def test_reply_to_restricted_notes(app): user1 = db_utils.create_user(username='******') user2 = db_utils.create_user(username='******') session1 = db_utils.create_session(user1) session2 = db_utils.create_session(user2) d.engine.execute( "UPDATE profile SET config = config || 'z' WHERE userid = %(user)s", user=user1) def try_send(status): app.post('/notes/compose', { 'recipient': 'user1', 'title': 'Title', 'content': 'Content', }, headers={'Cookie': session2}, status=status) try_send(422) app.post('/notes/compose', { 'recipient': 'user2', 'title': 'Title', 'content': 'Content', }, headers={'Cookie': session1}, status=303) try_send(303)
def test_reply_when_blocked(app): user1 = db_utils.create_user(username='******') user2 = db_utils.create_user(username='******') session1 = db_utils.create_session(user1) session2 = db_utils.create_session(user2) app.post('/notes/compose', { 'recipient': 'user2', 'title': 'Title', 'content': 'Content', }, headers={'Cookie': session1}, status=303) app.post('/ignoreuser', { 'userid': str(user2), 'action': 'ignore', }, headers={'Cookie': session1}, status=303) def try_send(status): app.post('/notes/compose', { 'recipient': 'user1', 'title': 'Title', 'content': 'Content', }, headers={'Cookie': session2}, status=status) try_send(422) d.engine.execute("UPDATE profile SET config = config || 'z' WHERE userid = %(user)s", user=user1) try_send(422)
def test_create_notifications(app, monkeypatch): admin_user = db_utils.create_user() normal_user = db_utils.create_user() admin_cookie = db_utils.create_session(admin_user) monkeypatch.setattr(staff, 'ADMINS', frozenset([admin_user])) resp = app.post('/admincontrol/siteupdate', _FORM, headers={'Cookie': admin_cookie}).follow() assert resp.html.find(None, 'content').h3.string == _FORM['title'] normal_cookie = db_utils.create_session(normal_user) resp = app.get('/messages/notifications', headers={'Cookie': normal_cookie}) assert list(resp.html.find(id='header-messages').find(title='Notifications').stripped_strings)[1] == '1' assert resp.html.find(id='site_updates').find(None, 'item').a.string == _FORM['title']
def test_create_notifications(app, monkeypatch): admin_user = db_utils.create_user() normal_user = db_utils.create_user() admin_cookie = db_utils.create_session(admin_user) monkeypatch.setattr(staff, 'ADMINS', frozenset([admin_user])) resp = app.post('/admincontrol/siteupdate', _FORM, headers={'Cookie': admin_cookie}).follow() assert resp.html.find(None, 'content').h3.string == _FORM['title'] normal_cookie = db_utils.create_session(normal_user) resp = app.get('/messages/notifications', headers={'Cookie': normal_cookie}) assert list(resp.html.find(id='header-messages').find(title='Notifications').stripped_strings)[1] == '1' assert resp.html.find(id='site_updates').find(None, 'item').a.string == _FORM['title']
def test_create(app, monkeypatch): user = db_utils.create_user() cookie = db_utils.create_session(user) monkeypatch.setattr(staff, 'ADMINS', frozenset([user])) resp = app.post('/admincontrol/siteupdate', _FORM, headers={'Cookie': cookie}).follow() assert resp.html.find(None, 'content').h3.string == _FORM['title']
def test_create_csrf(app, monkeypatch): user = db_utils.create_user() cookie = db_utils.create_session(user) monkeypatch.setattr(staff, 'ADMINS', frozenset([user])) resp = app.post('/admincontrol/siteupdate', _FORM, headers={'Cookie': cookie}, status=403) assert resp.html.find(id='error_content').p.string == errorcode.token
def test_block_user_homepage(app): """ Assert that changes to blocked users apply to the home page immediately. """ submitting_user1 = db_utils.create_user() submitting_user2 = db_utils.create_user() viewing_user = db_utils.create_user() db_utils.create_submission(submitting_user1, rating=ratings.GENERAL.code, subtype=1010) db_utils.create_submission(submitting_user2, rating=ratings.GENERAL.code, subtype=1010) cookie = db_utils.create_session(viewing_user) resp = app.get('/', headers={'Cookie': cookie}) assert len(resp.html.select('#home-art .thumb')) == 2 app.post('/ignoreuser', {'userid': str(submitting_user1), 'action': 'ignore'}, headers={'Cookie': cookie}, status=303) resp = app.get('/', headers={'Cookie': cookie}) assert len(resp.html.select('#home-art .thumb')) == 1 app.post('/ignoreuser', {'userid': str(submitting_user1), 'action': 'unignore'}, headers={'Cookie': cookie}, status=303) resp = app.get('/', headers={'Cookie': cookie}) assert len(resp.html.select('#home-art .thumb')) == 2
