async def test_register_failure( db: Connection, factory: Factory, quart_client, ): factory.user(conn=db) db.commit() response = await quart_client.post("/api/register", json={"nickname": "admin"}) assert response.status_code == 401
async def test_has_first_user_true( factory: Factory, db: Connection, quart_client, ): factory.user(conn=db) db.commit() response = await quart_client.get("/api/register/has-first-user") data = json.loads(await response.get_data()) assert data["hasFirstUser"]
def test_search_user(factory: Factory, db: Connection): usr, _ = factory.user(conn=db) unused_usr, _ = factory.user(conn=db) col1 = factory.collection(type=CollectionType.PERSONAL, user=usr, conn=db) col2 = factory.collection(type=CollectionType.PERSONAL, user=usr, conn=db) col3 = factory.collection(type=CollectionType.PERSONAL, user=unused_usr, conn=db) col4 = factory.collection(conn=db) cols = collection.search(db, user_ids=[usr.id]) ids = [c.id for c in cols] assert all(c.id in ids for c in [col1, col2]) assert not any(c.id in ids for c in [col3, col4])
def test_from_name_and_type(factory: Factory, db: Connection): usr1, _ = factory.user(conn=db) col1 = factory.collection( name="test", type=CollectionType.SYSTEM, user=usr1, conn=db ) usr2, _ = factory.user(conn=db) col2 = factory.collection( name="test", type=CollectionType.SYSTEM, user=usr2, conn=db ) factory.collection(name="other", type=CollectionType.COLLAGE, conn=db) cols = collection.from_name_and_type("test", CollectionType.SYSTEM, conn=db) assert {c.id for c in cols} == {col1.id, col2.id}
def test_update_user(factory: Factory, db: Connection): usr, _ = factory.user(conn=db) new_usr = user.update(usr, nickname="not admin", conn=db) assert new_usr.nickname == "not admin" assert new_usr == user.from_id(usr.id, db)
def test_create(factory: Factory, db: Connection): usr, _ = factory.user(conn=db) inv = invite.create(by_user=usr, conn=db) assert inv.created_by == usr.id new_inv = invite.from_id(inv.id, db) assert new_inv == inv
def test_search_user(factory: Factory, db: Connection): usr, _ = factory.user(conn=db) unused_usr, _ = factory.user(conn=db) ply1 = factory.playlist(type=PlaylistType.PERSONAL, user=usr, conn=db) ply2 = factory.playlist(type=PlaylistType.PERSONAL, user=usr, conn=db) ply3 = factory.playlist(type=PlaylistType.PERSONAL, user=unused_usr, conn=db) ply3 = factory.playlist(conn=db) plys = playlist.search(db, user_ids=[usr.id]) ids = [p.id for p in plys] assert all(p.id in ids for p in [ply1, ply2]) assert not any(p.id in ids for p in [ply3, ply3])
def test_update(factory: Factory, db: Connection): inv = factory.invite(conn=db) usr, _ = factory.user(conn=db) new_inv = invite.update(inv, used_by=usr, conn=db) assert new_inv.used_by == usr.id assert new_inv == invite.from_id(inv.id, db)
async def test_get_cover_bad_release_id(factory: Factory, db: Connection, quart_client): _, token = factory.user(conn=db) db.commit() response = await quart_client.authed_get("/api/files/images/999999", token=token) assert response.status_code == 404
def test_from_name_and_type(factory: Factory, db: Connection): usr1, _ = factory.user(conn=db) ply1 = factory.playlist(name="test", type=PlaylistType.SYSTEM, user=usr1, conn=db) usr2, _ = factory.user(conn=db) ply2 = factory.playlist(name="test", type=PlaylistType.SYSTEM, user=usr2, conn=db) factory.playlist(name="other", type=PlaylistType.PLAYLIST, conn=db) plys = playlist.from_name_and_type("test", PlaylistType.SYSTEM, conn=db) assert {p.id for p in plys} == {ply1.id, ply2.id}
def test_create_personal(factory: Factory, db: Connection): usr, _ = factory.user(conn=db) col = collection.create( "new collection", CollectionType.PERSONAL, user_id=usr.id, conn=db, ) assert col == collection.from_id(col.id, db)
def test_create_collage_with_user(factory: Factory, db: Connection): usr, _ = factory.user(conn=db) with pytest.raises(InvalidArgument): collection.create( "new collage", CollectionType.COLLAGE, user_id=usr.id, conn=db, )
def test_search_created_by(factory: Factory, db: Connection): usr, _ = factory.user(conn=db) invs_from_user = [factory.invite(by_user=usr, conn=db) for _ in range(2)] for _ in range(3): factory.invite(conn=db) invs = invite.search(db, created_by=usr.id) assert set(invs) == set(invs_from_user)
def test_create_general_with_user(factory: Factory, db: Connection): usr, _ = factory.user(conn=db) with pytest.raises(InvalidArgument): playlist.create( "new plylist", PlaylistType.PLAYLIST, user_id=usr.id, conn=db, )
def test_create_personal(factory: Factory, db: Connection): usr, _ = factory.user(conn=db) ply = playlist.create( "new plylist", PlaylistType.PERSONAL, user_id=usr.id, conn=db, ) assert ply == playlist.from_id(ply.id, db)
async def test_create_session(factory: Factory, db: Connection, quart_client): usr, token = factory.user(conn=db) db.commit() response = await quart_client.authed_post("/api/session", token=token) assert response.status_code == 201 data = json.loads(await response.get_data()) assert data["csrfToken"] == usr.csrf_token.hex() assert quart.session["user_id"] == usr.id
