def test_upgraded_user_access(self): httpretty.register_uri(httpretty.POST, "https://api.sendgrid.com/api/mail.send.json") # register user r = self.client.post("/register", data={"email": "*****@*****.**", "password": "******"}) # upgrade user manually user = User.query.filter_by(email="*****@*****.**").first() user.upgraded = True DB.session.add(user) DB.session.commit() # create form r = self.client.post( "/forms", headers={"Accept": "application/json", "Content-type": "application/json"}, data=json.dumps({"email": "*****@*****.**"}), ) resp = json.loads(r.data) form_endpoint = resp["hashid"] # manually confirm the form form = Form.get_with_hashid(form_endpoint) form.confirmed = True DB.session.add(form) DB.session.commit() # submit form r = self.client.post( "/" + form_endpoint, headers={"Referer": "formspree.io"}, data={"name": "bruce", "message": "hi!"} ) # test submissions endpoint (/forms/<hashid>/) r = self.client.get("/forms/" + form_endpoint + "/", headers={"Accept": "application/json"}) submissions = json.loads(r.data)["submissions"] self.assertEqual(len(submissions), 1) self.assertEqual(submissions[0]["name"], "bruce") self.assertEqual(submissions[0]["message"], "hi!") # test submissions endpoint with the user downgraded user.upgraded = False DB.session.add(user) DB.session.commit() r = self.client.get("/forms/" + form_endpoint + "/") self.assertEqual(r.status_code, 402) # it should fail # test submissions endpoint without a logged user self.client.get("/logout") r = self.client.get("/forms/" + form_endpoint + "/") self.assertEqual(r.status_code, 302) # it should return a redirect (via @user_required)
def export_submissions(hashid, format=None): if not current_user.has_feature('dashboard'): return jsonerror(402, {'error': "Please upgrade your account."}) form = Form.get_with_hashid(hashid) if not form.controlled_by(current_user): return abort(401) submissions, fields = form.submissions_with_fields() if format == 'json': return Response( json.dumps({ 'host': form.host, 'email': form.email, 'fields': fields, 'submissions': submissions }, sort_keys=True, indent=2), mimetype='application/json', headers={ 'Content-Disposition': 'attachment; filename=form-%s-submissions-%s.json' \ % (hashid, datetime.datetime.now().isoformat().split('.')[0]) } ) elif format == 'csv': out = io.BytesIO() w = csv.DictWriter(out, fieldnames=['id'] + fields, encoding='utf-8') w.writeheader() for sub in submissions: w.writerow(sub) return Response( out.getvalue(), mimetype='text/csv', headers={ 'Content-Disposition': 'attachment; filename=form-%s-submissions-%s.csv' \ % (hashid, datetime.datetime.now().isoformat().split('.')[0]) } )
def export_submissions(hashid, format=None): if not current_user.has_feature('dashboard'): return jsonerror(402, {'error': "Please upgrade your account."}) form = Form.get_with_hashid(hashid) if not form.controlled_by(current_user): return abort(401) submissions, fields = form.submissions_with_fields() if format == 'json': return Response( json.dumps({ 'host': form.host, 'email': form.email, 'fields': fields, 'submissions': submissions }, sort_keys=True, indent=2), mimetype='application/json', headers={ 'Content-Disposition': 'attachment; filename=form-%s-submissions-%s.json' \ % (hashid, datetime.datetime.now().isoformat().split('.')[0]) } ) elif format == 'csv': out = io.BytesIO() w = csv.DictWriter(out, fieldnames=['id'] + fields, encoding='utf-8') w.writeheader() for sub in submissions: w.writerow(sub) return Response( out.getvalue(), mimetype='text/csv', headers={ 'Content-Disposition': 'attachment; filename=form-%s-submissions-%s.csv' \ % (hashid, datetime.datetime.now().isoformat().split('.')[0]) } )
def validate_user_form(hashid, host): ''' Gets a form from a hashid, created on the dashboard. Checks to make sure the submission can be accepted by this form. ''' form = Form.get_with_hashid(hashid) if not form: raise SubmitFormError(errors.bad_hashid_error(hashid)) # Check if it has been assigned about using AJAX or not assign_ajax(form, request_wants_json()) if form.disabled: raise SubmitFormError(errors.disabled_error()) if not form.host: # add the host to the form # ALERT: As a side effect, sets the form's host if not already set form.host = host DB.session.add(form) DB.session.commit() # it is an error when # form is not sitewide, and submission came from a different host # form is sitewide, but submission came from a host rooted somewhere else, or elif (not form.sitewide and # ending slashes can be safely ignored here: form.host.rstrip('/') != host.rstrip('/')) \ or (form.sitewide and \ # removing www from both sides makes this a neutral operation: not remove_www(host).startswith(remove_www(form.host))): raise SubmitFormError(errors.mismatched_host_error(host, form)) return form
def validate_user_form(hashid, host): ''' Gets a form from a hashid, created on the dashboard. Checks to make sure the submission can be accepted by this form. ''' form = Form.get_with_hashid(hashid) if not form: raise SubmitFormError(errors.bad_hashid_error(hashid)) # Check if it has been assigned about using AJAX or not assign_ajax(form, request_wants_json()) if form.disabled: raise SubmitFormError(errors.disabled_error()) if not form.host: # add the host to the form # ALERT: As a side effect, sets the form's host if not already set form.host = host DB.session.add(form) DB.session.commit() # it is an error when # form is not sitewide, and submission came from a different host # form is sitewide, but submission came from a host rooted somewhere else, or elif (not form.sitewide and # ending slashes can be safely ignored here: form.host.rstrip('/') != host.rstrip('/')) \ or (form.sitewide and \ # removing www from both sides makes this a neutral operation: not remove_www(host).startswith(remove_www(form.host))): raise SubmitFormError(errors.mismatched_host_error(host, form)) return form
def test_form_toggle(client, msend): # create and login a user r = client.post('/register', data={ 'email': '*****@*****.**', 'password': '******' }) assert r.status_code == 302 assert 1 == User.query.count() # upgrade user user = User.query.filter_by(email='*****@*****.**').first() user.upgraded = True DB.session.add(user) DB.session.commit() # successfully create form r = client.post('/forms', headers={ 'Accept': 'application/json', 'Content-type': 'application/json' }, data=json.dumps({'email': '*****@*****.**'})) resp = json.loads(r.data.decode('utf-8')) assert r.status_code == 200 assert 'submission_url' in resp assert 'hashid' in resp form_endpoint = resp['hashid'] assert resp['hashid'] in resp['submission_url'] assert 1 == Form.query.count() assert Form.query.first().id == Form.get_with_hashid(resp['hashid']).id # post to form r = client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce'}) # confirm form form = Form.query.first() client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid)) assert Form.query.first().confirmed assert 0 == Submission.query.count() # disable the form r = client.post('/forms/' + form_endpoint + '/toggle', headers={'Referer': settings.SERVICE_URL}) assert 302 == r.status_code assert r.location.endswith('/dashboard') assert Form.query.first().disabled assert 0 == Form.query.first().counter # logout and attempt to enable the form client.get('/logout') r = client.post('/forms/' + form_endpoint + '/toggle', headers={'Referer': settings.SERVICE_URL}, follow_redirects=True) assert 200 == r.status_code assert Form.query.first().disabled # fail when attempting to post to form r = client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce'}) assert 403 == r.status_code assert 0 == Form.query.first().counter # log back in and re-enable form r = client.post('/login', data={ 'email': '*****@*****.**', 'password': '******' }) r = client.post('/forms/' + form_endpoint + '/toggle', headers={'Referer': settings.SERVICE_URL}, follow_redirects=True) assert 200 == r.status_code assert not Form.query.first().disabled # successfully post to form r = client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce'}) assert 1 == Form.query.first().counter
