Exemplo n.º 1
0
    def test_blogposts_get_all(self):
        """Test blogpost GET all blogposts"""
        user = self.create_users()[1]
        project = ProjectFactory.create(owner=user)
        blogpost_1 = BlogpostFactory.create(owner=user, project=project,
                                            title='titleone', published=True)
        blogpost_2 = BlogpostFactory.create(owner=user, project=project,
                                            title='titletwo',
                                            published=True)

        blogpost_3 = BlogpostFactory.create(owner=user, project=project,
                                            title='titlethree',
                                            published=False)


        url = "/project/%s/blog" % project.short_name

        # As anonymous
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 200, res.status_code
        assert 'titleone' in res.data
        assert 'titletwo' in res.data

        # As authenticated
        self.register()
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 200, res.status_code
        assert 'titleone' in res.data
        assert 'titletwo' in res.data
        assert 'titlethree' not in res.data
Exemplo n.º 2
0
    def test_delete_blogpost(self, mock_delete):
        """Test API Blogpost delete post (DEL)."""
        mock_delete.return_value = True
        admin = UserFactory.create()
        owner = UserFactory.create()
        user = UserFactory.create()
        project = ProjectFactory.create(owner=owner)
        blogpost = BlogpostFactory.create(project=project)
        blogpost2 = BlogpostFactory.create(project=project)

        # As anon
        url = '/api/blogpost/%s' % blogpost.id
        res = self.app.delete(url)
        data = json.loads(res.data)
        assert res.status_code == 401, res.status_code

        # As user
        url = '/api/blogpost/%s?api_key=%s' % (blogpost.id, user.api_key)
        res = self.app.delete(url)
        assert res.status_code == 403, res.status_code

        # As owner
        url = '/api/blogpost/%s?api_key=%s' % (blogpost.id, owner.api_key)
        res = self.app.delete(url)
        assert res.status_code == 204, res.status_code
        assert mock_delete.called_with(blogpost.info['file_name'],
                                       blogpost.info['container'])

        # As admin
        url = '/api/blogpost/%s?api_key=%s' % (blogpost2.id, admin.api_key)
        res = self.app.delete(url)
        assert res.status_code == 204, res.status_code
Exemplo n.º 3
0
    def test_blogposts_get_all(self, redirect):
        """Test blogpost GET all blogposts"""
        redirect.return_value = False
        user = self.create_users()[1]
        project = ProjectFactory.create(owner=user)
        blogpost_1 = BlogpostFactory.create(owner=user, project=project,
                                            title='titleone', published=True)
        blogpost_2 = BlogpostFactory.create(owner=user, project=project,
                                            title='titletwo',
                                            published=True)

        blogpost_3 = BlogpostFactory.create(owner=user, project=project,
                                            title='titlethree',
                                            published=False)

        self.set_proj_passwd_cookie(project)
        url = "/project/%s/blog" % project.short_name

        # As anonymous
        res = self.app.get(url, follow_redirects=True)
        print res.data
        assert res.status_code == 200, res.status_code
        assert 'titleone' in res.data
        assert 'titletwo' in res.data

        # As authenticated
        self.register()
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 200, res.status_code
        assert 'titleone' in res.data
        assert 'titletwo' in res.data
        assert 'titlethree' not in res.data
    def test_delete_blogpost(self, mock_delete):
        """Test API Blogpost delete post (DEL)."""
        mock_delete.return_value = True
        admin = UserFactory.create()
        owner = UserFactory.create()
        user = UserFactory.create()
        project = ProjectFactory.create(owner=owner)
        blogpost = BlogpostFactory.create(project=project)
        blogpost2 = BlogpostFactory.create(project=project)

        # As anon
        url = '/api/blogpost/%s' % blogpost.id
        res = self.app.delete(url)
        data = json.loads(res.data)
        assert res.status_code == 401, res.status_code

        # As user
        url = '/api/blogpost/%s?api_key=%s' % (blogpost.id, user.api_key)
        res = self.app.delete(url)
        assert res.status_code == 403, res.status_code

        # As owner
        url = '/api/blogpost/%s?api_key=%s' % (blogpost.id, owner.api_key)
        res = self.app.delete(url)
        assert res.status_code == 204, res.status_code
        assert mock_delete.called_with(blogpost.info['file_name'],
                                       blogpost.info['container'])

        # As admin
        url = '/api/blogpost/%s?api_key=%s' % (blogpost2.id, admin.api_key)
        res = self.app.delete(url)
        assert res.status_code == 204, res.status_code
Exemplo n.º 5
0
    def test_delete_blogpost(self):
        """Test API Blogpost delete post (DEL)."""
        admin = UserFactory.create()
        owner = UserFactory.create()
        user = UserFactory.create()
        project = ProjectFactory.create(owner=owner)
        blogpost = BlogpostFactory.create(project=project)
        blogpost2 = BlogpostFactory.create(project=project)

