def get_or_create_form(email, host):
'''
Gets the form if it already exits, otherwise checks to ensure
that this is a valid new form submission. If so, creates a
new form.
'''
form = Form.query.filter_by(hash=HASH(email, host)).first()
if not form:
if request_wants_json():
# Can't create a new ajax form unless from the dashboard
ajax_error_str = "To prevent spam, only " + \
settings.UPGRADED_PLAN_NAME + \
" accounts may create AJAX forms."
raise SubmitFormError(jsonerror(400, {'error': ajax_error_str}))
if url_domain(settings.SERVICE_URL) in host:
# Bad user is trying to submit a form spoofing formspree.io
g.log.info(
'User attempting to create new form spoofing SERVICE_URL. Ignoring.'
)
raise SubmitFormError(
(render_template('error.html',
title='Unable to submit form',
text='Sorry'), 400))
# all good, create form
form = Form(email, host)
# Check if it has been assigned using AJAX or not
assign_ajax(form, request_wants_json())
if form.disabled:
raise SubmitFormError(errors.disabled_error())
return form
def test_form_creation(self):
# register user
r = self.client.post('/register',
data={
'email': '*****@*****.**',
'password': '******'
})
self.assertEqual(r.status_code, 302)
self.assertEqual(r.location.endswith('/dashboard'), True)
self.assertEqual(1, User.query.count())
# fail to create form
r = self.client.post('/forms',
headers={'Content-type': 'application/json'},
data={'email': '*****@*****.**'})
self.assertEqual(r.status_code, 402)
self.assertIn('error', json.loads(r.data))
self.assertEqual(0, Form.query.count())
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# successfully create form
r = self.client.post('/forms',
headers={
'Accept': 'application/json',
'Content-type': 'application/json'
},
data=json.dumps({'email': '*****@*****.**'}))
resp = json.loads(r.data)
self.assertEqual(r.status_code, 200)
self.assertIn('submission_url', resp)
self.assertIn('random_like_string', resp)
form_endpoint = resp['random_like_string']
self.assertIn(resp['random_like_string'], resp['submission_url'])
self.assertEqual(1, Form.query.count())
self.assertEqual(
Form.query.first().id,
Form.get_form_by_random_like_string(resp['random_like_string']).id)
# post to form
httpretty.register_uri(httpretty.POST,
'https://api.sendgrid.com/api/mail.send.json')
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'})
self.assertIn("We've sent a link to your email", r.data)
self.assertIn('confirm+your+email', httpretty.last_request().body)
self.assertEqual(1, Form.query.count())
# confirm form
form = Form.query.first()
self.client.get(
'/confirm/%s:%s' %
(HASH(form.email, str(form.id)), form.get_random_like_string()))
self.assertTrue(Form.query.first().confirmed)
# send 5 forms (monthly limits should not apply to the upgraded user)
self.assertEqual(settings.MONTHLY_SUBMISSIONS_LIMIT, 2)
for i in range(5):
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={
'name': 'ana',
'submission': '__%s__' % i
})
form = Form.query.first()
self.assertEqual(form.counter, 5)
self.assertEqual(form.get_monthly_counter(), 5)
self.assertIn('ana', httpretty.last_request().body)
self.assertIn('__4__', httpretty.last_request().body)
self.assertNotIn('You+are+past+our+limit',
httpretty.last_request().body)
# try (and fail) to submit from a different host
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'bad.com'},
data={'name': 'usurper'})
self.assertEqual(r.status_code, 403)
self.assertIn(
'ana',
httpretty.last_request().body) # no more data is sent to sendgrid
self.assertIn('__4__', httpretty.last_request().body)
def test_form_and_submission_deletion(client, msend):
# create and login a user
r = client.post('/register',
data={
'email': '*****@*****.**',
'password': '******'
})
assert r.status_code == 302
assert 1 == User.query.count()
# upgrade user
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# successfully create form
r = client.post(
"/api-int/forms",
headers={
"Accept": "application/json",
"Content-type": "application/json",
"Referer": settings.SERVICE_URL,
},
data=json.dumps({"email": "*****@*****.**"}),
)
