def test_reply_to_restricted_notes(app):
user1 = db_utils.create_user(username='******')
user2 = db_utils.create_user(username='******')
session1 = db_utils.create_session(user1)
session2 = db_utils.create_session(user2)
d.engine.execute(
"UPDATE profile SET config = config || 'z' WHERE userid = %(user)s",
user=user1)
def try_send(status):
app.post('/notes/compose', {
'recipient': 'user1',
'title': 'Title',
'content': 'Content',
},
headers={'Cookie': session2},
status=status)
try_send(422)
app.post('/notes/compose', {
'recipient': 'user2',
'title': 'Title',
'content': 'Content',
},
headers={'Cookie': session1},
status=303)
try_send(303)
def test_reply_when_blocked(app):
user1 = db_utils.create_user(username='******')
user2 = db_utils.create_user(username='******')
session1 = db_utils.create_session(user1)
session2 = db_utils.create_session(user2)
app.post('/notes/compose', {
'recipient': 'user2',
'title': 'Title',
'content': 'Content',
}, headers={'Cookie': session1}, status=303)
app.post('/ignoreuser', {
'userid': str(user2),
'action': 'ignore',
}, headers={'Cookie': session1}, status=303)
def try_send(status):
app.post('/notes/compose', {
'recipient': 'user1',
'title': 'Title',
'content': 'Content',
}, headers={'Cookie': session2}, status=status)
try_send(422)
d.engine.execute("UPDATE profile SET config = config || 'z' WHERE userid = %(user)s", user=user1)
try_send(422)
def test_create_notifications(app, monkeypatch):
admin_user = db_utils.create_user()
normal_user = db_utils.create_user()
admin_cookie = db_utils.create_session(admin_user)
monkeypatch.setattr(staff, 'ADMINS', frozenset([admin_user]))
resp = app.post('/admincontrol/siteupdate', _FORM, headers={'Cookie': admin_cookie}).follow()
assert resp.html.find(None, 'content').h3.string == _FORM['title']
normal_cookie = db_utils.create_session(normal_user)
resp = app.get('/messages/notifications', headers={'Cookie': normal_cookie})
assert list(resp.html.find(id='header-messages').find(title='Notifications').stripped_strings)[1] == '1'
assert resp.html.find(id='site_updates').find(None, 'item').a.string == _FORM['title']
def test_create_notifications(app, monkeypatch):
admin_user = db_utils.create_user()
normal_user = db_utils.create_user()
admin_cookie = db_utils.create_session(admin_user)
monkeypatch.setattr(staff, 'ADMINS', frozenset([admin_user]))
resp = app.post('/admincontrol/siteupdate', _FORM, headers={'Cookie': admin_cookie}).follow()
assert resp.html.find(None, 'content').h3.string == _FORM['title']
normal_cookie = db_utils.create_session(normal_user)
resp = app.get('/messages/notifications', headers={'Cookie': normal_cookie})
assert list(resp.html.find(id='header-messages').find(title='Notifications').stripped_strings)[1] == '1'
assert resp.html.find(id='site_updates').find(None, 'item').a.string == _FORM['title']
def test_create(app, monkeypatch):
user = db_utils.create_user()
cookie = db_utils.create_session(user)
monkeypatch.setattr(staff, 'ADMINS', frozenset([user]))
resp = app.post('/admincontrol/siteupdate', _FORM, headers={'Cookie': cookie}).follow()
assert resp.html.find(None, 'content').h3.string == _FORM['title']
def test_create_csrf(app, monkeypatch):
user = db_utils.create_user()
cookie = db_utils.create_session(user)
monkeypatch.setattr(staff, 'ADMINS', frozenset([user]))
resp = app.post('/admincontrol/siteupdate', _FORM, headers={'Cookie': cookie}, status=403)
assert resp.html.find(id='error_content').p.string == errorcode.token
def test_block_user_homepage(app):
"""
Assert that changes to blocked users apply to the home page immediately.
"""
submitting_user1 = db_utils.create_user()
submitting_user2 = db_utils.create_user()
viewing_user = db_utils.create_user()
db_utils.create_submission(submitting_user1, rating=ratings.GENERAL.code, subtype=1010)
db_utils.create_submission(submitting_user2, rating=ratings.GENERAL.code, subtype=1010)
cookie = db_utils.create_session(viewing_user)
resp = app.get('/', headers={'Cookie': cookie})
assert len(resp.html.select('#home-art .thumb')) == 2
app.post('/ignoreuser',
{'userid': str(submitting_user1), 'action': 'ignore'},
headers={'Cookie': cookie}, status=303)
resp = app.get('/', headers={'Cookie': cookie})
assert len(resp.html.select('#home-art .thumb')) == 1
app.post('/ignoreuser',
{'userid': str(submitting_user1), 'action': 'unignore'},
headers={'Cookie': cookie}, status=303)
resp = app.get('/', headers={'Cookie': cookie})
assert len(resp.html.select('#home-art .thumb')) == 2
def test_blacklist_homepage(app):
"""
Assert that changes to the blacklist apply to the home page immediately.
