)
self.assertEqual(
submission.select_view(owner, s, ratings.GENERAL.code)['tags'],
['orange', 'tomato'])
searchtag.associate(owner, {'kale'}, submitid=s)
self.assertEqual(
submission.select_view(owner, s, ratings.GENERAL.code)['tags'],
['kale'])
def test_recently_popular(self):
owner = db_utils.create_user()
now = arrow.now()
sub1 = db_utils.create_submission(owner,
rating=ratings.GENERAL.code,
unixtime=now -
datetime.timedelta(days=6))
sub2 = db_utils.create_submission(owner,
rating=ratings.GENERAL.code,
unixtime=now -
datetime.timedelta(days=4))
sub3 = db_utils.create_submission(owner,
rating=ratings.GENERAL.code,
unixtime=now -
datetime.timedelta(days=2))
sub4 = db_utils.create_submission(owner,
rating=ratings.GENERAL.code,
unixtime=now)
tag = db_utils.create_tag(u'tag')
for s in [sub1, sub2, sub3, sub4]:
db_utils.create_submission_tag(tag, s)
for i in range(100):
favoriter = db_utils.create_user()
db_utils.create_favorite(favoriter, submitid=sub2, unixtime=now)
recently_popular = submission.select_recently_popular()
self.assertEqual([item['submitid'] for item in recently_popular],
[sub2, sub4, sub3, sub1])
def test_friends_only(self):
user1 = db_utils.create_user()
user2 = db_utils.create_user()
db_utils.create_submission(user1, rating=ratings.GENERAL.code, settings=CharSettings({'friends-only'}, {}, {}))
# poster can view their submission
self.assertEqual(
1, len(submission.select_list(user1, ratings.GENERAL.code, 10)))
# but a non-friend or a non-logged in user cannot
self.assertEqual(
0, len(submission.select_list(None, ratings.GENERAL.code, 10)))
self.assertEqual(
0, len(submission.select_list(user2, ratings.GENERAL.code, 10)))
# user with a pending friendship cannot view
db_utils.create_friendship(user1, user2, settings=CharSettings({'pending'}, {}, {}))
self.assertEqual(
0, len(submission.select_list(user2, ratings.GENERAL.code, 10)))
# but a friend can
d.sessionmaker().query(users.Friendship).delete()
db_utils.create_friendship(user1, user2)
self.assertEqual(
1, len(submission.select_list(user2, ratings.GENERAL.code, 10)))
def test_passwordInsecure_WeasylError_if_password_length_insufficient():
db_utils.create_user(email_addr=email_addr, username=user_name)
password = ''
form = Bag(email=email_addr,
username=user_name,
day=arrow.now().day,
month=arrow.now().month,
year=arrow.now().year,
token=token,
password=password,
passcheck=password)
# Considered insecure...
for i in range(0, login._PASSWORD):
with pytest.raises(WeasylError) as err:
resetpassword.reset(form)
assert 'passwordInsecure' == err.value.value
password += 'a'
form.password = password
form.passcheck = password
# Considered secure...
password += 'a'
form.password = password
form.passcheck = password
# Success at WeasylError/forgotpasswordRecordMissing; we didn't make one yet
with pytest.raises(WeasylError) as err:
resetpassword.reset(form)
assert 'forgotpasswordRecordMissing' == err.value.value
def test_edit_global_tag_restrictions_when_user_is_not_a_director_fails(monkeypatch):
normal_user_id = db_utils.create_user()
developer_user_id = db_utils.create_user()
mod_user_id = db_utils.create_user()
admin_user_id = db_utils.create_user()
technical_user_id = db_utils.create_user()
monkeypatch.setattr(staff, 'DEVELOPERS', frozenset([developer_user_id]))
monkeypatch.setattr(staff, 'MODS', frozenset([mod_user_id]))
monkeypatch.setattr(staff, 'ADMINS', frozenset([admin_user_id]))
monkeypatch.setattr(staff, 'TECHNICAL', frozenset([technical_user_id]))
# Function under test; users and staff (except director) should error
with pytest.raises(WeasylError) as err:
searchtag.edit_global_tag_restrictions(normal_user_id, combined_tags)
assert 'InsufficientPermissions' == err.value.value
with pytest.raises(WeasylError) as err:
searchtag.edit_global_tag_restrictions(developer_user_id, combined_tags)
assert 'InsufficientPermissions' == err.value.value
with pytest.raises(WeasylError) as err:
searchtag.edit_global_tag_restrictions(mod_user_id, combined_tags)
assert 'InsufficientPermissions' == err.value.value
with pytest.raises(WeasylError) as err:
searchtag.edit_global_tag_restrictions(admin_user_id, combined_tags)
assert 'InsufficientPermissions' == err.value.value
with pytest.raises(WeasylError) as err:
searchtag.edit_global_tag_restrictions(technical_user_id, combined_tags)
assert 'InsufficientPermissions' == err.value.value
def test_blocked_tag(self):
user1 = db_utils.create_user()
user2 = db_utils.create_user()
# submission s1 has a walrus in it, but user2 does not like walruses
s1 = db_utils.create_submission(user1, rating=ratings.GENERAL.code)
tag1 = db_utils.create_tag("walrus")
db_utils.create_submission_tag(tag1, s1)
db_utils.create_blocktag(user2, tag1, ratings.GENERAL.code)
self.assertEqual(
0, len(submission.select_list(user2, ratings.GENERAL.code, 10)))
# submission s2 has a penguin in it. user2 does not want to see penguins in
# adult circumstances, but s2 is general, so visibility is OK
s2 = db_utils.create_submission(user1, rating=ratings.GENERAL.code)
tag2 = db_utils.create_tag("penguin")
db_utils.create_submission_tag(tag2, s2)
db_utils.create_blocktag(user2, tag2, ratings.EXPLICIT.code)
self.assertEqual(
1, len(submission.select_list(user2, ratings.EXPLICIT.code, 10)))