        # As anon
        url = '/api/blogpost/%s' % blogpost.id
        res = self.app.delete(url)
        data = json.loads(res.data)
        assert res.status_code == 401, res.status_code

        # As user
        url = '/api/blogpost/%s?api_key=%s' % (blogpost.id, user.api_key)
        res = self.app.delete(url)
        assert res.status_code == 403, res.status_code

        # As owner
        url = '/api/blogpost/%s?api_key=%s' % (blogpost.id, owner.api_key)
        res = self.app.delete(url)
        assert res.status_code == 204, res.status_code

        # As admin
        url = '/api/blogpost/%s?api_key=%s' % (blogpost2.id, admin.api_key)
        res = self.app.delete(url)
        assert res.status_code == 204, res.status_code
Exemplo n.º 6
0
    def test_blogposts_get_all(self):
        """Test blogpost GET all blogposts"""
        user = self.create_users()[1]
        project = ProjectFactory.create(owner=user)
        blogpost_1 = BlogpostFactory.create(owner=user,
                                            project=project,
                                            title='titleone')
        blogpost_2 = BlogpostFactory.create(owner=user,
                                            project=project,
                                            title='titletwo')

        url = "/project/%s/blog" % project.short_name

        # As anonymous
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 200, res.status_code
        assert 'titleone' in res.data
        assert 'titletwo' in res.data

        # As authenticated
        self.register()
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 200, res.status_code
        assert 'titleone' in res.data
        assert 'titletwo' in res.data
    def test_get_by_returns_none_if_no_blogpost(self):
        """Test get_by returns None if no blogpost matches the query"""

        BlogpostFactory.create(title='My blog', body='myblogpost')

        blogpost = self.blog_repo.get_by(title='notitle')

        assert blogpost is None, blogpost
Exemplo n.º 8
0
    def test_get_by_returns_none_if_no_blogpost(self):
        """Test get_by returns None if no blogpost matches the query"""

        BlogpostFactory.create(title='My blog', body='myblogpost')

        blogpost = self.blog_repo.get_by(title='notitle')

        assert blogpost is None, blogpost
    def test_filter_by_no_matches(self):
        """Test filter_by returns an empty list if no blogposts match the query"""

        BlogpostFactory.create(title='My blog', body='myblogpost')

        retrieved_blogposts = self.blog_repo.filter_by(title='no title')

        assert isinstance(retrieved_blogposts, list)
        assert len(retrieved_blogposts) == 0, retrieved_blogposts
Exemplo n.º 10
0
    def test_json_blogposts_get_all(self, redirect):
        """Test JSON blogpost GET all blogposts"""
        redirect.return_value = False
        user = self.create_users()[1]
        project = ProjectFactory.create(owner=user)
        blogpost_1 = BlogpostFactory.create(owner=user, project=project,
                                            title='titleone', published=True)
        blogpost_2 = BlogpostFactory.create(owner=user, project=project,
                                            title='titletwo', published=True)
        blogpost_3 = BlogpostFactory.create(owner=user, project=project,
                                            title='titlethree', published=False)

        url = "/project/%s/blog" % project.short_name

        # As anonymous
        self.set_proj_passwd_cookie(project)
        res = self.app_get_json(url)
        assert res.status_code == 200, res.status_code
        data = json.loads(res.data)
        assert 'api_key' not in data['owner'].keys()
        assert 'email_addr' not in data['owner'].keys()
        assert 'google_user_id' not in data['owner'].keys()
        assert 'facebook_user_id' not in data['owner'].keys()
        assert 'twitter_user_id' not in data['owner'].keys()
        assert len(data['blogposts']) == 2
        for blogpost in data['blogposts']:
            assert blogpost['title'] in ['titleone', 'titletwo']

        # As authenticated
        self.register()
        res = self.app_get_json(url, follow_redirects=True)
        assert res.status_code == 200, res.status_code
        data = json.loads(res.data)
        assert 'api_key' not in data['owner'].keys()
        assert 'email_addr' not in data['owner'].keys()
        assert 'google_user_id' not in data['owner'].keys()
        assert 'facebook_user_id' not in data['owner'].keys()
        assert 'twitter_user_id' not in data['owner'].keys()
        assert len(data['blogposts']) == 2
        for blogpost in data['blogposts']:
            assert blogpost['title'] in ['titleone', 'titletwo']
        self.signout()