"""
submitting_user = db_utils.create_user()
viewing_user = db_utils.create_user()
tag1 = db_utils.create_tag('walrus')
tag2 = db_utils.create_tag('penguin')
s1 = db_utils.create_submission(submitting_user, rating=ratings.GENERAL.code, subtype=1010)
db_utils.create_submission_tag(tag1, s1)
s2 = db_utils.create_submission(submitting_user, rating=ratings.GENERAL.code, subtype=1010)
db_utils.create_submission_tag(tag2, s2)
cookie = db_utils.create_session(viewing_user)
resp = app.get('/', headers={'Cookie': cookie})
assert len(resp.html.select('#home-art .thumb')) == 2
app.post('/manage/tagfilters',
{'title': 'walrus', 'rating': str(ratings.GENERAL.code), 'do': 'create'},
headers={'Cookie': cookie}, status=303)
resp = app.get('/', headers={'Cookie': cookie})
assert len(resp.html.select('#home-art .thumb')) == 1
app.post('/manage/tagfilters',
{'title': 'walrus', 'rating': str(ratings.GENERAL.code), 'do': 'remove'},
headers={'Cookie': cookie}, status=303)
resp = app.get('/', headers={'Cookie': cookie})
assert len(resp.html.select('#home-art .thumb')) == 2
def test_edit_validation(app, monkeypatch, site_updates):
_, updates = site_updates
user = db_utils.create_user()
cookie = db_utils.create_session(user)
monkeypatch.setattr(staff, 'ADMINS', frozenset([user]))
resp = app.post('/site-updates/%d' % (updates[-1].updateid, ), {
'title': u'',
'content': u'Content'
},
headers={'Cookie': cookie},
status=422)
assert resp.html.find(
id='error_content'
).p.string == errorcode.error_messages['titleInvalid']
resp = app.post('/site-updates/%d' % (updates[-1].updateid, ), {
'title': u'Title',
'content': u''
},
headers={'Cookie': cookie},
status=422)
assert resp.html.find(
id='error_content'
).p.string == errorcode.error_messages['contentInvalid']
def test_edit_restricted(app, monkeypatch, site_updates):
_, updates = site_updates
resp = app.get('/site-updates/%d/edit' % (updates[-1].updateid,), status=403)
assert resp.html.find(id='error_content').p.text.strip() == errorcode.unsigned
resp = app.post('/site-updates/%d' % (updates[-1].updateid,), _FORM, status=403)
assert resp.html.find(id='error_content').p.text.strip() == errorcode.unsigned
user = db_utils.create_user()
cookie = db_utils.create_session(user)
resp = app.get('/site-updates/%d/edit' % (updates[-1].updateid,), headers={'Cookie': cookie}, status=403)
assert resp.html.find(id='error_content').p.text.strip() == errorcode.permission
resp = app.post('/site-updates/%d' % (updates[-1].updateid,), _FORM, headers={'Cookie': cookie}, status=403)
assert resp.html.find(id='error_content').p.text.strip() == errorcode.permission
monkeypatch.setattr(staff, 'TECHNICAL', frozenset([user]))
monkeypatch.setattr(staff, 'MODS', frozenset([user]))
resp = app.get('/site-updates/%d/edit' % (updates[-1].updateid,), headers={'Cookie': cookie}, status=403)
assert resp.html.find(id='error_content').p.text.strip() == errorcode.permission
resp = app.post('/site-updates/%d' % (updates[-1].updateid,), _FORM, headers={'Cookie': cookie}, status=403)
assert resp.html.find(id='error_content').p.text.strip() == errorcode.permission
monkeypatch.setattr(staff, 'ADMINS', frozenset([user]))
resp = app.get('/site-updates/%d/edit' % (updates[-1].updateid,), headers={'Cookie': cookie})
assert resp.html.find(id='error_content') is None
def test_create_restricted(app, monkeypatch):
resp = app.get('/admincontrol/siteupdate', status=403)
assert resp.html.find(id='error_content').p.text.strip() == errorcode.unsigned
resp = app.post('/admincontrol/siteupdate', _FORM, status=403)
assert resp.html.find(id='error_content').p.text.strip() == errorcode.unsigned
user = db_utils.create_user()
cookie = db_utils.create_session(user)
resp = app.get('/admincontrol/siteupdate', headers={'Cookie': cookie}, status=403)
assert resp.html.find(id='error_content').p.text.strip() == errorcode.permission
resp = app.post('/admincontrol/siteupdate', _FORM, headers={'Cookie': cookie}, status=403)
assert resp.html.find(id='error_content').p.text.strip() == errorcode.permission
monkeypatch.setattr(staff, 'TECHNICAL', frozenset([user]))
monkeypatch.setattr(staff, 'MODS', frozenset([user]))