# submission s3 has penguins on it in adult situations, but User2
# is okay with that if it's one of User2's own submissions.
s3 = db_utils.create_submission(user2, rating=ratings.EXPLICIT.code)
db_utils.create_submission_tag(tag2, s3)
self.assertEqual(
2, len(submission.select_list(user2, ratings.EXPLICIT.code, 10)))
def test_friends_only(self):
user1 = db_utils.create_user()
user2 = db_utils.create_user()
db_utils.create_submission(user1,
rating=ratings.GENERAL.code,
settings=CharSettings({'friends-only'}, {},
{}))
# poster can view their submission
self.assertEqual(
1, len(submission.select_list(user1, ratings.GENERAL.code, 10)))
# but a non-friend or a non-logged in user cannot
self.assertEqual(
0, len(submission.select_list(None, ratings.GENERAL.code, 10)))
self.assertEqual(
0, len(submission.select_list(user2, ratings.GENERAL.code, 10)))
# user with a pending friendship cannot view
db_utils.create_friendship(user1,
user2,
settings=CharSettings({'pending'}, {}, {}))
self.assertEqual(
0, len(submission.select_list(user2, ratings.GENERAL.code, 10)))
# but a friend can
d.sessionmaker().query(users.Friendship).delete()
db_utils.create_friendship(user1, user2)
self.assertEqual(
1, len(submission.select_list(user2, ratings.GENERAL.code, 10)))
def test_reply_to_restricted_notes(app):
user1 = db_utils.create_user(username='******')
user2 = db_utils.create_user(username='******')
session1 = db_utils.create_session(user1)
session2 = db_utils.create_session(user2)
d.engine.execute(
"UPDATE profile SET config = config || 'z' WHERE userid = %(user)s",
user=user1)
def try_send(status):
app.post('/notes/compose', {
'recipient': 'user1',
'title': 'Title',
'content': 'Content',
},
headers={'Cookie': session2},
status=status)
try_send(422)
app.post('/notes/compose', {
'recipient': 'user2',
'title': 'Title',
'content': 'Content',
},
headers={'Cookie': session1},
status=303)
try_send(303)
def test_attempt_setting_tags_when_some_tags_have_been_restricted():
"""
Verify that tags are excluded from being added to a submission's tags if the tag is restricted
"""
userid_owner = db_utils.create_user()
userid_tag_adder = db_utils.create_user()
journalid = db_utils.create_journal(userid_owner)
charid = db_utils.create_character(userid_owner)
submitid = db_utils.create_submission(userid_owner)
restricted_tag = searchtag.parse_restricted_tags("pearl")
searchtag.edit_user_tag_restrictions(userid_owner, restricted_tag)
searchtag.associate(userid_tag_adder, tags, submitid=submitid)
searchtag.associate(userid_tag_adder, tags, charid=charid)
searchtag.associate(userid_tag_adder, tags, journalid=journalid)
# Verify that the "pearl" tag was not added
submission_tags = searchtag.select(submitid=submitid)
assert tags_two == set(submission_tags)
character_tags = searchtag.select(charid=charid)
assert tags_two == set(character_tags)
journal_tags = searchtag.select(journalid=journalid)
assert tags_two == set(journal_tags)
def test_search_blocked_tags(db, rating, block_rating):
owner = db_utils.create_user()
viewer = db_utils.create_user()
allowed_tag = db_utils.create_tag('walrus')
blocked_tag = db_utils.create_tag('penguin')
db_utils.create_blocktag(viewer, blocked_tag, block_rating.code)
s1 = db_utils.create_submission(owner, rating=rating.code)
db_utils.create_submission_tag(allowed_tag, s1)
db_utils.create_submission_tag(blocked_tag, s1)
s2 = db_utils.create_submission(owner, rating=rating.code)
db_utils.create_submission_tag(allowed_tag, s2)
s3 = db_utils.create_submission(owner, rating=rating.code)
db_utils.create_submission_tag(blocked_tag, s3)
def check(term, n_results):
results, _, _ = search.select(