def test_upgraded_user_access(client, msend): # register user r = client.post('/register', data={ 'email': '*****@*****.**', 'password': '******' }) # upgrade user manually user = User.query.filter_by(email='*****@*****.**').first() user.upgraded = True DB.session.add(user) DB.session.commit() # create form r = client.post('/forms', headers={ 'Accept': 'application/json', 'Content-type': 'application/json' }, data=json.dumps({'email': '*****@*****.**'})) resp = json.loads(r.data.decode('utf-8')) form_endpoint = resp['hashid'] # manually confirm the form form = Form.get_with_hashid(form_endpoint) form.confirmed = True DB.session.add(form) DB.session.commit() # submit form r = client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={ 'name': 'bruce', 'message': 'hi, my name is bruce!' }) # test submissions endpoint (/forms/<hashid>/) r = client.get('/forms/' + form_endpoint + '/', headers={'Accept': 'application/json'}) submissions = json.loads(r.data.decode('utf-8'))['submissions'] assert len(submissions) == 1 assert submissions[0]['name'] == 'bruce' assert submissions[0]['message'] == 'hi, my name is bruce!' # test exporting feature (both json and csv file downloads) r = client.get('/forms/' + form_endpoint + '.json') submissions = json.loads(r.data.decode('utf-8'))['submissions'] assert len(submissions) == 1 assert submissions[0]['name'] == 'bruce' assert submissions[0]['message'] == 'hi, my name is bruce!' r = client.get('/forms/' + form_endpoint + '.csv') lines = r.data.decode('utf-8').splitlines() assert len(lines) == 2 assert lines[0] == 'date,message,name' assert '"hi in my name is bruce!"', lines[1] # test submissions endpoint with the user downgraded user.upgraded = False DB.session.add(user) DB.session.commit() r = client.get('/forms/' + form_endpoint + '/') assert r.status_code == 402 # it should fail # test submissions endpoint without a logged user client.get('/logout') r = client.get('/forms/' + form_endpoint + '/') assert r.status_code == 302 # it should return a redirect (via @user_required
def test_form_creation(self): httpretty.register_uri(httpretty.POST, 'https://api.sendgrid.com/api/mail.send.json') # register user r = self.client.post('/register', data={ 'email': '*****@*****.**', 'password': '******' }) self.assertEqual(r.status_code, 302) self.assertEqual(1, User.query.count()) # fail to create form r = self.client.post('/forms', headers={'Content-type': 'application/json'}, data={'email': '*****@*****.**'}) self.assertEqual(r.status_code, 402) self.assertIn('error', json.loads(r.data)) self.assertEqual(0, Form.query.count()) # upgrade user manually user = User.query.filter_by(email='*****@*****.**').first() user.upgraded = True DB.session.add(user) DB.session.commit() # successfully create form r = self.client.post('/forms', headers={ 'Accept': 'application/json', 'Content-type': 'application/json' }, data=json.dumps({'email': '*****@*****.**'})) resp = json.loads(r.data) self.assertEqual(r.status_code, 200) self.assertIn('submission_url', resp) self.assertIn('hashid', resp) form_endpoint = resp['hashid'] self.assertIn(resp['hashid'], resp['submission_url']) self.assertEqual(1, Form.query.count()) self.assertEqual(Form.query.first().id, Form.get_with_hashid(resp['hashid']).id) # post to form r = self.client.post('/' + form_endpoint, headers={'Referer': 'http://formspree.io'}, data={'name': 'bruce'}) self.assertIn("sent an email confirmation", r.data) self.assertIn('confirm+your+email', httpretty.last_request().body) self.assertEqual(1, Form.query.count()) # confirm form form = Form.query.first() self.client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid)) self.assertTrue(Form.query.first().confirmed) # send 5 forms (monthly limits should not apply to the upgraded user) self.assertEqual(settings.MONTHLY_SUBMISSIONS_LIMIT, 2) for i in range(5): r = self.client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={ 'name': 'ana', 'submission': '__%s__' % i }) form = Form.query.first() self.assertEqual(form.counter, 5) self.assertEqual(form.get_monthly_counter(), 5) self.assertIn('ana', httpretty.last_request().body) self.assertIn('__4__', httpretty.last_request().body) self.assertNotIn('You+are+past+our+limit', httpretty.last_request().body) # try (and fail) to submit from a different host r = self.client.post('/' + form_endpoint, headers={'Referer': 'bad.com'}, data={'name': 'usurper'}) self.assertEqual(r.status_code, 403) self.assertIn( 'ana', httpretty.last_request().body) # no more data is sent to sendgrid self.assertIn('__4__', httpretty.last_request().body)
def test_form_and_submission_deletion(client, msend): # create and login a user r = client.post('/register', data={ 'email': '*****@*****.**', 'password': '******' }) assert r.status_code == 302 assert 1 == User.query.count() # upgrade user user = User.query.filter_by(email='*****@*****.**').first() user.upgraded = True DB.session.add(user) DB.session.commit() # successfully create form r = client.post( "/api-int/forms", headers={ "Accept": "application/json", "Content-type": "application/json", "Referer": settings.SERVICE_URL, }, data=json.dumps({"email": "*****@*****.**"}), ) resp = json.loads(r.data.decode('utf-8')) assert r.status_code == 200 assert 'submission_url' in resp assert 'hashid' in resp form_endpoint = resp['hashid'] assert resp['hashid'] in resp['submission_url'] assert 1 == Form.query.count() assert Form.query.first().id == Form.get_with_hashid(resp['hashid']).id # post to form r = client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce'}) # confirm form form = Form.query.first() client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid)) assert Form.query.first().confirmed assert 0 == Submission.query.count() # increase the submission limit old_submission_limit = settings.ARCHIVED_SUBMISSIONS_LIMIT settings.ARCHIVED_SUBMISSIONS_LIMIT = 10 # make 5 submissions for i in range(5): r = client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={ 'name': 'ana', 'submission': '__%s__' % i }) assert 5 == Submission.query.count() # delete a submission in form first_submission = Submission.query.first() r = client.delete( "/api-int/forms/" + form_endpoint + "/submissions/" + str(first_submission.id), headers={"Referer": settings.SERVICE_URL}, ) assert 200 == r.status_code assert 4 == Submission.query.count() assert DB.session.query(Submission.id).filter_by(id='0').scalar() is None # make sure you've deleted the submission # logout user client.get('/logout') # attempt to delete form you don't have access to (while logged out) r = client.delete("/api-int/forms/" + form_endpoint, headers={"Referer": settings.SERVICE_URL}) assert 401 == r.status_code assert 1 == Form.query.count() # create different user r = client.post('/register', data={ 'email': '*****@*****.**', 'password': '******' }) # attempt to delete form we don't have access to r = client.delete("/api-int/forms/" + form_endpoint, headers={"Referer": settings.SERVICE_URL}) assert 401 == r.status_code assert 1 == Form.query.count() client.get('/logout') #log back in to original account r = client.post('/login', data={ 'email': '*****@*****.**', 'password': '******' }) # delete the form created r = client.delete("/api-int/forms/" + form_endpoint, headers={"Referer": settings.SERVICE_URL}) assert 200 == r.status_code assert 0 == Form.query.count() # reset submission limit settings.ARCHIVED_SUBMISSIONS_LIMIT = old_submission_limit
