def test_form_creation_with_a_registered_email(self):
httpretty.register_uri(httpretty.POST, 'https://api.sendgrid.com/api/mail.send.json')
# register user
r = self.client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
httpretty.reset()
httpretty.register_uri(httpretty.POST, 'https://api.sendgrid.com/api/mail.send.json')
# create form without providing an url should not send verification email
r = self.client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**'})
)
self.assertEqual(httpretty.has_request(), False)
# create form without a confirmed email should send a verification email
r = self.client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**',
'url': 'https://www.testsite.com/contact.html'})
)
resp = json.loads(r.data)
self.assertEqual(resp['confirmed'], False)
self.assertEqual(httpretty.has_request(), True)
self.assertIn('Confirm+email', httpretty.last_request().body)
self.assertIn('www.testsite.com%2Fcontact.html', httpretty.last_request().body)
# manually verify an email
email = Email()
email.address = '*****@*****.**'
email.owner_id = user.id
DB.session.add(email)
DB.session.commit()
# create a form with the verified email address
r = self.client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**',
'url': 'https://www.testsite.com/about.html'})
)
resp = json.loads(r.data)
self.assertEqual(resp['confirmed'], True)
self.assertIn('www.testsite.com%2Fcontact.html', httpretty.last_request().body) # same as the last, means no new request was made
# should have three created forms in the end
self.assertEqual(Form.query.count(), 3)
def test_form_creation_with_a_registered_email(self):
httpretty.register_uri(httpretty.POST, 'https://api.sendgrid.com/api/mail.send.json')
# register user
r = self.client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
httpretty.reset()
httpretty.register_uri(httpretty.POST, 'https://api.sendgrid.com/api/mail.send.json')
# create form without providing an url should not send verification email
r = self.client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**'})
)
self.assertEqual(httpretty.has_request(), False)
# create form without a confirmed email should send a verification email
r = self.client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**',
'url': 'https://www.testsite.com/contact.html'})
)
resp = json.loads(r.data)
self.assertEqual(resp['confirmed'], False)
self.assertEqual(httpretty.has_request(), True)
self.assertIn('Confirm+email', httpretty.last_request().body)
self.assertIn('www.testsite.com%2Fcontact.html', httpretty.last_request().body)
# manually verify an email
email = Email()
email.address = '*****@*****.**'
email.owner_id = user.id
DB.session.add(email)
DB.session.commit()
# create a form with the verified email address
r = self.client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**',
'url': 'https://www.testsite.com/about.html'})
)
resp = json.loads(r.data)
self.assertEqual(resp['confirmed'], True)
self.assertIn('www.testsite.com%2Fcontact.html', httpretty.last_request().body) # same as the last, means no new request was made
# should have three created forms in the end
self.assertEqual(Form.query.count(), 3)
def test_form_creation_with_a_registered_email(client, msend):
# register user
r = client.post('/register',
data={'email': '*****@*****.**', 'password': '******'})
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# creating a form without providing an url should not send verification email
msend.reset_mock()
r = client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**'})
)
assert not msend.called
# create form without a confirmed email should send a verification email
msend.reset_mock()
r = client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**',
'url': 'https://www.testsite.com/contact.html'})
)
resp = json.loads(r.data.decode('utf-8'))
assert resp['confirmed'] == False
assert msend.called
assert 'Confirm email for' in msend.call_args[1]['subject']
assert 'www.testsite.com/contact.html' in msend.call_args[1]['text']
# manually verify an email
email = Email()
email.address = '*****@*****.**'
email.owner_id = user.id
DB.session.add(email)
DB.session.commit()
# create a form with the verified email address
r = client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**',
'url': 'https://www.testsite.com/about.html'})
)
resp = json.loads(r.data.decode('utf-8'))
assert resp['confirmed'] == True
assert 'www.testsite.com/contact.html' in msend.call_args[1]['text'] # same as the last, means no new request was made
# should have three created forms in the end
assert Form.query.count() == 3
def test_form_creation_with_a_registered_email(client, msend):
# register user
r = client.post('/register',
data={'email': '*****@*****.**', 'password': '******'})
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# creating a form without providing an url should not send verification email
msend.reset_mock()
r = client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**'})
)
assert not msend.called
# create form without a confirmed email should send a verification email
msend.reset_mock()