search=search.Query.parse(term, 'submit'),
userid=viewer, rating=ratings.EXPLICIT.code, limit=100,
cat=None, subcat=None, within='', backid=None, nextid=None)
assert len(results) == n_results
if rating < block_rating:
check(u'walrus', 2)
check(u'penguin', 2)
else:
check(u'walrus', 1)
check(u'penguin', 0)
def test_blocked_tag(self):
user1 = db_utils.create_user()
user2 = db_utils.create_user()
# submission s1 has a walrus in it, but user2 does not like walruses
s1 = db_utils.create_submission(user1, rating=ratings.GENERAL.code)
tag1 = db_utils.create_tag("walrus")
db_utils.create_submission_tag(tag1, s1)
db_utils.create_blocktag(user2, tag1, ratings.GENERAL.code)
self.assertEqual(
0, len(submission.select_list(user2, ratings.GENERAL.code, 10)))
# submission s2 has a penguin in it. user2 does not want to see penguins in
# adult circumstances, but s2 is general, so visibility is OK
s2 = db_utils.create_submission(user1, rating=ratings.GENERAL.code)
tag2 = db_utils.create_tag("penguin")
db_utils.create_submission_tag(tag2, s2)
db_utils.create_blocktag(user2, tag2, ratings.EXPLICIT.code)
self.assertEqual(
1, len(submission.select_list(user2, ratings.EXPLICIT.code, 10)))
# submission s3 has penguins on it in adult situations, but User2
# is okay with that if it's one of User2's own submissions.
s3 = db_utils.create_submission(user2, rating=ratings.EXPLICIT.code)
db_utils.create_submission_tag(tag2, s3)
self.assertEqual(
2, len(submission.select_list(user2, ratings.EXPLICIT.code, 10)))
def test_login_fails_for_incorrect_credentials():
random_password = "******"
db_utils.create_user(password=random_password, username=user_name)
another_random_password = "******"
result = login.authenticate_bcrypt(username=user_name,
password=another_random_password)
assert result == (0, 'invalid')
def test_blacklist_homepage(app):
"""
Assert that changes to the blacklist apply to the home page immediately.
"""
submitting_user = db_utils.create_user()
viewing_user = db_utils.create_user()
tag1 = db_utils.create_tag('walrus')
tag2 = db_utils.create_tag('penguin')
s1 = db_utils.create_submission(submitting_user, rating=ratings.GENERAL.code, subtype=1010)
db_utils.create_submission_tag(tag1, s1)
s2 = db_utils.create_submission(submitting_user, rating=ratings.GENERAL.code, subtype=1010)
db_utils.create_submission_tag(tag2, s2)
cookie = db_utils.create_session(viewing_user)
resp = app.get('/', headers={'Cookie': cookie})
assert len(resp.html.select('#home-art .thumb')) == 2
app.post('/manage/tagfilters',
{'title': 'walrus', 'rating': str(ratings.GENERAL.code), 'do': 'create'},
headers={'Cookie': cookie}, status=303)
resp = app.get('/', headers={'Cookie': cookie})
assert len(resp.html.select('#home-art .thumb')) == 1
app.post('/manage/tagfilters',
{'title': 'walrus', 'rating': str(ratings.GENERAL.code), 'do': 'remove'},
headers={'Cookie': cookie}, status=303)
resp = app.get('/', headers={'Cookie': cookie})
assert len(resp.html.select('#home-art .thumb')) == 2
def test_edit_global_tag_restrictions_when_user_is_not_a_director_fails(
monkeypatch):
normal_user_id = db_utils.create_user()
developer_user_id = db_utils.create_user()
mod_user_id = db_utils.create_user()
admin_user_id = db_utils.create_user()
technical_user_id = db_utils.create_user()
monkeypatch.setattr(staff, 'DEVELOPERS', frozenset([developer_user_id]))
monkeypatch.setattr(staff, 'MODS', frozenset([mod_user_id]))
monkeypatch.setattr(staff, 'ADMINS', frozenset([admin_user_id]))
monkeypatch.setattr(staff, 'TECHNICAL', frozenset([technical_user_id]))
# Function under test; users and staff (except director) should error
with pytest.raises(WeasylError) as err:
searchtag.edit_global_tag_restrictions(normal_user_id, combined_tags)
assert 'InsufficientPermissions' == err.value.value
with pytest.raises(WeasylError) as err:
searchtag.edit_global_tag_restrictions(developer_user_id,
combined_tags)
assert 'InsufficientPermissions' == err.value.value
with pytest.raises(WeasylError) as err:
searchtag.edit_global_tag_restrictions(mod_user_id, combined_tags)
assert 'InsufficientPermissions' == err.value.value
with pytest.raises(WeasylError) as err:
searchtag.edit_global_tag_restrictions(admin_user_id, combined_tags)
assert 'InsufficientPermissions' == err.value.value
with pytest.raises(WeasylError) as err:
searchtag.edit_global_tag_restrictions(technical_user_id,
combined_tags)
assert 'InsufficientPermissions' == err.value.value
def test_passwordMismatch_WeasylError_if_supplied_passwords_dont_match():
db_utils.create_user(email_addr=email_addr, username=user_name)
form = Bag(email=email_addr, username=user_name, day=arrow.now().day,
month=arrow.now().month, year=arrow.now().year, token=token,
password='******', passcheck='asd')
with pytest.raises(WeasylError) as err:
resetpassword.reset(form)
assert 'passwordMismatch' == err.value.value
def test_usernames_must_be_unique():
db_utils.create_user(username=user_name, email_addr="*****@*****.**")
form = Bag(username=user_name, password='******', passcheck='0123456789',
email=email_addr, emailcheck=email_addr,
day='12', month='12', year=arrow.now().year - 19)
with pytest.raises(WeasylError) as err:
login.create(form)
assert 'usernameExists' == err.value.value
def setUp(self):
self.user1 = db_utils.create_user()
self.user2 = db_utils.create_user()
self.friend1 = db_utils.create_user()
db_utils.create_friendship(self.user1, self.friend1)
self.count = 20
self.pivot = 5
s = db_utils.create_characters(self.count, self.user1, ratings.GENERAL.code)
self.pivotid = s[self.pivot]
def test_setting_alias_fails_if_target_alias_exists():
user_id = db_utils.create_user()
user_id_existing = db_utils.create_user()
d.engine.execute("INSERT INTO useralias VALUES (%(id)s, %(alias)s, 'p')",
id=user_id_existing,
alias="existingalias")
with pytest.raises(WeasylError) as err:
useralias.set(user_id, "existingalias")
assert 'usernameExists' == err.value.value
def setUp(self):
self.user1 = db_utils.create_user()
self.user2 = db_utils.create_user()
self.friend1 = db_utils.create_user()
db_utils.create_friendship(self.user1, self.friend1)
self.count = 20
self.pivot = 5
s = db_utils.create_journals(self.count, self.user1, ratings.GENERAL.code)
self.pivotid = s[self.pivot]
def test_forgotpasswordRecordMissing_WeasylError_if_reset_record_not_found():
db_utils.create_user(email_addr=email_addr, username=user_name)
password = '******'
form = Bag(email=email_addr, username=user_name, day=arrow.now().day,
month=arrow.now().month, year=arrow.now().year, token=token,
password=password, passcheck=password)
# Technically we did this in the above test, but for completeness, target it alone
with pytest.raises(WeasylError) as err:
resetpassword.reset(form)
assert 'forgotpasswordRecordMissing' == err.value.value
def test_content_view_twice(db, create_func, model, feature):
"""
Two users viewing the same content increments the view count twice.
"""
user1 = db_utils.create_user()
user2 = db_utils.create_user()
thing = create_func()
assert d.common_view_content(user1, thing, feature)
assert d.common_view_content(user2, thing, feature)
assert db.query(model).get(thing).page_views == 2
def test_content_view_twice(db, create_func, model, feature):
"""
Two users viewing the same content increments the view count twice.