def test_blacklist_homepage(app): """ Assert that changes to the blacklist apply to the home page immediately. """ submitting_user = db_utils.create_user() viewing_user = db_utils.create_user() tag1 = db_utils.create_tag('walrus') tag2 = db_utils.create_tag('penguin') s1 = db_utils.create_submission(submitting_user, rating=ratings.GENERAL.code, subtype=1010) db_utils.create_submission_tag(tag1, s1) s2 = db_utils.create_submission(submitting_user, rating=ratings.GENERAL.code, subtype=1010) db_utils.create_submission_tag(tag2, s2) cookie = db_utils.create_session(viewing_user) resp = app.get('/', headers={'Cookie': cookie}) assert len(resp.html.select('#home-art .thumb')) == 2 app.post('/manage/tagfilters', {'title': 'walrus', 'rating': str(ratings.GENERAL.code), 'do': 'create'}, headers={'Cookie': cookie}, status=303) resp = app.get('/', headers={'Cookie': cookie}) assert len(resp.html.select('#home-art .thumb')) == 1 app.post('/manage/tagfilters', {'title': 'walrus', 'rating': str(ratings.GENERAL.code), 'do': 'remove'}, headers={'Cookie': cookie}, status=303) resp = app.get('/', headers={'Cookie': cookie}) assert len(resp.html.select('#home-art .thumb')) == 2
def test_edit_validation(app, monkeypatch, site_updates): _, updates = site_updates user = db_utils.create_user() cookie = db_utils.create_session(user) monkeypatch.setattr(staff, 'ADMINS', frozenset([user])) resp = app.post('/site-updates/%d' % (updates[-1].updateid, ), { 'title': u'', 'content': u'Content' }, headers={'Cookie': cookie}, status=422) assert resp.html.find( id='error_content' ).p.string == errorcode.error_messages['titleInvalid'] resp = app.post('/site-updates/%d' % (updates[-1].updateid, ), { 'title': u'Title', 'content': u'' }, headers={'Cookie': cookie}, status=422) assert resp.html.find( id='error_content' ).p.string == errorcode.error_messages['contentInvalid']
def test_edit_restricted(app, monkeypatch, site_updates): _, updates = site_updates resp = app.get('/site-updates/%d/edit' % (updates[-1].updateid,), status=403) assert resp.html.find(id='error_content').p.text.strip() == errorcode.unsigned resp = app.post('/site-updates/%d' % (updates[-1].updateid,), _FORM, status=403) assert resp.html.find(id='error_content').p.text.strip() == errorcode.unsigned user = db_utils.create_user() cookie = db_utils.create_session(user) resp = app.get('/site-updates/%d/edit' % (updates[-1].updateid,), headers={'Cookie': cookie}, status=403) assert resp.html.find(id='error_content').p.text.strip() == errorcode.permission resp = app.post('/site-updates/%d' % (updates[-1].updateid,), _FORM, headers={'Cookie': cookie}, status=403) assert resp.html.find(id='error_content').p.text.strip() == errorcode.permission monkeypatch.setattr(staff, 'TECHNICAL', frozenset([user])) monkeypatch.setattr(staff, 'MODS', frozenset([user])) resp = app.get('/site-updates/%d/edit' % (updates[-1].updateid,), headers={'Cookie': cookie}, status=403) assert resp.html.find(id='error_content').p.text.strip() == errorcode.permission resp = app.post('/site-updates/%d' % (updates[-1].updateid,), _FORM, headers={'Cookie': cookie}, status=403) assert resp.html.find(id='error_content').p.text.strip() == errorcode.permission monkeypatch.setattr(staff, 'ADMINS', frozenset([user])) resp = app.get('/site-updates/%d/edit' % (updates[-1].updateid,), headers={'Cookie': cookie}) assert resp.html.find(id='error_content') is None