resp = app.get('/admincontrol/siteupdate', headers={'Cookie': cookie}, status=403)
assert resp.html.find(id='error_content').p.text.strip() == errorcode.permission
resp = app.post('/admincontrol/siteupdate', _FORM, headers={'Cookie': cookie}, status=403)
assert resp.html.find(id='error_content').p.text.strip() == errorcode.permission
monkeypatch.setattr(staff, 'ADMINS', frozenset([user]))
resp = app.get('/admincontrol/siteupdate', headers={'Cookie': cookie})
assert resp.html.find(id='error_content') is None
def test_create_restricted(app, monkeypatch):
resp = app.get('/admincontrol/siteupdate')
assert resp.html.find(id='error_content').contents[0].strip() == errorcode.unsigned
resp = app.post('/admincontrol/siteupdate', _FORM)
assert resp.html.find(id='error_content').contents[0].strip() == errorcode.unsigned
user = db_utils.create_user()
cookie = db_utils.create_session(user)
resp = app.get('/admincontrol/siteupdate', headers={'Cookie': cookie})
assert resp.html.find(id='error_content').p.string == errorcode.permission
resp = app.post('/admincontrol/siteupdate', _FORM, headers={'Cookie': cookie})
assert resp.html.find(id='error_content').p.string == errorcode.permission
monkeypatch.setattr(staff, 'TECHNICAL', frozenset([user]))
monkeypatch.setattr(staff, 'MODS', frozenset([user]))
resp = app.get('/admincontrol/siteupdate', headers={'Cookie': cookie})
assert resp.html.find(id='error_content').p.string == errorcode.permission
resp = app.post('/admincontrol/siteupdate', _FORM, headers={'Cookie': cookie})
assert resp.html.find(id='error_content').p.string == errorcode.permission
monkeypatch.setattr(staff, 'ADMINS', frozenset([user]))
resp = app.get('/admincontrol/siteupdate', headers={'Cookie': cookie})
assert resp.html.find(id='error_content') is None
def test_profile_user(app):
user = db_utils.create_user(config=CharSettings(
frozenset(), {}, {'tagging-level': 'max-rating-mature'}))
cookie = db_utils.create_session(user)
resp = app.get('/~journal_test', headers={'Cookie': cookie})
assert resp.html.find(id='user-journal').h4.string == u'Restricted journal'
def test_profile_friend(app, journal_user):
user = db_utils.create_user()
cookie = db_utils.create_session(user)
db_utils.create_friendship(user, journal_user)
resp = app.get('/~journal_test', headers={'Cookie': cookie})
assert resp.html.find(id='user-journal').h4.string == u'Recent journal'
def test_profile_friend(app, journal_user):
user = db_utils.create_user()
cookie = db_utils.create_session(user)
db_utils.create_friendship(user, journal_user)
resp = app.get('/~journal_test', headers={'Cookie': cookie})
assert resp.html.find(id='user-journal').h4.string == u'Recent journal'
def test_edit_restricted(app, monkeypatch, site_updates):
_, updates = site_updates
resp = app.get('/site-updates/%d/edit' % (updates[-1].updateid,))
assert resp.html.find(id='error_content').contents[0].strip() == errorcode.unsigned
resp = app.post('/site-updates/%d' % (updates[-1].updateid,), _FORM)
assert resp.html.find(id='error_content').contents[0].strip() == errorcode.unsigned
user = db_utils.create_user()
cookie = db_utils.create_session(user)
resp = app.get('/site-updates/%d/edit' % (updates[-1].updateid,), headers={'Cookie': cookie})
assert resp.html.find(id='error_content').p.string == errorcode.permission
resp = app.post('/site-updates/%d' % (updates[-1].updateid,), _FORM, headers={'Cookie': cookie})
assert resp.html.find(id='error_content').p.string == errorcode.permission
monkeypatch.setattr(staff, 'TECHNICAL', frozenset([user]))
monkeypatch.setattr(staff, 'MODS', frozenset([user]))
resp = app.get('/site-updates/%d/edit' % (updates[-1].updateid,), headers={'Cookie': cookie})
assert resp.html.find(id='error_content').p.string == errorcode.permission
resp = app.post('/site-updates/%d' % (updates[-1].updateid,), _FORM, headers={'Cookie': cookie})
assert resp.html.find(id='error_content').p.string == errorcode.permission
monkeypatch.setattr(staff, 'ADMINS', frozenset([user]))
resp = app.get('/site-updates/%d/edit' % (updates[-1].updateid,), headers={'Cookie': cookie})
assert resp.html.find(id='error_content') is None
def test_create(app, journal_user):
cookie = db_utils.create_session(journal_user)