r = client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**',
'url': 'https://www.testsite.com/contact.html'})
)
resp = json.loads(r.data.decode('utf-8'))
assert resp['confirmed'] == False
assert msend.called
assert 'Confirm email for' in msend.call_args[1]['subject']
assert 'www.testsite.com/contact.html' in msend.call_args[1]['text']
# manually verify an email
email = Email()
email.address = '*****@*****.**'
email.owner_id = user.id
DB.session.add(email)
DB.session.commit()
# create a form with the verified email address
r = client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**',
'url': 'https://www.testsite.com/about.html'})
)
resp = json.loads(r.data.decode('utf-8'))
assert resp['confirmed'] == True
assert 'www.testsite.com/contact.html' in msend.call_args[1]['text'] # same as the last, means no new request was made
# should have three created forms in the end
assert Form.query.count() == 3
def test_rules(client, msend):
user, form = create_user_and_form(client)
user.plan = Plan.platinum
DB.session.add(user)
DB.session.commit()
email = Email(address="*****@*****.**",
owner_id=user.id,
verified=True)
DB.session.add(email)
DB.session.commit()
# create rule
r = client.post(
f"/api-int/forms/{form.hashid}/rules",
data=json.dumps({
"trigger": {
"fn": "contains",
"field": "dept",
"params": ["customer"]
},
"email": "*****@*****.**",
}),
headers={
"Referer": settings.SERVICE_URL,
"Content-Type": "application/json"
},
)
assert r.status_code == 201
# send submissions
msend.reset_mock()
r = client.post(f"/{form.hashid}", data={"hello": "world"})
assert r.status_code == 302
assert not msend.called
msend.reset_mock()
r = client.post(f"/{form.hashid}",
data={
"hello": "world",
"dept": "customer-department"
})
assert r.status_code == 302
assert msend.called
assert msend.call_args[1]["to"] == "*****@*****.**"
def test_email_and_linked_forms_managements(client, msend):
user, dashboard_form = create_user_and_form(client)
# create a legacy form with this same email address
create_and_activate_form(client, email=user.email, host="www.example.com")
# try to delete email address
r = client.delete(
"/api-int/account/emails/" + user.email,
headers={
"Accept": "application/json",
"Referer": settings.SERVICE_URL
},
)
assert r.status_code == 403 # fails because there's a form tied to it
# add a new email address
email = Email(address="*****@*****.**", owner_id=user.id, verified=True)
DB.session.add(email)
DB.session.commit()
# move this form to there
r = client.patch(
"/api-int/forms/" + dashboard_form.hashid,
headers={
"Content-Type": "application/json",
"Referer": settings.SERVICE_URL
},
data=json.dumps({"email": "*****@*****.**"}),
)
assert r.status_code == 200
# try to delete again
r = client.delete(
"/api-int/account/emails/" + user.email,
headers={
"Accept": "application/json",
"Referer": settings.SERVICE_URL
},
)
# should succeed now (even though the legacy form is
# still tied to the previous email address)
assert r.status_code == 200
def test_sitewide_forms(self):
httpretty.register_uri(httpretty.GET,
'http://mysite.com/[email protected]',
status=200)
httpretty.register_uri(httpretty.GET,
'http://www.naive.com/[email protected]',
status=200)
# register user
r = self.client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# manually verify an email
email = Email()
email.address = '*****@*****.**'
email.owner_id = user.id
DB.session.add(email)
DB.session.commit()
# create a sitewide form with the verified email address
r = self.client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**',
'url': 'http://mysite.com',
'sitewide': 'true'})
)
resp = json.loads(r.data)
self.assertEqual(httpretty.has_request(), True)
self.assertEqual(resp['confirmed'], True)
self.assertEqual(1, Form.query.count())
forms = Form.query.all()
form = forms[0]
self.assertEqual(form.sitewide, True)
self.assertEqual(form.host, 'mysite.com')
# submit form
httpretty.register_uri(httpretty.POST, 'https://api.sendgrid.com/api/mail.send.json')
r = self.client.post('/' + form.hashid,
headers = {'Referer': 'http://www.mysite.com/hipopotamo', 'content-type': 'application/json'},
data=json.dumps({'name': 'alice'})
)
self.assertIn('alice', httpretty.last_request().body)
self.client.post('/' + form.hashid,
headers = {'Referer': 'http://mysite.com/baleia/urso?w=2', 'content-type': 'application/json'},
data=json.dumps({'name': 'maria'})
)
self.assertIn('maria', httpretty.last_request().body)
self.client.post('/' + form.hashid,
headers = {'Referer': 'http://mysite.com/', 'content-type': 'application/json'},
data=json.dumps({'name': 'laura'})
)
self.assertIn('laura', httpretty.last_request().body)
# another form, now with a www prefix that will be stripped
r = self.client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**',
'url': 'http://www.naive.com',
'sitewide': 'true'})
)
resp = json.loads(r.data)
self.assertEqual(httpretty.has_request(), True)
self.assertEqual(resp['confirmed'], True)
self.assertEqual(2, Form.query.count())
