def test_upgraded_user_access(self):
httpretty.register_uri(httpretty.POST, "https://api.sendgrid.com/api/mail.send.json")
# register user
r = self.client.post("/register", data={"email": "*****@*****.**", "password": "******"})
# upgrade user manually
user = User.query.filter_by(email="*****@*****.**").first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# create form
r = self.client.post(
"/forms",
headers={"Accept": "application/json", "Content-type": "application/json"},
data=json.dumps({"email": "*****@*****.**"}),
)
resp = json.loads(r.data)
form_endpoint = resp["hashid"]
# manually confirm the form
form = Form.get_with_hashid(form_endpoint)
form.confirmed = True
DB.session.add(form)
DB.session.commit()
# submit form
r = self.client.post(
"/" + form_endpoint, headers={"Referer": "formspree.io"}, data={"name": "bruce", "message": "hi!"}
)
# test submissions endpoint (/forms/<hashid>/)
r = self.client.get("/forms/" + form_endpoint + "/", headers={"Accept": "application/json"})
submissions = json.loads(r.data)["submissions"]
self.assertEqual(len(submissions), 1)
self.assertEqual(submissions[0]["name"], "bruce")
self.assertEqual(submissions[0]["message"], "hi!")
# test submissions endpoint with the user downgraded
user.upgraded = False
DB.session.add(user)
DB.session.commit()
r = self.client.get("/forms/" + form_endpoint + "/")
self.assertEqual(r.status_code, 402) # it should fail
# test submissions endpoint without a logged user
self.client.get("/logout")
r = self.client.get("/forms/" + form_endpoint + "/")
self.assertEqual(r.status_code, 302) # it should return a redirect (via @user_required)
def export_submissions(hashid, format=None):
if not current_user.has_feature('dashboard'):
return jsonerror(402, {'error': "Please upgrade your account."})
form = Form.get_with_hashid(hashid)
if not form.controlled_by(current_user):
return abort(401)
submissions, fields = form.submissions_with_fields()
if format == 'json':
return Response(
json.dumps({
'host': form.host,
'email': form.email,
'fields': fields,
'submissions': submissions
}, sort_keys=True, indent=2),
mimetype='application/json',
headers={
'Content-Disposition': 'attachment; filename=form-%s-submissions-%s.json' \
% (hashid, datetime.datetime.now().isoformat().split('.')[0])
}
)
elif format == 'csv':
out = io.BytesIO()
w = csv.DictWriter(out, fieldnames=['id'] + fields, encoding='utf-8')
w.writeheader()
for sub in submissions:
w.writerow(sub)
return Response(
out.getvalue(),
mimetype='text/csv',
headers={
'Content-Disposition': 'attachment; filename=form-%s-submissions-%s.csv' \
% (hashid, datetime.datetime.now().isoformat().split('.')[0])
}
)
def export_submissions(hashid, format=None):
if not current_user.has_feature('dashboard'):
return jsonerror(402, {'error': "Please upgrade your account."})
form = Form.get_with_hashid(hashid)
if not form.controlled_by(current_user):
return abort(401)
submissions, fields = form.submissions_with_fields()
if format == 'json':
return Response(
json.dumps({
'host': form.host,
'email': form.email,
'fields': fields,
'submissions': submissions
}, sort_keys=True, indent=2),
mimetype='application/json',
headers={
'Content-Disposition': 'attachment; filename=form-%s-submissions-%s.json' \
% (hashid, datetime.datetime.now().isoformat().split('.')[0])
}
)
elif format == 'csv':
out = io.BytesIO()
w = csv.DictWriter(out, fieldnames=['id'] + fields, encoding='utf-8')
w.writeheader()
for sub in submissions:
w.writerow(sub)
return Response(
out.getvalue(),
mimetype='text/csv',
headers={
'Content-Disposition': 'attachment; filename=form-%s-submissions-%s.csv' \
% (hashid, datetime.datetime.now().isoformat().split('.')[0])
}
)
def validate_user_form(hashid, host):
'''
Gets a form from a hashid, created on the dashboard.
Checks to make sure the submission can be accepted by this form.
'''
form = Form.get_with_hashid(hashid)
if not form:
raise SubmitFormError(errors.bad_hashid_error(hashid))
# Check if it has been assigned about using AJAX or not
assign_ajax(form, request_wants_json())
if form.disabled:
raise SubmitFormError(errors.disabled_error())
if not form.host:
# add the host to the form
# ALERT: As a side effect, sets the form's host if not already set
form.host = host
DB.session.add(form)
DB.session.commit()
# it is an error when
# form is not sitewide, and submission came from a different host
# form is sitewide, but submission came from a host rooted somewhere else, or
elif (not form.sitewide and
# ending slashes can be safely ignored here:
form.host.rstrip('/') != host.rstrip('/')) \
or (form.sitewide and \
# removing www from both sides makes this a neutral operation:
not remove_www(host).startswith(remove_www(form.host))):
raise SubmitFormError(errors.mismatched_host_error(host, form))
return form
def validate_user_form(hashid, host):
'''
Gets a form from a hashid, created on the dashboard.
Checks to make sure the submission can be accepted by this form.