        # As owner
        self.signin(email=user.email_addr, password=self.password)
        res = self.app_get_json(url, follow_redirects=True)
        assert res.status_code == 200, res.status_code
        data = json.loads(res.data)
        assert 'api_key' in data['owner'].keys()
        assert 'email_addr' in data['owner'].keys()
        assert 'google_user_id' in data['owner'].keys()
        assert 'facebook_user_id' in data['owner'].keys()
        assert 'twitter_user_id' in data['owner'].keys()
        assert len(data['blogposts']) == 3
        for blogpost in data['blogposts']:
            assert blogpost['title'] in ['titleone', 'titletwo', 'titlethree']
        self.signout()
Exemplo n.º 11
0
    def test_filter_by_no_matches(self):
        """Test filter_by returns an empty list if no blogposts match the query"""

        BlogpostFactory.create(title='My blog', body='myblogpost')

        retrieved_blogposts = self.blog_repo.filter_by(title='no title')

        assert isinstance(retrieved_blogposts, list)
        assert len(retrieved_blogposts) == 0, retrieved_blogposts
Exemplo n.º 12
0
    def test_json_blogposts_get_all(self):
        """Test JSON blogpost GET all blogposts"""
        user = self.create_users()[1]
        project = ProjectFactory.create(owner=user)
        blogpost_1 = BlogpostFactory.create(owner=user, project=project,
                                            title='titleone', published=True)
        blogpost_2 = BlogpostFactory.create(owner=user, project=project,
                                            title='titletwo', published=True)
        blogpost_3 = BlogpostFactory.create(owner=user, project=project,
                                            title='titlethree', published=False)

        url = "/project/%s/blog" % project.short_name

        # As anonymous
        res = self.app_get_json(url)
        assert res.status_code == 200, res.status_code
        data = json.loads(res.data)
        assert 'api_key' not in data['owner'].keys()
        assert 'email_addr' not in data['owner'].keys()
        assert 'google_user_id' not in data['owner'].keys()
        assert 'facebook_user_id' not in data['owner'].keys()
        assert 'twitter_user_id' not in data['owner'].keys()
        assert len(data['blogposts']) == 2
        for blogpost in data['blogposts']:
            assert blogpost['title'] in ['titleone', 'titletwo']

        # As authenticated
        self.register()
        res = self.app_get_json(url, follow_redirects=True)
        assert res.status_code == 200, res.status_code
        data = json.loads(res.data)
        assert 'api_key' not in data['owner'].keys()
        assert 'email_addr' not in data['owner'].keys()
        assert 'google_user_id' not in data['owner'].keys()
        assert 'facebook_user_id' not in data['owner'].keys()
        assert 'twitter_user_id' not in data['owner'].keys()
        assert len(data['blogposts']) == 2
        for blogpost in data['blogposts']:
            assert blogpost['title'] in ['titleone', 'titletwo']
        self.signout()

        # As owner 
        self.signin(email=user.email_addr, password=self.password)
        res = self.app_get_json(url, follow_redirects=True)
        assert res.status_code == 200, res.status_code
        data = json.loads(res.data)
        assert 'api_key' in data['owner'].keys()
        assert 'email_addr' in data['owner'].keys()
        assert 'google_user_id' in data['owner'].keys()
        assert 'facebook_user_id' in data['owner'].keys()
        assert 'twitter_user_id' in data['owner'].keys()
        assert len(data['blogposts']) == 3
        for blogpost in data['blogposts']:
            assert blogpost['title'] in ['titleone', 'titletwo', 'titlethree']
        self.signout()
    def test_filter_by_one_condition(self):
        """Test filter_by returns a list of blogposts that meet the filtering
        condition"""

        BlogpostFactory.create_batch(3, title='my blogpost')
        should_be_missing = BlogpostFactory.create(title='another blogpost')

        retrieved_blogposts = self.blog_repo.filter_by(title='my blogpost')

        assert len(retrieved_blogposts) == 3, retrieved_blogposts
        assert should_be_missing not in retrieved_blogposts, retrieved_blogposts
    def test_filter_by_multiple_conditions(self):
        """Test filter_by supports multiple-condition queries"""

        BlogpostFactory.create(title='my blogpost', body='body')
        blogpost = BlogpostFactory.create(title='my blogpost', body='other body')

        retrieved_blogposts = self.blog_repo.filter_by(title='my blogpost',
                                                       body='other body')

        assert len(retrieved_blogposts) == 1, retrieved_blogposts
        assert blogpost in retrieved_blogposts, retrieved_blogposts
Exemplo n.º 15
0
    def test_filter_by_multiple_conditions(self):
        """Test filter_by supports multiple-condition queries"""