app.post('/submit/journal', {'title': u'Created journal', 'rating': '10', 'content': u'A journal'}, headers={'Cookie': cookie})
resp = app.get('/~journal_test')
assert resp.html.find(id='user-journal').h4.string == u'Created journal'
def test_create(app, monkeypatch):
user = db_utils.create_user()
cookie = db_utils.create_session(user)
monkeypatch.setattr(staff, 'ADMINS', frozenset([user]))
resp = app.post('/admincontrol/siteupdate', _FORM, headers={'Cookie': cookie}).follow()
assert resp.html.find(None, 'content').h3.string == _FORM['title']
def test_create_csrf(app, monkeypatch):
user = db_utils.create_user()
cookie = db_utils.create_session(user)
monkeypatch.setattr(staff, 'ADMINS', frozenset([user]))
resp = app.post('/admincontrol/siteupdate', _FORM, headers={'Cookie': cookie}, status=403)
assert resp.html.find(id='error_content').p.string == errorcode.token
def test_visual_reupload_thumbnail_and_cover(app, submission_user):
# resized to be larger than COVER_SIZE so a cover is created
with BytesIO() as f:
read_asset_image('img/wesley1.png').resize(
(2200, 200)).save(f, format='PNG')
wesley1_large = webtest.Upload('wesley1.png', f.getvalue(),
'image/png')
with BytesIO() as f:
read_asset_image('img/help/wesley-jumpingtext.png').resize(
(2200, 100)).save(f, format='PNG')
wesley2_large = webtest.Upload('wesley-jumpingtext.png', f.getvalue(),
'image/png')
cookie = db_utils.create_session(submission_user)
# Create submission 1 with image 1
v1 = create_visual(app, submission_user, submitfile=wesley1_large)
# Reupload submission 1 with image 2
app.post('/reupload/submission', {
'targetid': u'%i' % (v1, ),
'submitfile': wesley2_large,
},
headers={
'Cookie': cookie
}).follow()
[thumb] = app.get('/~submissiontest').html.select('#user-thumbs img')
v1_new_thumbnail_url = thumb['src']
v1_new_cover_url = app.get('/~submissiontest/submissions/%i/test-title' %
(v1, )).html.find(id='detail-art').img['src']
# Remove submission 1, so uploading a duplicate image is allowed
app.post('/remove/submission', {
'submitid': u'%i' % (v1, ),
},
headers={
'Cookie': cookie
}).follow(headers={'Cookie': cookie})
# Upload submission 2 with image 2
v2 = create_visual(
app,
submission_user,
submitfile=wesley2_large,
)
[thumb] = app.get('/~submissiontest').html.select('#user-thumbs img')
v2_thumbnail_url = thumb['src']
v2_cover_url = app.get('/~submissiontest/submissions/%i/test-title' %
(v2, )).html.find(id='detail-art').img['src']
# The reupload of submission 1 should look like submission 2
assert _image_hash(
read_storage_image(v1_new_thumbnail_url)) == _image_hash(
read_storage_image(v2_thumbnail_url))
assert _image_hash(read_storage_image(v2_cover_url)) == _image_hash(
read_storage_image(v1_new_cover_url))
def test_edit_nonexistent(app, monkeypatch, site_updates):
_, updates = site_updates
user = db_utils.create_user()
cookie = db_utils.create_session(user)
monkeypatch.setattr(staff, 'ADMINS', frozenset([user]))
app.post('/site-updates/%d' % (updates[-1].updateid + 1,), _FORM, headers={'Cookie': cookie}, status=404)
def test_edit_nonexistent(app, monkeypatch, site_updates):
_, updates = site_updates
user = db_utils.create_user()
cookie = db_utils.create_session(user)
monkeypatch.setattr(staff, 'ADMINS', frozenset([user]))
app.post('/site-updates/%d' % (updates[-1].updateid + 1,), _FORM, headers={'Cookie': cookie}, status=404)
def test_edit_csrf(app, monkeypatch, site_updates):
_, updates = site_updates
user = db_utils.create_user()
cookie = db_utils.create_session(user)
monkeypatch.setattr(staff, 'ADMINS', frozenset([user]))
resp = app.post('/site-updates/%d' % (updates[-1].updateid,), _FORM, headers={'Cookie': cookie}, status=403)
assert resp.html.find(id='error_content').p.string == errorcode.token
def create_visual(app, user, **kwargs):
cookie = db_utils.create_session(user)
form = dict(BASE_VISUAL_FORM, **kwargs)
resp = app.post('/submit/visual', form, headers={
'Cookie': cookie
}).maybe_follow(headers={'Cookie': cookie})
submitid = int(resp.html.find('input', {'name': 'submitid'})['value'])
return submitid
def test_edit_csrf(app, monkeypatch, site_updates):
_, updates = site_updates
user = db_utils.create_user()