def test_form_creation(client, msend): # register user r = client.post('/register', data={ 'email': '*****@*****.**', 'password': '******' }) assert r.status_code == 302 assert 1 == User.query.count() # fail to create form r = client.post( "/api-int/forms", headers={ "Content-type": "application/json", "Referer": settings.SERVICE_URL }, data={"email": "*****@*****.**"}, ) assert r.status_code == 402 assert 'error' in json.loads(r.data.decode('utf-8')) assert 0 == Form.query.count() # upgrade user manually user = User.query.filter_by(email='*****@*****.**').first() user.upgraded = True DB.session.add(user) DB.session.commit() # successfully create form r = client.post( "/api-int/forms", headers={ "Content-type": "application/json", "Referer": settings.SERVICE_URL }, data=json.dumps({"email": "*****@*****.**"}), ) resp = json.loads(r.data.decode('utf-8')) assert r.status_code == 200 assert 'submission_url' in resp assert 'hashid' in resp form_endpoint = resp['hashid'] assert resp['hashid'] in resp['submission_url'] assert 1 == Form.query.count() assert Form.query.first().id == Form.get_with_hashid(resp['hashid']).id # post to form r = client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce'}) assert "We've sent a link to your email" in r.data.decode('utf-8') assert 'confirm your email' in msend.call_args[1]['text'] assert 1 == Form.query.count() # confirm form form = Form.query.first() client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid)) assert Form.query.first().confirmed # send 5 forms (monthly limits should not apply to the upgraded user) assert settings.MONTHLY_SUBMISSIONS_LIMIT == 2 for i in range(5): r = client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={ 'name': 'ana', 'submission': '__%s__' % i }) form = Form.query.first() assert form.counter == 5 assert form.get_monthly_counter() == 5 assert 'ana' in msend.call_args[1]['text'] assert '__4__' in msend.call_args[1]['text'] assert 'past the limit' not in msend.call_args[1]['text'] # try (and fail) to submit from a different host r = client.post('/' + form_endpoint, headers={'Referer': 'bad.com'}, data={'name': 'usurper'}) assert r.status_code == 403 # no more data is sent to sendgrid assert 'ana' in msend.call_args[1]['text'] assert '__4__' in msend.call_args[1]['text']
def test_upgraded_user_access(client, msend): # register user r = client.post('/register', data={ 'email': '*****@*****.**', 'password': '******' }) # upgrade user manually user = User.query.filter_by(email='*****@*****.**').first() user.upgraded = True DB.session.add(user) DB.session.commit() # create form r = client.post( "/api-int/forms", headers={ "Accept": "application/json", "Content-type": "application/json", "Referer": settings.SERVICE_URL, }, data=json.dumps({"email": "*****@*****.**"}), ) resp = json.loads(r.data.decode('utf-8')) form_endpoint = resp['hashid'] # manually confirm the form form = Form.get_with_hashid(form_endpoint) form.confirmed = True DB.session.add(form) DB.session.commit() # submit form r = client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={ 'name': 'bruce', 'message': 'hi, my name is bruce!' }) # test submissions endpoint (/forms/<hashid>/) r = client.get( "/api-int/forms/" + form_endpoint, headers={ "Accept": "application/json", "Referer": settings.SERVICE_URL }, ) submissions = json.loads(r.data.decode('utf-8'))['submissions'] assert len(submissions) == 1 assert submissions[0]['name'] == 'bruce' assert submissions[0]['message'] == 'hi, my name is bruce!' # test exporting feature (both json and csv file downloads) r = client.get('/forms/' + form_endpoint + '.json') submissions = json.loads(r.data.decode('utf-8'))['submissions'] assert len(submissions) == 1 assert submissions[0]['name'] == 'bruce' assert submissions[0]['message'] == 'hi, my name is bruce!' r = client.get('/forms/' + form_endpoint + '.csv') lines = r.data.decode('utf-8').splitlines() assert len(lines) == 2 assert lines[0] == "id,date,message,name" assert '"hi in my name is bruce!"', lines[1] # test submissions endpoint with the user downgraded user.upgraded = False DB.session.add(user) DB.session.commit() r = client.get("/api-int/forms/" + form_endpoint) assert r.status_code == 402 # it should fail # test submissions endpoint without a logged user client.get("/logout") r = client.get("/api-int/forms/" + form_endpoint) assert r.status_code == 401 # should return a json error (via flask login) assert "error" in r.json
def test_form_toggle(self): # create and login a user r = self.client.post('/register', data={'email': '*****@*****.**', 'password': '******'} ) self.assertEqual(r.status_code, 302) self.assertEqual(1, User.query.count()) # upgrade user user = User.query.filter_by(email='*****@*****.**').first() user.upgraded = True DB.session.add(user) DB.session.commit() # successfully create form r = self.client.post('/forms', headers={'Accept': 'application/json', 'Content-type': 'application/json'}, data=json.dumps({'email': '*****@*****.**'}) ) resp = json.loads(r.data) self.assertEqual(r.status_code, 200) self.assertIn('submission_url', resp) self.assertIn('hashid', resp) form_endpoint = resp['hashid'] self.assertIn(resp['hashid'], resp['submission_url']) self.assertEqual(1, Form.query.count()) self.assertEqual(Form.query.first().id, Form.get_with_hashid(resp['hashid']).id) # post to form r = self.client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce'} ) # confirm form form = Form.query.first() self.client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid)) self.assertTrue(Form.query.first().confirmed) self.assertEqual(0, Submission.query.count()) # disable the form r = self.client.post('/forms/' + form_endpoint + '/toggle', headers={'Referer': settings.SERVICE_URL}) self.assertEqual(302, r.status_code) self.assertTrue(r.location.endswith('/dashboard')) self.assertTrue(Form.query.first().disabled) self.assertEqual(0, Form.query.first().counter) # logout and attempt to enable the form self.client.get('/logout') r = self.client.post('/forms/' + form_endpoint + '/toggle', headers={'Referer': settings.SERVICE_URL}, follow_redirects=True) self.assertEqual(200, r.status_code) self.assertTrue(Form.query.first().disabled) # fail when attempting to post to form r = self.client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce'} ) self.assertEqual(403, r.status_code) self.assertEqual(0, Form.query.first().counter) # log back in and re-enable form r = self.client.post('/login', data={'email': '*****@*****.**', 'password': '******'} ) r = self.client.post('/forms/' + form_endpoint + '/toggle', headers={'Referer': settings.SERVICE_URL}, follow_redirects=True) self.assertEqual(200, r.status_code) self.assertFalse(Form.query.first().disabled) # successfully post to form r = self.client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce'} ) self.assertEqual(1, Form.query.first().counter)