"""
user1 = db_utils.create_user()
user2 = db_utils.create_user()
thing = create_func()
assert d.common_view_content(user1, thing, feature)
assert d.common_view_content(user2, thing, feature)
assert db.query(model).get(thing).page_views == 2
def test_email_must_match_email_stored_in_DB():
user_name = "test"
email_addr = "*****@*****.**"
db_utils.create_user(email_addr=email_addr, username=user_name)
email_addr = "*****@*****.**"
form = Bag(email=email_addr, username=user_name, day=arrow.now().day,
month=arrow.now().month, year=arrow.now().year)
with pytest.raises(WeasylError) as err:
resetpassword.request(form)
assert 'emailInvalid' == err.value.value
def test_insert_ignores(self):
user1 = db_utils.create_user()
user2 = db_utils.create_user()
# user1 ignores user2
db_utils.create_ignoreuser(user1, user2)
# attempts to follow in either direction throw a WeasylError
self.assertRaises(WeasylError, followuser.insert, user1, user2)
self.assertRaises(WeasylError, followuser.insert, user2, user1)
self.assertFalse(profile.select_relation(user1, user2)["follow"])
self.assertFalse(profile.select_relation(user2, user1)["follower"])
def test_insert_ignores(self):
user1 = db_utils.create_user()
user2 = db_utils.create_user()
# user1 ignores user2
db_utils.create_ignoreuser(user1, user2)
# attempts to follow in either direction throw a WeasylError
self.assertRaises(WeasylError, followuser.insert, user1, user2)
self.assertRaises(WeasylError, followuser.insert, user2, user1)
self.assertFalse(profile.select_relation(user1, user2)["follow"])
self.assertFalse(profile.select_relation(user2, user1)["follower"])
def setUp(self):
self.user1 = db_utils.create_user()
self.user2 = db_utils.create_user()
self.count = 20
self.pivot = 5
s = db_utils.create_submissions(self.count, self.user1, ratings.GENERAL.code)
self.pivotid = s[self.pivot]
f = []
time = 100
for submitid in s:
time = time + 1
f.append(db_utils.create_favorite(self.user2, submitid, 's', unixtime=arrow.get(time)))
def test_mutual_follow(self):
user1 = db_utils.create_user()
user2 = db_utils.create_user()
# user1 watches user2
followuser.insert(user1, user2)
# user2 watches user1
followuser.insert(user2, user1)
self.assertTrue(profile.select_relation(user1, user2)["follow"])
self.assertTrue(profile.select_relation(user2, user1)["follower"])
self.assertTrue(profile.select_relation(user2, user1)["follow"])
self.assertTrue(profile.select_relation(user1, user2)["follower"])
def test_mutual_follow(self):
user1 = db_utils.create_user()
user2 = db_utils.create_user()
# user1 watches user2
followuser.insert(user1, user2)
# user2 watches user1
followuser.insert(user2, user1)
self.assertTrue(profile.select_relation(user1, user2)["follow"])
self.assertTrue(profile.select_relation(user2, user1)["follower"])
self.assertTrue(profile.select_relation(user2, user1)["follow"])
self.assertTrue(profile.select_relation(user1, user2)["follower"])
def test_usernames_must_be_unique():
db_utils.create_user(username=user_name, email_addr="*****@*****.**")
form = Bag(username=user_name,
password='******',
passcheck='0123456789',
email=email_addr,
emailcheck=email_addr,
day='12',
month='12',
year=arrow.now().year - 19)
with pytest.raises(WeasylError) as err:
login.create(form)
assert 'usernameExists' == err.value.value
def test_insert_s_only(self, followuser_insert, followuser_remove, get_config):
user1 = db_utils.create_user()
user2 = db_utils.create_user()
get_config.side_effect = lambda userid: "s"
# user1 watches user2
followuser.insert(user1, user2)
self.assertTrue(profile.select_relation(user1, user2)["follow"])
self.assertTrue(profile.select_relation(user2, user1)["follower"])
self.assertEqual(1, d.sessionmaker().query(orm.Follow).count())
followuser_remove.assert_called_once_with(user1, user2)
followuser_insert.assert_called_once_with(user1, user2)
self.assertEqual("s", d.sessionmaker().query(orm.Follow).first().settings)
def test_create_notifications(app, monkeypatch):
admin_user = db_utils.create_user()
normal_user = db_utils.create_user()
admin_cookie = db_utils.create_session(admin_user)
monkeypatch.setattr(staff, 'ADMINS', frozenset([admin_user]))
resp = app.post('/admincontrol/siteupdate', _FORM, headers={'Cookie': admin_cookie}).follow()
assert resp.html.find(None, 'content').h3.string == _FORM['title']
normal_cookie = db_utils.create_session(normal_user)
resp = app.get('/messages/notifications', headers={'Cookie': normal_cookie})
assert list(resp.html.find(id='header-messages').find(title='Notifications').stripped_strings)[1] == '1'
assert resp.html.find(id='site_updates').find(None, 'item').a.string == _FORM['title']
def test_email_must_match_email_stored_in_DB():
user_name = "test"
email_addr = "*****@*****.**"
db_utils.create_user(email_addr=email_addr, username=user_name)
email_addr = "*****@*****.**"
form = Bag(email=email_addr,
username=user_name,
day=arrow.now().day,
month=arrow.now().month,
year=arrow.now().year)
with pytest.raises(WeasylError) as err:
resetpassword.request(form)
assert 'emailInvalid' == err.value.value
def test_create_fails_if_another_account_has_email_linked_to_their_account():
"""
Test checks to see if an email is tied to an active user account. If so,
login.create() will not permit another account to be made for the same
address.