def test_create_restricted(app, monkeypatch): resp = app.get('/admincontrol/siteupdate', status=403) assert resp.html.find(id='error_content').p.text.strip() == errorcode.unsigned resp = app.post('/admincontrol/siteupdate', _FORM, status=403) assert resp.html.find(id='error_content').p.text.strip() == errorcode.unsigned user = db_utils.create_user() cookie = db_utils.create_session(user) resp = app.get('/admincontrol/siteupdate', headers={'Cookie': cookie}, status=403) assert resp.html.find(id='error_content').p.text.strip() == errorcode.permission resp = app.post('/admincontrol/siteupdate', _FORM, headers={'Cookie': cookie}, status=403) assert resp.html.find(id='error_content').p.text.strip() == errorcode.permission monkeypatch.setattr(staff, 'TECHNICAL', frozenset([user])) monkeypatch.setattr(staff, 'MODS', frozenset([user])) resp = app.get('/admincontrol/siteupdate', headers={'Cookie': cookie}, status=403) assert resp.html.find(id='error_content').p.text.strip() == errorcode.permission resp = app.post('/admincontrol/siteupdate', _FORM, headers={'Cookie': cookie}, status=403) assert resp.html.find(id='error_content').p.text.strip() == errorcode.permission monkeypatch.setattr(staff, 'ADMINS', frozenset([user])) resp = app.get('/admincontrol/siteupdate', headers={'Cookie': cookie}) assert resp.html.find(id='error_content') is None
def test_create_restricted(app, monkeypatch): resp = app.get('/admincontrol/siteupdate') assert resp.html.find(id='error_content').contents[0].strip() == errorcode.unsigned resp = app.post('/admincontrol/siteupdate', _FORM) assert resp.html.find(id='error_content').contents[0].strip() == errorcode.unsigned user = db_utils.create_user() cookie = db_utils.create_session(user) resp = app.get('/admincontrol/siteupdate', headers={'Cookie': cookie}) assert resp.html.find(id='error_content').p.string == errorcode.permission resp = app.post('/admincontrol/siteupdate', _FORM, headers={'Cookie': cookie}) assert resp.html.find(id='error_content').p.string == errorcode.permission monkeypatch.setattr(staff, 'TECHNICAL', frozenset([user])) monkeypatch.setattr(staff, 'MODS', frozenset([user])) resp = app.get('/admincontrol/siteupdate', headers={'Cookie': cookie}) assert resp.html.find(id='error_content').p.string == errorcode.permission resp = app.post('/admincontrol/siteupdate', _FORM, headers={'Cookie': cookie}) assert resp.html.find(id='error_content').p.string == errorcode.permission monkeypatch.setattr(staff, 'ADMINS', frozenset([user])) resp = app.get('/admincontrol/siteupdate', headers={'Cookie': cookie}) assert resp.html.find(id='error_content') is None
def test_profile_user(app): user = db_utils.create_user(config=CharSettings( frozenset(), {}, {'tagging-level': 'max-rating-mature'})) cookie = db_utils.create_session(user) resp = app.get('/~journal_test', headers={'Cookie': cookie}) assert resp.html.find(id='user-journal').h4.string == u'Restricted journal'
def test_profile_friend(app, journal_user): user = db_utils.create_user() cookie = db_utils.create_session(user) db_utils.create_friendship(user, journal_user) resp = app.get('/~journal_test', headers={'Cookie': cookie}) assert resp.html.find(id='user-journal').h4.string == u'Recent journal'
def test_profile_friend(app, journal_user): user = db_utils.create_user() cookie = db_utils.create_session(user) db_utils.create_friendship(user, journal_user) resp = app.get('/~journal_test', headers={'Cookie': cookie}) assert resp.html.find(id='user-journal').h4.string == u'Recent journal'
def test_edit_restricted(app, monkeypatch, site_updates): _, updates = site_updates resp = app.get('/site-updates/%d/edit' % (updates[-1].updateid,)) assert resp.html.find(id='error_content').contents[0].strip() == errorcode.unsigned resp = app.post('/site-updates/%d' % (updates[-1].updateid,), _FORM) assert resp.html.find(id='error_content').contents[0].strip() == errorcode.unsigned user = db_utils.create_user() cookie = db_utils.create_session(user) resp = app.get('/site-updates/%d/edit' % (updates[-1].updateid,), headers={'Cookie': cookie}) assert resp.html.find(id='error_content').p.string == errorcode.permission resp = app.post('/site-updates/%d' % (updates[-1].updateid,), _FORM, headers={'Cookie': cookie}) assert resp.html.find(id='error_content').p.string == errorcode.permission monkeypatch.setattr(staff, 'TECHNICAL', frozenset([user])) monkeypatch.setattr(staff, 'MODS', frozenset([user])) resp = app.get('/site-updates/%d/edit' % (updates[-1].updateid,), headers={'Cookie': cookie}) assert resp.html.find(id='error_content').p.string == errorcode.permission resp = app.post('/site-updates/%d' % (updates[-1].updateid,), _FORM, headers={'Cookie': cookie}) assert resp.html.find(id='error_content').p.string == errorcode.permission monkeypatch.setattr(staff, 'ADMINS', frozenset([user])) resp = app.get('/site-updates/%d/edit' % (updates[-1].updateid,), headers={'Cookie': cookie}) assert resp.html.find(id='error_content') is None