forms = Form.query.all()
form = forms[1]
self.assertEqual(form.sitewide, True)
self.assertEqual(form.host, 'naive.com')
# submit form
httpretty.register_uri(httpretty.POST, 'https://api.sendgrid.com/api/mail.send.json')
r = self.client.post('/' + form.hashid,
headers = {'Referer': 'http://naive.com/hipopotamo', 'content-type': 'application/json'},
data=json.dumps({'name': 'alice'})
)
self.assertIn('alice', httpretty.last_request().body)
self.client.post('/' + form.hashid,
headers = {'Referer': 'http://www.naive.com/baleia/urso?w=2', 'content-type': 'application/json'},
data=json.dumps({'name': 'maria'})
)
self.assertIn('maria', httpretty.last_request().body)
self.client.post('/' + form.hashid,
headers = {'Referer': 'http://www.naive.com/', 'content-type': 'application/json'},
data=json.dumps({'name': 'laura'})
)
self.assertIn('laura', httpretty.last_request().body)
def test_sitewide_forms(self):
httpretty.register_uri(
httpretty.GET,
'http://mysite.com/formspree-verify.txt',
body=u'[email protected]\nmyüñìćõð€[email protected]',
status=200)
httpretty.register_uri(httpretty.GET,
'http://www.naive.com/formspree-verify.txt',
body=u'myüñìćõð€[email protected]',
status=200)
# register user
r = self.client.post('/register',
data={
'email': '*****@*****.**',
'password': '******'
})
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# manually verify an email
email = Email()
email.address = u'myüñìćõð€[email protected]'
email.owner_id = user.id
DB.session.add(email)
DB.session.commit()
# create a sitewide form with the verified email address
r = self.client.post('/forms',
headers={
'Accept': 'application/json',
'Content-type': 'application/json'
},
data=json.dumps({
'email': u'myüñìćõð€[email protected]',
'url': 'http://mysite.com',
'sitewide': 'true'
}))
resp = json.loads(r.data)
self.assertEqual(httpretty.has_request(), True)
self.assertEqual(resp['confirmed'], True)
self.assertEqual(1, Form.query.count())
forms = Form.query.all()
form = forms[0]
self.assertEqual(form.sitewide, True)
self.assertEqual(form.host, 'mysite.com')
# submit form
httpretty.register_uri(httpretty.POST,
'https://api.sendgrid.com/api/mail.send.json')
r = self.client.post('/' + form.hashid,
headers={
'Referer': 'http://www.mysite.com/hipopotamo',
'content-type': 'application/json'
},
data=json.dumps({'name': 'alice'}))
self.assertIn('alice', httpretty.last_request().body)
self.client.post('/' + form.hashid,
headers={
'Referer': 'http://mysite.com/baleia/urso?w=2',
'content-type': 'application/json'
},
data=json.dumps({'name': 'maria'}))
self.assertIn('maria', httpretty.last_request().body)
self.client.post('/' + form.hashid,
headers={
'Referer': 'http://mysite.com/',
'content-type': 'application/json'
},
data=json.dumps({'name': 'laura'}))
self.assertIn('laura', httpretty.last_request().body)
# another form, now with a www prefix that will be stripped
r = self.client.post('/forms',
headers={
'Accept': 'application/json',
'Content-type': 'application/json'
},
data=json.dumps({
'email': u'myüñìćõð€[email protected]',
'url': 'http://www.naive.com',
'sitewide': 'true'
}))
resp = json.loads(r.data)
self.assertEqual(httpretty.has_request(), True)
self.assertEqual(resp['confirmed'], True)
self.assertEqual(2, Form.query.count())
forms = Form.query.all()
form = forms[1]
self.assertEqual(form.sitewide, True)
self.assertEqual(form.host, 'naive.com')
# submit form
httpretty.register_uri(httpretty.POST,
'https://api.sendgrid.com/api/mail.send.json')
r = self.client.post('/' + form.hashid,
headers={
'Referer': 'http://naive.com/hipopotamo',
'content-type': 'application/json'
},
data=json.dumps({'name': 'alice'}))
self.assertIn('alice', httpretty.last_request().body)
self.client.post('/' + form.hashid,
headers={
'Referer': 'http://www.naive.com/baleia/urso?w=2',
'content-type': 'application/json'
},
data=json.dumps({'name': 'maria'}))
self.assertIn('maria', httpretty.last_request().body)
self.client.post('/' + form.hashid,
headers={
'Referer': 'http://www.naive.com/',
'content-type': 'application/json'
},
data=json.dumps({'name': 'laura'}))
self.assertIn('laura', httpretty.last_request().body)
# create a different form with the same email address, now using unprefixed url
r = self.client.post('/forms',
headers={
'Accept': 'application/json',
'Content-type': 'application/json'
},
data=json.dumps({
'email': u'myüñìćõð€[email protected]',
'url': 'mysite.com',
'sitewide': 'true'
}))
resp = json.loads(r.data)
def test_monthly_limits(client, msend):
# monthly limit is set to 2 during tests
assert settings.MONTHLY_SUBMISSIONS_LIMIT == 2
# manually verify [email protected]
r = client.post('/[email protected]',
headers=http_headers,
data={'name': 'luke'})
f = Form.query.first()
f.confirm_sent = True
f.confirmed = True
DB.session.add(f)
DB.session.commit()
# first submission
r = client.post('/[email protected]',
headers=http_headers,
data={'name': 'peter'})
assert r.status_code == 302
assert 'peter' in msend.call_args[1]['text']
# second submission
r = client.post('/[email protected]',
headers=http_headers,