"""
db_utils.create_user(username=user_name, email_addr=email_addr)
form = Bag(username=user_name, password='******', passcheck='0123456789',
email=email_addr, emailcheck=email_addr,
day='12', month='12', year=arrow.now().year - 19)
with pytest.raises(WeasylError) as err:
login.create(form)
assert 'emailExists' == err.value.value
def test_passwordMismatch_WeasylError_if_supplied_passwords_dont_match():
db_utils.create_user(email_addr=email_addr, username=user_name)
form = Bag(email=email_addr,
username=user_name,
day=arrow.now().day,
month=arrow.now().month,
year=arrow.now().year,
token=token,
password='******',
passcheck='asd')
with pytest.raises(WeasylError) as err:
resetpassword.reset(form)
assert 'passwordMismatch' == err.value.value
def test_create_notifications(app, monkeypatch):
admin_user = db_utils.create_user()
normal_user = db_utils.create_user()
admin_cookie = db_utils.create_session(admin_user)
monkeypatch.setattr(staff, 'ADMINS', frozenset([admin_user]))
resp = app.post('/admincontrol/siteupdate', _FORM, headers={'Cookie': admin_cookie}).follow()
assert resp.html.find(None, 'content').h3.string == _FORM['title']
normal_cookie = db_utils.create_session(normal_user)
resp = app.get('/messages/notifications', headers={'Cookie': normal_cookie})
assert list(resp.html.find(id='header-messages').find(title='Notifications').stripped_strings)[1] == '1'
assert resp.html.find(id='site_updates').find(None, 'item').a.string == _FORM['title']
def test_ignored_user(self):
user1 = db_utils.create_user()
user2 = db_utils.create_user()
db_utils.create_submission(user1, rating=ratings.GENERAL.code)
# can view the submission
self.assertEqual(
1, len(submission.select_list(user2, ratings.GENERAL.code, 10)))
# user2 blocks user1
db_utils.create_ignoreuser(user2, user1)
# user2 can no longer view the submission
self.assertEqual(
0, len(submission.select_list(user2, ratings.GENERAL.code, 10)))
# but a non-logged in user can
self.assertEqual(
1, len(submission.select_list(None, ratings.GENERAL.code, 10)))
def test_ignored_user(self):
user1 = db_utils.create_user()
user2 = db_utils.create_user()
db_utils.create_submission(user1, rating=ratings.GENERAL.code)
# can view the submission
self.assertEqual(
1, len(submission.select_list(user2, ratings.GENERAL.code, 10)))
# user2 blocks user1
db_utils.create_ignoreuser(user2, user1)
# user2 can no longer view the submission
self.assertEqual(
0, len(submission.select_list(user2, ratings.GENERAL.code, 10)))
# but a non-logged in user can
self.assertEqual(
1, len(submission.select_list(None, ratings.GENERAL.code, 10)))
def test_forgotpasswordRecordMissing_WeasylError_if_reset_record_not_found():
db_utils.create_user(email_addr=email_addr, username=user_name)
password = '******'
form = Bag(email=email_addr,
username=user_name,
day=arrow.now().day,
month=arrow.now().month,
year=arrow.now().year,
token=token,
password=password,
passcheck=password)
# Technically we did this in the above test, but for completeness, target it alone
with pytest.raises(WeasylError) as err:
resetpassword.reset(form)
assert 'forgotpasswordRecordMissing' == err.value.value
def test_create_fails_if_another_account_has_email_linked_to_their_account():
"""
Test checks to see if an email is tied to an active user account. If so,
login.create() will not permit another account to be made for the same
address.