def test_create(app, journal_user): cookie = db_utils.create_session(journal_user) app.post('/submit/journal', {'title': u'Created journal', 'rating': '10', 'content': u'A journal'}, headers={'Cookie': cookie}) resp = app.get('/~journal_test') assert resp.html.find(id='user-journal').h4.string == u'Created journal'
def test_create(app, monkeypatch): user = db_utils.create_user() cookie = db_utils.create_session(user) monkeypatch.setattr(staff, 'ADMINS', frozenset([user])) resp = app.post('/admincontrol/siteupdate', _FORM, headers={'Cookie': cookie}).follow() assert resp.html.find(None, 'content').h3.string == _FORM['title']
def test_create_csrf(app, monkeypatch): user = db_utils.create_user() cookie = db_utils.create_session(user) monkeypatch.setattr(staff, 'ADMINS', frozenset([user])) resp = app.post('/admincontrol/siteupdate', _FORM, headers={'Cookie': cookie}, status=403) assert resp.html.find(id='error_content').p.string == errorcode.token
def test_visual_reupload_thumbnail_and_cover(app, submission_user): # resized to be larger than COVER_SIZE so a cover is created with BytesIO() as f: read_asset_image('img/wesley1.png').resize( (2200, 200)).save(f, format='PNG') wesley1_large = webtest.Upload('wesley1.png', f.getvalue(), 'image/png') with BytesIO() as f: read_asset_image('img/help/wesley-jumpingtext.png').resize( (2200, 100)).save(f, format='PNG') wesley2_large = webtest.Upload('wesley-jumpingtext.png', f.getvalue(), 'image/png') cookie = db_utils.create_session(submission_user) # Create submission 1 with image 1 v1 = create_visual(app, submission_user, submitfile=wesley1_large) # Reupload submission 1 with image 2 app.post('/reupload/submission', { 'targetid': u'%i' % (v1, ), 'submitfile': wesley2_large, }, headers={ 'Cookie': cookie }).follow() [thumb] = app.get('/~submissiontest').html.select('#user-thumbs img') v1_new_thumbnail_url = thumb['src'] v1_new_cover_url = app.get('/~submissiontest/submissions/%i/test-title' % (v1, )).html.find(id='detail-art').img['src'] # Remove submission 1, so uploading a duplicate image is allowed app.post('/remove/submission', { 'submitid': u'%i' % (v1, ), }, headers={ 'Cookie': cookie }).follow(headers={'Cookie': cookie}) # Upload submission 2 with image 2 v2 = create_visual( app, submission_user, submitfile=wesley2_large, ) [thumb] = app.get('/~submissiontest').html.select('#user-thumbs img') v2_thumbnail_url = thumb['src'] v2_cover_url = app.get('/~submissiontest/submissions/%i/test-title' % (v2, )).html.find(id='detail-art').img['src'] # The reupload of submission 1 should look like submission 2 assert _image_hash( read_storage_image(v1_new_thumbnail_url)) == _image_hash( read_storage_image(v2_thumbnail_url)) assert _image_hash(read_storage_image(v2_cover_url)) == _image_hash( read_storage_image(v1_new_cover_url))
def test_edit_nonexistent(app, monkeypatch, site_updates): _, updates = site_updates user = db_utils.create_user() cookie = db_utils.create_session(user) monkeypatch.setattr(staff, 'ADMINS', frozenset([user])) app.post('/site-updates/%d' % (updates[-1].updateid + 1,), _FORM, headers={'Cookie': cookie}, status=404)
def test_edit_nonexistent(app, monkeypatch, site_updates): _, updates = site_updates user = db_utils.create_user() cookie = db_utils.create_session(user) monkeypatch.setattr(staff, 'ADMINS', frozenset([user])) app.post('/site-updates/%d' % (updates[-1].updateid + 1,), _FORM, headers={'Cookie': cookie}, status=404)
def test_edit_csrf(app, monkeypatch, site_updates): _, updates = site_updates user = db_utils.create_user() cookie = db_utils.create_session(user) monkeypatch.setattr(staff, 'ADMINS', frozenset([user])) resp = app.post('/site-updates/%d' % (updates[-1].updateid,), _FORM, headers={'Cookie': cookie}, status=403) assert resp.html.find(id='error_content').p.string == errorcode.token