        BlogpostFactory.create(title='my blogpost', body='body')
        blogpost = BlogpostFactory.create(title='my blogpost', body='other body')

        retrieved_blogposts = self.blog_repo.filter_by(title='my blogpost',
                                                       body='other body')

        assert len(retrieved_blogposts) == 1, retrieved_blogposts
        assert blogpost in retrieved_blogposts, retrieved_blogposts
Exemplo n.º 16
0
    def test_filter_by_one_condition(self):
        """Test filter_by returns a list of blogposts that meet the filtering
        condition"""

        BlogpostFactory.create_batch(3, title='my blogpost')
        should_be_missing = BlogpostFactory.create(title='another blogpost')

        retrieved_blogposts = self.blog_repo.filter_by(title='my blogpost')

        assert len(retrieved_blogposts) == 3, retrieved_blogposts
        assert should_be_missing not in retrieved_blogposts, retrieved_blogposts
Exemplo n.º 17
0
    def test_filter_by_limit_offset(self):
        """Test that filter_by supports limit and offset options"""

        BlogpostFactory.create_batch(4)
        all_blogposts = self.blog_repo.filter_by()

        first_two = self.blog_repo.filter_by(limit=2)
        last_two = self.blog_repo.filter_by(limit=2, offset=2)

        assert len(first_two) == 2, first_two
        assert len(last_two) == 2, last_two
        assert first_two == all_blogposts[:2]
        assert last_two == all_blogposts[2:]
    def test_filter_by_limit_offset(self):
        """Test that filter_by supports limit and offset options"""

        BlogpostFactory.create_batch(4)
        all_blogposts = self.blog_repo.filter_by()

        first_two = self.blog_repo.filter_by(limit=2)
        last_two = self.blog_repo.filter_by(limit=2, offset=2)

        assert len(first_two) == 2, first_two
        assert len(last_two) == 2, last_two
        assert first_two == all_blogposts[:2]
        assert last_two == all_blogposts[2:]
Exemplo n.º 19
0
    def test_anonymous_user_read_given_blogpost_hidden_project(self):
        """Test anonymous users cannot read a given blogpost of a hidden project"""

        project = ProjectFactory.create(hidden=1)
        blogpost = BlogpostFactory.create(project=project)

        assert_raises(Unauthorized, ensure_authorized_to, 'read', blogpost)
Exemplo n.º 20
0
    def test_blogpost_get_one_with_hidden_app(self):
        """Test blogpost GET a given post id with hidden project does not show the post"""
        self.register()
        admin = user_repo.get(1)
        self.signout()
        self.register(name='user', email='*****@*****.**')
        user = user_repo.get(2)
        app = AppFactory.create(owner=user, hidden=1)
        blogpost = BlogpostFactory.create(app=app, title='title')
        url = "/app/%s/%s" % (app.short_name, blogpost.id)

        # As app owner
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 200, res.status_code
        assert 'title' in res.data

        # As authenticated
        self.signout()
        self.register(name='notowner', email='*****@*****.**')
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 403, res.status_code

        # As anonymous
        self.signout()
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 401, res.status_code

        # As admin
        self.signin()
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 200, res.status_code
        assert 'title' in res.data
Exemplo n.º 21
0
    def test_anonymous_user_read_given_blogpost(self):
        """Test anonymous users can read a given blogpost"""

        project = ProjectFactory.create(published=True)
        blogpost = BlogpostFactory.create(project=project)

        assert_not_raises(Exception, ensure_authorized_to, 'read', blogpost)
Exemplo n.º 22
0
    def test_blogpost_update_by_non_owner(self):
        """Test blogpost update by non owner of the project is forbidden"""
        self.register()
        user = user_repo.get(1)
        project = ProjectFactory.create(owner=user)
        blogpost = BlogpostFactory.create(project=project,
                                          title='title',
                                          body='body')
        url = "/project/%s/new-blogpost" % project.short_name
        self.signout()
        self.register(name='notowner', email='*****@*****.**')
        url = "/project/%s/%s/update" % (project.short_name, blogpost.id)