def test_form_and_submission_deletion(self): # create and login a user r = self.client.post('/register', data={'email': '*****@*****.**', 'password': '******'} ) self.assertEqual(r.status_code, 302) self.assertEqual(1, User.query.count()) # upgrade user user = User.query.filter_by(email='*****@*****.**').first() user.upgraded = True DB.session.add(user) DB.session.commit() # successfully create form r = self.client.post('/forms', headers={'Accept': 'application/json', 'Content-type': 'application/json'}, data=json.dumps({'email': '*****@*****.**'}) ) resp = json.loads(r.data) self.assertEqual(r.status_code, 200) self.assertIn('submission_url', resp) self.assertIn('hashid', resp) form_endpoint = resp['hashid'] self.assertIn(resp['hashid'], resp['submission_url']) self.assertEqual(1, Form.query.count()) self.assertEqual(Form.query.first().id, Form.get_with_hashid(resp['hashid']).id) # post to form r = self.client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce'} ) # confirm form form = Form.query.first() self.client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid)) self.assertTrue(Form.query.first().confirmed) self.assertEqual(0, Submission.query.count()) # increase the submission limit old_submission_limit = settings.ARCHIVED_SUBMISSIONS_LIMIT settings.ARCHIVED_SUBMISSIONS_LIMIT = 10 # make 5 submissions for i in range(5): r = self.client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'ana', 'submission': '__%s__' % i} ) self.assertEqual(5, Submission.query.count()) # delete a submission in form first_submission = Submission.query.first() r = self.client.post('/forms/' + form_endpoint + '/delete/' + unicode(first_submission.id), headers={'Referer': settings.SERVICE_URL}, follow_redirects=True) self.assertEqual(200, r.status_code) self.assertEqual(4, Submission.query.count()) self.assertTrue(DB.session.query(Submission.id).filter_by(id='0').scalar() is None) #make sure you deleted the submission # logout user self.client.get('/logout') # attempt to delete form you don't have access to (while logged out) r = self.client.post('/forms/' + form_endpoint + '/delete', headers={'Referer': settings.SERVICE_URL}) self.assertEqual(302, r.status_code) self.assertEqual(1, Form.query.count()) # create different user r = self.client.post('/register', data={'email': '*****@*****.**', 'password': '******'} ) # attempt to delete form we don't have access to r = self.client.post('/forms/' + form_endpoint + '/delete', headers={'Referer': settings.SERVICE_URL}) self.assertEqual(400, r.status_code) self.assertEqual(1, Form.query.count()) self.client.get('/logout') #log back in to original account r = self.client.post('/login', data={'email': '*****@*****.**', 'password': '******'} ) # delete the form created r = self.client.post('/forms/' + form_endpoint + '/delete', headers={'Referer': settings.SERVICE_URL}, follow_redirects=True) self.assertEqual(200, r.status_code) self.assertEqual(0, Form.query.count()) # reset submission limit settings.ARCHIVED_SUBMISSIONS_LIMIT = old_submission_limit
def test_form_toggle(self): # create and login a user r = self.client.post('/register', data={'email': '*****@*****.**', 'password': '******'} ) self.assertEqual(r.status_code, 302) self.assertEqual(1, User.query.count()) # upgrade user user = User.query.filter_by(email='*****@*****.**').first() user.upgraded = True DB.session.add(user) DB.session.commit() # successfully create form r = self.client.post('/forms', headers={'Accept': 'application/json', 'Content-type': 'application/json'}, data=json.dumps({'email': '*****@*****.**'}) ) resp = json.loads(r.data) self.assertEqual(r.status_code, 200) self.assertIn('submission_url', resp) self.assertIn('hashid', resp) form_endpoint = resp['hashid'] self.assertIn(resp['hashid'], resp['submission_url']) self.assertEqual(1, Form.query.count()) self.assertEqual(Form.query.first().id, Form.get_with_hashid(resp['hashid']).id) # post to form r = self.client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce'} ) # confirm form form = Form.query.first() self.client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid)) self.assertTrue(Form.query.first().confirmed) self.assertEqual(0, Submission.query.count()) # disable the form r = self.client.post('/forms/' + form_endpoint + '/toggle', headers={'Referer': settings.SERVICE_URL}) self.assertEqual(302, r.status_code) self.assertTrue(r.location.endswith('/dashboard')) self.assertTrue(Form.query.first().disabled) self.assertEqual(0, Form.query.first().counter) # logout and attempt to enable the form self.client.get('/logout') r = self.client.post('/forms/' + form_endpoint + '/toggle', headers={'Referer': settings.SERVICE_URL}, follow_redirects=True) self.assertEqual(200, r.status_code) self.assertTrue(Form.query.first().disabled) # fail when attempting to post to form r = self.client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce'} ) self.assertEqual(403, r.status_code) self.assertEqual(0, Form.query.first().counter) # log back in and re-enable form r = self.client.post('/login', data={'email': '*****@*****.**', 'password': '******'} ) r = self.client.post('/forms/' + form_endpoint + '/toggle', headers={'Referer': settings.SERVICE_URL}, follow_redirects=True) self.assertEqual(200, r.status_code) self.assertFalse(Form.query.first().disabled) # successfully post to form r = self.client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce'} ) self.assertEqual(1, Form.query.first().counter)
def test_form_creation(client, msend): # register user r = client.post('/register', data={'email': '*****@*****.**', 'password': '******'} ) assert r.status_code == 302 assert 1 == User.query.count() # fail to create form r = client.post('/forms', headers={'Content-type': 'application/json'}, data={'email': '*****@*****.**'} ) assert r.status_code == 402 assert 'error' in json.loads(r.data.decode('utf-8')) assert 0 == Form.query.count() # upgrade user manually user = User.query.filter_by(email='*****@*****.**').first() user.upgraded = True DB.session.add(user) DB.session.commit() # successfully create form r = client.post('/forms', headers={'Accept': 'application/json', 'Content-type': 'application/json'}, data=json.dumps({'email': '*****@*****.**'}) ) resp = json.loads(r.data.decode('utf-8')) assert r.status_code == 200 assert 'submission_url' in resp assert 'hashid' in resp form_endpoint = resp['hashid'] assert resp['hashid'] in resp['submission_url'] assert 1 == Form.query.count() assert Form.query.first().id == Form.get_with_hashid(resp['hashid']).id # post to form r = client.post('/' + form_endpoint, headers={'Referer': 'http://testsite.com'}, data={'name': 'bruce'} ) assert 'sent an email confirmation' in r.data.decode('utf-8') assert 'confirm your email' in msend.call_args[1]['text'] assert 1 == Form.query.count() # confirm form form = Form.query.first() client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid)) assert Form.query.first().confirmed # Make sure that it marks the first form as AJAX assert Form.query.first().uses_ajax # send 5 forms (monthly limits should not apply to the upgraded user) assert settings.MONTHLY_SUBMISSIONS_LIMIT == 2 for i in range(5): r = client.post('/' + form_endpoint, headers={'Referer': 'testsite.com'}, data={'name': 'ana', 'submission': '__%s__' % i} ) form = Form.query.first() assert form.counter == 5 assert form.get_monthly_counter() == 5 assert 'ana' in msend.call_args[1]['text'] assert '__4__' in msend.call_args[1]['text'] assert 'You are past our limit' not in msend.call_args[1]['text'] # try (and fail) to submit from a different host r = client.post('/' + form_endpoint, headers={'Referer': 'bad.com'}, data={'name': 'usurper'} ) assert r.status_code == 403 assert 'ana' in msend.call_args[1]['text'] # no more data is sent to sendgrid assert '__4__' in msend.call_args[1]['text']