resp = json.loads(r.data.decode('utf-8'))
assert r.status_code == 200
assert 'submission_url' in resp
assert 'hashid' in resp
form_endpoint = resp['hashid']
assert resp['hashid'] in resp['submission_url']
assert 1 == Form.query.count()
assert Form.query.first().id == Form.get_with_hashid(resp['hashid']).id
# post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'})
# confirm form
form = Form.query.first()
client.get('/confirm/%s:%s' %
(HASH(form.email, str(form.id)), form.hashid))
assert Form.query.first().confirmed
assert 0 == Submission.query.count()
# increase the submission limit
old_submission_limit = settings.ARCHIVED_SUBMISSIONS_LIMIT
settings.ARCHIVED_SUBMISSIONS_LIMIT = 10
# make 5 submissions
for i in range(5):
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={
'name': 'ana',
'submission': '__%s__' % i
})
assert 5 == Submission.query.count()
# delete a submission in form
first_submission = Submission.query.first()
r = client.delete(
"/api-int/forms/" + form_endpoint + "/submissions/" +
str(first_submission.id),
headers={"Referer": settings.SERVICE_URL},
)
assert 200 == r.status_code
assert 4 == Submission.query.count()
assert DB.session.query(Submission.id).filter_by(id='0').scalar() is None
# make sure you've deleted the submission
# logout user
client.get('/logout')
# attempt to delete form you don't have access to (while logged out)
r = client.delete("/api-int/forms/" + form_endpoint,
headers={"Referer": settings.SERVICE_URL})
assert 401 == r.status_code
assert 1 == Form.query.count()
# create different user
r = client.post('/register',
data={
'email': '*****@*****.**',
'password': '******'
})
# attempt to delete form we don't have access to
r = client.delete("/api-int/forms/" + form_endpoint,
headers={"Referer": settings.SERVICE_URL})
assert 401 == r.status_code
assert 1 == Form.query.count()
client.get('/logout')
#log back in to original account
r = client.post('/login',
data={
'email': '*****@*****.**',
'password': '******'
})
# delete the form created
r = client.delete("/api-int/forms/" + form_endpoint,
headers={"Referer": settings.SERVICE_URL})
assert 200 == r.status_code
assert 0 == Form.query.count()
# reset submission limit
settings.ARCHIVED_SUBMISSIONS_LIMIT = old_submission_limit
def test_form_toggle(client, msend):
# create and login a user
r = client.post('/register',
data={
'email': '*****@*****.**',
'password': '******'
})
assert r.status_code == 302
assert 1 == User.query.count()
# upgrade user
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# successfully create form
r = client.post(
"/api-int/forms",
headers={
"Referer": settings.SERVICE_URL,
"Content-type": "application/json"
},
data=json.dumps({"email": "*****@*****.**"}),
)
resp = json.loads(r.data.decode('utf-8'))
assert r.status_code == 200
assert 'submission_url' in resp
assert 'hashid' in resp
form_endpoint = resp['hashid']
assert resp['hashid'] in resp['submission_url']
assert 1 == Form.query.count()
assert Form.query.first().id == Form.get_with_hashid(resp['hashid']).id
# post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'})
# confirm form
form = Form.query.first()
client.get('/confirm/%s:%s' %
(HASH(form.email, str(form.id)), form.hashid))
assert Form.query.first().confirmed
assert 0 == Submission.query.count()
# disable the form
r = client.patch(
"/api-int/forms/" + form_endpoint,
headers={
"Referer": settings.SERVICE_URL,
"Content-Type": "application/json"
},
data=json.dumps({"disabled": True}),
)
assert 200 == r.status_code
assert r.json["ok"]
assert Form.query.first().disabled
assert 0 == Form.query.first().counter
# logout and attempt to enable the form
client.get("/logout")
r = client.patch(
"/api-int/forms/" + form_endpoint,
headers={
"Content-Type": "application/json",
"Referer": settings.SERVICE_URL
},
data=json.dumps({"disabled": True}),
)
assert 401 == r.status_code
assert "error" in json.loads(r.data.decode("utf-8"))
assert Form.query.first().disabled
# fail when attempting to post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'})
assert 403 == r.status_code
assert 0 == Form.query.first().counter
