def test_get_close_db(app): with app.app_context(): db = get_db() assert db is get_db() with pytest.raises(sqlite3.ProgrammingError) as e: db.execute('SELECT 1') assert 'closed' in str(e.value)
def app(): db_fd, db_path = tempfile.mkstemp() app = create_app({ 'TESTING': True, 'DATABASE': db_path, }) with app.app_context(): init_db() get_db().executescript(_data_sql) yield app os.close(db_fd) os.unlink(db_path)
def login(): if request.method == "POST": username = request.form.get("username") password = request.form.get("password") db = get_db() error = None #try to fetch the user user = db.execute('SELECT * FROM users WHERE username = ?', (username, )).fetchone() if user is None: error = "Username not found" elif not check_password_hash(user["password"], password): error = "Incorrect password" if error is None: session.clear() session["user_id"] = user["id"] return redirect(url_for("index")) flash(error) return render_template("auth/login.html")
def register(): if request.method == "POST": #then get the variables from the post username = request.form.get("username") password = request.form.get("password") db = get_db() #error handling error = None if not username: error = "Username required" elif not password: error = "Password required" elif db.execute('SELECT id FROM users WHERE username = ?', (username, )).fetchone() is not None: error = "User {} is already registered.".format(username) #if everything is fine, proceed if error is None: db.execute("INSERT INTO users (username, password) VALUES (?,?)", (username, generate_password_hash(password))) db.commit() return redirect(url_for("auth.login")) flash(error) return render_template("auth/register.html")
def index(): db = get_db() posts = db.execute( 'SELECT p.id, title, body, created, author_id, username' ' FROM posts p JOIN users u ON p.author_id = u.id' ' ORDER BY created DESC' ).fetchall() return render_template('blog/index.html', posts=posts)
def test_delete(client, auth, app): auth.login() response = client.post('/1/delete') assert response.headers['Location'] == 'http://localhost/' with app.app_context(): db = get_db() post = db.execute('SELECT * FROM posts WHERE id = 1').fetchone() assert post is None
def test_update(client, auth, app): auth.login() assert client.get('/1/update').status_code == 200 client.post('/1/update', data={'title': 'updated', 'body': ''}) with app.app_context(): db = get_db() post = db.execute('SELECT * FROM posts WHERE id = 1').fetchone() assert post['title'] == 'updated'
def test_create(client, auth, app): auth.login() assert client.get('/create').status_code == 200 client.post('/create', data={'title': 'created', 'body': ''}) with app.app_context(): db = get_db() count = db.execute('SELECT COUNT(id) FROM posts').fetchone()[0] assert count == 2
def load_logged_in_user(): """ - This function runs before the view function no matter what url is requested. - It checks if user id is stored in the session and gets that user's data from the db and stores it in g.user which lasts for the duration of the request. """ user_id = session.get("user_id") if user_id is None: g.user = None else: g.user = get_db().execute("SELECT * FROM users WHERE id = ?", (user_id, )).fetchone()
def test_register(client, app): assert client.get('/auth/register').status_code == 200 response = client.post('/auth/register', data={ 'username': '******', 'password': '******' }) assert 'http://localhost/auth/login' == response.headers['Location'] with app.app_context(): assert get_db().execute("select * from users where username = '******'", ).fetchone() is not None
def test_author_required(app, client, auth): # change the post author to another user with app.app_context(): db = get_db() db.execute('UPDATE posts SET author_id = 2 WHERE id = 1') db.commit() auth.login() # current user can't modify other user's post assert client.post('/1/update').status_code == 403 assert client.post('/1/delete').status_code == 403 # current user doesn't see edit link assert b'href="/1/update"' not in client.get('/').data
def get_post(id, check_author=True): post = get_db().execute( 'SELECT p.id, title, body, created, author_id, username' ' FROM posts p JOIN users u ON p.author_id = u.id' ' WHERE p.id = ?', (id,) ).fetchone() if post is None: abort(404, "Post id {0} doesn't exist.".format(id)) if check_author and post['author_id'] != g.user['id']: abort(403) return post
def create(): if request.method == 'POST': title = request.form['title'] body = request.form['body'] error = None if not title: error = 'Title is required.' if error is not None: flash(error) else: db = get_db() db.execute( 'INSERT INTO posts (title, body, author_id)' ' VALUES (?, ?, ?)', (title, body, g.user['id']) ) db.commit() return redirect(url_for('blog.index')) return render_template('blog/create.html')
def update(id): post = get_post(id) if request.method == 'POST': title = request.form['title'] body = request.form['body'] error = None if not title: error = 'Title is required.' if error is not None: flash(error) else: db = get_db() db.execute( 'UPDATE posts SET title = ?, body = ?' ' WHERE id = ?', (title, body, id) ) db.commit() return redirect(url_for('blog.index')) return render_template('blog/update.html', post=post)
def delete(id): get_post(id) db = get_db() db.execute('DELETE FROM post WHERE id = ?', (id,)) db.commit() return redirect(url_for('blog.index'))