def create_visual(app, user, **kwargs): cookie = db_utils.create_session(user) form = dict(BASE_VISUAL_FORM, **kwargs) resp = app.post('/submit/visual', form, headers={ 'Cookie': cookie }).maybe_follow(headers={'Cookie': cookie}) submitid = int(resp.html.find('input', {'name': 'submitid'})['value']) return submitid
def test_edit_csrf(app, monkeypatch, site_updates): _, updates = site_updates user = db_utils.create_user() cookie = db_utils.create_session(user) monkeypatch.setattr(staff, 'ADMINS', frozenset([user])) resp = app.post('/site-updates/%d' % (updates[-1].updateid,), _FORM, headers={'Cookie': cookie}, status=403) assert resp.html.find(id='error_content').p.text.strip() == errorcode.token
def test_edit(app, monkeypatch, site_updates): _, updates = site_updates user = db_utils.create_user() cookie = db_utils.create_session(user) monkeypatch.setattr(staff, 'ADMINS', frozenset([user])) resp = app.post('/site-updates/%d' % (updates[-1].updateid,), _FORM, headers={'Cookie': cookie}).follow() assert resp.html.find(None, 'content').h3.string == _FORM['title']
def test_edit(app, monkeypatch, site_updates): _, updates = site_updates user = db_utils.create_user() cookie = db_utils.create_session(user) monkeypatch.setattr(staff, 'ADMINS', frozenset([user])) resp = app.post('/site-updates/%d' % (updates[-1].updateid,), _FORM, headers={'Cookie': cookie}).follow() assert resp.html.find(None, 'content').h3.string == _FORM['title']
def test_owner_reupload(character_user, character): cookie = db_utils.create_session(character_user) resp = app.post('/reupload/character', { 'targetid': str(character), 'submitfile': webtest.Upload('wesley', _static('images/wesley-draw.png'), 'image/png'), }, headers={'Cookie': cookie}).follow() image_url = resp.html.find(id='detail-art').a['href'] assert _read_character_image(image_url).tobytes() == _read_static_image('images/wesley-draw.png').tobytes()
def test_create_validation(app, monkeypatch): user = db_utils.create_user() cookie = db_utils.create_session(user) monkeypatch.setattr(staff, 'ADMINS', frozenset([user])) resp = app.post('/admincontrol/siteupdate', {'title': u'', 'content': u'Content'}, headers={'Cookie': cookie}, status=422) assert resp.html.find(id='error_content').p.text.strip() == errorcode.error_messages['titleInvalid'] resp = app.post('/admincontrol/siteupdate', {'title': u'Title', 'content': u''}, headers={'Cookie': cookie}, status=422) assert resp.html.find(id='error_content').p.text.strip() == errorcode.error_messages['contentInvalid']
def test_create_validation(app, monkeypatch): user = db_utils.create_user() cookie = db_utils.create_session(user) monkeypatch.setattr(staff, 'ADMINS', frozenset([user])) resp = app.post('/admincontrol/siteupdate', {'title': u'', 'content': u'Content'}, headers={'Cookie': cookie}, status=422) assert resp.html.find(id='error_content').p.string == errorcode.error_messages['titleInvalid'] resp = app.post('/admincontrol/siteupdate', {'title': u'Title', 'content': u''}, headers={'Cookie': cookie}, status=422) assert resp.html.find(id='error_content').p.string == errorcode.error_messages['contentInvalid']
def test_owner_edit_details(character_user, character): cookie = db_utils.create_session(character_user) form = dict( _BASE_FORM, charid=str(character), title=u'Edited name', ) resp = app.post('/edit/character', form, headers={'Cookie': cookie}).follow() assert resp.html.find(id='detail-bar-title').string == u'Edited name'
def test_edit_validation(app, monkeypatch, site_updates): _, updates = site_updates user = db_utils.create_user() cookie = db_utils.create_session(user) monkeypatch.setattr(staff, 'ADMINS', frozenset([user])) resp = app.post('/site-updates/%d' % (updates[-1].updateid,), {'title': u'', 'content': u'Content'}, headers={'Cookie': cookie}, status=422) assert resp.html.find(id='error_content').p.string == errorcode.error_messages['titleInvalid'] resp = app.post('/site-updates/%d' % (updates[-1].updateid,), {'title': u'Title', 'content': u''}, headers={'Cookie': cookie}, status=422) assert resp.html.find(id='error_content').p.string == errorcode.error_messages['contentInvalid']