# log back in and re-enable form
r = client.post("/login",
data={
"email": "*****@*****.**",
"password": "******"
})
r = client.patch(
"/api-int/forms/" + form_endpoint,
headers={
"Referer": settings.SERVICE_URL,
"Content-Type": "application/json"
},
data=json.dumps({"disabled": False}),
)
assert 200 == r.status_code
assert not Form.query.first().disabled
# successfully post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'})
assert 1 == Form.query.first().counter
def test_form_creation(client, msend):
# register user
r = client.post('/register',
data={
'email': '*****@*****.**',
'password': '******'
})
assert r.status_code == 302
assert 1 == User.query.count()
# fail to create form
r = client.post(
"/api-int/forms",
headers={
"Content-type": "application/json",
"Referer": settings.SERVICE_URL
},
data={"email": "*****@*****.**"},
)
assert r.status_code == 402
assert 'error' in json.loads(r.data.decode('utf-8'))
assert 0 == Form.query.count()
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# successfully create form
r = client.post(
"/api-int/forms",
headers={
"Content-type": "application/json",
"Referer": settings.SERVICE_URL
},
data=json.dumps({"email": "*****@*****.**"}),
)
resp = json.loads(r.data.decode('utf-8'))
assert r.status_code == 200
assert 'submission_url' in resp
assert 'hashid' in resp
form_endpoint = resp['hashid']
assert resp['hashid'] in resp['submission_url']
assert 1 == Form.query.count()
assert Form.query.first().id == Form.get_with_hashid(resp['hashid']).id
# post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'})
assert "We've sent a link to your email" in r.data.decode('utf-8')
assert 'confirm your email' in msend.call_args[1]['text']
assert 1 == Form.query.count()
# confirm form
form = Form.query.first()
client.get('/confirm/%s:%s' %
(HASH(form.email, str(form.id)), form.hashid))
assert Form.query.first().confirmed
# send 5 forms (monthly limits should not apply to the upgraded user)
assert settings.MONTHLY_SUBMISSIONS_LIMIT == 2
for i in range(5):
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={
'name': 'ana',
'submission': '__%s__' % i
})
form = Form.query.first()
assert form.counter == 5
assert form.get_monthly_counter() == 5
assert 'ana' in msend.call_args[1]['text']
assert '__4__' in msend.call_args[1]['text']
assert 'past the limit' not in msend.call_args[1]['text']
# try (and fail) to submit from a different host
r = client.post('/' + form_endpoint,
headers={'Referer': 'bad.com'},
data={'name': 'usurper'})
assert r.status_code == 403
# no more data is sent to sendgrid
assert 'ana' in msend.call_args[1]['text']
assert '__4__' in msend.call_args[1]['text']
def test_form_creation(self):
httpretty.register_uri(httpretty.POST, 'https://api.sendgrid.com/api/mail.send.json')
# register user
r = self.client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
self.assertEqual(r.status_code, 302)
self.assertEqual(1, User.query.count())
# fail to create form
r = self.client.post('/forms',
headers={'Content-type': 'application/json'},
data={'email': '*****@*****.**'}
)
self.assertEqual(r.status_code, 402)
self.assertIn('error', json.loads(r.data))
self.assertEqual(0, Form.query.count())
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# successfully create form
r = self.client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**'})
)
resp = json.loads(r.data)
self.assertEqual(r.status_code, 200)
self.assertIn('submission_url', resp)
self.assertIn('hashid', resp)
form_endpoint = resp['hashid']
self.assertIn(resp['hashid'], resp['submission_url'])
self.assertEqual(1, Form.query.count())
self.assertEqual(Form.query.first().id, Form.get_with_hashid(resp['hashid']).id)
# post to form
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'http://formspree.io'},
data={'name': 'bruce'}
)
self.assertIn("sent an email confirmation", r.data)
self.assertIn('confirm+your+email', httpretty.last_request().body)
self.assertEqual(1, Form.query.count())
# confirm form
form = Form.query.first()
self.client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid))