def test_upgraded_user_access(client, msend): # register user r = client.post('/register', data={'email': '*****@*****.**', 'password': '******'} ) # upgrade user manually user = User.query.filter_by(email='*****@*****.**').first() user.upgraded = True DB.session.add(user) DB.session.commit() # create form r = client.post('/forms', headers={'Accept': 'application/json', 'Content-type': 'application/json'}, data=json.dumps({'email': '*****@*****.**'}) ) resp = json.loads(r.data.decode('utf-8')) form_endpoint = resp['hashid'] # manually confirm the form form = Form.get_with_hashid(form_endpoint) form.confirmed = True DB.session.add(form) DB.session.commit() # submit form r = client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce', 'message': 'hi, my name is bruce!'} ) # test submissions endpoint (/forms/<hashid>/) r = client.get('/forms/' + form_endpoint + '/', headers={'Accept': 'application/json'} ) submissions = json.loads(r.data.decode('utf-8'))['submissions'] assert len(submissions) == 1 assert submissions[0]['name'] == 'bruce' assert submissions[0]['message'] == 'hi, my name is bruce!' # test exporting feature (both json and csv file downloads) r = client.get('/forms/' + form_endpoint + '.json') submissions = json.loads(r.data.decode('utf-8'))['submissions'] assert len(submissions) == 1 assert submissions[0]['name'] == 'bruce' assert submissions[0]['message'] == 'hi, my name is bruce!' r = client.get('/forms/' + form_endpoint + '.csv') lines = r.data.decode('utf-8').splitlines() assert len(lines) == 2 assert lines[0] == 'date,message,name' assert '"hi in my name is bruce!"', lines[1] # test submissions endpoint with the user downgraded user.upgraded = False DB.session.add(user) DB.session.commit() r = client.get('/forms/' + form_endpoint + '/') assert r.status_code == 402 # it should fail # test submissions endpoint without a logged user client.get('/logout') r = client.get('/forms/' + form_endpoint + '/') assert r.status_code == 302 # it should return a redirect (via @user_required
def test_form_toggle(client, msend): # create and login a user r = client.post('/register', data={'email': '*****@*****.**', 'password': '******'} ) assert r.status_code == 302 assert 1 == User.query.count() # upgrade user user = User.query.filter_by(email='*****@*****.**').first() user.plan = Plan.gold DB.session.add(user) DB.session.commit() # successfully create form r = client.post( "/api-int/forms", headers={"Referer": settings.SERVICE_URL, "Content-type": "application/json"}, data=json.dumps({"email": "*****@*****.**"}), ) resp = json.loads(r.data.decode('utf-8')) assert r.status_code == 200 assert 'submission_url' in resp assert 'hashid' in resp form_endpoint = resp['hashid'] assert resp['hashid'] in resp['submission_url'] assert 1 == Form.query.count() assert Form.query.first().id == Form.get_with_hashid(resp['hashid']).id # post to form r = client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce'} ) # confirm form form = Form.query.first() client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid)) assert Form.query.first().confirmed assert 0 == Submission.query.count() # disable the form r = client.patch( "/api-int/forms/" + form_endpoint, headers={"Referer": settings.SERVICE_URL, "Content-Type": "application/json"}, data=json.dumps({"disabled": True}), ) assert 200 == r.status_code assert r.json["ok"] assert Form.query.first().disabled assert 0 == Form.query.first().counter # logout and attempt to enable the form client.get("/logout") r = client.patch( "/api-int/forms/" + form_endpoint, headers={"Content-Type": "application/json", "Referer": settings.SERVICE_URL}, data=json.dumps({"disabled": True}), ) assert 401 == r.status_code assert "error" in json.loads(r.data.decode("utf-8")) assert Form.query.first().disabled # fail when attempting to post to form r = client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce'} ) assert 403 == r.status_code assert 0 == Form.query.first().counter # log back in and re-enable form r = client.post("/login", data={"email": "*****@*****.**", "password": "******"}) r = client.patch( "/api-int/forms/" + form_endpoint, headers={"Referer": settings.SERVICE_URL, "Content-Type": "application/json"}, data=json.dumps({"disabled": False}), ) assert 200 == r.status_code assert not Form.query.first().disabled # successfully post to form r = client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce'} ) assert 1 == Form.query.first().counter
def test_form_and_submission_deletion(self): # create and login a user r = self.client.post('/register', data={'email': '*****@*****.**', 'password': '******'} ) self.assertEqual(r.status_code, 302) self.assertEqual(1, User.query.count()) # upgrade user user = User.query.filter_by(email='*****@*****.**').first() user.upgraded = True DB.session.add(user) DB.session.commit() # successfully create form r = self.client.post('/forms', headers={'Accept': 'application/json', 'Content-type': 'application/json'}, data=json.dumps({'email': '*****@*****.**'}) ) resp = json.loads(r.data) self.assertEqual(r.status_code, 200) self.assertIn('submission_url', resp) self.assertIn('hashid', resp) form_endpoint = resp['hashid'] self.assertIn(resp['hashid'], resp['submission_url']) self.assertEqual(1, Form.query.count()) self.assertEqual(Form.query.first().id, Form.get_with_hashid(resp['hashid']).id) # post to form r = self.client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce'} ) # confirm form form = Form.query.first() self.client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid)) self.assertTrue(Form.query.first().confirmed) self.assertEqual(0, Submission.query.count()) # increase the submission limit old_submission_limit = settings.ARCHIVED_SUBMISSIONS_LIMIT settings.ARCHIVED_SUBMISSIONS_LIMIT = 10 # make 5 submissions for i in range(5): r = self.client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'ana', 'submission': '__%s__' % i} ) self.assertEqual(5, Submission.query.count()) # delete a submission in form first_submission = Submission.query.first() r = self.client.post('/forms/' + form_endpoint + '/delete/' + unicode(first_submission.id), headers={'Referer': settings.SERVICE_URL}, follow_redirects=True) self.assertEqual(200, r.status_code) self.assertEqual(4, Submission.query.count()) self.assertTrue(DB.session.query(Submission.id).filter_by(id='0').scalar() is None) #make sure you deleted the submission # logout user self.client.get('/logout') # attempt to delete form you don't have access to (while logged out) r = self.client.post('/forms/' + form_endpoint + '/delete', headers={'Referer': settings.SERVICE_URL}) self.assertEqual(302, r.status_code) self.assertEqual(1, Form.query.count()) # create different user r = self.client.post('/register', data={'email': '*****@*****.**', 'password': '******'} ) # attempt to delete form we don't have access to r = self.client.post('/forms/' + form_endpoint + '/delete', headers={'Referer': settings.SERVICE_URL}) self.assertEqual(400, r.status_code) self.assertEqual(1, Form.query.count()) self.client.get('/logout') #log back in to original account r = self.client.post('/login', data={'email': '*****@*****.**', 'password': '******'} ) # delete the form created r = self.client.post('/forms/' + form_endpoint + '/delete', headers={'Referer': settings.SERVICE_URL}, follow_redirects=True) self.assertEqual(200, r.status_code) self.assertEqual(0, Form.query.count()) # reset submission limit settings.ARCHIVED_SUBMISSIONS_LIMIT = old_submission_limit