data={'name': 'ana'})
assert r.status_code == 302
assert 'ana' in msend.call_args[1]['text']
# third submission, now we're over the limit
r = client.post('/[email protected]',
headers=http_headers,
data={'name': 'maria'})
assert r.status_code == 302 # the response to the user is the same
# being the form over the limits or not
# the mocked sendgrid should never receive this last form
assert 'maria' not in msend.call_args[1]['text']
assert 'past the limit' in msend.call_args[1]['text']
# all the other variables are ok:
assert 1 == Form.query.count()
f = Form.query.first()
assert f.counter == 3
assert f.get_monthly_counter() == 3 # the counters mark 4
# the user pays and becomes upgraded
r = client.post('/register',
data={
'email': '*****@*****.**',
'password': '******'
})
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
user.emails = [Email(address='*****@*****.**')]
DB.session.add(user)
DB.session.commit()
# the user should receive form posts again
r = client.post('/[email protected]',
headers=http_headers,
data={'name': 'noah'})
assert r.status_code == 302
assert 'noah' in msend.call_args[1]['text']
def test_form_creation_with_a_registered_email(client, msend):
# register user
r = client.post(
"/register", data={"email": "*****@*****.**", "password": "******"}
)
# upgrade user manually
user = User.query.filter_by(email="*****@*****.**").first()
user.plan = Plan.gold
DB.session.add(user)
DB.session.commit()
# creating a form without providing an url should not send verification email
msend.reset_mock()
r = client.post(
"/api-int/forms",
headers={
"Accept": "application/json",
"Content-type": "application/json",
"Referer": settings.SERVICE_URL,
},
data=json.dumps({"email": "*****@*****.**"}),
)
assert not msend.called
# create form without a confirmed email should send a verification email
msend.reset_mock()
r = client.post(
"/api-int/forms",
headers={
"Accept": "application/json",
"Content-type": "application/json",
"Referer": settings.SERVICE_URL,
},
data=json.dumps(
{
"email": "*****@*****.**",
"url": "https://www.testsite.com/contact.html",
}
),
)
resp = json.loads(r.data.decode("utf-8"))
assert resp["confirmed"] == False
assert msend.called
assert "Confirm email for" in msend.call_args[1]["subject"]
assert "www.testsite.com/contact.html" in msend.call_args[1]["text"]
# manually verify an email
email = Email()
email.address = "*****@*****.**"
email.owner_id = user.id
DB.session.add(email)
DB.session.commit()
# create a form with the verified email address
r = client.post(
"/api-int/forms",
headers={
"Accept": "application/json",
"Content-type": "application/json",
"Referer": settings.SERVICE_URL,
},
data=json.dumps(
{
"email": "*****@*****.**",
"url": "https://www.testsite.com/about.html",
}
),
)
resp = json.loads(r.data.decode("utf-8"))
assert resp["confirmed"] == True
assert (
"www.testsite.com/contact.html" in msend.call_args[1]["text"]
) # same as the last, means no new request was made
# should have three created forms in the end
assert Form.query.count() == 3
def test_sitewide_forms(client, msend, mocker):
m_sitewidecheck = mocker.patch(
"formspree.forms.api.sitewide_file_check", side_effect=[True, True, True]
)
# register user
r = client.post(
"/register", data={"email": "*****@*****.**", "password": "******"}
)
# upgrade user manually
user = User.query.filter_by(email="*****@*****.**").first()
user.plan = Plan.gold
DB.session.add(user)
DB.session.commit()
# manually verify an email
email = Email()
email.address = "myüñìćõð€[email protected]"
email.owner_id = user.id
DB.session.add(email)
DB.session.commit()
# create a sitewide form with the verified email address
r = client.post(
"/api-int/forms",
headers={
"Accept": "application/json",
"Content-type": "application/json",
"Referer": settings.SERVICE_URL,
},
data=json.dumps(
{
"email": "myüñìćõð€[email protected]",
"url": "http://mysite.com",
"sitewide": "true",
}
),
)
resp = json.loads(r.data.decode("utf-8"))
assert m_sitewidecheck.called
assert m_sitewidecheck.call_args[0][1] == "myüñìćõð€[email protected]"
assert resp["confirmed"]
m_sitewidecheck.reset_mock()
assert 1 == Form.query.count()
forms = Form.query.all()
form = forms[0]
assert form.sitewide
assert form.host == "mysite.com"
# submit form
r = client.post(
"/" + form.hashid,
headers={
"Referer": "http://www.mysite.com/hipopotamo",
"content-type": "application/json",
},
data=json.dumps({"name": "alice"}),
)
assert "alice" in msend.call_args[1]["text"]
client.post(
"/" + form.hashid,
headers={
"Referer": "http://mysite.com/baleia/urso?w=2",
"content-type": "application/json",
},
data=json.dumps({"name": "maria"}),
)
assert "maria" in msend.call_args[1]["text"]
client.post(
"/" + form.hashid,
headers={"Referer": "http://mysite.com/", "content-type": "application/json"},
data=json.dumps({"name": "laura"}),
)
assert "laura" in msend.call_args[1]["text"]
# another form, now with a www prefix that will be stripped
r = client.post(
"/api-int/forms",
headers={
"Accept": "application/json",
"Content-type": "application/json",