self.assertTrue(Form.query.first().confirmed)
# Make sure that it marks the first form as AJAX
self.assertTrue(Form.query.first().uses_ajax)
# check captcha disabling
self.assertFalse(Form.query.first().captcha_disabled)
r = self.client.get('/forms/' + form_endpoint + '/toggle-recaptcha',
headers={'Referer': settings.SERVICE_URL})
self.assertTrue(Form.query.first().captcha_disabled)
r = self.client.get('/forms/' + form_endpoint + '/toggle-recaptcha',
headers={'Referer': settings.SERVICE_URL})
self.assertFalse(Form.query.first().captcha_disabled)
# send 5 forms (monthly limits should not apply to the upgraded user)
self.assertEqual(settings.MONTHLY_SUBMISSIONS_LIMIT, 2)
for i in range(5):
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'ana',
'submission': '__%s__' % i}
)
form = Form.query.first()
self.assertEqual(form.counter, 5)
self.assertEqual(form.get_monthly_counter(), 5)
self.assertIn('ana', httpretty.last_request().body)
self.assertIn('__4__', httpretty.last_request().body)
self.assertNotIn('You+are+past+our+limit', httpretty.last_request().body)
# try (and fail) to submit from a different host
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'bad.com'},
data={'name': 'usurper'}
)
self.assertEqual(r.status_code, 403)
self.assertIn('ana', httpretty.last_request().body) # no more data is sent to sendgrid
self.assertIn('__4__', httpretty.last_request().body)
def test_form_toggle(client, msend):
# create and login a user
r = client.post('/register',
data={
'email': '*****@*****.**',
'password': '******'
})
assert r.status_code == 302
assert 1 == User.query.count()
# upgrade user
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# successfully create form
r = client.post('/forms',
headers={
'Accept': 'application/json',
'Content-type': 'application/json'
},
data=json.dumps({'email': '*****@*****.**'}))
resp = json.loads(r.data.decode('utf-8'))
assert r.status_code == 200
assert 'submission_url' in resp
assert 'hashid' in resp
form_endpoint = resp['hashid']
assert resp['hashid'] in resp['submission_url']
assert 1 == Form.query.count()
assert Form.query.first().id == Form.get_with_hashid(resp['hashid']).id
# post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'})
# confirm form
form = Form.query.first()
client.get('/confirm/%s:%s' %
(HASH(form.email, str(form.id)), form.hashid))
assert Form.query.first().confirmed
assert 0 == Submission.query.count()
# disable the form
r = client.post('/forms/' + form_endpoint + '/toggle',
headers={'Referer': settings.SERVICE_URL})
assert 302 == r.status_code
assert r.location.endswith('/dashboard')
assert Form.query.first().disabled
assert 0 == Form.query.first().counter
# logout and attempt to enable the form
client.get('/logout')
r = client.post('/forms/' + form_endpoint + '/toggle',
headers={'Referer': settings.SERVICE_URL},
follow_redirects=True)
assert 200 == r.status_code
assert Form.query.first().disabled
# fail when attempting to post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'})
assert 403 == r.status_code
assert 0 == Form.query.first().counter
# log back in and re-enable form
r = client.post('/login',
data={
'email': '*****@*****.**',
'password': '******'
})
r = client.post('/forms/' + form_endpoint + '/toggle',
headers={'Referer': settings.SERVICE_URL},
follow_redirects=True)
assert 200 == r.status_code
assert not Form.query.first().disabled
# successfully post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'})
assert 1 == Form.query.first().counter
def resend_confirmation(email):
g.log = g.log.bind(email=email, host=request.form.get('host'))
g.log.info('Resending confirmation.')
if verify_captcha(request.form, request):
# check if this email is listed on SendGrid's bounces
r = requests.get('https://api.sendgrid.com/api/bounces.get.json',
params={
'email': email,
'api_user': settings.SENDGRID_USERNAME,
'api_key': settings.SENDGRID_PASSWORD
})
if r.ok and len(r.json()) and 'reason' in r.json()[0]:
# tell the user to verify his mailbox
reason = r.json()[0]['reason']
g.log.info('Email is blocked on SendGrid. Telling the user.')