'''
form = Form.get_with_hashid(hashid)
if not form:
raise SubmitFormError(errors.bad_hashid_error(hashid))
# Check if it has been assigned about using AJAX or not
assign_ajax(form, request_wants_json())
if form.disabled:
raise SubmitFormError(errors.disabled_error())
if not form.host:
# add the host to the form
# ALERT: As a side effect, sets the form's host if not already set
form.host = host
DB.session.add(form)
DB.session.commit()
# it is an error when
# form is not sitewide, and submission came from a different host
# form is sitewide, but submission came from a host rooted somewhere else, or
elif (not form.sitewide and
# ending slashes can be safely ignored here:
form.host.rstrip('/') != host.rstrip('/')) \
or (form.sitewide and \
# removing www from both sides makes this a neutral operation:
not remove_www(host).startswith(remove_www(form.host))):
raise SubmitFormError(errors.mismatched_host_error(host, form))
return form
def test_form_toggle(client, msend):
# create and login a user
r = client.post('/register',
data={
'email': '*****@*****.**',
'password': '******'
})
assert r.status_code == 302
assert 1 == User.query.count()
# upgrade user
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# successfully create form
r = client.post('/forms',
headers={
'Accept': 'application/json',
'Content-type': 'application/json'
},
data=json.dumps({'email': '*****@*****.**'}))
resp = json.loads(r.data.decode('utf-8'))
assert r.status_code == 200
assert 'submission_url' in resp
assert 'hashid' in resp
form_endpoint = resp['hashid']
assert resp['hashid'] in resp['submission_url']
assert 1 == Form.query.count()
assert Form.query.first().id == Form.get_with_hashid(resp['hashid']).id
# post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'})
# confirm form
form = Form.query.first()
client.get('/confirm/%s:%s' %
(HASH(form.email, str(form.id)), form.hashid))
assert Form.query.first().confirmed
assert 0 == Submission.query.count()
# disable the form
r = client.post('/forms/' + form_endpoint + '/toggle',
headers={'Referer': settings.SERVICE_URL})
assert 302 == r.status_code
assert r.location.endswith('/dashboard')
assert Form.query.first().disabled
assert 0 == Form.query.first().counter
# logout and attempt to enable the form
client.get('/logout')
r = client.post('/forms/' + form_endpoint + '/toggle',
headers={'Referer': settings.SERVICE_URL},
follow_redirects=True)
assert 200 == r.status_code
assert Form.query.first().disabled
# fail when attempting to post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'})
assert 403 == r.status_code
assert 0 == Form.query.first().counter
# log back in and re-enable form
r = client.post('/login',
data={
'email': '*****@*****.**',
'password': '******'
})
r = client.post('/forms/' + form_endpoint + '/toggle',
headers={'Referer': settings.SERVICE_URL},
follow_redirects=True)
assert 200 == r.status_code
assert not Form.query.first().disabled
# successfully post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'})
assert 1 == Form.query.first().counter
def test_upgraded_user_access(client, msend):
# register user
r = client.post('/register',
data={
'email': '*****@*****.**',
'password': '******'
})
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# create form
r = client.post('/forms',
headers={
'Accept': 'application/json',
'Content-type': 'application/json'
},
data=json.dumps({'email': '*****@*****.**'}))
resp = json.loads(r.data.decode('utf-8'))
form_endpoint = resp['hashid']
# manually confirm the form
form = Form.get_with_hashid(form_endpoint)
form.confirmed = True
DB.session.add(form)
DB.session.commit()
# submit form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={
'name': 'bruce',
'message': 'hi, my name is bruce!'
})
# test submissions endpoint (/forms/<hashid>/)
r = client.get('/forms/' + form_endpoint + '/',
headers={'Accept': 'application/json'})
submissions = json.loads(r.data.decode('utf-8'))['submissions']
assert len(submissions) == 1
assert submissions[0]['name'] == 'bruce'
assert submissions[0]['message'] == 'hi, my name is bruce!'
# test exporting feature (both json and csv file downloads)
r = client.get('/forms/' + form_endpoint + '.json')
submissions = json.loads(r.data.decode('utf-8'))['submissions']
assert len(submissions) == 1
assert submissions[0]['name'] == 'bruce'
assert submissions[0]['message'] == 'hi, my name is bruce!'
r = client.get('/forms/' + form_endpoint + '.csv')
lines = r.data.decode('utf-8').splitlines()
assert len(lines) == 2
assert lines[0] == 'date,message,name'
assert '"hi in my name is bruce!"', lines[1]
# test submissions endpoint with the user downgraded
user.upgraded = False
DB.session.add(user)
DB.session.commit()
r = client.get('/forms/' + form_endpoint + '/')
assert r.status_code == 402 # it should fail
# test submissions endpoint without a logged user
client.get('/logout')
r = client.get('/forms/' + form_endpoint + '/')
assert r.status_code == 302 # it should return a redirect (via @user_required
def test_form_creation(self):
httpretty.register_uri(httpretty.POST,
'https://api.sendgrid.com/api/mail.send.json')
# register user
r = self.client.post('/register',
data={
'email': '*****@*****.**',
'password': '******'
})
self.assertEqual(r.status_code, 302)
self.assertEqual(1, User.query.count())
# fail to create form
r = self.client.post('/forms',
headers={'Content-type': 'application/json'},
data={'email': '*****@*****.**'})
self.assertEqual(r.status_code, 402)
self.assertIn('error', json.loads(r.data))
self.assertEqual(0, Form.query.count())
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# successfully create form
r = self.client.post('/forms',
headers={
'Accept': 'application/json',
'Content-type': 'application/json'
},
data=json.dumps({'email': '*****@*****.**'}))
resp = json.loads(r.data)
self.assertEqual(r.status_code, 200)
self.assertIn('submission_url', resp)
self.assertIn('hashid', resp)
form_endpoint = resp['hashid']
self.assertIn(resp['hashid'], resp['submission_url'])
self.assertEqual(1, Form.query.count())
self.assertEqual(Form.query.first().id,
Form.get_with_hashid(resp['hashid']).id)
# post to form
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'http://formspree.io'},
data={'name': 'bruce'})
self.assertIn("sent an email confirmation", r.data)
self.assertIn('confirm+your+email', httpretty.last_request().body)
self.assertEqual(1, Form.query.count())
# confirm form
form = Form.query.first()
self.client.get('/confirm/%s:%s' %
(HASH(form.email, str(form.id)), form.hashid))
self.assertTrue(Form.query.first().confirmed)
# send 5 forms (monthly limits should not apply to the upgraded user)
self.assertEqual(settings.MONTHLY_SUBMISSIONS_LIMIT, 2)
for i in range(5):
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={
'name': 'ana',
'submission': '__%s__' % i
})
form = Form.query.first()
self.assertEqual(form.counter, 5)
self.assertEqual(form.get_monthly_counter(), 5)