cookie = db_utils.create_session(user)
monkeypatch.setattr(staff, 'ADMINS', frozenset([user]))
resp = app.post('/site-updates/%d' % (updates[-1].updateid,), _FORM, headers={'Cookie': cookie}, status=403)
assert resp.html.find(id='error_content').p.text.strip() == errorcode.token
def test_edit(app, monkeypatch, site_updates):
_, updates = site_updates
user = db_utils.create_user()
cookie = db_utils.create_session(user)
monkeypatch.setattr(staff, 'ADMINS', frozenset([user]))
resp = app.post('/site-updates/%d' % (updates[-1].updateid,), _FORM, headers={'Cookie': cookie}).follow()
assert resp.html.find(None, 'content').h3.string == _FORM['title']
def test_edit(app, monkeypatch, site_updates):
_, updates = site_updates
user = db_utils.create_user()
cookie = db_utils.create_session(user)
monkeypatch.setattr(staff, 'ADMINS', frozenset([user]))
resp = app.post('/site-updates/%d' % (updates[-1].updateid,), _FORM, headers={'Cookie': cookie}).follow()
assert resp.html.find(None, 'content').h3.string == _FORM['title']
def test_owner_reupload(character_user, character):
cookie = db_utils.create_session(character_user)
resp = app.post('/reupload/character', {
'targetid': str(character),
'submitfile': webtest.Upload('wesley', _static('images/wesley-draw.png'), 'image/png'),
}, headers={'Cookie': cookie}).follow()
image_url = resp.html.find(id='detail-art').a['href']
assert _read_character_image(image_url).tobytes() == _read_static_image('images/wesley-draw.png').tobytes()
def test_create_validation(app, monkeypatch):
user = db_utils.create_user()
cookie = db_utils.create_session(user)
monkeypatch.setattr(staff, 'ADMINS', frozenset([user]))
resp = app.post('/admincontrol/siteupdate', {'title': u'', 'content': u'Content'}, headers={'Cookie': cookie}, status=422)
assert resp.html.find(id='error_content').p.text.strip() == errorcode.error_messages['titleInvalid']
resp = app.post('/admincontrol/siteupdate', {'title': u'Title', 'content': u''}, headers={'Cookie': cookie}, status=422)
assert resp.html.find(id='error_content').p.text.strip() == errorcode.error_messages['contentInvalid']
def test_create_validation(app, monkeypatch):
user = db_utils.create_user()
cookie = db_utils.create_session(user)
monkeypatch.setattr(staff, 'ADMINS', frozenset([user]))
resp = app.post('/admincontrol/siteupdate', {'title': u'', 'content': u'Content'}, headers={'Cookie': cookie}, status=422)
assert resp.html.find(id='error_content').p.string == errorcode.error_messages['titleInvalid']
resp = app.post('/admincontrol/siteupdate', {'title': u'Title', 'content': u''}, headers={'Cookie': cookie}, status=422)
assert resp.html.find(id='error_content').p.string == errorcode.error_messages['contentInvalid']
def test_owner_edit_details(character_user, character):
cookie = db_utils.create_session(character_user)
form = dict(
_BASE_FORM,
charid=str(character),
title=u'Edited name',
)
resp = app.post('/edit/character', form, headers={'Cookie': cookie}).follow()
assert resp.html.find(id='detail-bar-title').string == u'Edited name'
def test_edit_validation(app, monkeypatch, site_updates):
_, updates = site_updates
user = db_utils.create_user()
cookie = db_utils.create_session(user)
monkeypatch.setattr(staff, 'ADMINS', frozenset([user]))
resp = app.post('/site-updates/%d' % (updates[-1].updateid,), {'title': u'', 'content': u'Content'}, headers={'Cookie': cookie}, status=422)
assert resp.html.find(id='error_content').p.string == errorcode.error_messages['titleInvalid']
resp = app.post('/site-updates/%d' % (updates[-1].updateid,), {'title': u'Title', 'content': u''}, headers={'Cookie': cookie}, status=422)
assert resp.html.find(id='error_content').p.string == errorcode.error_messages['contentInvalid']
def _character(db, character_user, no_csrf):
cookie = db_utils.create_session(character_user)
form = dict(
_BASE_FORM,
submitfile=webtest.Upload('wesley', _static('images/wesley1.png'), 'image/png'),
)
resp = app.post('/submit/character', form, headers={'Cookie': cookie}).follow(headers={'Cookie': cookie})
charid = int(resp.html.find('input', {'name': 'charid'})['value'])
return charid
def test_csrf_on_journal_edit(app, journal_user):