"Referer": settings.SERVICE_URL,
},
data=json.dumps(
{
"email": "myüñìćõð€[email protected]",
"url": "http://www.naive.com",
"sitewide": "true",
}
),
)
resp = json.loads(r.data.decode("utf-8"))
assert m_sitewidecheck.called
assert m_sitewidecheck.call_args[0][0] == "http://www.naive.com"
assert resp["confirmed"]
assert 2 == Form.query.count()
forms = Form.query.all()
form = forms[1]
assert form.sitewide
assert form.host == "naive.com"
# submit form
r = client.post(
"/" + form.hashid,
headers={
"Referer": "http://naive.com/hipopotamo",
"content-type": "application/json",
},
data=json.dumps({"name": "alice"}),
)
assert "alice" in msend.call_args[1]["text"]
client.post(
"/" + form.hashid,
headers={
"Referer": "http://www.naive.com/baleia/urso?w=2",
"content-type": "application/json",
},
data=json.dumps({"name": "maria"}),
)
assert "maria" in msend.call_args[1]["text"]
client.post(
"/" + form.hashid,
headers={
"Referer": "http://www.naive.com/",
"content-type": "application/json",
},
data=json.dumps({"name": "laura"}),
)
assert "laura" in msend.call_args[1]["text"]
# create a different form with the same email address, now using unprefixed url
r = client.post(
"/api-int/forms",
headers={
"Accept": "application/json",
"Content-type": "application/json",
"Referer": settings.SERVICE_URL,
},
data=json.dumps(
{
"email": "myüñìćõð€[email protected]",
"url": "mysite.com",
"sitewide": "true",
}
),
)
resp = json.loads(r.data.decode("utf-8"))
def test_sitewide_forms(client, msend, mocker):
m_sitewidecheck = mocker.patch(
'formspree.forms.views.sitewide_file_check',
side_effect=[True, True, True]
)
# register user
r = client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# manually verify an email
email = Email()
email.address = 'myüñìćõð€[email protected]'
email.owner_id = user.id
DB.session.add(email)
DB.session.commit()
# create a sitewide form with the verified email address
r = client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': 'myüñìćõð€[email protected]',
'url': 'http://mysite.com',
'sitewide': 'true'})
)
resp = json.loads(r.data.decode('utf-8'))
assert m_sitewidecheck.called
assert m_sitewidecheck.call_args[0][1] == 'myüñìćõð€[email protected]'
assert resp['confirmed']
m_sitewidecheck.reset_mock()
assert 1 == Form.query.count()
forms = Form.query.all()
form = forms[0]
assert form.sitewide
assert form.host == 'mysite.com'
# submit form
r = client.post('/' + form.hashid,
headers = {'Referer': 'http://www.mysite.com/hipopotamo', 'content-type': 'application/json'},
data=json.dumps({'name': 'alice'})
)
assert 'alice' in msend.call_args[1]['text']
client.post('/' + form.hashid,
headers = {'Referer': 'http://mysite.com/baleia/urso?w=2', 'content-type': 'application/json'},
data=json.dumps({'name': 'maria'})
)
assert 'maria' in msend.call_args[1]['text']
client.post('/' + form.hashid,
headers = {'Referer': 'http://mysite.com/', 'content-type': 'application/json'},
data=json.dumps({'name': 'laura'})
)
assert 'laura' in msend.call_args[1]['text']
# another form, now with a www prefix that will be stripped
r = client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': 'myüñìćõð€[email protected]',
'url': 'http://www.naive.com',
'sitewide': 'true'})
)
resp = json.loads(r.data.decode('utf-8'))
assert m_sitewidecheck.called
assert m_sitewidecheck.call_args[0][0] == 'http://www.naive.com'
assert resp['confirmed']
assert 2 == Form.query.count()
forms = Form.query.all()
form = forms[1]
assert form.sitewide
assert form.host == 'naive.com'
# submit form
r = client.post('/' + form.hashid,
headers={'Referer': 'http://naive.com/hipopotamo', 'content-type': 'application/json'},
data=json.dumps({'name': 'alice'})
)
assert 'alice' in msend.call_args[1]['text']
client.post('/' + form.hashid,
headers={'Referer': 'http://www.naive.com/baleia/urso?w=2', 'content-type': 'application/json'},
data=json.dumps({'name': 'maria'})
)
assert 'maria' in msend.call_args[1]['text']
client.post('/' + form.hashid,
headers={'Referer': 'http://www.naive.com/', 'content-type': 'application/json'},
data=json.dumps({'name': 'laura'})
)
assert 'laura' in msend.call_args[1]['text']
# create a different form with the same email address, now using unprefixed url
r = client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': 'myüñìćõð€[email protected]',
'url': 'mysite.com',
'sitewide': 'true'})
)
resp = json.loads(r.data.decode('utf-8'))
def test_sitewide_forms(client, msend, mocker):
m_sitewidecheck = mocker.patch("formspree.forms.api.sitewide_file_check",
side_effect=[True, True, True])
# register user
r = client.post("/register",
data={
"email": "*****@*****.**",
"password": "******"
})
# upgrade user manually
user = User.query.filter_by(email="*****@*****.**").first()
user.plan = Plan.gold
DB.session.add(user)
DB.session.commit()
# manually verify an email
email = Email()
email.address = "myüñìćõð€[email protected]"
email.owner_id = user.id
DB.session.add(email)
DB.session.commit()
# create a sitewide form with the verified email address
r = client.post(
"/api-int/forms",
headers={