self.assertIn('ana', httpretty.last_request().body)
self.assertIn('__4__', httpretty.last_request().body)
self.assertNotIn('You+are+past+our+limit',
httpretty.last_request().body)
# try (and fail) to submit from a different host
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'bad.com'},
data={'name': 'usurper'})
self.assertEqual(r.status_code, 403)
self.assertIn(
'ana',
httpretty.last_request().body) # no more data is sent to sendgrid
self.assertIn('__4__', httpretty.last_request().body)
def test_form_and_submission_deletion(client, msend):
# create and login a user
r = client.post('/register',
data={
'email': '*****@*****.**',
'password': '******'
})
assert r.status_code == 302
assert 1 == User.query.count()
# upgrade user
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# successfully create form
r = client.post(
"/api-int/forms",
headers={
"Accept": "application/json",
"Content-type": "application/json",
"Referer": settings.SERVICE_URL,
},
data=json.dumps({"email": "*****@*****.**"}),
)
resp = json.loads(r.data.decode('utf-8'))
assert r.status_code == 200
assert 'submission_url' in resp
assert 'hashid' in resp
form_endpoint = resp['hashid']
assert resp['hashid'] in resp['submission_url']
assert 1 == Form.query.count()
assert Form.query.first().id == Form.get_with_hashid(resp['hashid']).id
# post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'})
# confirm form
form = Form.query.first()
client.get('/confirm/%s:%s' %
(HASH(form.email, str(form.id)), form.hashid))
assert Form.query.first().confirmed
assert 0 == Submission.query.count()
# increase the submission limit
old_submission_limit = settings.ARCHIVED_SUBMISSIONS_LIMIT
settings.ARCHIVED_SUBMISSIONS_LIMIT = 10
# make 5 submissions
for i in range(5):
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={
'name': 'ana',
'submission': '__%s__' % i
})
assert 5 == Submission.query.count()
# delete a submission in form
first_submission = Submission.query.first()
r = client.delete(
"/api-int/forms/" + form_endpoint + "/submissions/" +
str(first_submission.id),
headers={"Referer": settings.SERVICE_URL},
)
assert 200 == r.status_code
assert 4 == Submission.query.count()
assert DB.session.query(Submission.id).filter_by(id='0').scalar() is None
# make sure you've deleted the submission
# logout user
client.get('/logout')
# attempt to delete form you don't have access to (while logged out)
r = client.delete("/api-int/forms/" + form_endpoint,
headers={"Referer": settings.SERVICE_URL})
assert 401 == r.status_code
assert 1 == Form.query.count()
# create different user
r = client.post('/register',
data={
'email': '*****@*****.**',
'password': '******'
})
# attempt to delete form we don't have access to
r = client.delete("/api-int/forms/" + form_endpoint,
headers={"Referer": settings.SERVICE_URL})
assert 401 == r.status_code
assert 1 == Form.query.count()
client.get('/logout')
#log back in to original account
r = client.post('/login',
data={
'email': '*****@*****.**',
'password': '******'
})
# delete the form created
r = client.delete("/api-int/forms/" + form_endpoint,
headers={"Referer": settings.SERVICE_URL})
assert 200 == r.status_code
assert 0 == Form.query.count()
# reset submission limit
settings.ARCHIVED_SUBMISSIONS_LIMIT = old_submission_limit
def test_form_creation(client, msend):
# register user
r = client.post('/register',
data={
'email': '*****@*****.**',
'password': '******'
})
assert r.status_code == 302
assert 1 == User.query.count()
# fail to create form
r = client.post(
"/api-int/forms",
headers={
"Content-type": "application/json",
"Referer": settings.SERVICE_URL
},
data={"email": "*****@*****.**"},
)
assert r.status_code == 402
assert 'error' in json.loads(r.data.decode('utf-8'))
assert 0 == Form.query.count()
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# successfully create form
r = client.post(
"/api-int/forms",
headers={
"Content-type": "application/json",
"Referer": settings.SERVICE_URL
},
data=json.dumps({"email": "*****@*****.**"}),
)
resp = json.loads(r.data.decode('utf-8'))
assert r.status_code == 200
assert 'submission_url' in resp
assert 'hashid' in resp
form_endpoint = resp['hashid']
assert resp['hashid'] in resp['submission_url']
assert 1 == Form.query.count()
assert Form.query.first().id == Form.get_with_hashid(resp['hashid']).id
# post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'})
assert "We've sent a link to your email" in r.data.decode('utf-8')
assert 'confirm your email' in msend.call_args[1]['text']
assert 1 == Form.query.count()
# confirm form
form = Form.query.first()
client.get('/confirm/%s:%s' %
(HASH(form.email, str(form.id)), form.hashid))
assert Form.query.first().confirmed
# send 5 forms (monthly limits should not apply to the upgraded user)
assert settings.MONTHLY_SUBMISSIONS_LIMIT == 2
for i in range(5):
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={
'name': 'ana',
'submission': '__%s__' % i
})
form = Form.query.first()
assert form.counter == 5
assert form.get_monthly_counter() == 5
assert 'ana' in msend.call_args[1]['text']
assert '__4__' in msend.call_args[1]['text']
assert 'past the limit' not in msend.call_args[1]['text']
# try (and fail) to submit from a different host
r = client.post('/' + form_endpoint,
headers={'Referer': 'bad.com'},
data={'name': 'usurper'})
assert r.status_code == 403
# no more data is sent to sendgrid
assert 'ana' in msend.call_args[1]['text']
assert '__4__' in msend.call_args[1]['text']
def test_upgraded_user_access(client, msend):
# register user
r = client.post('/register',
data={
'email': '*****@*****.**',
'password': '******'
})
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# create form
r = client.post(
"/api-int/forms",
headers={
"Accept": "application/json",
"Content-type": "application/json",
"Referer": settings.SERVICE_URL,
},
data=json.dumps({"email": "*****@*****.**"}),
)
resp = json.loads(r.data.decode('utf-8'))
form_endpoint = resp['hashid']
# manually confirm the form
form = Form.get_with_hashid(form_endpoint)
form.confirmed = True
DB.session.add(form)
DB.session.commit()
# submit form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={
'name': 'bruce',
'message': 'hi, my name is bruce!'
})
# test submissions endpoint (/forms/<hashid>/)
r = client.get(
"/api-int/forms/" + form_endpoint,
headers={
"Accept": "application/json",
"Referer": settings.SERVICE_URL
},
)
submissions = json.loads(r.data.decode('utf-8'))['submissions']
assert len(submissions) == 1
assert submissions[0]['name'] == 'bruce'
assert submissions[0]['message'] == 'hi, my name is bruce!'
# test exporting feature (both json and csv file downloads)
r = client.get('/forms/' + form_endpoint + '.json')
submissions = json.loads(r.data.decode('utf-8'))['submissions']
assert len(submissions) == 1
assert submissions[0]['name'] == 'bruce'
assert submissions[0]['message'] == 'hi, my name is bruce!'