if request_wants_json():
resp = jsonify({
'error': "Verify your mailbox, we can't reach it.",
'reason': reason
})
else:
resp = make_response(
render_template(
'info.html',
title='Verify the availability of your mailbox',
text=
"We encountered an error when trying to deliver the confirmation message to <b>"
+ email +
"</b> at the first time we tried. For spam reasons, we will not try again until we are sure the problem is fixed. Here's the reason:</p><p><center><i>"
+ reason +
"</i></center></p><p>Please make sure this problem is not happening still, then go to <a href='/unblock/"
+ email +
"'>this page</a> to unblock your address.</p><p>After you have unblocked the address, please try to resend the confirmation again.</p>"
))
return resp
# ~~~
# if there's no bounce, we proceed to resend the confirmation.
# BUG: What if this is an owned form with hashid??
form = Form.query.filter_by(
hash=HASH(email, request.form['host'])).first()
if not form:
if request_wants_json():
return jsonerror(400, {'error': "This form does not exist."})
else:
return render_template('error.html',
title='Check email address',
text='This form does not exist.'), 400
form.confirm_sent = False
status = form.send_confirmation()
if status['code'] == Form.STATUS_CONFIRMATION_SENT:
if request_wants_json():
return jsonify({'success': "confirmation email sent"})
else:
return render_template('forms/confirmation_sent.html',
email=email,
host=request.form['host'],
resend=status['code'] ==
Form.STATUS_CONFIRMATION_DUPLICATED)
# fallback response -- should happen only when the recaptcha is failed.
g.log.warning('Failed to resend confirmation.')
return render_template(
'error.html',
title='Unable to send email',
text=
'Please make sure you pass the <i>reCaptcha</i> test before submitting.'
), 500
def test_form_and_submission_deletion(self):
# create and login a user
r = self.client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
self.assertEqual(r.status_code, 302)
self.assertEqual(1, User.query.count())
# upgrade user
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# successfully create form
r = self.client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**'})
)
resp = json.loads(r.data)
self.assertEqual(r.status_code, 200)
self.assertIn('submission_url', resp)
self.assertIn('hashid', resp)
form_endpoint = resp['hashid']
self.assertIn(resp['hashid'], resp['submission_url'])
self.assertEqual(1, Form.query.count())
self.assertEqual(Form.query.first().id, Form.get_with_hashid(resp['hashid']).id)
# post to form
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'}
)
# confirm form
form = Form.query.first()
self.client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid))
self.assertTrue(Form.query.first().confirmed)
self.assertEqual(0, Submission.query.count())
# increase the submission limit
old_submission_limit = settings.ARCHIVED_SUBMISSIONS_LIMIT
settings.ARCHIVED_SUBMISSIONS_LIMIT = 10
# make 5 submissions
for i in range(5):
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'ana',
'submission': '__%s__' % i}
)
self.assertEqual(5, Submission.query.count())
# delete a submission in form
first_submission = Submission.query.first()
r = self.client.post('/forms/' + form_endpoint + '/delete/' + unicode(first_submission.id),
headers={'Referer': settings.SERVICE_URL},
follow_redirects=True)
self.assertEqual(200, r.status_code)
self.assertEqual(4, Submission.query.count())
self.assertTrue(DB.session.query(Submission.id).filter_by(id='0').scalar() is None) #make sure you deleted the submission
# logout user
self.client.get('/logout')
# attempt to delete form you don't have access to (while logged out)
r = self.client.post('/forms/' + form_endpoint + '/delete',
headers={'Referer': settings.SERVICE_URL})
self.assertEqual(302, r.status_code)
self.assertEqual(1, Form.query.count())
# create different user
r = self.client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
# attempt to delete form we don't have access to
r = self.client.post('/forms/' + form_endpoint + '/delete',
headers={'Referer': settings.SERVICE_URL})
self.assertEqual(400, r.status_code)
self.assertEqual(1, Form.query.count())
self.client.get('/logout')
#log back in to original account
r = self.client.post('/login',
data={'email': '*****@*****.**',
'password': '******'}
)
# delete the form created
r = self.client.post('/forms/' + form_endpoint + '/delete',
headers={'Referer': settings.SERVICE_URL},
follow_redirects=True)
self.assertEqual(200, r.status_code)
