def test_get_close_db(app):
with app.app_context():
db = get_db()
assert db is get_db()
with pytest.raises(sqlite3.ProgrammingError) as e:
db.execute("SELECT 1")
assert "closed" in str(e.value)
def app():
db_fd, db_path = tempfile.mkstemp()
app = create_app({
"TESTING": True,
"DATABASE": db_path,
})
with app.app_context():
init_db()
get_db().executescript(_data_sql)
yield app
os.close(db_fd)
os.unlink(db_path)
def index():
db = get_db()
posts = db.execute(
"SELECT p.id, title, body, created, author_id, username"
" FROM post p JOIN user u ON p.author_id = u.id"
" ORDER BY created DESC"
).fetchall()
return render_template("blog/index.j2", posts=posts)
def load_logged_in_user():
user_id = session.get("user_id")
if user_id is None:
g.user = None
else:
g.user = get_db().execute("SELECT * FROM user WHERE id = ?",
(user_id, )).fetchone()
def test_delete(client, auth, app):
auth.login()
response = client.post("/1/delete")
assert response.headers["Location"] == "http://localhost/"
with app.app_context():
db = get_db()
post = db.execute("SELECT * FROM post WHERE id = 1").fetchone()
assert post is None
def test_update(client, auth, app):
auth.login()
assert client.get("/1/update").status_code == 200
client.post("/1/update", data={"title": "updated", "body": ""})
with app.app_context():
db = get_db()
post = db.execute("SELECT * FROM post WHERE id = 1").fetchone()
assert post["title"] == "updated"
def test_create(client, auth, app):
auth.login()
assert client.get("/create").status_code == 200
client.post("/create", data={"title": "created", "body": ""})
with app.app_context():
db = get_db()
count = db.execute("SELECT COUNT(id) FROM post").fetchone()[0]
assert count == 2
def test_author_required(app, client, auth):
with app.app_context():
db = get_db()
db.execute("UPDATE post SET author_id = 2 WHERE id = 1")
db.commit()
auth.login()
assert client.post("/1/update").status_code == 403
assert client.post("/1/delete").status_code == 403
assert b'href="/1/update"' not in client.get("/").data
def test_register(client, app):
assert client.get("/auth/register").status_code == 200
response = client.post("/auth/register",
data={
"username": "******",
"password": "******"
})
assert "http://localhost/auth/login" == response.headers["Location"]
with app.app_context():
assert (get_db().execute(
"select * from user where username = '******'", ).fetchone()
is not None)
def create():
if request.method == "POST":
title = request.form["title"]
body = request.form["body"]
error = None
if not title:
error = "Title is required."
if error is not None:
flash(error)
else:
db = get_db()
db.execute("INSERT INTO post (title, body, author_id)" " VALUES (?, ?, ?)", (title, body, g.user["id"]))
db.commit()
return redirect(url_for("blog.index"))
return render_template("blog/create.j2")
def get_post(id, check_author=True):
post = (
get_db()
.execute(
"SELECT p.id, title, body, created, author_id, username"
" FROM post p JOIN user u ON p.author_id = u.id"
" WHERE p.id = ?",
(id,),
)
.fetchone()
)
if post is None:
abort(404, "Post id {0} doesn't exist.".format(id))
if check_author and post["author_id"] != g.user["id"]:
abort(403)
return post
def update(id):
post = get_post(id)
if request.method == "POST":
title = request.form["title"]
body = request.form["body"]
error = None
if not title:
error = "Title is required."
if error is not None:
flash(error)
else:
db = get_db()
db.execute("UPDATE post SET title = ?, body = ?" " WHERE id = ?", (title, body, id))
db.commit()
return redirect(url_for("blog.index"))
return render_template("blog/update.j2", post=post)
def login():
if request.method == "POST":
username = request.form["username"]
password = request.form["password"]
db = get_db()
error = None
user = db.execute("SELECT * FROM user WHERE username = ?",
(username, )).fetchone()
if user is None:
error = "Incorrect username."
elif not check_password_hash(user["password"], password):
error = "Incorrect password."
if error is None:
session.clear()
session["user_id"] = user["id"]
return redirect(url_for("index"))
flash(error)
return render_template("auth/login.j2")
def register():
if request.method == "POST":
username = request.form["username"]
password = request.form["password"]
db = get_db()
error = None
if not username:
error = "Username is required."
elif not password:
error = "Password is required."
elif db.execute("SELECT id FROM user WHERE username = ?",
(username, )).fetchone() is not None:
error = "User {} is already registered.".format(username)
if error is None:
db.execute("INSERT INTO user (username, password) VALUES (?, ?)",
(username, generate_password_hash(password)))
db.commit()
return redirect(url_for("auth.login"))
flash(error)
return render_template("auth/register.j2")
def delete(id):
get_post(id)
db = get_db()
db.execute("DELETE FROM post WHERE id = ?", (id,))
db.commit()
return redirect(url_for("blog.index"))