r = client.get('/forms/' + form_endpoint + '.csv')
lines = r.data.decode('utf-8').splitlines()
assert len(lines) == 2
assert lines[0] == "id,date,message,name"
assert '"hi in my name is bruce!"', lines[1]
# test submissions endpoint with the user downgraded
user.upgraded = False
DB.session.add(user)
DB.session.commit()
r = client.get("/api-int/forms/" + form_endpoint)
assert r.status_code == 402 # it should fail
# test submissions endpoint without a logged user
client.get("/logout")
r = client.get("/api-int/forms/" + form_endpoint)
assert r.status_code == 401 # should return a json error (via flask login)
assert "error" in r.json
def test_form_toggle(self):
# create and login a user
r = self.client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
self.assertEqual(r.status_code, 302)
self.assertEqual(1, User.query.count())
# upgrade user
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# successfully create form
r = self.client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**'})
)
resp = json.loads(r.data)
self.assertEqual(r.status_code, 200)
self.assertIn('submission_url', resp)
self.assertIn('hashid', resp)
form_endpoint = resp['hashid']
self.assertIn(resp['hashid'], resp['submission_url'])
self.assertEqual(1, Form.query.count())
self.assertEqual(Form.query.first().id, Form.get_with_hashid(resp['hashid']).id)
# post to form
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'}
)
# confirm form
form = Form.query.first()
self.client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid))
self.assertTrue(Form.query.first().confirmed)
self.assertEqual(0, Submission.query.count())
# disable the form
r = self.client.post('/forms/' + form_endpoint + '/toggle',
headers={'Referer': settings.SERVICE_URL})
self.assertEqual(302, r.status_code)
self.assertTrue(r.location.endswith('/dashboard'))
self.assertTrue(Form.query.first().disabled)
self.assertEqual(0, Form.query.first().counter)
# logout and attempt to enable the form
self.client.get('/logout')
r = self.client.post('/forms/' + form_endpoint + '/toggle',
headers={'Referer': settings.SERVICE_URL},
follow_redirects=True)
self.assertEqual(200, r.status_code)
self.assertTrue(Form.query.first().disabled)
# fail when attempting to post to form
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'}
)
self.assertEqual(403, r.status_code)
self.assertEqual(0, Form.query.first().counter)
# log back in and re-enable form
r = self.client.post('/login',
data={'email': '*****@*****.**',
'password': '******'}
)
r = self.client.post('/forms/' + form_endpoint + '/toggle',
headers={'Referer': settings.SERVICE_URL},
follow_redirects=True)
self.assertEqual(200, r.status_code)
self.assertFalse(Form.query.first().disabled)
# successfully post to form
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'}
)
self.assertEqual(1, Form.query.first().counter)
def test_form_and_submission_deletion(self):
# create and login a user
r = self.client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
self.assertEqual(r.status_code, 302)
self.assertEqual(1, User.query.count())
# upgrade user
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# successfully create form
r = self.client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**'})
)
resp = json.loads(r.data)
self.assertEqual(r.status_code, 200)
self.assertIn('submission_url', resp)
self.assertIn('hashid', resp)
form_endpoint = resp['hashid']
self.assertIn(resp['hashid'], resp['submission_url'])
self.assertEqual(1, Form.query.count())
self.assertEqual(Form.query.first().id, Form.get_with_hashid(resp['hashid']).id)
# post to form
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'}
)
# confirm form
form = Form.query.first()
self.client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid))
self.assertTrue(Form.query.first().confirmed)
self.assertEqual(0, Submission.query.count())
# increase the submission limit
old_submission_limit = settings.ARCHIVED_SUBMISSIONS_LIMIT
settings.ARCHIVED_SUBMISSIONS_LIMIT = 10
# make 5 submissions
for i in range(5):
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'ana',
'submission': '__%s__' % i}
)
self.assertEqual(5, Submission.query.count())
# delete a submission in form
first_submission = Submission.query.first()
r = self.client.post('/forms/' + form_endpoint + '/delete/' + unicode(first_submission.id),
headers={'Referer': settings.SERVICE_URL},
follow_redirects=True)
self.assertEqual(200, r.status_code)
self.assertEqual(4, Submission.query.count())
self.assertTrue(DB.session.query(Submission.id).filter_by(id='0').scalar() is None) #make sure you deleted the submission
# logout user
self.client.get('/logout')
# attempt to delete form you don't have access to (while logged out)
r = self.client.post('/forms/' + form_endpoint + '/delete',
headers={'Referer': settings.SERVICE_URL})
self.assertEqual(302, r.status_code)
self.assertEqual(1, Form.query.count())
# create different user
r = self.client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
# attempt to delete form we don't have access to
r = self.client.post('/forms/' + form_endpoint + '/delete',
headers={'Referer': settings.SERVICE_URL})
self.assertEqual(400, r.status_code)
self.assertEqual(1, Form.query.count())
self.client.get('/logout')
#log back in to original account
r = self.client.post('/login',
data={'email': '*****@*****.**',
'password': '******'}
)
# delete the form created
r = self.client.post('/forms/' + form_endpoint + '/delete',
headers={'Referer': settings.SERVICE_URL},
follow_redirects=True)
self.assertEqual(200, r.status_code)
self.assertEqual(0, Form.query.count())
# reset submission limit
settings.ARCHIVED_SUBMISSIONS_LIMIT = old_submission_limit
def test_form_toggle(self):
# create and login a user
r = self.client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
self.assertEqual(r.status_code, 302)
self.assertEqual(1, User.query.count())
# upgrade user
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# successfully create form
r = self.client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**'})
)
resp = json.loads(r.data)
self.assertEqual(r.status_code, 200)
self.assertIn('submission_url', resp)
self.assertIn('hashid', resp)
form_endpoint = resp['hashid']
self.assertIn(resp['hashid'], resp['submission_url'])
self.assertEqual(1, Form.query.count())
self.assertEqual(Form.query.first().id, Form.get_with_hashid(resp['hashid']).id)
# post to form
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'}
)
# confirm form
form = Form.query.first()
self.client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid))
self.assertTrue(Form.query.first().confirmed)
self.assertEqual(0, Submission.query.count())
# disable the form
r = self.client.post('/forms/' + form_endpoint + '/toggle',
headers={'Referer': settings.SERVICE_URL})
self.assertEqual(302, r.status_code)
self.assertTrue(r.location.endswith('/dashboard'))
self.assertTrue(Form.query.first().disabled)
self.assertEqual(0, Form.query.first().counter)
# logout and attempt to enable the form
self.client.get('/logout')
r = self.client.post('/forms/' + form_endpoint + '/toggle',
headers={'Referer': settings.SERVICE_URL},
follow_redirects=True)
self.assertEqual(200, r.status_code)
self.assertTrue(Form.query.first().disabled)
# fail when attempting to post to form
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'}
)
self.assertEqual(403, r.status_code)