"Accept": "application/json",
"Content-type": "application/json",
"Referer": settings.SERVICE_URL,
},
data=json.dumps({
"email": "myüñìćõð€[email protected]",
"url": "http://mysite.com",
"sitewide": "true",
}),
)
resp = json.loads(r.data.decode("utf-8"))
assert m_sitewidecheck.called
assert m_sitewidecheck.call_args[0][1] == "myüñìćõð€[email protected]"
assert resp["confirmed"]
m_sitewidecheck.reset_mock()
assert 1 == Form.query.count()
forms = Form.query.all()
form = forms[0]
assert form.sitewide
assert form.host == "mysite.com"
# submit form
r = client.post(
"/" + form.hashid,
headers={
"Referer": "http://www.mysite.com/hipopotamo",
"content-type": "application/json",
},
data=json.dumps({"name": "alice"}),
)
assert "alice" in msend.call_args[1]["text"]
client.post(
"/" + form.hashid,
headers={
"Referer": "http://mysite.com/baleia/urso?w=2",
"content-type": "application/json",
},
data=json.dumps({"name": "maria"}),
)
assert "maria" in msend.call_args[1]["text"]
client.post(
"/" + form.hashid,
headers={
"Referer": "http://mysite.com/",
"content-type": "application/json"
},
data=json.dumps({"name": "laura"}),
)
assert "laura" in msend.call_args[1]["text"]
# another form, now with a www prefix that will be stripped
r = client.post(
"/api-int/forms",
headers={
"Accept": "application/json",
"Content-type": "application/json",
"Referer": settings.SERVICE_URL,
},
data=json.dumps({
"email": "myüñìćõð€[email protected]",
"url": "http://www.naive.com",
"sitewide": "true",
}),
)
resp = json.loads(r.data.decode("utf-8"))
assert m_sitewidecheck.called
assert m_sitewidecheck.call_args[0][0] == "http://www.naive.com"
assert resp["confirmed"]
assert 2 == Form.query.count()
forms = Form.query.all()
form = forms[1]
assert form.sitewide
assert form.host == "naive.com"
# submit form
r = client.post(
"/" + form.hashid,
headers={
"Referer": "http://naive.com/hipopotamo",
"content-type": "application/json",
},
data=json.dumps({"name": "alice"}),
)
assert "alice" in msend.call_args[1]["text"]
client.post(
"/" + form.hashid,
headers={
"Referer": "http://www.naive.com/baleia/urso?w=2",
"content-type": "application/json",
},
data=json.dumps({"name": "maria"}),
)
assert "maria" in msend.call_args[1]["text"]
client.post(
"/" + form.hashid,
headers={
"Referer": "http://www.naive.com/",
"content-type": "application/json",
},
data=json.dumps({"name": "laura"}),
)
assert "laura" in msend.call_args[1]["text"]
# create a different form with the same email address, now using unprefixed url
r = client.post(
"/api-int/forms",
headers={
"Accept": "application/json",
"Content-type": "application/json",
"Referer": settings.SERVICE_URL,
},
data=json.dumps({
"email": "myüñìćõð€[email protected]",
"url": "mysite.com",
"sitewide": "true",
}),
)
resp = json.loads(r.data.decode("utf-8"))
def test_form_creation_with_a_registered_email(client, msend):
# register user
r = client.post("/register",
data={
"email": "*****@*****.**",
"password": "******"
})
# upgrade user manually
user = User.query.filter_by(email="*****@*****.**").first()
user.plan = Plan.gold
DB.session.add(user)
DB.session.commit()
# creating a form without providing an url should not send verification email
msend.reset_mock()
r = client.post(
"/api-int/forms",
headers={
"Accept": "application/json",
"Content-type": "application/json",
"Referer": settings.SERVICE_URL,
},
data=json.dumps({"email": "*****@*****.**"}),
)
assert not msend.called
# create form without a confirmed email should send a verification email
msend.reset_mock()
r = client.post(
"/api-int/forms",
headers={
"Accept": "application/json",
"Content-type": "application/json",
"Referer": settings.SERVICE_URL,
},
data=json.dumps({
"email": "*****@*****.**",
"url": "https://www.testsite.com/contact.html",
}),
)
resp = json.loads(r.data.decode("utf-8"))
assert resp["confirmed"] == False
assert msend.called
assert "Confirm email for" in msend.call_args[1]["subject"]
assert "www.testsite.com/contact.html" in msend.call_args[1]["text"]
# manually verify an email
email = Email()
email.address = "*****@*****.**"
email.owner_id = user.id
DB.session.add(email)
DB.session.commit()
# create a form with the verified email address
r = client.post(
"/api-int/forms",
headers={
"Accept": "application/json",
"Content-type": "application/json",
"Referer": settings.SERVICE_URL,
},
data=json.dumps({
"email": "*****@*****.**",
"url": "https://www.testsite.com/about.html",
}),
)
resp = json.loads(r.data.decode("utf-8"))
assert resp["confirmed"] == True
assert ("www.testsite.com/contact.html" in msend.call_args[1]["text"]
) # same as the last, means no new request was made
# should have three created forms in the end
assert Form.query.count() == 3
def test_multiple_cases(client, msend, case):
user, form = create_user_and_form(client)
user.plan = Plan.platinum
DB.session.add(user)
emailx = Email(address="*****@*****.**", owner_id=user.id, verified=True)
DB.session.add(emailx)
emaily = Email(address="*****@*****.**", owner_id=user.id, verified=True)
DB.session.add(emaily)