        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 403, res.status_code

        res = self.app.post(url,
                            data={
                                'title': 'new title',
                                'body': 'body'
                            },
                            follow_redirects=True)
        assert res.status_code == 403, res.status_code

        blogpost = blog_repo.get_by()
        assert blogpost.title == 'title', blogpost.title
    def test_endpoints_with_password_protection(self):
        """Test all the endpoints for "reading" a project use password protection """
        endpoints_requiring_password = (
            '/', '/tutorial', '/1/results.json',
            '/tasks/', '/tasks/browse',
            '/stats', '/blog', '/1', '/task/1')
        project = ProjectFactory.create()
        TaskFactory.create(project=project)
        BlogpostFactory.create(project=project, published=True)
        project.set_password('mysecret')
        project_repo.update(project)

        for endpoint in endpoints_requiring_password:
            res = self.app.get('/project/%s%s' % (project.short_name, endpoint),
                               follow_redirects=True)
            assert 'Enter the password to contribute' in res.data, endpoint
Exemplo n.º 24
0
    def test_anonymous_user_delete_blogpost(self):
        """Test anonymous users cannot delete blogposts"""

        with self.flask_app.test_request_context('/'):
            blogpost = BlogpostFactory.create()

            assert_raises(Unauthorized, getattr(require, 'blogpost').delete, blogpost)
Exemplo n.º 25
0
    def test_anonymous_user_create_given_blogpost(self):
        """Test anonymous users cannot create a given blogpost"""

        project = ProjectFactory.create()
        blogpost = BlogpostFactory.build(project=project, owner=None)

        assert_raises(Unauthorized, ensure_authorized_to, 'create', blogpost)
Exemplo n.º 26
0
    def test_anonymous_user_read_given_blogpost_hidden_app(self):
        """Test anonymous users cannot read a given blogpost of a hidden project"""

        app = AppFactory.create(hidden=1)
        blogpost = BlogpostFactory.create(app=app)

        assert_raises(Unauthorized, getattr(require, 'blogpost').read, blogpost)
Exemplo n.º 27
0
    def test_blogpost_get_one_draft(self):
        """Test blogpost GET draft with id shows one blogpost"""
        user = self.create_users()[1]
        project = ProjectFactory.create(owner=user)
        blogpost = BlogpostFactory.create(project=project,
                                          title='title',
                                          published=False)
        url = "/project/%s/%s" % (project.short_name, blogpost.id)

        # As anonymous
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 401, res.status_code

        # As authenticated
        self.register()
        self.signin()
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 404, res.status_code

        # As owner
        url = "/project/%s/%s?api_key=%s" % (project.short_name, blogpost.id,
                                             user.api_key)
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 200, res.status_code
        assert 'title' in res.data
Exemplo n.º 28
0
    def test_blogpost_get_one_with_hidden_app(self):
        """Test blogpost GET a given post id with hidden project does not show the post"""
        self.register()
        admin = user_repo.get(1)
        self.signout()
        self.register(name='user', email='*****@*****.**')
        user = user_repo.get(2)
        app = AppFactory.create(owner=user, hidden=1)
        blogpost = BlogpostFactory.create(app=app, title='title')
        url = "/app/%s/%s" % (app.short_name, blogpost.id)

        # As app owner
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 200, res.status_code
        assert 'title' in res.data

        # As authenticated
        self.signout()
        self.register(name='notowner', email='*****@*****.**')
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 403, res.status_code

        # As anonymous
        self.signout()
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 401, res.status_code

        # As admin
        self.signin()
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 200, res.status_code
        assert 'title' in res.data
Exemplo n.º 29
0
    def test_blogpost_update_errors(self):
        """Test blogposts update for non existing apps raises errors"""
        self.register()
        user = db.session.query(User).get(1)
        app1 = AppFactory.create(owner=user)
        app2 = AppFactory.create(owner=user)
        blogpost = BlogpostFactory.create(owner=user, app=app1, body='body')

        # To a non-existing app
        url = "/app/non-existing-app/%s/update" % blogpost.id
        res = self.app.post(url, data={'title':'new title', 'body':'body'},
                            follow_redirects=True)
        assert res.status_code == 404, res.status_code

        # To a non-existing post
        url = "/app/%s/999999/update" % app1.short_name
        res = self.app.post(url, data={'title':'new title', 'body':'body'},
                            follow_redirects=True)
        assert res.status_code == 404, res.status_code

        # To an existing post but with a project in the URL it does not belong to
        url = "/app/%s/%s/update" % (app2.short_name, blogpost.id)
        res = self.app.post(url, data={'title':'new title', 'body':'body'},
                            follow_redirects=True)
        assert res.status_code == 404, res.status_code
Exemplo n.º 30
0
    def test_anonymous_user_create_given_blogpost(self):
        """Test anonymous users cannot create a given blogpost"""

        app = AppFactory.create()
        blogpost = BlogpostFactory.build(app=app, owner=None)

        assert_raises(Unauthorized, getattr(require, 'blogpost').create, blogpost)
Exemplo n.º 31
0
    def test_blogposts_get_all_with_hidden_project(self):
        """Test blogpost GET does not show hidden projects"""
        self.register()
        admin = user_repo.get(1)
        self.signout()
        self.register(name='user', email='*****@*****.**')
        user = user_repo.get(2)
        project = ProjectFactory.create(owner=user, hidden=1)
        blogpost = BlogpostFactory.create(project=project, title='title')

        url = "/project/%s/blog" % project.short_name

        # As project owner
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 200, res.status_code
        assert 'title' in res.data