self.assertEqual(0, Form.query.first().counter)
# log back in and re-enable form
r = self.client.post('/login',
data={'email': '*****@*****.**',
'password': '******'}
)
r = self.client.post('/forms/' + form_endpoint + '/toggle',
headers={'Referer': settings.SERVICE_URL},
follow_redirects=True)
self.assertEqual(200, r.status_code)
self.assertFalse(Form.query.first().disabled)
# successfully post to form
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'}
)
self.assertEqual(1, Form.query.first().counter)
def test_form_creation(client, msend):
# register user
r = client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
assert r.status_code == 302
assert 1 == User.query.count()
# fail to create form
r = client.post('/forms',
headers={'Content-type': 'application/json'},
data={'email': '*****@*****.**'}
)
assert r.status_code == 402
assert 'error' in json.loads(r.data.decode('utf-8'))
assert 0 == Form.query.count()
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# successfully create form
r = client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**'})
)
resp = json.loads(r.data.decode('utf-8'))
assert r.status_code == 200
assert 'submission_url' in resp
assert 'hashid' in resp
form_endpoint = resp['hashid']
assert resp['hashid'] in resp['submission_url']
assert 1 == Form.query.count()
assert Form.query.first().id == Form.get_with_hashid(resp['hashid']).id
# post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'http://testsite.com'},
data={'name': 'bruce'}
)
assert 'sent an email confirmation' in r.data.decode('utf-8')
assert 'confirm your email' in msend.call_args[1]['text']
assert 1 == Form.query.count()
# confirm form
form = Form.query.first()
client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid))
assert Form.query.first().confirmed
# Make sure that it marks the first form as AJAX
assert Form.query.first().uses_ajax
# send 5 forms (monthly limits should not apply to the upgraded user)
assert settings.MONTHLY_SUBMISSIONS_LIMIT == 2
for i in range(5):
r = client.post('/' + form_endpoint,
headers={'Referer': 'testsite.com'},
data={'name': 'ana',
'submission': '__%s__' % i}
)
form = Form.query.first()
assert form.counter == 5
assert form.get_monthly_counter() == 5
assert 'ana' in msend.call_args[1]['text']
assert '__4__' in msend.call_args[1]['text']
assert 'You are past our limit' not in msend.call_args[1]['text']
# try (and fail) to submit from a different host
r = client.post('/' + form_endpoint,
headers={'Referer': 'bad.com'},
data={'name': 'usurper'}
)
assert r.status_code == 403
assert 'ana' in msend.call_args[1]['text'] # no more data is sent to sendgrid
assert '__4__' in msend.call_args[1]['text']
def test_upgraded_user_access(client, msend):
# register user
r = client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# create form
r = client.post('/forms',
headers={'Accept': 'application/json',
'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**'})
)
resp = json.loads(r.data.decode('utf-8'))
form_endpoint = resp['hashid']
# manually confirm the form
form = Form.get_with_hashid(form_endpoint)
form.confirmed = True
DB.session.add(form)
DB.session.commit()
# submit form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce', 'message': 'hi, my name is bruce!'}
)
# test submissions endpoint (/forms/<hashid>/)
r = client.get('/forms/' + form_endpoint + '/',
headers={'Accept': 'application/json'}
)
submissions = json.loads(r.data.decode('utf-8'))['submissions']
assert len(submissions) == 1
assert submissions[0]['name'] == 'bruce'
assert submissions[0]['message'] == 'hi, my name is bruce!'
# test exporting feature (both json and csv file downloads)
r = client.get('/forms/' + form_endpoint + '.json')
submissions = json.loads(r.data.decode('utf-8'))['submissions']
assert len(submissions) == 1
assert submissions[0]['name'] == 'bruce'
assert submissions[0]['message'] == 'hi, my name is bruce!'
r = client.get('/forms/' + form_endpoint + '.csv')
lines = r.data.decode('utf-8').splitlines()
assert len(lines) == 2
assert lines[0] == 'date,message,name'
assert '"hi in my name is bruce!"', lines[1]
# test submissions endpoint with the user downgraded
user.upgraded = False
DB.session.add(user)
DB.session.commit()
r = client.get('/forms/' + form_endpoint + '/')
assert r.status_code == 402 # it should fail
# test submissions endpoint without a logged user
client.get('/logout')
r = client.get('/forms/' + form_endpoint + '/')
assert r.status_code == 302 # it should return a redirect (via @user_required
def test_form_toggle(client, msend):
# create and login a user
r = client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
assert r.status_code == 302
assert 1 == User.query.count()
# upgrade user
user = User.query.filter_by(email='*****@*****.**').first()
user.plan = Plan.gold
DB.session.add(user)
DB.session.commit()
# successfully create form
r = client.post(
"/api-int/forms",
headers={"Referer": settings.SERVICE_URL, "Content-type": "application/json"},
data=json.dumps({"email": "*****@*****.**"}),
)
resp = json.loads(r.data.decode('utf-8'))
assert r.status_code == 200
assert 'submission_url' in resp
assert 'hashid' in resp
form_endpoint = resp['hashid']
assert resp['hashid'] in resp['submission_url']
assert 1 == Form.query.count()
assert Form.query.first().id == Form.get_with_hashid(resp['hashid']).id
# post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'}
)
# confirm form
form = Form.query.first()
client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid))
assert Form.query.first().confirmed
assert 0 == Submission.query.count()
# disable the form
r = client.patch(
"/api-int/forms/" + form_endpoint,
headers={"Referer": settings.SERVICE_URL, "Content-Type": "application/json"},
data=json.dumps({"disabled": True}),
)
assert 200 == r.status_code
assert r.json["ok"]
assert Form.query.first().disabled
assert 0 == Form.query.first().counter
# logout and attempt to enable the form
client.get("/logout")
r = client.patch(
"/api-int/forms/" + form_endpoint,
headers={"Content-Type": "application/json", "Referer": settings.SERVICE_URL},
data=json.dumps({"disabled": True}),
)
assert 401 == r.status_code
assert "error" in json.loads(r.data.decode("utf-8"))
assert Form.query.first().disabled
# fail when attempting to post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'}
)
assert 403 == r.status_code
assert 0 == Form.query.first().counter
# log back in and re-enable form
r = client.post("/login", data={"email": "*****@*****.**", "password": "******"})
r = client.patch(
"/api-int/forms/" + form_endpoint,
headers={"Referer": settings.SERVICE_URL, "Content-Type": "application/json"},
data=json.dumps({"disabled": False}),
)
assert 200 == r.status_code
assert not Form.query.first().disabled
# successfully post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'}
)
assert 1 == Form.query.first().counter
def test_form_and_submission_deletion(self):
# create and login a user
r = self.client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
self.assertEqual(r.status_code, 302)
self.assertEqual(1, User.query.count())
# upgrade user
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# successfully create form
r = self.client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**'})
)
resp = json.loads(r.data)
self.assertEqual(r.status_code, 200)
self.assertIn('submission_url', resp)
self.assertIn('hashid', resp)