def test_form_creation(client, msend): # register user r = client.post('/register', data={'email': '*****@*****.**', 'password': '******'} ) assert r.status_code == 302 assert 1 == User.query.count() # fail to create form r = client.post('/forms', headers={'Content-type': 'application/json'}, data={'email': '*****@*****.**'} ) assert r.status_code == 402 assert 'error' in json.loads(r.data.decode('utf-8')) assert 0 == Form.query.count() # upgrade user manually user = User.query.filter_by(email='*****@*****.**').first() user.upgraded = True DB.session.add(user) DB.session.commit() # successfully create form r = client.post('/forms', headers={'Accept': 'application/json', 'Content-type': 'application/json'}, data=json.dumps({'email': '*****@*****.**'}) ) resp = json.loads(r.data.decode('utf-8')) assert r.status_code == 200 assert 'submission_url' in resp assert 'hashid' in resp form_endpoint = resp['hashid'] assert resp['hashid'] in resp['submission_url'] assert 1 == Form.query.count() assert Form.query.first().id == Form.get_with_hashid(resp['hashid']).id # post to form r = client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce'} ) assert "We've sent a link to your email" in r.data.decode('utf-8') assert 'confirm your email' in msend.call_args[1]['text'] assert 1 == Form.query.count() # confirm form form = Form.query.first() client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid)) assert Form.query.first().confirmed # send 5 forms (monthly limits should not apply to the upgraded user) assert settings.MONTHLY_SUBMISSIONS_LIMIT == 2 for i in range(5): r = client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'ana', 'submission': '__%s__' % i} ) form = Form.query.first() assert form.counter == 5 assert form.get_monthly_counter() == 5 assert 'ana' in msend.call_args[1]['text'] assert '__4__' in msend.call_args[1]['text'] assert 'past the limit' not in msend.call_args[1]['text'] # try (and fail) to submit from a different host r = client.post('/' + form_endpoint, headers={'Referer': 'bad.com'}, data={'name': 'usurper'} ) assert r.status_code == 403 # no more data is sent to sendgrid assert 'ana' in msend.call_args[1]['text'] assert '__4__' in msend.call_args[1]['text']
def test_form_creation(client, msend): # register user r = client.post('/register', data={'email': '*****@*****.**', 'password': '******'} ) assert r.status_code == 302 assert 1 == User.query.count() # fail to create form r = client.post( "/api-int/forms", headers={"Content-type": "application/json", "Referer": settings.SERVICE_URL}, data={"email": "*****@*****.**"}, ) assert r.status_code == 402 assert 'error' in json.loads(r.data.decode('utf-8')) assert 0 == Form.query.count() # upgrade user manually user = User.query.filter_by(email='*****@*****.**').first() user.plan = Plan.gold DB.session.add(user) DB.session.commit() # successfully create form r = client.post( "/api-int/forms", headers={ "Accept": "application/json", "Content-type": "application/json", "Referer": settings.SERVICE_URL, }, data=json.dumps({"email": "*****@*****.**"}), ) resp = json.loads(r.data.decode('utf-8')) assert r.status_code == 200 assert 'submission_url' in resp assert 'hashid' in resp form_endpoint = resp['hashid'] assert resp['hashid'] in resp['submission_url'] assert 1 == Form.query.count() assert Form.query.first().id == Form.get_with_hashid(resp['hashid']).id # post to form r = client.post('/' + form_endpoint, headers={'Referer': 'http://testsite.com'}, data={'name': 'bruce'} ) assert 'sent an email confirmation' in r.data.decode('utf-8') assert 'confirm your email' in msend.call_args[1]['text'] assert 1 == Form.query.count() # confirm form form = Form.query.first() client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid)) assert Form.query.first().confirmed # Make sure that it marks the first form as AJAX assert Form.query.first().uses_ajax # send 5 forms (monthly limits should not apply to the gold user) assert settings.MONTHLY_SUBMISSIONS_LIMIT == 2 for i in range(5): r = client.post( "/" + form_endpoint, headers={"Referer": "testsite.com"}, data={"name": "ana", "submission": "__%s__" % i}, ) form = Form.query.first() assert form.counter == 5 assert form.get_monthly_counter() == 5 assert 'ana' in msend.call_args[1]['text'] assert '__4__' in msend.call_args[1]['text'] assert 'past the limit' not in msend.call_args[1]['text'] # try (and fail) to submit from a different host r = client.post( "/" + form_endpoint, headers={"Referer": "bad.com"}, data={"name": "usurper"} ) assert r.status_code == 403 assert "ana" in msend.call_args[1]["text"] # no more data is sent to sendgrid assert "__4__" in msend.call_args[1]["text"]
def test_form_toggle(client, msend): # create and login a user r = client.post('/register', data={'email': '*****@*****.**', 'password': '******'} ) assert r.status_code == 302 assert 1 == User.query.count() # upgrade user user = User.query.filter_by(email='*****@*****.**').first() user.upgraded = True DB.session.add(user) DB.session.commit() # successfully create form r = client.post('/forms', headers={'Accept': 'application/json', 'Content-type': 'application/json'}, data=json.dumps({'email': '*****@*****.**'}) ) resp = json.loads(r.data.decode('utf-8')) assert r.status_code == 200 assert 'submission_url' in resp assert 'hashid' in resp form_endpoint = resp['hashid'] assert resp['hashid'] in resp['submission_url'] assert 1 == Form.query.count() assert Form.query.first().id == Form.get_with_hashid(resp['hashid']).id # post to form r = client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce'} ) # confirm form form = Form.query.first() client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid)) assert Form.query.first().confirmed assert 0 == Submission.query.count() # disable the form r = client.post('/forms/' + form_endpoint + '/toggle', headers={'Referer': settings.SERVICE_URL}) assert 302 == r.status_code assert r.location.endswith('/dashboard') assert Form.query.first().disabled assert 0 == Form.query.first().counter # logout and attempt to enable the form client.get('/logout') r = client.post('/forms/' + form_endpoint + '/toggle', headers={'Referer': settings.SERVICE_URL}, follow_redirects=True) assert 200 == r.status_code assert Form.query.first().disabled # fail when attempting to post to form r = client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce'} ) assert 403 == r.status_code assert 0 == Form.query.first().counter # log back in and re-enable form r = client.post('/login', data={'email': '*****@*****.**', 'password': '******'} ) r = client.post('/forms/' + form_endpoint + '/toggle', headers={'Referer': settings.SERVICE_URL}, follow_redirects=True) assert 200 == r.status_code assert not Form.query.first().disabled # successfully post to form r = client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce'} ) assert 1 == Form.query.first().counter
