def app():
db_fd, db_path = tempfile.mkstemp()
app = create_app({
'TESTING': True,
'DATABASE': db_path,
})
with app.app_context():
init_db()
get_db().executescript(_data_sql)
yield app
os.close(db_fd)
os.unlink(db_path)
def get_doctor(id):
db = get_db()
doctor = db.execute('SELECT * FROM doctors WHERE id = ?', (id, ))
if doctor is None:
abort(404, 'Doctor id {} is invalid.'.format(id))
return doctor
def test_delete(client, auth, app):
auth.login()
response = client.post('/1/delete')
assert response.headers['Location'] == 'http://localhost/'
with app.app_context():
db = get_db()
post = db.execute('SELECT * FROM post WHERE id = 1').fetchone()
assert post is None
def test_update(client, auth, app):
auth.login()
assert client.get('/1/update').status_code == 200
client.post('/1/update', data={'title': 'updated', 'body': ''})
with app.app_context():
db = get_db()
post = db.execute('SELECT * FROM post WHERE id = 1').fetchone()
assert post['title'] == 'updated'
def test_create(client, auth, app):
auth.login()
assert client.get('/create').status_code == 200
client.post('/create', data={'title': 'created', 'body': ''})
with app.app_context():
db = get_db()
count = db.execute('SELECT COUNT(id) FROM post').fetchone()[0]
assert count == 2
def load_logged_in_user():
user_id = session.get('user_id')
login_type = session.get('login_type')
if user_id is None:
g.user = None
else:
if login_type == 'admin':
g.user = get_db().execute(
'SELECT * FROM administrators WHERE id = ?', (user_id,)
).fetchone()
elif login_type == 'patient':
g.user = get_db().execute(
'SELECT * FROM patients WHERE id = ?', (user_id,)
).fetchone()
else:
g.user = get_db().execute(
'SELECT * FROM doctors WHERE id = ?', (user_id,)
).fetchone()
def test_register(client, app):
assert client.get('/auth/register').status_code == 200
response = client.post(
'/auth/register', data={'username': '******', 'password': '******'}
)
assert 'http://localhost/auth/login' == response.headers['Location']
with app.app_context():
assert get_db().execute(
"select * from user where username = '******'",
).fetchone() is not None
def test_author_required(app, client, auth):
# change the post author to another user
with app.app_context():
db = get_db()
db.execute('UPDATE post SET author_id = 2 WHERE id = 1')
db.commit()
auth.login()
# current user can't modify other user's post
assert client.post('/1/update').status_code == 403
assert client.post('/1/delete').status_code == 403
# current user doesn't see edit link
assert b'href="/1/update"' not in client.get('/').data
def register_doctor():
if request.method == 'POST':
db = get_db()
error = None
first_name = request.form["first_name"]
last_name = request.form["last_name"]
password = request.form["password"]
email = request.form["email"]
phone_number = request.form["phone_number"]
gender = request.form["gender"]
field = request.form['field']
introduction = request.form['introduction']
date_of_birth = request.form['birthday']
date_of_join = request.form['date_of_join']
if not last_name or not first_name:
error = "name is required."
elif not password:
error = "password is required."
elif not email:
error = "email is required."
elif not phone_number:
error = "phone_number is required."
elif not gender:
error = "gender is required."
elif not field:
error = "field is required."
elif not date_of_birth:
error = "birthday is required."
elif not date_of_join:
error = "date of join is required."
if error is None:
db.execute(
'INSERT INTO doctors '
'(password, first_name, last_name, email, phone_number, gender, field, introduction, date_of_birth, date_of_join) VALUES'
'(?, ?, ?, ?, ?, ?, ?, ?, ?, ?)',
(generate_password_hash(password), first_name, last_name,
email, phone_number, gender, field, introduction,
date_of_birth, date_of_join))
db.commit()
return redirect(url_for('admin.register_doctor'))
flash(error)
# template not written
return render_template('/administrator.html')
def login():
if request.method == 'POST':
login_type = request.form['login_type']
email = request.form['email']
password = request.form['password']
db = get_db()
error = None
if login_type == 'patient':
user = db.execute(
'SELECT * FROM patients WHERE email = ?', (email,)
).fetchone()
elif login_type == 'admin':
user = db.execute(
'SELECT * FROM administrators WHERE email = ?', (email,)
).fetchone()
elif login_type == 'doctor':
user = db.execute(
'SELECT * FROM doctors WHERE email = ?', (email,)
).fetchone()
else:
error = 'Unknown type of user.'