form_endpoint = resp['hashid']
self.assertIn(resp['hashid'], resp['submission_url'])
self.assertEqual(1, Form.query.count())
self.assertEqual(Form.query.first().id, Form.get_with_hashid(resp['hashid']).id)
# post to form
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'}
)
# confirm form
form = Form.query.first()
self.client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid))
self.assertTrue(Form.query.first().confirmed)
self.assertEqual(0, Submission.query.count())
# increase the submission limit
old_submission_limit = settings.ARCHIVED_SUBMISSIONS_LIMIT
settings.ARCHIVED_SUBMISSIONS_LIMIT = 10
# make 5 submissions
for i in range(5):
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'ana',
'submission': '__%s__' % i}
)
self.assertEqual(5, Submission.query.count())
# delete a submission in form
first_submission = Submission.query.first()
r = self.client.post('/forms/' + form_endpoint + '/delete/' + unicode(first_submission.id),
headers={'Referer': settings.SERVICE_URL},
follow_redirects=True)
self.assertEqual(200, r.status_code)
self.assertEqual(4, Submission.query.count())
self.assertTrue(DB.session.query(Submission.id).filter_by(id='0').scalar() is None) #make sure you deleted the submission
# logout user
self.client.get('/logout')
# attempt to delete form you don't have access to (while logged out)
r = self.client.post('/forms/' + form_endpoint + '/delete',
headers={'Referer': settings.SERVICE_URL})
self.assertEqual(302, r.status_code)
self.assertEqual(1, Form.query.count())
# create different user
r = self.client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
# attempt to delete form we don't have access to
r = self.client.post('/forms/' + form_endpoint + '/delete',
headers={'Referer': settings.SERVICE_URL})
self.assertEqual(400, r.status_code)
self.assertEqual(1, Form.query.count())
self.client.get('/logout')
#log back in to original account
r = self.client.post('/login',
data={'email': '*****@*****.**',
'password': '******'}
)
# delete the form created
r = self.client.post('/forms/' + form_endpoint + '/delete',
headers={'Referer': settings.SERVICE_URL},
follow_redirects=True)
self.assertEqual(200, r.status_code)
self.assertEqual(0, Form.query.count())
# reset submission limit
settings.ARCHIVED_SUBMISSIONS_LIMIT = old_submission_limit
def test_form_creation(client, msend):
# register user
r = client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
assert r.status_code == 302
assert 1 == User.query.count()
# fail to create form
r = client.post('/forms',
headers={'Content-type': 'application/json'},
data={'email': '*****@*****.**'}
)
assert r.status_code == 402
assert 'error' in json.loads(r.data.decode('utf-8'))
assert 0 == Form.query.count()
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# successfully create form
r = client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**'})
)
resp = json.loads(r.data.decode('utf-8'))
assert r.status_code == 200
assert 'submission_url' in resp
assert 'hashid' in resp
form_endpoint = resp['hashid']
assert resp['hashid'] in resp['submission_url']
assert 1 == Form.query.count()
assert Form.query.first().id == Form.get_with_hashid(resp['hashid']).id
# post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'}
)
assert "We've sent a link to your email" in r.data.decode('utf-8')
assert 'confirm your email' in msend.call_args[1]['text']
assert 1 == Form.query.count()
# confirm form
form = Form.query.first()
client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid))
assert Form.query.first().confirmed
# send 5 forms (monthly limits should not apply to the upgraded user)
assert settings.MONTHLY_SUBMISSIONS_LIMIT == 2
for i in range(5):
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'ana',
'submission': '__%s__' % i}
)
form = Form.query.first()
assert form.counter == 5
assert form.get_monthly_counter() == 5
assert 'ana' in msend.call_args[1]['text']
assert '__4__' in msend.call_args[1]['text']
assert 'past the limit' not in msend.call_args[1]['text']
# try (and fail) to submit from a different host
r = client.post('/' + form_endpoint,
headers={'Referer': 'bad.com'},
data={'name': 'usurper'}
)
assert r.status_code == 403
# no more data is sent to sendgrid
assert 'ana' in msend.call_args[1]['text']
assert '__4__' in msend.call_args[1]['text']
def test_form_creation(client, msend):
# register user
r = client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
assert r.status_code == 302
assert 1 == User.query.count()
# fail to create form
r = client.post(
"/api-int/forms",
headers={"Content-type": "application/json", "Referer": settings.SERVICE_URL},
data={"email": "*****@*****.**"},
)
assert r.status_code == 402
assert 'error' in json.loads(r.data.decode('utf-8'))
assert 0 == Form.query.count()
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.plan = Plan.gold
DB.session.add(user)
DB.session.commit()
# successfully create form
r = client.post(
"/api-int/forms",
headers={
"Accept": "application/json",
"Content-type": "application/json",
"Referer": settings.SERVICE_URL,
},
data=json.dumps({"email": "*****@*****.**"}),
)
resp = json.loads(r.data.decode('utf-8'))
assert r.status_code == 200
assert 'submission_url' in resp
assert 'hashid' in resp
form_endpoint = resp['hashid']
assert resp['hashid'] in resp['submission_url']
assert 1 == Form.query.count()
assert Form.query.first().id == Form.get_with_hashid(resp['hashid']).id
# post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'http://testsite.com'},
data={'name': 'bruce'}
)
assert 'sent an email confirmation' in r.data.decode('utf-8')
assert 'confirm your email' in msend.call_args[1]['text']
assert 1 == Form.query.count()
# confirm form
form = Form.query.first()
client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid))
assert Form.query.first().confirmed
# Make sure that it marks the first form as AJAX
assert Form.query.first().uses_ajax
# send 5 forms (monthly limits should not apply to the gold user)
assert settings.MONTHLY_SUBMISSIONS_LIMIT == 2
for i in range(5):
r = client.post(
"/" + form_endpoint,
headers={"Referer": "testsite.com"},
data={"name": "ana", "submission": "__%s__" % i},
)
form = Form.query.first()
assert form.counter == 5
assert form.get_monthly_counter() == 5
assert 'ana' in msend.call_args[1]['text']
assert '__4__' in msend.call_args[1]['text']
assert 'past the limit' not in msend.call_args[1]['text']
# try (and fail) to submit from a different host
r = client.post(
"/" + form_endpoint, headers={"Referer": "bad.com"}, data={"name": "usurper"}
)
assert r.status_code == 403
assert "ana" in msend.call_args[1]["text"] # no more data is sent to sendgrid
assert "__4__" in msend.call_args[1]["text"]
def test_form_toggle(client, msend):
# create and login a user
r = client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
assert r.status_code == 302
assert 1 == User.query.count()
# upgrade user
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# successfully create form
r = client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**'})
)
resp = json.loads(r.data.decode('utf-8'))
assert r.status_code == 200
assert 'submission_url' in resp
assert 'hashid' in resp
form_endpoint = resp['hashid']
assert resp['hashid'] in resp['submission_url']
assert 1 == Form.query.count()
assert Form.query.first().id == Form.get_with_hashid(resp['hashid']).id