def _character(db, character_user, no_csrf): cookie = db_utils.create_session(character_user) form = dict( _BASE_FORM, submitfile=webtest.Upload('wesley', _static('images/wesley1.png'), 'image/png'), ) resp = app.post('/submit/character', form, headers={'Cookie': cookie}).follow(headers={'Cookie': cookie}) charid = int(resp.html.find('input', {'name': 'charid'})['value']) return charid
def test_csrf_on_journal_edit(app, journal_user): # Test purpose: Verify that a CSRF token is required to submit a journal entry. cookie = db_utils.create_session(journal_user) journalid = db_utils.create_journal(journal_user, "Test", content="Test") resp = app.post( '/edit/journal', {'title': u'Created journal', 'rating': '10', 'content': u'A journal', 'journalid': journalid}, headers={'Cookie': cookie}, status=403, ) assert resp.html.find(id='error_content').p.text.startswith(u"This action appears to have been performed illegitimately")
def test_create(app, journal_user): cookie = db_utils.create_session(journal_user) app.post('/submit/journal', { 'title': u'Created journal', 'rating': '10', 'content': u'A journal' }, headers={'Cookie': cookie}) resp = app.get('/~journal_test') assert resp.html.find(id='user-journal').h4.string == u'Created journal'
def test_list(app, monkeypatch, site_updates): _, updates = site_updates resp = app.get('/site-updates/') assert len(resp.html.findAll(None, 'text-post-item')) == 3 assert resp.html.find(None, 'text-post-actions') is None assert len(resp.html.findAll(None, 'text-post-group-header')) == 1 user = db_utils.create_user() cookie = db_utils.create_session(user) monkeypatch.setattr(staff, 'ADMINS', frozenset([user])) resp = app.get('/site-updates/', headers={'Cookie': cookie}) assert len(resp.html.findAll(None, 'text-post-item')) == 3 assert resp.html.find(None, 'text-post-actions').a['href'] == '/site-updates/%d/edit' % (updates[-1].updateid,)
def test_owner_edit_details(app, character_user, character): cookie = db_utils.create_session(character_user) form = dict( _BASE_FORM, charid=str(character), title=u'Edited name', ) resp = app.post('/edit/character', form, headers={ 'Cookie': cookie }).follow() assert resp.html.find(id='detail-bar-title').string == u'Edited name'
def test_list(app, monkeypatch, site_updates): _, updates = site_updates resp = app.get('/site-updates/') assert len(resp.html.findAll(None, 'text-post-item')) == 3 assert resp.html.find(None, 'text-post-actions') is None assert len(resp.html.findAll(None, 'text-post-group-header')) == 1 user = db_utils.create_user() cookie = db_utils.create_session(user) monkeypatch.setattr(staff, 'ADMINS', frozenset([user])) resp = app.get('/site-updates/', headers={'Cookie': cookie}) assert len(resp.html.findAll(None, 'text-post-item')) == 3 assert resp.html.find(None, 'text-post-actions').a['href'] == '/site-updates/%d/edit' % (updates[-1].updateid,)
def _character(app, db, character_user, no_csrf): cookie = db_utils.create_session(character_user) form = dict( _BASE_FORM, submitfile=webtest.Upload('wesley', read_asset('img/wesley1.png'), 'image/png'), ) resp = app.post('/submit/character', form, headers={ 'Cookie': cookie }).follow(headers={'Cookie': cookie}) charid = int(resp.html.find('input', {'name': 'charid'})['value']) return charid
def test_create_folders(app): user = db_utils.create_user(username="******") app.set_cookie(*db_utils.create_session(user).split("=", 1)) resp = app.get("/manage/folders") form = resp.forms["create-folder"] form["title"] = "Test folder 1" form["parentid"] = "0" form.submit() form["title"] = "Test folder 3" form.submit() form["title"] = "Test folder 1.2" form.submit() form["title"] = "Test folder 2" form.submit() resp = app.get("/manage/folders") form = resp.forms["create-folder"] form["title"] = "Test folder 1.1" form["parentid"].select(text="Test folder 1") form.submit() resp = app.get("/manage/folders") form = resp.forms["move-folder"] form["folderid"].select(text="Test folder 1.2") form["parentid"].select(text="Test folder 1") form.submit() resp = app.get("/submissions/foldertest") folders = resp.html.find("h3", string="Folders").find_next_siblings("p") assert len(folders) == 5 assert folders[0].get( "style") is None and folders[0].text == "Test folder 1" assert folders[1].get("style") == "margin-left:15px;" and folders[ 1].text == "Test folder 1.1" assert folders[2].get("style") == "margin-left:15px;" and folders[ 2].text == "Test folder 1.2" assert folders[3].get( "style") is None and folders[3].text == "Test folder 2" assert folders[4].get( "style") is None and folders[4].text == "Test folder 3"