emailw = Email(address="*****@*****.**", owner_id=user.id, verified=True)
DB.session.add(emailw)
emailfruits = Email(address="*****@*****.**",
owner_id=user.id,
verified=True)
DB.session.add(emailfruits)
emailrest = Email(address="*****@*****.**",
owner_id=user.id,
verified=True)
DB.session.add(emailrest)
emailalways = Email(address="*****@*****.**",
owner_id=user.id,
verified=True)
DB.session.add(emailalways)
r1 = RoutingRule(form_id=form.id)
r1.email = emailx.address
r1.trigger = {"fn": "exists", "field": "x", "params": []}
DB.session.add(r1)
r2 = RoutingRule(form_id=form.id)
r2.email = emaily.address
r2.trigger = {"fn": "exists", "field": "y", "params": []}
DB.session.add(r2)
r3 = RoutingRule(form_id=form.id)
r3.email = emailw.address
r3.trigger = {"fn": "exists", "field": "w", "params": []}
DB.session.add(r3)
r4 = RoutingRule(form_id=form.id)
r4.email = emailfruits.address
r4.trigger = {"fn": "contains", "field": "_host", "params": ["/fruits"]}
DB.session.add(r4)
r5 = RoutingRule(form_id=form.id)
r5.email = emailfruits.address
r5.trigger = {"fn": "contains", "field": "kind", "params": ["fruit"]}
DB.session.add(r5)
r6 = RoutingRule(form_id=form.id)
r6.email = emailrest.address
r6.trigger = {"fn": "doesntcontain", "field": "kind", "params": ["fruit"]}
DB.session.add(r6)
r7 = RoutingRule(form_id=form.id)
r7.email = emailalways.address
r7.trigger = {"fn": "true", "field": None, "params": []}
DB.session.add(r7)
DB.session.commit()
referrer, data, targets = case
r = client.post(f"/{form.hashid}",
data=data,
headers={"Referer": referrer})
assert r.status_code == 302
received = {call[1]["to"] for call in msend.call_args_list}
targets.add(emailalways.address)
assert received == targets
def test_rules_api(client, msend):
user1, form = create_user_and_form(client)
ruledef = {
"trigger": {
"fn": "exists",
"field": "important",
"params": []
},
"email": "*****@*****.**",
}
# fail to create rule as gold user
r = client.post(
f"/api-int/forms/{form.hashid}/rules",
data=json.dumps(ruledef),
headers={
"Referer": settings.SERVICE_URL,
"Content-Type": "application/json"
},
)
assert r.status_code == 402
# upgrade to platinum
user1.plan = Plan.platinum
DB.session.add(user1)
DB.session.commit()
# fail to create rule with an email address not registered
r = client.post(
f"/api-int/forms/{form.hashid}/rules",
data=json.dumps(ruledef),
headers={
"Referer": settings.SERVICE_URL,
"Content-Type": "application/json"
},
)
assert r.status_code == 403
# register email address on a different account
user2, _ = create_user_and_form(client, login=False)
email = Email(address=ruledef["email"], owner_id=user2.id, verified=True)
DB.session.add(email)
DB.session.commit()
# fail again, address must be under the user control
r = client.post(
f"/api-int/forms/{form.hashid}/rules",
data=json.dumps(ruledef),
headers={
"Referer": settings.SERVICE_URL,
"Content-Type": "application/json"
},
)
assert r.status_code == 403
# get email under control of the correct user
email = Email(address=ruledef["email"], owner_id=user1.id, verified=True)
DB.session.add(email)
DB.session.commit()
# should succeed now
r = client.post(
f"/api-int/forms/{form.hashid}/rules",
data=json.dumps(ruledef),
headers={
"Referer": settings.SERVICE_URL,
"Content-Type": "application/json"
},
)
assert r.status_code == 201
q = RoutingRule.query.filter_by(form_id=form.id)
assert q.count() == 1
rule = q.first()
assert rule.email == ruledef["email"]
assert rule.trigger == ruledef["trigger"]
# edit routing rule
ruledef["trigger"]["field"] = "useless"
r = client.put(
f"/api-int/forms/{form.hashid}/rules/{rule.id}",
data=json.dumps(ruledef),
headers={
"Content-Type": "application/json",
"Referer": settings.SERVICE_URL
},
)
assert r.status_code == 200
q = RoutingRule.query.filter_by(form_id=form.id)
assert q.count() == 1
rule = q.first()
assert rule.email == ruledef["email"]
assert rule.trigger == ruledef["trigger"]
# editing the email should fail if address isn't linked and verified
newemail = Email(address="*****@*****.**",
owner_id=user1.id,
verified=False)
DB.session.add(newemail)
DB.session.commit()
r = client.put(
f"/api-int/forms/{form.hashid}/rules/{rule.id}",
data=json.dumps({
"email": newemail.address,
"trigger": ruledef["trigger"]
}),
headers={
"Content-Type": "application/json",
"Referer": settings.SERVICE_URL
},
)
assert r.status_code == 403
# fail to remove email if rule exists
r = client.delete(
f"/api-int/account/emails/{ruledef['email']}",
headers={"Referer": settings.SERVICE_URL},
)
assert r.status_code == 403
# remove rule
r = client.delete(
f"/api-int/forms/{form.hashid}/rules/{rule.id}",
headers={"Referer": settings.SERVICE_URL},
)
assert r.status_code == 200
# can remove linked email now
r = client.delete(
f"/api-int/account/emails/{ruledef['email']}",
headers={"Referer": settings.SERVICE_URL},
)
assert r.status_code == 200
def test_monthly_limits(self):
httpretty.register_uri(httpretty.POST,
'https://api.sendgrid.com/api/mail.send.json')
# monthly limit is set to 2 during tests
self.assertEqual(settings.MONTHLY_SUBMISSIONS_LIMIT, 2)