        # As authenticated
        self.signout()
        self.register(name='notowner', email='*****@*****.**')
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 403, res.status_code

        # As anonymous
        self.signout()
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 401, res.status_code

        # As admin
        self.signin()
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 200, res.status_code
        assert 'title' in res.data
Exemplo n.º 32
0
    def test_anonymous_user_read_given_blogpost_draft_project(self):
        """Test anonymous users cannot read a given blogpost of a draft project"""

        project = ProjectFactory.create(published=False)
        blogpost = BlogpostFactory.create(project=project)

        assert_raises(Unauthorized, ensure_authorized_to, 'read', blogpost)
Exemplo n.º 33
0
    def test_blogposts_get_all_with_hidden_app(self):
        """Test blogpost GET does not show hidden projects"""
        self.register()
        admin = db.session.query(User).get(1)
        self.signout()
        self.register(name='user', email='*****@*****.**')
        user = db.session.query(User).get(2)
        app = AppFactory.create(owner=user, hidden=1)
        blogpost = BlogpostFactory.create(owner=user, app=app, title='title')
        url = "/app/%s/blog" % app.short_name

        # As app owner
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 200, res.status_code
        assert 'title' in res.data

        # As authenticated
        self.signout()
        self.register(name='notowner', email='*****@*****.**')
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 403, res.status_code

        # As anonymous
        self.signout()
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 401, res.status_code

        # As admin
        self.signin()
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 200, res.status_code
        assert 'title' in res.data
Exemplo n.º 34
0
    def test_anonymous_user_delete_blogpost(self):
        """Test anonymous users cannot delete blogposts"""

        blogpost = BlogpostFactory.create()

        assert_raises(Unauthorized,
                      getattr(require, 'blogpost').delete, blogpost)
Exemplo n.º 35
0
    def test_anonymous_user_read_given_blogpost(self):
        """Test anonymous users can read a given blogpost"""

        app = AppFactory.create()
        blogpost = BlogpostFactory.create(app=app)

        assert_not_raises(Exception, getattr(require, 'blogpost').read, blogpost)
    def test_save_fails_if_integrity_error(self):
        """Test save raises a DBIntegrityError if the instance to be saved lacks
        a required value"""

        blogpost = BlogpostFactory.build(title=None)

        assert_raises(DBIntegrityError, self.blog_repo.save, blogpost)
Exemplo n.º 37
0
    def test_blogposts_get_all_with_hidden_app(self):
        """Test blogpost GET does not show hidden projects"""
        self.register()
        admin = db.session.query(User).get(1)
        self.signout()
        self.register(name='user', email='*****@*****.**')
        user = db.session.query(User).get(2)
        app = AppFactory.create(owner=user, hidden=1)
        blogpost = BlogpostFactory.create(owner=user, app=app, title='title')
        url = "/app/%s/blog" % app.short_name

        # As app owner
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 200, res.status_code
        assert 'title' in res.data

        # As authenticated
        self.signout()
        self.register(name='notowner', email='*****@*****.**')
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 403, res.status_code

        # As anonymous
        self.signout()
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 401, res.status_code

        # As admin
        self.signin()
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 200, res.status_code
        assert 'title' in res.data
Exemplo n.º 38
0
    def test_blogpost_update_errors(self):
        """Test blogposts update for non existing projects raises errors"""
        self.register()
        self.signin()
        user = user_repo.get(1)
        project1 = ProjectFactory.create(owner=user)
        project2 = ProjectFactory.create(owner=user)
        blogpost = BlogpostFactory.create(project=project1, body='body')

        # To a non-existing project
        url = "/project/non-existing-project/%s/update" % blogpost.id
        res = self.app.post(url, data={'title':'new title', 'body':'body'},
                            follow_redirects=True)
        assert res.status_code == 404, res.status_code

        # To a non-existing post
        url = "/project/%s/999999/update" % project1.short_name
        res = self.app.post(url, data={'title':'new title', 'body':'body'},
                            follow_redirects=True)
        assert res.status_code == 404, res.status_code