# post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'}
)
# confirm form
form = Form.query.first()
client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid))
assert Form.query.first().confirmed
assert 0 == Submission.query.count()
# disable the form
r = client.post('/forms/' + form_endpoint + '/toggle',
headers={'Referer': settings.SERVICE_URL})
assert 302 == r.status_code
assert r.location.endswith('/dashboard')
assert Form.query.first().disabled
assert 0 == Form.query.first().counter
# logout and attempt to enable the form
client.get('/logout')
r = client.post('/forms/' + form_endpoint + '/toggle',
headers={'Referer': settings.SERVICE_URL},
follow_redirects=True)
assert 200 == r.status_code
assert Form.query.first().disabled
# fail when attempting to post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'}
)
assert 403 == r.status_code
assert 0 == Form.query.first().counter
# log back in and re-enable form
r = client.post('/login',
data={'email': '*****@*****.**',
'password': '******'}
)
r = client.post('/forms/' + form_endpoint + '/toggle',
headers={'Referer': settings.SERVICE_URL},
follow_redirects=True)
assert 200 == r.status_code
assert not Form.query.first().disabled
# successfully post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'}
)
assert 1 == Form.query.first().counter
def test_form_toggle(client, msend):
# create and login a user
r = client.post('/register',
data={
'email': '*****@*****.**',
'password': '******'
})
assert r.status_code == 302
assert 1 == User.query.count()
# upgrade user
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# successfully create form
r = client.post(
"/api-int/forms",
headers={
"Referer": settings.SERVICE_URL,
"Content-type": "application/json"
},
data=json.dumps({"email": "*****@*****.**"}),
)
resp = json.loads(r.data.decode('utf-8'))
assert r.status_code == 200
assert 'submission_url' in resp
assert 'hashid' in resp
form_endpoint = resp['hashid']
assert resp['hashid'] in resp['submission_url']
assert 1 == Form.query.count()
assert Form.query.first().id == Form.get_with_hashid(resp['hashid']).id
# post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'})
# confirm form
form = Form.query.first()
client.get('/confirm/%s:%s' %
(HASH(form.email, str(form.id)), form.hashid))
assert Form.query.first().confirmed
assert 0 == Submission.query.count()
# disable the form
r = client.patch(
"/api-int/forms/" + form_endpoint,
headers={
"Referer": settings.SERVICE_URL,
"Content-Type": "application/json"
},
data=json.dumps({"disabled": True}),
)
assert 200 == r.status_code
assert r.json["ok"]
assert Form.query.first().disabled
assert 0 == Form.query.first().counter
# logout and attempt to enable the form
client.get("/logout")
r = client.patch(
"/api-int/forms/" + form_endpoint,
headers={
"Content-Type": "application/json",
"Referer": settings.SERVICE_URL
},
data=json.dumps({"disabled": True}),
)
assert 401 == r.status_code
assert "error" in json.loads(r.data.decode("utf-8"))
assert Form.query.first().disabled
# fail when attempting to post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'})
assert 403 == r.status_code
assert 0 == Form.query.first().counter
# log back in and re-enable form
r = client.post("/login",
data={
"email": "*****@*****.**",
"password": "******"
})
r = client.patch(
"/api-int/forms/" + form_endpoint,
headers={
"Referer": settings.SERVICE_URL,
"Content-Type": "application/json"
},
data=json.dumps({"disabled": False}),
)
assert 200 == r.status_code
assert not Form.query.first().disabled
# successfully post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'})
assert 1 == Form.query.first().counter
def test_form_and_submission_deletion(client, msend):
# create and login a user
r = client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
assert r.status_code == 302
assert 1 == User.query.count()
# upgrade user
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# successfully create form
r = client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**'})
)
resp = json.loads(r.data.decode('utf-8'))
assert r.status_code == 200
assert 'submission_url' in resp
assert 'hashid' in resp
form_endpoint = resp['hashid']
assert resp['hashid'] in resp['submission_url']
assert 1 == Form.query.count()
assert Form.query.first().id == Form.get_with_hashid(resp['hashid']).id
# post to form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'}
)
# confirm form
form = Form.query.first()
client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid))
assert Form.query.first().confirmed
assert 0 == Submission.query.count()
# increase the submission limit
old_submission_limit = settings.ARCHIVED_SUBMISSIONS_LIMIT
settings.ARCHIVED_SUBMISSIONS_LIMIT = 10
# make 5 submissions
for i in range(5):
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'ana',
'submission': '__%s__' % i}
)
assert 5 == Submission.query.count()
# delete a submission in form
first_submission = Submission.query.first()
r = client.post('/forms/' + form_endpoint + '/delete/' + str(first_submission.id),
headers={'Referer': settings.SERVICE_URL},
follow_redirects=True)
assert 200 == r.status_code
assert 4 == Submission.query.count()
assert DB.session.query(Submission.id).filter_by(id='0').scalar() is None
# make sure you've deleted the submission
# logout user
client.get('/logout')
# attempt to delete form you don't have access to (while logged out)
r = client.post('/forms/' + form_endpoint + '/delete',
headers={'Referer': settings.SERVICE_URL})
assert 302 == r.status_code
assert 1 == Form.query.count()
# create different user
r = client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
# attempt to delete form we don't have access to
r = client.post('/forms/' + form_endpoint + '/delete',
headers={'Referer': settings.SERVICE_URL})
assert 400 == r.status_code
assert 1 == Form.query.count()
client.get('/logout')
#log back in to original account
r = client.post('/login',
data={'email': '*****@*****.**',
'password': '******'}
)
# delete the form created
r = client.post('/forms/' + form_endpoint + '/delete',
headers={'Referer': settings.SERVICE_URL},
follow_redirects=True)
assert 200 == r.status_code
assert 0 == Form.query.count()
# reset submission limit
settings.ARCHIVED_SUBMISSIONS_LIMIT = old_submission_limit
def test_upgraded_user_access(self):
httpretty.register_uri(httpretty.POST,
'https://api.sendgrid.com/api/mail.send.json')
# register user
r = self.client.post('/register',
data={
'email': '*****@*****.**',
'password': '******'
})
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# create form
r = self.client.post('/forms',
headers={
'Accept': 'application/json',
'Content-type': 'application/json'
},
data=json.dumps({'email': '*****@*****.**'}))
resp = json.loads(r.data)
form_endpoint = resp['hashid']
# manually confirm the form
form = Form.get_with_hashid(form_endpoint)
form.confirmed = True
DB.session.add(form)
DB.session.commit()
# submit form
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={
'name': 'bruce',
'message': 'hi, my name is bruce!'
})
# test submissions endpoint (/forms/<hashid>/)
r = self.client.get('/forms/' + form_endpoint + '/',
headers={'Accept': 'application/json'})
submissions = json.loads(r.data)['submissions']
self.assertEqual(len(submissions), 1)
self.assertEqual(submissions[0]['name'], 'bruce')
self.assertEqual(submissions[0]['message'], 'hi, my name is bruce!')