def test_form_toggle(client, msend): # create and login a user r = client.post('/register', data={ 'email': '*****@*****.**', 'password': '******' }) assert r.status_code == 302 assert 1 == User.query.count() # upgrade user user = User.query.filter_by(email='*****@*****.**').first() user.upgraded = True DB.session.add(user) DB.session.commit() # successfully create form r = client.post( "/api-int/forms", headers={ "Referer": settings.SERVICE_URL, "Content-type": "application/json" }, data=json.dumps({"email": "*****@*****.**"}), ) resp = json.loads(r.data.decode('utf-8')) assert r.status_code == 200 assert 'submission_url' in resp assert 'hashid' in resp form_endpoint = resp['hashid'] assert resp['hashid'] in resp['submission_url'] assert 1 == Form.query.count() assert Form.query.first().id == Form.get_with_hashid(resp['hashid']).id # post to form r = client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce'}) # confirm form form = Form.query.first() client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid)) assert Form.query.first().confirmed assert 0 == Submission.query.count() # disable the form r = client.patch( "/api-int/forms/" + form_endpoint, headers={ "Referer": settings.SERVICE_URL, "Content-Type": "application/json" }, data=json.dumps({"disabled": True}), ) assert 200 == r.status_code assert r.json["ok"] assert Form.query.first().disabled assert 0 == Form.query.first().counter # logout and attempt to enable the form client.get("/logout") r = client.patch( "/api-int/forms/" + form_endpoint, headers={ "Content-Type": "application/json", "Referer": settings.SERVICE_URL }, data=json.dumps({"disabled": True}), ) assert 401 == r.status_code assert "error" in json.loads(r.data.decode("utf-8")) assert Form.query.first().disabled # fail when attempting to post to form r = client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce'}) assert 403 == r.status_code assert 0 == Form.query.first().counter # log back in and re-enable form r = client.post("/login", data={ "email": "*****@*****.**", "password": "******" }) r = client.patch( "/api-int/forms/" + form_endpoint, headers={ "Referer": settings.SERVICE_URL, "Content-Type": "application/json" }, data=json.dumps({"disabled": False}), ) assert 200 == r.status_code assert not Form.query.first().disabled # successfully post to form r = client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce'}) assert 1 == Form.query.first().counter
def test_form_and_submission_deletion(client, msend): # create and login a user r = client.post('/register', data={'email': '*****@*****.**', 'password': '******'} ) assert r.status_code == 302 assert 1 == User.query.count() # upgrade user user = User.query.filter_by(email='*****@*****.**').first() user.upgraded = True DB.session.add(user) DB.session.commit() # successfully create form r = client.post('/forms', headers={'Accept': 'application/json', 'Content-type': 'application/json'}, data=json.dumps({'email': '*****@*****.**'}) ) resp = json.loads(r.data.decode('utf-8')) assert r.status_code == 200 assert 'submission_url' in resp assert 'hashid' in resp form_endpoint = resp['hashid'] assert resp['hashid'] in resp['submission_url'] assert 1 == Form.query.count() assert Form.query.first().id == Form.get_with_hashid(resp['hashid']).id # post to form r = client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce'} ) # confirm form form = Form.query.first() client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid)) assert Form.query.first().confirmed assert 0 == Submission.query.count() # increase the submission limit old_submission_limit = settings.ARCHIVED_SUBMISSIONS_LIMIT settings.ARCHIVED_SUBMISSIONS_LIMIT = 10 # make 5 submissions for i in range(5): r = client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'ana', 'submission': '__%s__' % i} ) assert 5 == Submission.query.count() # delete a submission in form first_submission = Submission.query.first() r = client.post('/forms/' + form_endpoint + '/delete/' + str(first_submission.id), headers={'Referer': settings.SERVICE_URL}, follow_redirects=True) assert 200 == r.status_code assert 4 == Submission.query.count() assert DB.session.query(Submission.id).filter_by(id='0').scalar() is None # make sure you've deleted the submission # logout user client.get('/logout') # attempt to delete form you don't have access to (while logged out) r = client.post('/forms/' + form_endpoint + '/delete', headers={'Referer': settings.SERVICE_URL}) assert 302 == r.status_code assert 1 == Form.query.count() # create different user r = client.post('/register', data={'email': '*****@*****.**', 'password': '******'} ) # attempt to delete form we don't have access to r = client.post('/forms/' + form_endpoint + '/delete', headers={'Referer': settings.SERVICE_URL}) assert 400 == r.status_code assert 1 == Form.query.count() client.get('/logout') #log back in to original account r = client.post('/login', data={'email': '*****@*****.**', 'password': '******'} ) # delete the form created r = client.post('/forms/' + form_endpoint + '/delete', headers={'Referer': settings.SERVICE_URL}, follow_redirects=True) assert 200 == r.status_code assert 0 == Form.query.count() # reset submission limit settings.ARCHIVED_SUBMISSIONS_LIMIT = old_submission_limit
def test_upgraded_user_access(self): httpretty.register_uri(httpretty.POST, 'https://api.sendgrid.com/api/mail.send.json') # register user r = self.client.post('/register', data={ 'email': '*****@*****.**', 'password': '******' }) # upgrade user manually user = User.query.filter_by(email='*****@*****.**').first() user.upgraded = True DB.session.add(user) DB.session.commit() # create form r = self.client.post('/forms', headers={ 'Accept': 'application/json', 'Content-type': 'application/json' }, data=json.dumps({'email': '*****@*****.**'})) resp = json.loads(r.data) form_endpoint = resp['hashid'] # manually confirm the form form = Form.get_with_hashid(form_endpoint) form.confirmed = True DB.session.add(form) DB.session.commit() # submit form r = self.client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={ 'name': 'bruce', 'message': 'hi, my name is bruce!' }) # test submissions endpoint (/forms/<hashid>/) r = self.client.get('/forms/' + form_endpoint + '/', headers={'Accept': 'application/json'}) submissions = json.loads(r.data)['submissions'] self.assertEqual(len(submissions), 1) self.assertEqual(submissions[0]['name'], 'bruce') self.assertEqual(submissions[0]['message'], 'hi, my name is bruce!') # test exporting feature (both json and csv file downloads) r = self.client.get('/forms/' + form_endpoint + '.json') submissions = json.loads(r.data)['submissions'] self.assertEqual(len(submissions), 1) self.assertEqual(submissions[0]['name'], 'bruce') self.assertEqual(submissions[0]['message'], 'hi, my name is bruce!') r = self.client.get('/forms/' + form_endpoint + '.csv') lines = r.data.splitlines() self.assertEqual(len(lines), 2) self.assertEqual(lines[0], 'date,message,name') self.assertIn('"hi, my name is bruce!"', lines[1]) # test submissions endpoint with the user downgraded user.upgraded = False DB.session.add(user) DB.session.commit() r = self.client.get('/forms/' + form_endpoint + '/') self.assertEqual(r.status_code, 402) # it should fail # test submissions endpoint without a logged user self.client.get('/logout') r = self.client.get('/forms/' + form_endpoint + '/') self.assertEqual( r.status_code, 302) # it should return a redirect (via @user_required)