# Test purpose: Verify that a CSRF token is required to submit a journal entry.
cookie = db_utils.create_session(journal_user)
journalid = db_utils.create_journal(journal_user, "Test", content="Test")
resp = app.post(
'/edit/journal',
{'title': u'Created journal', 'rating': '10', 'content': u'A journal', 'journalid': journalid},
headers={'Cookie': cookie},
status=403,
)
assert resp.html.find(id='error_content').p.text.startswith(u"This action appears to have been performed illegitimately")
def test_create(app, journal_user):
cookie = db_utils.create_session(journal_user)
app.post('/submit/journal', {
'title': u'Created journal',
'rating': '10',
'content': u'A journal'
},
headers={'Cookie': cookie})
resp = app.get('/~journal_test')
assert resp.html.find(id='user-journal').h4.string == u'Created journal'
def test_list(app, monkeypatch, site_updates):
_, updates = site_updates
resp = app.get('/site-updates/')
assert len(resp.html.findAll(None, 'text-post-item')) == 3
assert resp.html.find(None, 'text-post-actions') is None
assert len(resp.html.findAll(None, 'text-post-group-header')) == 1
user = db_utils.create_user()
cookie = db_utils.create_session(user)
monkeypatch.setattr(staff, 'ADMINS', frozenset([user]))
resp = app.get('/site-updates/', headers={'Cookie': cookie})
assert len(resp.html.findAll(None, 'text-post-item')) == 3
assert resp.html.find(None, 'text-post-actions').a['href'] == '/site-updates/%d/edit' % (updates[-1].updateid,)
def test_owner_edit_details(app, character_user, character):
cookie = db_utils.create_session(character_user)
form = dict(
_BASE_FORM,
charid=str(character),
title=u'Edited name',
)
resp = app.post('/edit/character', form, headers={
'Cookie': cookie
}).follow()
assert resp.html.find(id='detail-bar-title').string == u'Edited name'
def test_list(app, monkeypatch, site_updates):
_, updates = site_updates
resp = app.get('/site-updates/')
assert len(resp.html.findAll(None, 'text-post-item')) == 3
assert resp.html.find(None, 'text-post-actions') is None
assert len(resp.html.findAll(None, 'text-post-group-header')) == 1
user = db_utils.create_user()
cookie = db_utils.create_session(user)
monkeypatch.setattr(staff, 'ADMINS', frozenset([user]))
resp = app.get('/site-updates/', headers={'Cookie': cookie})
assert len(resp.html.findAll(None, 'text-post-item')) == 3
assert resp.html.find(None, 'text-post-actions').a['href'] == '/site-updates/%d/edit' % (updates[-1].updateid,)
def _character(app, db, character_user, no_csrf):
cookie = db_utils.create_session(character_user)
form = dict(
_BASE_FORM,
submitfile=webtest.Upload('wesley', read_asset('img/wesley1.png'),
'image/png'),
)
resp = app.post('/submit/character', form, headers={
'Cookie': cookie
}).follow(headers={'Cookie': cookie})
charid = int(resp.html.find('input', {'name': 'charid'})['value'])
return charid
def test_create_folders(app):
user = db_utils.create_user(username="******")
app.set_cookie(*db_utils.create_session(user).split("=", 1))
resp = app.get("/manage/folders")
form = resp.forms["create-folder"]
form["title"] = "Test folder 1"
form["parentid"] = "0"
form.submit()
form["title"] = "Test folder 3"
form.submit()
form["title"] = "Test folder 1.2"
form.submit()
form["title"] = "Test folder 2"
form.submit()
resp = app.get("/manage/folders")
form = resp.forms["create-folder"]
form["title"] = "Test folder 1.1"
form["parentid"].select(text="Test folder 1")
form.submit()
resp = app.get("/manage/folders")
form = resp.forms["move-folder"]
form["folderid"].select(text="Test folder 1.2")
form["parentid"].select(text="Test folder 1")
form.submit()
resp = app.get("/submissions/foldertest")
folders = resp.html.find("h3", string="Folders").find_next_siblings("p")
assert len(folders) == 5
assert folders[0].get(
"style") is None and folders[0].text == "Test folder 1"
assert folders[1].get("style") == "margin-left:15px;" and folders[
1].text == "Test folder 1.1"
assert folders[2].get("style") == "margin-left:15px;" and folders[
2].text == "Test folder 1.2"
assert folders[3].get(
"style") is None and folders[3].text == "Test folder 2"
assert folders[4].get(
"style") is None and folders[4].text == "Test folder 3"
def test_owner_reupload(app, character_user, character):
cookie = db_utils.create_session(character_user)
resp = app.post('/reupload/character', {
'targetid':
str(character),
'submitfile':
webtest.Upload('wesley', read_asset('img/help/wesley-draw.png'),
'image/png'),
},
headers={
'Cookie': cookie
}).follow()
image_url = resp.html.find(id='detail-art').a['href']
assert _read_character_image(image_url).tobytes() == read_asset_image(
'img/help/wesley-draw.png').tobytes()
def test_csrf_on_journal_edit(app, journal_user):