# test exporting feature (both json and csv file downloads)
r = self.client.get('/forms/' + form_endpoint + '.json')
submissions = json.loads(r.data)['submissions']
self.assertEqual(len(submissions), 1)
self.assertEqual(submissions[0]['name'], 'bruce')
self.assertEqual(submissions[0]['message'], 'hi, my name is bruce!')
r = self.client.get('/forms/' + form_endpoint + '.csv')
lines = r.data.splitlines()
self.assertEqual(len(lines), 2)
self.assertEqual(lines[0], 'date,message,name')
self.assertIn('"hi, my name is bruce!"', lines[1])
# test submissions endpoint with the user downgraded
user.upgraded = False
DB.session.add(user)
DB.session.commit()
r = self.client.get('/forms/' + form_endpoint + '/')
self.assertEqual(r.status_code, 402) # it should fail
# test submissions endpoint without a logged user
self.client.get('/logout')
r = self.client.get('/forms/' + form_endpoint + '/')
self.assertEqual(
r.status_code,
302) # it should return a redirect (via @user_required)
def test_upgraded_user_access(self):
httpretty.register_uri(httpretty.POST, 'https://api.sendgrid.com/api/mail.send.json')
# register user
r = self.client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# create form
r = self.client.post('/forms',
headers={'Accept': 'application/json',
'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**'})
)
resp = json.loads(r.data)
form_endpoint = resp['hashid']
# manually confirm the form
form = Form.get_with_hashid(form_endpoint)
form.confirmed = True
DB.session.add(form)
DB.session.commit()
# submit form
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce', 'message': 'hi, my name is bruce!'}
)
# test submissions endpoint (/forms/<hashid>/)
r = self.client.get('/forms/' + form_endpoint + '/',
headers={'Accept': 'application/json'}
)
submissions = json.loads(r.data)['submissions']
self.assertEqual(len(submissions), 1)
self.assertEqual(submissions[0]['name'], 'bruce')
self.assertEqual(submissions[0]['message'], 'hi, my name is bruce!')
# test exporting feature (both json and csv file downloads)
r = self.client.get('/forms/' + form_endpoint + '.json')
submissions = json.loads(r.data)['submissions']
self.assertEqual(len(submissions), 1)
self.assertEqual(submissions[0]['name'], 'bruce')
self.assertEqual(submissions[0]['message'], 'hi, my name is bruce!')
r = self.client.get('/forms/' + form_endpoint + '.csv')
lines = r.data.splitlines()
self.assertEqual(len(lines), 2)
self.assertEqual(lines[0], 'date,message,name')
self.assertIn('"hi, my name is bruce!"', lines[1])
# test submissions endpoint with the user downgraded
user.upgraded = False
DB.session.add(user)
DB.session.commit()
r = self.client.get('/forms/' + form_endpoint + '/')
self.assertEqual(r.status_code, 402) # it should fail
# test submissions endpoint without a logged user
self.client.get('/logout')
r = self.client.get('/forms/' + form_endpoint + '/')
self.assertEqual(r.status_code, 302) # it should return a redirect (via @user_required)
def test_form_creation(self):
httpretty.register_uri(httpretty.POST, 'https://api.sendgrid.com/api/mail.send.json')
# register user
r = self.client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
self.assertEqual(r.status_code, 302)
self.assertEqual(1, User.query.count())
# fail to create form
r = self.client.post('/forms',
headers={'Content-type': 'application/json'},
data={'email': '*****@*****.**'}
)
self.assertEqual(r.status_code, 402)
self.assertIn('error', json.loads(r.data))
self.assertEqual(0, Form.query.count())
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# successfully create form
r = self.client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**'})
)
resp = json.loads(r.data)
self.assertEqual(r.status_code, 200)
self.assertIn('submission_url', resp)
self.assertIn('hashid', resp)
form_endpoint = resp['hashid']
self.assertIn(resp['hashid'], resp['submission_url'])
self.assertEqual(1, Form.query.count())
self.assertEqual(Form.query.first().id, Form.get_with_hashid(resp['hashid']).id)
# post to form
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'http://formspree.io'},
data={'name': 'bruce'}
)
self.assertIn("sent an email confirmation", r.data)
self.assertIn('confirm+your+email', httpretty.last_request().body)
self.assertEqual(1, Form.query.count())
# confirm form
form = Form.query.first()
self.client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid))
self.assertTrue(Form.query.first().confirmed)
# send 5 forms (monthly limits should not apply to the upgraded user)
self.assertEqual(settings.MONTHLY_SUBMISSIONS_LIMIT, 2)
for i in range(5):
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'ana',
'submission': '__%s__' % i}
)
form = Form.query.first()
self.assertEqual(form.counter, 5)
self.assertEqual(form.get_monthly_counter(), 5)
self.assertIn('ana', httpretty.last_request().body)
self.assertIn('__4__', httpretty.last_request().body)
self.assertNotIn('You+are+past+our+limit', httpretty.last_request().body)
# try (and fail) to submit from a different host
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'bad.com'},
data={'name': 'usurper'}
)
self.assertEqual(r.status_code, 403)
self.assertIn('ana', httpretty.last_request().body) # no more data is sent to sendgrid
self.assertIn('__4__', httpretty.last_request().body)
def test_gold_user_access(client, msend):
# register user
r = client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.plan = Plan.gold
DB.session.add(user)
DB.session.commit()
# create form
r = client.post(
"/api-int/forms",
headers={
"Accept": "application/json",
"Content-type": "application/json",
"Referer": settings.SERVICE_URL,
},
data=json.dumps({"email": "*****@*****.**"}),
)
resp = json.loads(r.data.decode('utf-8'))
form_endpoint = resp['hashid']
# manually confirm the form
form = Form.get_with_hashid(form_endpoint)
form.confirmed = True
DB.session.add(form)
DB.session.commit()
# submit form
r = client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce', 'message': 'hi, my name is bruce!'}
)
# test submissions endpoint (/forms/<hashid>/)
r = client.get(
"/api-int/forms/" + form_endpoint,
headers={"Accept": "application/json", "Referer": settings.SERVICE_URL},
)
submissions = json.loads(r.data.decode('utf-8'))['submissions']
assert len(submissions) == 1
assert submissions[0]['name'] == 'bruce'
assert submissions[0]['message'] == 'hi, my name is bruce!'
# test exporting feature (both json and csv file downloads)
r = client.get('/forms/' + form_endpoint + '.json')
submissions = json.loads(r.data.decode('utf-8'))['submissions']
assert len(submissions) == 1
assert submissions[0]['name'] == 'bruce'
assert submissions[0]['message'] == 'hi, my name is bruce!'
r = client.get('/forms/' + form_endpoint + '.csv')
lines = r.data.decode('utf-8').splitlines()
assert len(lines) == 2
assert lines[0] == "id,date,message,name"
assert '"hi in my name is bruce!"', lines[1]
# test submissions endpoint with the user downgraded
user.plan = Plan.free
DB.session.add(user)
DB.session.commit()
r = client.get("/api-int/forms/" + form_endpoint)
assert r.status_code == 402 # it should fail
# test submissions endpoint without a logged user
client.get("/logout")
r = client.get("/api-int/forms/" + form_endpoint)
assert r.status_code == 401 # should return a json error (via flask login)
assert "error" in r.json