        # To an existing post but with a project in the URL it does not belong to
        url = "/project/%s/%s/update" % (project2.short_name, blogpost.id)
        res = self.app.post(url, data={'title':'new title', 'body':'body'},
                            follow_redirects=True)
        assert res.status_code == 404, res.status_code
Exemplo n.º 39
0
    def test_blogposts_get_all_with_hidden_project(self):
        """Test blogpost GET does not show hidden projects"""
        self.register()
        admin = user_repo.get(1)
        self.signout()
        self.register(name='user', email='*****@*****.**')
        user = user_repo.get(2)
        project = ProjectFactory.create(owner=user, hidden=1)
        blogpost = BlogpostFactory.create(project=project, title='title')

        url = "/project/%s/blog" % project.short_name

        # As project owner
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 200, res.status_code
        assert 'title' in res.data

        # As authenticated
        self.signout()
        self.register(name='notowner', email='*****@*****.**')
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 403, res.status_code

        # As anonymous
        self.signout()
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 401, res.status_code

        # As admin
        self.signin()
        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 200, res.status_code
        assert 'title' in res.data
Exemplo n.º 40
0
    def test_anonymous_user_create_given_blogpost(self):
        """Test anonymous users cannot create a given blogpost"""

        project = ProjectFactory.create()
        blogpost = BlogpostFactory.build(project=project, owner=None)

        assert_raises(Unauthorized, ensure_authorized_to, 'create', blogpost)
Exemplo n.º 41
0
    def test_anonymous_user_read_given_blogpost_draft_project(self):
        """Test anonymous users cannot read a given blogpost of a draft project"""

        project = ProjectFactory.create(published=False)
        blogpost = BlogpostFactory.create(project=project)

        assert_raises(Unauthorized, ensure_authorized_to, 'read', blogpost)
Exemplo n.º 42
0
    def test_endpoints_with_password_protection(self):
        """Test all the endpoints for "reading" a project use password protection """
        endpoints_requiring_password = (
            '/', '/tutorial', '/1/results.json',
            '/tasks/', '/tasks/browse', '/tasks/export',
            '/stats', '/blog', '/1', '/task/1')
        project = ProjectFactory.create()
        TaskFactory.create(project=project)
        BlogpostFactory.create(project=project)
        project.set_password('mysecret')
        project_repo.update(project)

        for endpoint in endpoints_requiring_password:
            res = self.app.get('/project/%s%s' % (project.short_name, endpoint),
                               follow_redirects=True)
            assert 'Enter the password to contribute' in res.data, endpoint
Exemplo n.º 43
0
    def test_anonymous_user_read_given_blogpost(self):
        """Test anonymous users can read a given blogpost"""

        project = ProjectFactory.create(published=True)
        blogpost = BlogpostFactory.create(project=project)

        assert_not_raises(Exception, ensure_authorized_to, 'read', blogpost)
Exemplo n.º 44
0
    def test_blogpost_update_errors(self):
        """Test blogposts update for non existing projects raises errors"""
        self.register()
        user = user_repo.get(1)
        project1 = ProjectFactory.create(owner=user)
        project2 = ProjectFactory.create(owner=user)
        blogpost = BlogpostFactory.create(project=project1, body='body')

        # To a non-existing project
        url = "/project/non-existing-project/%s/update" % blogpost.id
        res = self.app.post(url, data={'title':'new title', 'body':'body'},
                            follow_redirects=True)
        assert res.status_code == 404, res.status_code

        # To a non-existing post
        url = "/project/%s/999999/update" % project1.short_name
        res = self.app.post(url, data={'title':'new title', 'body':'body'},
                            follow_redirects=True)
        assert res.status_code == 404, res.status_code

        # To an existing post but with a project in the URL it does not belong to
        url = "/project/%s/%s/update" % (project2.short_name, blogpost.id)
        res = self.app.post(url, data={'title':'new title', 'body':'body'},
                            follow_redirects=True)
        assert res.status_code == 404, res.status_code
Exemplo n.º 45
0
    def test_save_fails_if_integrity_error(self):
        """Test save raises a DBIntegrityError if the instance to be saved lacks
        a required value"""

        blogpost = BlogpostFactory.build(title=None)

        assert_raises(DBIntegrityError, self.blog_repo.save, blogpost)
Exemplo n.º 46
0
    def test_blogpost_update_by_owner(self, mock_redirect):
        """Test blogposts, project owners can update"""
        self.register()
        self.signin()
        user = user_repo.get(1)
        project = ProjectFactory.create(owner=user)
        blogpost = BlogpostFactory.create(project=project)
        url = "/project/%s/%s/update" % (project.short_name, blogpost.id)

        res = self.app.get(url, follow_redirects=True)
        assert res.status_code == 200, res.status_code

