def test_upgraded_user_access(self):
httpretty.register_uri(httpretty.POST, 'https://api.sendgrid.com/api/mail.send.json')
# register user
r = self.client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# create form
r = self.client.post('/forms',
headers={'Accept': 'application/json',
'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**'})
)
resp = json.loads(r.data)
form_endpoint = resp['random_like_string']
# manually confirm the form
form = Form.get_form_by_random_like_string(form_endpoint)
form.confirmed = True
DB.session.add(form)
DB.session.commit()
# submit form
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce', 'message': 'hi!'}
)
# test submissions endpoint (/forms/<random_like_string>/)
r = self.client.get('/forms/' + form_endpoint + '/',
headers={'Accept': 'application/json'})
submissions = json.loads(r.data)['submissions']
self.assertEqual(len(submissions), 1)
self.assertEqual(submissions[0]['name'], 'bruce')
self.assertEqual(submissions[0]['message'], 'hi!')
# test submissions endpoint with the user downgraded
user.upgraded = False
DB.session.add(user)
DB.session.commit()
r = self.client.get('/forms/' + form_endpoint + '/')
self.assertEqual(r.status_code, 402) # it should fail
# test submissions endpoint without a logged user
self.client.get('/logout')
r = self.client.get('/forms/' + form_endpoint + '/')
self.assertEqual(r.status_code, 302) # it should return a redirect (via @user_required)
def test_form_creation(self):
# register user
r = self.client.post('/register',
data={
'email': '*****@*****.**',
'password': '******'
})
self.assertEqual(r.status_code, 302)
self.assertEqual(r.location.endswith('/dashboard'), True)
self.assertEqual(1, User.query.count())
# fail to create form
r = self.client.post('/forms',
headers={'Content-type': 'application/json'},
data={'email': '*****@*****.**'})
self.assertEqual(r.status_code, 402)
self.assertIn('error', json.loads(r.data))
self.assertEqual(0, Form.query.count())
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# successfully create form
r = self.client.post('/forms',
headers={
'Accept': 'application/json',
'Content-type': 'application/json'
},
data=json.dumps({'email': '*****@*****.**'}))
resp = json.loads(r.data)
self.assertEqual(r.status_code, 200)
self.assertIn('submission_url', resp)
self.assertIn('random_like_string', resp)
form_endpoint = resp['random_like_string']
self.assertIn(resp['random_like_string'], resp['submission_url'])
self.assertEqual(1, Form.query.count())
self.assertEqual(
Form.query.first().id,
Form.get_form_by_random_like_string(resp['random_like_string']).id)
# post to form
httpretty.register_uri(httpretty.POST,
'https://api.sendgrid.com/api/mail.send.json')
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'})
self.assertIn("We've sent a link to your email", r.data)
self.assertIn('confirm+your+email', httpretty.last_request().body)
self.assertEqual(1, Form.query.count())
# confirm form
form = Form.query.first()
self.client.get(
'/confirm/%s:%s' %
(HASH(form.email, str(form.id)), form.get_random_like_string()))
self.assertTrue(Form.query.first().confirmed)
# send 5 forms (monthly limits should not apply to the upgraded user)
self.assertEqual(settings.MONTHLY_SUBMISSIONS_LIMIT, 2)
for i in range(5):
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={
'name': 'ana',
'submission': '__%s__' % i
})
form = Form.query.first()
self.assertEqual(form.counter, 5)
self.assertEqual(form.get_monthly_counter(), 5)
self.assertIn('ana', httpretty.last_request().body)
self.assertIn('__4__', httpretty.last_request().body)
self.assertNotIn('You+are+past+our+limit',
httpretty.last_request().body)
# try (and fail) to submit from a different host
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'bad.com'},
data={'name': 'usurper'})
self.assertEqual(r.status_code, 403)
self.assertIn(
'ana',
httpretty.last_request().body) # no more data is sent to sendgrid
self.assertIn('__4__', httpretty.last_request().body)
def test_upgraded_user_access(self):
httpretty.register_uri(httpretty.POST,
'https://api.sendgrid.com/api/mail.send.json')
# register user
r = self.client.post('/register',
data={
'email': '*****@*****.**',
'password': '******'
})
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# create form
r = self.client.post('/forms',
headers={
'Accept': 'application/json',
'Content-type': 'application/json'
},
data=json.dumps({'email': '*****@*****.**'}))
resp = json.loads(r.data)
form_endpoint = resp['random_like_string']
# manually confirm the form
form = Form.get_form_by_random_like_string(form_endpoint)
form.confirmed = True
DB.session.add(form)
DB.session.commit()
# submit form
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={
'name': 'bruce',
'message': 'hi!'