"""
db_utils.create_user(username=user_name, email_addr=email_addr)
form = Bag(username="******", password='******', passcheck='0123456789',
email=email_addr, emailcheck=email_addr,
day='12', month='12', year=arrow.now().year - 19)
login.create(form)
query = d.engine.scalar("""
SELECT username FROM logincreate WHERE username = %(username)s AND invalid IS TRUE
""", username=form.username)
assert query == "user"
def test_insert_s_only(self, followuser_insert, followuser_remove,
get_config):
user1 = db_utils.create_user()
user2 = db_utils.create_user()
get_config.side_effect = lambda userid: "s"
# user1 watches user2
followuser.insert(user1, user2)
self.assertTrue(profile.select_relation(user1, user2)["follow"])
self.assertTrue(profile.select_relation(user2, user1)["follower"])
self.assertEqual(1, d.sessionmaker().query(orm.Follow).count())
followuser_remove.assert_called_once_with(user1, user2)
followuser_insert.assert_called_once_with(user1, user2)
self.assertEqual("s",
d.sessionmaker().query(orm.Follow).first().settings)
def test_filters(self):
# Test filters of the following:
# userid, folderid, category, hidden
user1 = db_utils.create_user()
user2 = db_utils.create_user()
folder = db_utils.create_folder(user1)
db_utils.create_submission(user1, rating=ratings.GENERAL.code, folderid=folder)
db_utils.create_submission(user1, rating=ratings.GENERAL.code, subtype=1010)
db_utils.create_submission(user1, rating=ratings.GENERAL.code, settings=CharSettings({'hidden'}, {}, {}))
db_utils.create_submission(user2, rating=ratings.GENERAL.code)
self.assertEqual(3, len(submission.select_list(user1, ratings.EXPLICIT.code, 10)))
self.assertEqual(1, len(submission.select_list(user1, ratings.EXPLICIT.code, 10, otherid=user2)))
self.assertEqual(1, len(submission.select_list(user1, ratings.EXPLICIT.code, 10, folderid=folder)))
self.assertEqual(1, len(submission.select_list(user1, ratings.EXPLICIT.code, 10, subcat=1010)))
def test_filters(self):
# Test filters of the following:
# userid, folderid, category, hidden
user1 = db_utils.create_user()
user2 = db_utils.create_user()
folder = db_utils.create_folder(user1)
db_utils.create_submission(user1, rating=ratings.GENERAL.code, folderid=folder)
db_utils.create_submission(user1, rating=ratings.GENERAL.code, subtype=1010)
db_utils.create_submission(user1, rating=ratings.GENERAL.code, settings=CharSettings({'hidden'}, {}, {}))
db_utils.create_submission(user2, rating=ratings.GENERAL.code)
self.assertEqual(3, len(submission.select_list(user1, ratings.EXPLICIT.code, 10)))
self.assertEqual(1, len(submission.select_list(user1, ratings.EXPLICIT.code, 10, otherid=user2)))
self.assertEqual(1, len(submission.select_list(user1, ratings.EXPLICIT.code, 10, folderid=folder)))
self.assertEqual(1, len(submission.select_list(user1, ratings.EXPLICIT.code, 10, subcat=1010)))
def test_remove(self, followuser_remove):
user1 = db_utils.create_user()
user2 = db_utils.create_user()
# user1 watches user2
followuser.insert(user1, user2)
self.assertEqual(1, d.sessionmaker().query(orm.Follow).count())
followuser_remove.reset_mock()
# user1 changed their mind
followuser.remove(user1, user2)
self.assertFalse(profile.select_relation(user1, user2)["follow"])
self.assertFalse(profile.select_relation(user2, user1)["follower"])
self.assertEqual(0, d.sessionmaker().query(orm.Follow).count())
followuser_remove.assert_called_once_with(user1, user2)
def test_update(self):
user1 = db_utils.create_user()
user2 = db_utils.create_user()
# user1 watches user2
followuser.insert(user1, user2)
# user1 updates watch settings
followuser.update(user1, user2, followuser.WatchSettings.from_code("cf"))
self.assertEqual("cf", d.sessionmaker().query(orm.Follow).first().settings)
# again
followuser.update(user1, user2, followuser.WatchSettings.from_code("st"))
self.assertTrue(profile.select_relation(user1, user2)["follow"])
self.assertTrue(profile.select_relation(user2, user1)["follower"])
self.assertEqual("st", d.sessionmaker().query(orm.Follow).first().settings)
def test_commish_search(args, result_order):
# searcher
u1 = db_utils.create_user(username="******")
# user open for commissions
create_commish_searchable_user("u2", submittime=arrow.now())
# user sometimes open for commissions (should behave same as above)
create_commish_searchable_user("u3", commish_status='s',
submittime=arrow.now() - datetime.timedelta(days=1))
# user open for commissions, with blacklisted tags
u4 = create_commish_searchable_user("u4", submittime=arrow.now() - datetime.timedelta(days=2))
searchtag.associate(u4, optout_tags_userid=u4, tags={'cat'})
# user with a different commish class and a preference tag
u5 = create_commish_searchable_user("u5", commishclass="sketch",
submittime=arrow.now() - datetime.timedelta(days=3))
searchtag.associate(u5, preferred_tags_userid=u5, tags={'cat'})
# user with a different price
create_commish_searchable_user("u6", minprice="100.0", maxprice="100.0",
submittime=arrow.now() - datetime.timedelta(days=4))
results = commishinfo.select_commissionable(userid=u1,
limit=10,
offset=0,
**args)
rids = [r['username'] for r in results]
assert rids == result_order
def test_viewing_own_profile(db):
"""
Viewing one's own profile does not increment the view count.