def test_owner_reupload(app, character_user, character): cookie = db_utils.create_session(character_user) resp = app.post('/reupload/character', { 'targetid': str(character), 'submitfile': webtest.Upload('wesley', read_asset('img/help/wesley-draw.png'), 'image/png'), }, headers={ 'Cookie': cookie }).follow() image_url = resp.html.find(id='detail-art').a['href'] assert _read_character_image(image_url).tobytes() == read_asset_image( 'img/help/wesley-draw.png').tobytes()
def test_csrf_on_journal_edit(app, journal_user): # Test purpose: Verify that a CSRF token is required to submit a journal entry. cookie = db_utils.create_session(journal_user) journalid = db_utils.create_journal(journal_user, "Test", content="Test") resp = app.post( '/edit/journal', { 'title': u'Created journal', 'rating': '10', 'content': u'A journal', 'journalid': journalid }, headers={'Cookie': cookie}, status=403, ) assert resp.html.find(id='error_content').p.text.startswith( u"This action appears to have been performed illegitimately")
def test_folder_navigation_sfw_mode(app, submission_user): """ Test that a user’s own submissions are still hidden in SFW mode when rated above their configured SFW mode rating. """ app.set_cookie(*db_utils.create_session(submission_user).split("=", 1)) s1 = db_utils.create_submission(submission_user, rating=ratings.GENERAL.code) s2 = db_utils.create_submission(submission_user, rating=ratings.MATURE.code) s3 = db_utils.create_submission(submission_user, rating=ratings.GENERAL.code) assert app.get(f"/~submissiontest/submissions/{s1}/test-title").html.find( id='folder-nav-next' )['href'] == f"/~submissiontest/submissions/{s2}/test-title" app.set_cookie('sfwmode', 'sfw') assert app.get(f"/~submissiontest/submissions/{s1}/test-title").html.find( id='folder-nav-next' )['href'] == f"/~submissiontest/submissions/{s3}/test-title"
def test_animated_gif_and_clear(app, submission_user): app.set_cookie(*db_utils.create_session(submission_user).split("=", 1)) form = app.get('/manage/avatar').forms['upload-avatar'] form['image'] = Upload('loader.gif', read_asset('img/loader.gif'), 'image/gif') resp = form.submit().follow() resp = resp.forms['manage-avatar'].submit().follow() avatar_url = resp.html.find(id='avatar')['src'] with Image.open(get_storage_path(avatar_url)) as avatar: assert avatar.n_frames == 12 assert avatar.size == (100, 100) form = app.get('/manage/avatar').forms['upload-avatar'] form['image'] = None resp = form.submit().follow() avatar_url = resp.html.find(id='avatar')['src'] assert avatar_url.startswith('/img/default-avatar-')
def test_crosspost(app, submission_user, monkeypatch): monkeypatch.setattr(submission, '_ALLOWED_CROSSPOST_HOST', re.compile(r'\Alocalhost:[0-9]+\Z')) crosspost_test_server = HTTPServer(('127.0.0.1', 0), CrosspostHandler) image_url = 'http://localhost:%i/wesley1.png' % ( crosspost_test_server.server_port, ) test_server_thread = threading.Thread( target=crosspost_test_server.serve_forever, kwargs={'poll_interval': 0.1}, ) test_server_thread.start() # Crossposting from a supported source works try: v1 = create_visual(app, submission_user, imageURL=image_url) finally: crosspost_test_server.shutdown() test_server_thread.join() v1_image_url = app.get('/~submissiontest/submissions/%i/test-title' % (v1, )).html.find(id='detail-art').img['src'] assert open(get_storage_path(v1_image_url), 'rb').read() == read_asset('img/wesley1.png') # Crossposting from an unsupported source doesn’t work form = dict( BASE_VISUAL_FORM, imageURL='http://test.invalid/wesley1.png', ) cookie = db_utils.create_session(submission_user) resp = app.post('/submit/visual', form, headers={'Cookie': cookie}, status=422) assert resp.html.find( id='error_content' ).p.text == 'The image you crossposted was from an unsupported source. Please report this bug to the creator of the crossposting tool.'