self.assertEqual(0, Form.query.count())
# reset submission limit
settings.ARCHIVED_SUBMISSIONS_LIMIT = old_submission_limit
def test_form_toggle(self):
# create and login a user
r = self.client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
self.assertEqual(r.status_code, 302)
self.assertEqual(1, User.query.count())
# upgrade user
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# successfully create form
r = self.client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**'})
)
resp = json.loads(r.data)
self.assertEqual(r.status_code, 200)
self.assertIn('submission_url', resp)
self.assertIn('hashid', resp)
form_endpoint = resp['hashid']
self.assertIn(resp['hashid'], resp['submission_url'])
self.assertEqual(1, Form.query.count())
self.assertEqual(Form.query.first().id, Form.get_with_hashid(resp['hashid']).id)
# post to form
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'}
)
# confirm form
form = Form.query.first()
self.client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid))
self.assertTrue(Form.query.first().confirmed)
self.assertEqual(0, Submission.query.count())
# disable the form
r = self.client.post('/forms/' + form_endpoint + '/toggle',
headers={'Referer': settings.SERVICE_URL})
self.assertEqual(302, r.status_code)
self.assertTrue(r.location.endswith('/dashboard'))
self.assertTrue(Form.query.first().disabled)
self.assertEqual(0, Form.query.first().counter)
# logout and attempt to enable the form
self.client.get('/logout')
r = self.client.post('/forms/' + form_endpoint + '/toggle',
headers={'Referer': settings.SERVICE_URL},
follow_redirects=True)
self.assertEqual(200, r.status_code)
self.assertTrue(Form.query.first().disabled)
# fail when attempting to post to form
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'}
)
self.assertEqual(403, r.status_code)
self.assertEqual(0, Form.query.first().counter)
# log back in and re-enable form
r = self.client.post('/login',
data={'email': '*****@*****.**',
'password': '******'}
)
r = self.client.post('/forms/' + form_endpoint + '/toggle',
headers={'Referer': settings.SERVICE_URL},
follow_redirects=True)
self.assertEqual(200, r.status_code)
self.assertFalse(Form.query.first().disabled)
# successfully post to form
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'}
)
self.assertEqual(1, Form.query.first().counter)
def test_form_creation(client, msend):
# register user
r = client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
assert r.status_code == 302
assert 1 == User.query.count()
# fail to create form
r = client.post('/forms',
headers={'Content-type': 'application/json'},
data={'email': '*****@*****.**'}
)
assert r.status_code == 402
assert 'error' in json.loads(r.data.decode('utf-8'))
assert 0 == Form.query.count()
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# successfully create form
r = client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**'})
)
resp = json.loads(r.data.decode('utf-8'))
assert r.status_code == 200
assert 'submission_url' in resp
assert 'hashid' in resp
form_endpoint = resp['hashid']
assert resp['hashid'] in resp['submission_url']
assert 1 == Form.query.count()
assert Form.query.first().id == Form.get_with_hashid(resp['hashid']).id
# post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'http://testsite.com'},
data={'name': 'bruce'}
)
assert 'sent an email confirmation' in r.data.decode('utf-8')
assert 'confirm your email' in msend.call_args[1]['text']
assert 1 == Form.query.count()
# confirm form
form = Form.query.first()
client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid))
assert Form.query.first().confirmed
# Make sure that it marks the first form as AJAX
assert Form.query.first().uses_ajax
# send 5 forms (monthly limits should not apply to the upgraded user)
assert settings.MONTHLY_SUBMISSIONS_LIMIT == 2
for i in range(5):
r = client.post('/' + form_endpoint,
headers={'Referer': 'testsite.com'},
data={'name': 'ana',
'submission': '__%s__' % i}
)
form = Form.query.first()
assert form.counter == 5
assert form.get_monthly_counter() == 5
assert 'ana' in msend.call_args[1]['text']
assert '__4__' in msend.call_args[1]['text']
assert 'You are past our limit' not in msend.call_args[1]['text']
# try (and fail) to submit from a different host
r = client.post('/' + form_endpoint,
headers={'Referer': 'bad.com'},
data={'name': 'usurper'}
)
assert r.status_code == 403
assert 'ana' in msend.call_args[1]['text'] # no more data is sent to sendgrid
assert '__4__' in msend.call_args[1]['text']