flash(error)
return render_template('/auth/login.html')
if user is None:
error = 'Incorrect username.'
elif not check_password_hash(user['password'], password):
error = 'Incorrect password.'
if error is None:
session.clear()
session['user_id'] = user['id']
session['login_type'] = login_type
if login_type == 'admin':
return redirect(url_for('admin.register_doctor'))
elif login_type == 'patient':
return redirect(url_for('patient'))
else:
return redirect(url_for('doctor'))
flash(error)
return render_template('/auth/login.html')
def register():
if request.method == 'POST':
print(request.form)
register_type = request.form["register_type"]
db = get_db()
error = None
if register_type != 'admin' and register_type != 'patient':
error = 'please choose a correct type of user to register.'
flash(error)
return render_template('/auth/register.html')
first_name = request.form["first_name"]
last_name = request.form["last_name"]
password = request.form["password"]
repeat_password = request.form["repeat_password"]
email = request.form["email"]
phone_number = request.form["phone_number"]
gender = request.form["gender"]
if repeat_password != password:
error = "two passwords are not the same."
flash(error)
return render_template('/auth/register.html')
if register_type == "patient":
height = request.form["height"]
weight = request.form["weight"]
data_of_birth = request.form["birthday"]
emergency_contacts = request.form["emergency_contacts"]
if not first_name:
error = "first name is required."
elif not last_name:
error = "last name is required"
elif not password:
error = "password is required."
elif not email:
error = "email is required."
elif not phone_number:
error = "phone_number is required."
elif not gender:
error = "gender is required."
elif not height:
error = "height is required."
elif not weight:
error = "weight is required."
elif not data_of_birth:
error = "birthday is required."
elif db.execute('SELECT id FROM patients WHERE email = ?', (email, )).fetchone() is not None:
error = "Email {} has already registered.".format(email)
if error is None:
db.execute('INSERT INTO patients (last_name, first_name, password, email, phone_number, gender, height, weight, data_of_birth, emergency_contacts) VALUES '
'(?, ?, ?, ?, ?, ?, ?, ?, ?, ?)',
(last_name, first_name, generate_password_hash(password), email, phone_number, gender, height, weight, data_of_birth, emergency_contacts)
)
db.commit()
return redirect(url_for("auth.login"))
flash(error)
# return render_template('auth/register.html')
elif register_type == "admin":
secret_key = request.form["secret_key"]
if not check_password_hash(SECRET_KEY, secret_key):
error = "Wrong key, validation failed."
else:
if not last_name:
error = "last_name is required."
elif not first_name:
error = "first_name is required."
elif not password:
error = "password is required."
elif not email:
error = "email is required."
elif not phone_number:
error = "phone_number is required."
elif not gender:
error = "gender is required."
if error is None:
db.execute('INSERT INTO administrators (last_name, first_name, password, email, phone_number, gender) VALUES '
'(?, ?, ?, ?, ?, ?)',
(last_name, first_name, generate_password_hash(password), email, phone_number, gender)
)
db.commit()
return redirect(url_for('auth.login'))
flash(error)
return render_template('/auth/register.html')
def delete_doctor(id):
get_doctor(id)
db = get_db()
db.execute('DELETE FROM doctors WHERE id = ?', (id, ))
db.commit()
return redirect(url_for('admin.show_doctor'))
def show_doctor():
db = get_db()
all_doctors = db.execute('SELECT * FROM doctors').fetchall()
# template not written
return render_template('', all_doctors=all_doctors)