# Test purpose: Verify that a CSRF token is required to submit a journal entry.
cookie = db_utils.create_session(journal_user)
journalid = db_utils.create_journal(journal_user, "Test", content="Test")
resp = app.post(
'/edit/journal',
{
'title': u'Created journal',
'rating': '10',
'content': u'A journal',
'journalid': journalid
},
headers={'Cookie': cookie},
status=403,
)
assert resp.html.find(id='error_content').p.text.startswith(
u"This action appears to have been performed illegitimately")
def test_folder_navigation_sfw_mode(app, submission_user):
"""
Test that a user’s own submissions are still hidden in SFW mode when rated above their configured SFW mode rating.
"""
app.set_cookie(*db_utils.create_session(submission_user).split("=", 1))
s1 = db_utils.create_submission(submission_user,
rating=ratings.GENERAL.code)
s2 = db_utils.create_submission(submission_user,
rating=ratings.MATURE.code)
s3 = db_utils.create_submission(submission_user,
rating=ratings.GENERAL.code)
assert app.get(f"/~submissiontest/submissions/{s1}/test-title").html.find(
id='folder-nav-next'
)['href'] == f"/~submissiontest/submissions/{s2}/test-title"
app.set_cookie('sfwmode', 'sfw')
assert app.get(f"/~submissiontest/submissions/{s1}/test-title").html.find(
id='folder-nav-next'
)['href'] == f"/~submissiontest/submissions/{s3}/test-title"
def test_animated_gif_and_clear(app, submission_user):
app.set_cookie(*db_utils.create_session(submission_user).split("=", 1))
form = app.get('/manage/avatar').forms['upload-avatar']
form['image'] = Upload('loader.gif', read_asset('img/loader.gif'),
'image/gif')
resp = form.submit().follow()
resp = resp.forms['manage-avatar'].submit().follow()
avatar_url = resp.html.find(id='avatar')['src']
with Image.open(get_storage_path(avatar_url)) as avatar:
assert avatar.n_frames == 12
assert avatar.size == (100, 100)
form = app.get('/manage/avatar').forms['upload-avatar']
form['image'] = None
resp = form.submit().follow()
avatar_url = resp.html.find(id='avatar')['src']
assert avatar_url.startswith('/img/default-avatar-')
def test_crosspost(app, submission_user, monkeypatch):
monkeypatch.setattr(submission, '_ALLOWED_CROSSPOST_HOST',
re.compile(r'\Alocalhost:[0-9]+\Z'))
crosspost_test_server = HTTPServer(('127.0.0.1', 0), CrosspostHandler)
image_url = 'http://localhost:%i/wesley1.png' % (
crosspost_test_server.server_port, )
test_server_thread = threading.Thread(
target=crosspost_test_server.serve_forever,
kwargs={'poll_interval': 0.1},
)
test_server_thread.start()
# Crossposting from a supported source works
try:
v1 = create_visual(app, submission_user, imageURL=image_url)
finally:
crosspost_test_server.shutdown()
test_server_thread.join()
v1_image_url = app.get('/~submissiontest/submissions/%i/test-title' %
(v1, )).html.find(id='detail-art').img['src']
assert open(get_storage_path(v1_image_url),
'rb').read() == read_asset('img/wesley1.png')
# Crossposting from an unsupported source doesn’t work
form = dict(
BASE_VISUAL_FORM,
imageURL='http://test.invalid/wesley1.png',
)
cookie = db_utils.create_session(submission_user)
resp = app.post('/submit/visual',
form,
headers={'Cookie': cookie},
status=422)
assert resp.html.find(
id='error_content'
).p.text == 'The image you crossposted was from an unsupported source. Please report this bug to the creator of the crossposting tool.'
def test_rating_accessibility(app, age):
submission_user = db_utils.create_user(
'submission_test', birthday=arrow.utcnow().shift(years=-age))
cookie = db_utils.create_session(submission_user)
def _post_expecting(form, expected_rating):
success = expected_rating is not None
resp = app.post('/submit/visual',
form,
headers={'Cookie': cookie},
status=303 if success else 422)
if success:
resp = resp.maybe_follow(headers={'Cookie': cookie})
assert "Rating: %s" % (expected_rating, ) in resp.html.find(
id='di-info').dl.text
else:
assert resp.html.find(
id='error_content'
).p.text == "The specified rating is invalid."