        res = self.app.post(url,
                            data={'id': blogpost.id,
                                  'title':'blogpost title',
                                  'body':'new body',
                                  'published': True},
                            follow_redirects=True)
        assert res.status_code == 200, res.status_code
        mock_redirect.assert_called_with('/project/%E2%9C%93project1/blog')

        blogpost = blog_repo.get_by(title='blogpost title')
        assert blogpost.title == 'blogpost title', blogpost.title
        assert blogpost.body == 'new body', blogpost.body
        assert blogpost.published, blogpost.published
Exemplo n.º 47
0
    def test_admin_authenticated_user_delete_blogpost(self):
        """Test authenticated user can delete any blogpost if is admin"""

        admin = UserFactory.create()
        blogpost = BlogpostFactory.create()

        assert self.mock_admin.id != blogpost.owner.id
        assert_not_raises(Exception, ensure_authorized_to, 'delete', blogpost)
    def test_get_by(self):
        """Test get_by returns a blogpost with the specified attribute"""

        blogpost = BlogpostFactory.create(title='My blog', body='myblogpost')

        retrieved_blogpost = self.blog_repo.get_by(title=blogpost.title)

        assert blogpost == retrieved_blogpost, retrieved_blogpost
Exemplo n.º 49
0
    def test_get_returns_blogpost(self):
        """Test get method returns a blogpost if exists"""

        blogpost = BlogpostFactory.create()

        retrieved_blogpost = self.blog_repo.get(blogpost.id)

        assert blogpost == retrieved_blogpost, retrieved_blogpost
Exemplo n.º 50
0
    def test_anonymous_user_read_given_blogpost(self):
        """Test anonymous users can read a given blogpost"""

        app = AppFactory.create()
        blogpost = BlogpostFactory.create(app=app)

        assert_not_raises(Exception,
                          getattr(require, 'blogpost').read, blogpost)
Exemplo n.º 51
0
    def test_anonymous_user_read_given_blogpost_hidden_app(self):
        """Test anonymous users cannot read a given blogpost of a hidden project"""

        app = AppFactory.create(hidden=1)
        blogpost = BlogpostFactory.create(app=app)

        assert_raises(Unauthorized,
                      getattr(require, 'blogpost').read, blogpost)
Exemplo n.º 52
0
    def test_anonymous_user_create_given_blogpost(self):
        """Test anonymous users cannot create a given blogpost"""

        app = AppFactory.create()
        blogpost = BlogpostFactory.build(app=app, owner=None)

        assert_raises(Unauthorized,
                      getattr(require, 'blogpost').create, blogpost)
Exemplo n.º 53
0
    def test_get_by(self):
        """Test get_by returns a blogpost with the specified attribute"""

        blogpost = BlogpostFactory.create(title='My blog', body='myblogpost')

        retrieved_blogpost = self.blog_repo.get_by(title=blogpost.title)

        assert blogpost == retrieved_blogpost, retrieved_blogpost
Exemplo n.º 54
0
    def test_admin_authenticated_user_delete_blogpost(self):
        """Test authenticated user can delete any blogpost if is admin"""

        admin = UserFactory.create()
        blogpost = BlogpostFactory.create()

        assert self.mock_admin.id != blogpost.owner.id
        assert_not_raises(Exception, ensure_authorized_to, 'delete', blogpost)
Exemplo n.º 55
0
    def test_admin_authenticated_user_delete_blogpost(self):
        """Test authenticated user can delete any blogpost if is admin"""

        admin = UserFactory.create()
        blogpost = BlogpostFactory.create()

        assert self.mock_admin.id != blogpost.owner.id
        assert_not_raises(Exception, getattr(require, 'blogpost').delete, blogpost)
Exemplo n.º 56
0
    def test_update_fails_if_integrity_error(self):
        """Test update raises a DBIntegrityError if the instance to be updated
        lacks a required value"""

        blogpost = BlogpostFactory.create()
        blogpost.title = None

        assert_raises(DBIntegrityError, self.blog_repo.update, blogpost)
Exemplo n.º 57
0
    def test_delete(self):
        """Test delete removes the blogpost instance"""

        blogpost = BlogpostFactory.create()

        self.blog_repo.delete(blogpost)
        deleted = self.blog_repo.get(blogpost.id)

        assert deleted is None, deleted
Exemplo n.º 58
0
    def test_save(self):
        """Test save persist the blogpost"""

        blogpost = BlogpostFactory.build()
        assert self.blog_repo.get(blogpost.id) is None

        self.blog_repo.save(blogpost)

        assert self.blog_repo.get(blogpost.id) == blogpost, "Blogpost not saved"