# manually verify [email protected]
r = self.client.post('/[email protected]',
headers=http_headers,
data={'name': 'luke'})
f = Form.query.first()
f.confirm_sent = True
f.confirmed = True
DB.session.add(f)
DB.session.commit()
# first submission
httpretty.register_uri(httpretty.POST,
'https://api.sendgrid.com/api/mail.send.json')
r = self.client.post('/[email protected]',
headers=http_headers,
data={'name': 'peter'})
self.assertEqual(r.status_code, 302)
self.assertIn('peter', httpretty.last_request().body)
# second submission
httpretty.register_uri(httpretty.POST,
'https://api.sendgrid.com/api/mail.send.json')
r = self.client.post('/[email protected]',
headers=http_headers,
data={'name': 'ana'})
self.assertEqual(r.status_code, 302)
self.assertIn('ana', httpretty.last_request().body)
# third submission, now we're over the limit
httpretty.register_uri(httpretty.POST,
'https://api.sendgrid.com/api/mail.send.json')
r = self.client.post('/[email protected]',
headers=http_headers,
data={'name': 'maria'})
self.assertEqual(r.status_code,
302) # the response to the user is the same
# being the form over the limits or not
# but the mocked sendgrid should never receive this last form
self.assertNotIn('maria', httpretty.last_request().body)
self.assertIn('You+are+past+our+limit', httpretty.last_request().body)
# all the other variables are ok:
self.assertEqual(1, Form.query.count())
f = Form.query.first()
self.assertEqual(f.counter, 3)
self.assertEqual(f.get_monthly_counter(), 3) # the counters mark 4
# the user pays and becomes upgraded
r = self.client.post('/register',
data={
'email': '*****@*****.**',
'password': '******'
})
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
user.emails = [Email(address='*****@*****.**')]
DB.session.add(user)
DB.session.commit()
# the user should receive form posts again
httpretty.register_uri(httpretty.POST,
'https://api.sendgrid.com/api/mail.send.json')
r = self.client.post('/[email protected]',
headers=http_headers,
data={'name': 'noah'})
self.assertEqual(r.status_code, 302)
self.assertIn('noah', httpretty.last_request().body)
def test_sitewide_forms(client, msend, mocker):
m_sitewidecheck = mocker.patch(
'formspree.forms.views.sitewide_file_check',
side_effect=[True, True, True]
)
# register user
r = client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# manually verify an email
email = Email()
email.address = 'myüñìćõð€[email protected]'
email.owner_id = user.id
DB.session.add(email)
DB.session.commit()
# create a sitewide form with the verified email address
r = client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': 'myüñìćõð€[email protected]',
'url': 'http://mysite.com',
'sitewide': 'true'})
)
resp = json.loads(r.data.decode('utf-8'))
assert m_sitewidecheck.called
assert m_sitewidecheck.call_args[0][1] == 'myüñìćõð€[email protected]'
assert resp['confirmed']
m_sitewidecheck.reset_mock()
assert 1 == Form.query.count()
forms = Form.query.all()
form = forms[0]
assert form.sitewide
assert form.host == 'mysite.com'
# submit form
r = client.post('/' + form.hashid,
headers = {'Referer': 'http://www.mysite.com/hipopotamo', 'content-type': 'application/json'},
data=json.dumps({'name': 'alice'})
)
assert 'alice' in msend.call_args[1]['text']
client.post('/' + form.hashid,
headers = {'Referer': 'http://mysite.com/baleia/urso?w=2', 'content-type': 'application/json'},
data=json.dumps({'name': 'maria'})
)
assert 'maria' in msend.call_args[1]['text']
client.post('/' + form.hashid,
headers = {'Referer': 'http://mysite.com/', 'content-type': 'application/json'},
data=json.dumps({'name': 'laura'})
)
assert 'laura' in msend.call_args[1]['text']
# another form, now with a www prefix that will be stripped
r = client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': 'myüñìćõð€[email protected]',
'url': 'http://www.naive.com',
'sitewide': 'true'})
)
resp = json.loads(r.data.decode('utf-8'))
assert m_sitewidecheck.called
assert m_sitewidecheck.call_args[0][0] == 'http://www.naive.com'
assert resp['confirmed']
assert 2 == Form.query.count()
forms = Form.query.all()
form = forms[1]
assert form.sitewide
assert form.host == 'naive.com'
# submit form
r = client.post('/' + form.hashid,
headers={'Referer': 'http://naive.com/hipopotamo', 'content-type': 'application/json'},
data=json.dumps({'name': 'alice'})
)
assert 'alice' in msend.call_args[1]['text']
client.post('/' + form.hashid,
headers={'Referer': 'http://www.naive.com/baleia/urso?w=2', 'content-type': 'application/json'},
data=json.dumps({'name': 'maria'})
)
assert 'maria' in msend.call_args[1]['text']
client.post('/' + form.hashid,
headers={'Referer': 'http://www.naive.com/', 'content-type': 'application/json'},
data=json.dumps({'name': 'laura'})
)
assert 'laura' in msend.call_args[1]['text']
# create a different form with the same email address, now using unprefixed url
r = client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': 'myüñìćõð€[email protected]',
'url': 'mysite.com',
'sitewide': 'true'})
)
resp = json.loads(r.data.decode('utf-8'))