form = dict(
BASE_VISUAL_FORM,
rating=u'30',
submitfile=webtest.Upload('wesley1.png', read_asset('img/wesley1.png'),
'image/png'),
)
_post_expecting(form, 'Mature' if age >= 18 else None)
form['submitfile'] = webtest.Upload(
'wesley-jumpingtext.png',
read_asset('img/help/wesley-jumpingtext.png'), 'image/png')
form['rating'] = u'40'
_post_expecting(form, 'Explicit' if age >= 18 else None)
form['submitfile'] = webtest.Upload('wesley-draw.png',
read_asset('img/help/wesley-draw.png'),
'image/png')
form['rating'] = u'10'
_post_expecting(form, 'General')
def test_username_change(app, release):
user = db_utils.create_user(username='******', password='******')
app.set_cookie(*db_utils.create_session(user).split('=', 1))
resp = app.get('/control/username')
assert 'username_release' not in resp.forms
assert 'disabled' not in resp.html.find(id='new_username').attrs
assert resp.html.find(id='avatar')['alt'] == 'user1'
assert app.get('/~user1').html.select_one(
'link[rel=canonical]')['href'] == 'https://www.weasyl.com/~user1'
assert app.get('/~user1snewusername', status=404).html.find(
id='error_content'
).p.string == "This user doesn't seem to be in our database."
form = resp.forms['username_change']
form['new_username'] = "******"
assert form.submit('do').html.find(
id='error_content').p.string == 'Your username has been changed.'
resp = app.get('/control/username')
assert 'username_release' in resp.forms
assert 'disabled' in resp.html.find(id='new_username').attrs
assert resp.html.find(id='avatar')['alt'] == "user1's new username"
assert app.get('/~user1').html.select_one('link[rel=canonical]')[
'href'] == 'https://www.weasyl.com/~user1snewusername'
assert app.get('/~user1snewusername').html.select_one(
'link[rel=canonical]'
)['href'] == 'https://www.weasyl.com/~user1snewusername'
if release:
form = resp.forms['username_release']
assert form.submit('do').html.find(
id='error_content'
).p.string == 'Your old username has been released.'
resp = app.get('/control/username')
assert resp.html.find(id='avatar')['alt'] == "user1's new username"
assert app.get('/~user1', status=404).html.find(
id='error_content'
).p.string == "This user doesn't seem to be in our database."
assert app.get('/~user1snewusername').html.select_one(
'link[rel=canonical]'
)['href'] == 'https://www.weasyl.com/~user1snewusername'
form = resp.forms['username_change']
form['new_username'] = '******'
assert form.submit('do', status=422).html.find(
id='error_content'
).p.string == "You can't change your username within 30 days of a previous change."
d.engine.execute(
"UPDATE username_history SET replaced_at = replaced_at - INTERVAL '30 days'"
)
assert form.submit('do').html.find(
id='error_content').p.string == 'Your username has been changed.'
resp = app.get('/control/username')
assert resp.html.find(id='avatar')['alt'] == 'user2'
assert app.get('/~user1', status=404).html.find(
id='error_content'
).p.string == "This user doesn't seem to be in our database."
assert app.get('/~user1snewusername').html.select_one(
'link[rel=canonical]')['href'] == 'https://www.weasyl.com/~user2'
assert app.get('/~user2').html.select_one(
'link[rel=canonical]')['href'] == 'https://www.weasyl.com/~user2'
form = resp.forms['username_change']
form['new_username'] = '******'
d.engine.execute(
"UPDATE username_history SET replaced_at = replaced_at - INTERVAL '30 days'"
)
assert form.submit('do').html.find(
id='error_content').p.string == 'Your username has been changed.'
resp = app.get('/control/username')
assert 'disabled' not in resp.html.find(id='new_username').attrs
assert resp.html.find(id='avatar')['alt'] == 'U S E R 2'
assert app.get('/~user1snewusername').html.select_one(
'link[rel=canonical]')['href'] == 'https://www.weasyl.com/~user2'
assert app.get('/~user2').html.select_one(
'link[rel=canonical]')['href'] == 'https://www.weasyl.com/~user2'
form = resp.forms['username_change']
form['new_username'] = '******'
assert form.submit('do').html.find(
id='error_content').p.string == 'Your username has been changed.'
resp = app.get('/control/username')
assert resp.html.find(id='avatar')['alt'] == 'user3'
assert app.get('/~user1snewusername', status=404).html.find(
id='error_content'
).p.string == "This user doesn't seem to be in our database."
assert app.get('/~user2').html.select_one(
'link[rel=canonical]')['href'] == 'https://www.weasyl.com/~user3'
assert app.get('/~user3').html.select_one(
'link[rel=canonical]')['href'] == 'https://www.weasyl.com/~user3'
def test_profile_user(app):
user = db_utils.create_user(config=CharSettings(frozenset(), {}, {'tagging-level': 'max-rating-mature'}))
cookie = db_utils.create_session(user)
resp = app.get('/~journal_test', headers={'Cookie': cookie})
assert resp.html.find(id='user-journal').h4.string == u'Restricted journal'