def test_create_invalid_type_override(factory: Factory, db: Connection): usr, _ = factory.user(conn=db) col = collection.create( "new collage", CollectionType.SYSTEM, user_id=usr.id, conn=db, override_immutable=True, ) assert col is not None
def test_create_invalid_type_override(factory: Factory, db: Connection): usr, _ = factory.user(conn=db) ply = playlist.create( "new playlist", PlaylistType.SYSTEM, user_id=usr.id, conn=db, override_immutable=True, ) assert ply is not None
async def test_register_second_user(db: Connection, factory: Factory, quart_client): factory.user(conn=db) inv = factory.invite(conn=db) db.commit() response = await quart_client.post( "/api/register", json={ "nickname": "new user", "inviteCode": inv.code.hex(), }, ) data = json.loads(await response.get_data()) assert data["token"] is not None usr = user.from_token(bytes.fromhex(data["token"]), db) assert usr is not None assert usr.id != 1 assert usr.nickname == "new user"
async def test_token_csrf_bypass( factory: Factory, db: Connection, check_csrf_app: Quart, quart_client, ): usr, token = factory.user(nickname="admin", conn=db) db.commit() response = await quart_client.authed_post("/testing", token=token) assert b"admin" == await response.get_data()
async def test_database_handler(factory: Factory, db: Connection, quart_app): usr, _ = factory.user(nickname="admin", conn=db) db.commit() async with quart_app.test_request_context("/", method="GET"): await quart_app.preprocess_request() cursor = quart.g.db.execute( "SELECT nickname FROM system__users WHERE id = ?", (usr.id, ), ) assert "admin" == cursor.fetchone()[0]
async def test_get_cover(factory: Factory, db: Connection, quart_client): path = Path.cwd() / "cover01.png" with path.open("wb") as f: f.write(b"owo") factory.mock_image(path=path, conn=db) _, token = factory.user(conn=db) db.commit() response = await quart_client.authed_get("/api/files/images/1", token=token) assert b"owo" == await response.get_data()
def test_insert_into_inbox_collection(factory: Factory, db: Connection): # Create two new inboxes. usr1, _ = factory.user(conn=db) usr2, _ = factory.user(conn=db) rls = factory.release(conn=db) _insert_into_inbox_collections(rls, db) inbox1 = collection.inbox_of(usr1.id, db) inbox2 = collection.inbox_of(usr2.id, db) assert rls in collection.releases(inbox1, db) assert rls in collection.releases(inbox2, db)
def test_generate_new_token(factory: Factory, db: Connection): usr, old_token = factory.user(conn=db) cursor = db.execute("SELECT token_hash FROM system__users WHERE id = 1") old_hash = cursor.fetchone()["token_hash"] new_token = user.new_token(usr, db) cursor = db.execute("SELECT token_hash FROM system__users WHERE id = 1") new_hash = cursor.fetchone()["token_hash"] assert not check_password_hash(old_hash, new_token.hex()) assert not check_password_hash(new_hash, old_token.hex()) assert check_password_hash(new_hash, new_token.hex())
async def test_session_csrf_failure( factory: Factory, db: Connection, check_csrf_app: Quart, quart_client, ): usr, _ = factory.user(conn=db) db.commit() async with quart_client.session_transaction() as sess: sess["user_id"] = usr.id response = await quart_client.post("/testing") assert response.status_code == 400
async def test_check_auth_session_success( factory: Factory, db: Connection, check_auth_app: Quart, quart_client, ): usr, _ = factory.user(nickname="admin", conn=db) db.commit() async with quart_client.session_transaction() as sess: sess["user_id"] = usr.id response = await quart_client.get("/testing") assert b"admin" == await response.get_data()
async def test_get_track_nonexistent_file( factory: Factory, db: Connection, quart_client, ): path = Path.cwd() / "nonexistent.flac" factory.track(filepath=path, conn=db) _, token = factory.user(conn=db) db.commit() response = await quart_client.authed_get("/api/files/tracks/1", token=token) assert response.status_code == 404
async def test_delete_session(factory: Factory, db: Connection, quart_client): usr, token = factory.user(conn=db) db.commit() async with quart_client.session_transaction() as sess: sess["user_id"] = usr.id response = await quart_client.authed_delete( "/api/session", token=token, headers={"X-CSRF-Token": usr.csrf_token.hex()}, ) assert b"success" == await response.get_data() assert quart.session == {}
async def test_get_track(factory: Factory, db: Connection, quart_client): path = Path.cwd() / "track01.flac" with path.open("wb") as f: f.write(b"owo") trk = factory.track(filepath=path, conn=db) _, token = factory.user(conn=db) db.commit() response = await quart_client.authed_get( f"/api/files/tracks/{trk.id}", token=token, ) assert b"owo" == await response.get_data()
async def test_delete_session_invalid_csrf( factory: Factory, db: Connection, quart_client, ): usr, token = factory.user(conn=db) db.commit() async with quart_client.session_transaction() as sess: sess["user_id"] = usr.id response = await quart_client.authed_delete( "/api/session", token=token, headers={"X-CSRF-Token": "99" * 32}, ) assert response.status_code == 400