"""
user = db_utils.create_user()
assert not d.common_view_content(user, user, 'profile')
assert db.query(users.Profile).get(user).page_views == 0
def test_submission_search(db, term, n_results):
user = db_utils.create_user()
tag1 = db_utils.create_tag('walrus')
tag2 = db_utils.create_tag('penguin')
s1 = db_utils.create_submission(user, rating=ratings.GENERAL.code)
db_utils.create_submission_tag(tag1, s1)
db_utils.create_submission_tag(tag2, s1)
s2 = db_utils.create_submission(user, rating=ratings.EXPLICIT.code)
db_utils.create_submission_tag(tag1, s2)
s3 = db_utils.create_submission(user, rating=ratings.GENERAL.code)
db_utils.create_submission_tag(tag2, s3)
s4 = db_utils.create_submission(user, rating=ratings.GENERAL.code)
db_utils.create_submission_tag(tag2, s4)
results, _, _ = search.select(search=search.Query.parse(term, 'submit'),
userid=user,
rating=ratings.EXPLICIT.code,
limit=100,
cat=None,
subcat=None,
within='',
backid=None,
nextid=None)
assert len(results) == n_results
def test_login_fails_for_invalid_auth_and_logs_failure_if_mod_account(
tmpdir, monkeypatch):
# Required: Monkeypatch the log directory, and the staff.MODS frozenset
monkeypatch.setenv(macro.MACRO_SYS_LOG_PATH, tmpdir + "/")
log_path = '%s%s.%s.log' % (macro.MACRO_SYS_LOG_PATH, 'login.fail',
d.get_timestamp())
user_id = db_utils.create_user(username='******', password=raw_password)
# Set the moderators in libweasyl/staff.py via monkeypatch
monkeypatch.setattr(staff, 'MODS', frozenset([user_id]))
# Ensure we are actually writing to the file by counting the file's lines
prerun_loglines = 0
# The file might not exist; this is fine; ignore
try:
with open(log_path, 'r') as log:
for line in log:
prerun_loglines += 1
log.close()
except IOError:
pass
postrun_loglines = 0
# Item under test
result = login.authenticate_bcrypt(username='******',
password='******',
request=None)
# Verify we are writing to the log file as expected
with open(log_path, 'r') as log:
for line in log:
postrun_loglines += 1
last_line = line
log.close()
last_line_dict = json.loads(last_line)
assert postrun_loglines > prerun_loglines
assert last_line_dict['userid'] == user_id
assert result == (0, 'invalid')
def test_commish_search_invalid():
# searcher
u1 = db_utils.create_user(username="******")
# user not open for commissions, but with submissions and commish classes defined
create_commish_searchable_user("u2", commish_status='c')
# user open for commission but without any commish classes
u3 = create_commish_searchable_user("u3")
classid = commishinfo.select_list(u3)["class"][0]["classid"]
commishinfo.remove_class(u3, classid)
# user meets all requirements, but is suspended
u4 = create_commish_searchable_user("u4")
db_utils.create_suspenduser(u4, "", d.get_time() + 604800)
# user meets all requirements, but is banned
u5 = create_commish_searchable_user("u5")
db_utils.create_banuser(u5, "")
# user meets all requirements, but is ignored by searching user
u6 = create_commish_searchable_user("u6")
db_utils.create_ignoreuser(u1, u6)
results = commishinfo.select_commissionable(userid=u1,
limit=10,
offset=0,
q="",
commishclass="",
min_price=None,
max_price=None,
currency='')
assert not results
def test_user_change_changes_token(app):
user = db_utils.create_user(username='******', password='******')
resp = app.get('/')
old_cookie = app.cookies['WZL']
csrf = resp.html.find('html')['data-csrf-token']
resp = app.get('/')
assert resp.html.find('html')['data-csrf-token'] == csrf
resp = app.post('/signin', {'token': csrf, 'username': '******', 'password': '******'})
new_cookie = app.cookies['WZL']
resp = resp.follow()
new_csrf = resp.html.find('html')['data-csrf-token']
assert new_cookie != old_cookie
assert new_csrf != csrf
sessionid = d.engine.scalar("SELECT sessionid FROM sessions WHERE userid = %(user)s", user=user)
assert sessionid is not None
resp = app.get('/signout?token=' + new_csrf[:8])
new_cookie_2 = app.cookies['WZL']
resp = resp.follow()
new_csrf_2 = resp.html.find('html')['data-csrf-token']
assert new_cookie_2 != new_cookie
assert new_cookie_2 != old_cookie
assert new_csrf_2 != new_csrf
assert new_csrf_2 != csrf
assert not d.engine.scalar("SELECT EXISTS (SELECT 0 FROM sessions WHERE sessionid = %(id)s)", id=sessionid)