def test_upgraded_user_access(self): httpretty.register_uri(httpretty.POST, 'https://api.sendgrid.com/api/mail.send.json') # register user r = self.client.post('/register', data={'email': '*****@*****.**', 'password': '******'} ) # upgrade user manually user = User.query.filter_by(email='*****@*****.**').first() user.upgraded = True DB.session.add(user) DB.session.commit() # create form r = self.client.post('/forms', headers={'Accept': 'application/json', 'Content-type': 'application/json'}, data=json.dumps({'email': '*****@*****.**'}) ) resp = json.loads(r.data) form_endpoint = resp['hashid'] # manually confirm the form form = Form.get_with_hashid(form_endpoint) form.confirmed = True DB.session.add(form) DB.session.commit() # submit form r = self.client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce', 'message': 'hi, my name is bruce!'} ) # test submissions endpoint (/forms/<hashid>/) r = self.client.get('/forms/' + form_endpoint + '/', headers={'Accept': 'application/json'} ) submissions = json.loads(r.data)['submissions'] self.assertEqual(len(submissions), 1) self.assertEqual(submissions[0]['name'], 'bruce') self.assertEqual(submissions[0]['message'], 'hi, my name is bruce!') # test exporting feature (both json and csv file downloads) r = self.client.get('/forms/' + form_endpoint + '.json') submissions = json.loads(r.data)['submissions'] self.assertEqual(len(submissions), 1) self.assertEqual(submissions[0]['name'], 'bruce') self.assertEqual(submissions[0]['message'], 'hi, my name is bruce!') r = self.client.get('/forms/' + form_endpoint + '.csv') lines = r.data.splitlines() self.assertEqual(len(lines), 2) self.assertEqual(lines[0], 'date,message,name') self.assertIn('"hi, my name is bruce!"', lines[1]) # test submissions endpoint with the user downgraded user.upgraded = False DB.session.add(user) DB.session.commit() r = self.client.get('/forms/' + form_endpoint + '/') self.assertEqual(r.status_code, 402) # it should fail # test submissions endpoint without a logged user self.client.get('/logout') r = self.client.get('/forms/' + form_endpoint + '/') self.assertEqual(r.status_code, 302) # it should return a redirect (via @user_required)
def test_form_creation(self): httpretty.register_uri(httpretty.POST, 'https://api.sendgrid.com/api/mail.send.json') # register user r = self.client.post('/register', data={'email': '*****@*****.**', 'password': '******'} ) self.assertEqual(r.status_code, 302) self.assertEqual(1, User.query.count()) # fail to create form r = self.client.post('/forms', headers={'Content-type': 'application/json'}, data={'email': '*****@*****.**'} ) self.assertEqual(r.status_code, 402) self.assertIn('error', json.loads(r.data)) self.assertEqual(0, Form.query.count()) # upgrade user manually user = User.query.filter_by(email='*****@*****.**').first() user.upgraded = True DB.session.add(user) DB.session.commit() # successfully create form r = self.client.post('/forms', headers={'Accept': 'application/json', 'Content-type': 'application/json'}, data=json.dumps({'email': '*****@*****.**'}) ) resp = json.loads(r.data) self.assertEqual(r.status_code, 200) self.assertIn('submission_url', resp) self.assertIn('hashid', resp) form_endpoint = resp['hashid'] self.assertIn(resp['hashid'], resp['submission_url']) self.assertEqual(1, Form.query.count()) self.assertEqual(Form.query.first().id, Form.get_with_hashid(resp['hashid']).id) # post to form r = self.client.post('/' + form_endpoint, headers={'Referer': 'http://formspree.io'}, data={'name': 'bruce'} ) self.assertIn("sent an email confirmation", r.data) self.assertIn('confirm+your+email', httpretty.last_request().body) self.assertEqual(1, Form.query.count()) # confirm form form = Form.query.first() self.client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.hashid)) self.assertTrue(Form.query.first().confirmed) # send 5 forms (monthly limits should not apply to the upgraded user) self.assertEqual(settings.MONTHLY_SUBMISSIONS_LIMIT, 2) for i in range(5): r = self.client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'ana', 'submission': '__%s__' % i} ) form = Form.query.first() self.assertEqual(form.counter, 5) self.assertEqual(form.get_monthly_counter(), 5) self.assertIn('ana', httpretty.last_request().body) self.assertIn('__4__', httpretty.last_request().body) self.assertNotIn('You+are+past+our+limit', httpretty.last_request().body) # try (and fail) to submit from a different host r = self.client.post('/' + form_endpoint, headers={'Referer': 'bad.com'}, data={'name': 'usurper'} ) self.assertEqual(r.status_code, 403) self.assertIn('ana', httpretty.last_request().body) # no more data is sent to sendgrid self.assertIn('__4__', httpretty.last_request().body)
def test_gold_user_access(client, msend): # register user r = client.post('/register', data={'email': '*****@*****.**', 'password': '******'} ) # upgrade user manually user = User.query.filter_by(email='*****@*****.**').first() user.plan = Plan.gold DB.session.add(user) DB.session.commit() # create form r = client.post( "/api-int/forms", headers={ "Accept": "application/json", "Content-type": "application/json", "Referer": settings.SERVICE_URL, }, data=json.dumps({"email": "*****@*****.**"}), ) resp = json.loads(r.data.decode('utf-8')) form_endpoint = resp['hashid'] # manually confirm the form form = Form.get_with_hashid(form_endpoint) form.confirmed = True DB.session.add(form) DB.session.commit() # submit form r = client.post('/' + form_endpoint, headers={'Referer': 'formspree.io'}, data={'name': 'bruce', 'message': 'hi, my name is bruce!'} ) # test submissions endpoint (/forms/<hashid>/) r = client.get( "/api-int/forms/" + form_endpoint, headers={"Accept": "application/json", "Referer": settings.SERVICE_URL}, ) submissions = json.loads(r.data.decode('utf-8'))['submissions'] assert len(submissions) == 1 assert submissions[0]['name'] == 'bruce' assert submissions[0]['message'] == 'hi, my name is bruce!' # test exporting feature (both json and csv file downloads) r = client.get('/forms/' + form_endpoint + '.json') submissions = json.loads(r.data.decode('utf-8'))['submissions'] assert len(submissions) == 1 assert submissions[0]['name'] == 'bruce' assert submissions[0]['message'] == 'hi, my name is bruce!' r = client.get('/forms/' + form_endpoint + '.csv') lines = r.data.decode('utf-8').splitlines() assert len(lines) == 2 assert lines[0] == "id,date,message,name" assert '"hi in my name is bruce!"', lines[1] # test submissions endpoint with the user downgraded user.plan = Plan.free DB.session.add(user) DB.session.commit() r = client.get("/api-int/forms/" + form_endpoint) assert r.status_code == 402 # it should fail # test submissions endpoint without a logged user client.get("/logout") r = client.get("/api-int/forms/" + form_endpoint) assert r.status_code == 401 # should return a json error (via flask login) assert "error" in r.json