})
# test submissions endpoint (/forms/<random_like_string>/)
r = self.client.get('/forms/' + form_endpoint + '/',
headers={'Accept': 'application/json'})
submissions = json.loads(r.data)['submissions']
self.assertEqual(len(submissions), 1)
self.assertEqual(submissions[0]['name'], 'bruce')
self.assertEqual(submissions[0]['message'], 'hi!')
# test submissions endpoint with the user downgraded
user.upgraded = False
DB.session.add(user)
DB.session.commit()
r = self.client.get('/forms/' + form_endpoint + '/')
self.assertEqual(r.status_code, 402) # it should fail
# test submissions endpoint without a logged user
self.client.get('/logout')
r = self.client.get('/forms/' + form_endpoint + '/')
self.assertEqual(
r.status_code,
302) # it should return a redirect (via @user_required)
def test_form_creation(self):
# register user
r = self.client.post('/register',
data={'email': '*****@*****.**',
'password': '******'}
)
self.assertEqual(r.status_code, 302)
self.assertEqual(r.location.endswith('/dashboard'), True)
self.assertEqual(1, User.query.count())
# fail to create form
r = self.client.post('/forms',
headers={'Content-type': 'application/json'},
data={'email': '*****@*****.**'}
)
self.assertEqual(r.status_code, 402)
self.assertIn('error', json.loads(r.data))
self.assertEqual(0, Form.query.count())
# upgrade user manually
user = User.query.filter_by(email='*****@*****.**').first()
user.upgraded = True
DB.session.add(user)
DB.session.commit()
# successfully create form
r = self.client.post('/forms',
headers={'Accept': 'application/json', 'Content-type': 'application/json'},
data=json.dumps({'email': '*****@*****.**'})
)
resp = json.loads(r.data)
self.assertEqual(r.status_code, 200)
self.assertIn('submission_url', resp)
self.assertIn('random_like_string', resp)
form_endpoint = resp['random_like_string']
self.assertIn(resp['random_like_string'], resp['submission_url'])
self.assertEqual(1, Form.query.count())
self.assertEqual(Form.query.first().id, Form.get_form_by_random_like_string(resp['random_like_string']).id)
# post to form
httpretty.register_uri(httpretty.POST, 'https://api.sendgrid.com/api/mail.send.json')
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'bruce'}
)
self.assertIn("We've sent a link to your email", r.data)
self.assertIn('confirm+your+email', httpretty.last_request().body)
self.assertEqual(1, Form.query.count())
# confirm form
form = Form.query.first()
self.client.get('/confirm/%s:%s' % (HASH(form.email, str(form.id)), form.get_random_like_string()))
self.assertTrue(Form.query.first().confirmed)
# send 5 forms (monthly limits should not apply to the upgraded user)
self.assertEqual(settings.MONTHLY_SUBMISSIONS_LIMIT, 2)
for i in range(5):
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'formspree.io'},
data={'name': 'ana',
'submission': '__%s__' % i}
)
form = Form.query.first()
self.assertEqual(form.counter, 5)
self.assertEqual(form.get_monthly_counter(), 5)
self.assertIn('ana', httpretty.last_request().body)
self.assertIn('__4__', httpretty.last_request().body)
self.assertNotIn('You+are+past+our+limit', httpretty.last_request().body)
# try (and fail) to submit from a different host
r = self.client.post('/' + form_endpoint,
headers={'Referer': 'bad.com'},
data={'name': 'usurper'}
)
self.assertEqual(r.status_code, 403)
self.assertIn('ana', httpretty.last_request().body) # no more data is sent to sendgrid
self.assertIn('__4__', httpretty.last_request().body)