def test_rating_accessibility(app, age): submission_user = db_utils.create_user( 'submission_test', birthday=arrow.utcnow().shift(years=-age)) cookie = db_utils.create_session(submission_user) def _post_expecting(form, expected_rating): success = expected_rating is not None resp = app.post('/submit/visual', form, headers={'Cookie': cookie}, status=303 if success else 422) if success: resp = resp.maybe_follow(headers={'Cookie': cookie}) assert "Rating: %s" % (expected_rating, ) in resp.html.find( id='di-info').dl.text else: assert resp.html.find( id='error_content' ).p.text == "The specified rating is invalid." form = dict( BASE_VISUAL_FORM, rating=u'30', submitfile=webtest.Upload('wesley1.png', read_asset('img/wesley1.png'), 'image/png'), ) _post_expecting(form, 'Mature' if age >= 18 else None) form['submitfile'] = webtest.Upload( 'wesley-jumpingtext.png', read_asset('img/help/wesley-jumpingtext.png'), 'image/png') form['rating'] = u'40' _post_expecting(form, 'Explicit' if age >= 18 else None) form['submitfile'] = webtest.Upload('wesley-draw.png', read_asset('img/help/wesley-draw.png'), 'image/png') form['rating'] = u'10' _post_expecting(form, 'General')
def test_username_change(app, release): user = db_utils.create_user(username='******', password='******') app.set_cookie(*db_utils.create_session(user).split('=', 1)) resp = app.get('/control/username') assert 'username_release' not in resp.forms assert 'disabled' not in resp.html.find(id='new_username').attrs assert resp.html.find(id='avatar')['alt'] == 'user1' assert app.get('/~user1').html.select_one( 'link[rel=canonical]')['href'] == 'https://www.weasyl.com/~user1' assert app.get('/~user1snewusername', status=404).html.find( id='error_content' ).p.string == "This user doesn't seem to be in our database." form = resp.forms['username_change'] form['new_username'] = "******" assert form.submit('do').html.find( id='error_content').p.string == 'Your username has been changed.' resp = app.get('/control/username') assert 'username_release' in resp.forms assert 'disabled' in resp.html.find(id='new_username').attrs assert resp.html.find(id='avatar')['alt'] == "user1's new username" assert app.get('/~user1').html.select_one('link[rel=canonical]')[ 'href'] == 'https://www.weasyl.com/~user1snewusername' assert app.get('/~user1snewusername').html.select_one( 'link[rel=canonical]' )['href'] == 'https://www.weasyl.com/~user1snewusername' if release: form = resp.forms['username_release'] assert form.submit('do').html.find( id='error_content' ).p.string == 'Your old username has been released.' resp = app.get('/control/username') assert resp.html.find(id='avatar')['alt'] == "user1's new username" assert app.get('/~user1', status=404).html.find( id='error_content' ).p.string == "This user doesn't seem to be in our database." assert app.get('/~user1snewusername').html.select_one( 'link[rel=canonical]' )['href'] == 'https://www.weasyl.com/~user1snewusername' form = resp.forms['username_change'] form['new_username'] = '******' assert form.submit('do', status=422).html.find( id='error_content' ).p.string == "You can't change your username within 30 days of a previous change." d.engine.execute( "UPDATE username_history SET replaced_at = replaced_at - INTERVAL '30 days'" ) assert form.submit('do').html.find( id='error_content').p.string == 'Your username has been changed.' resp = app.get('/control/username') assert resp.html.find(id='avatar')['alt'] == 'user2' assert app.get('/~user1', status=404).html.find( id='error_content' ).p.string == "This user doesn't seem to be in our database." assert app.get('/~user1snewusername').html.select_one( 'link[rel=canonical]')['href'] == 'https://www.weasyl.com/~user2' assert app.get('/~user2').html.select_one( 'link[rel=canonical]')['href'] == 'https://www.weasyl.com/~user2' form = resp.forms['username_change'] form['new_username'] = '******' d.engine.execute( "UPDATE username_history SET replaced_at = replaced_at - INTERVAL '30 days'" ) assert form.submit('do').html.find( id='error_content').p.string == 'Your username has been changed.' resp = app.get('/control/username') assert 'disabled' not in resp.html.find(id='new_username').attrs assert resp.html.find(id='avatar')['alt'] == 'U S E R 2' assert app.get('/~user1snewusername').html.select_one( 'link[rel=canonical]')['href'] == 'https://www.weasyl.com/~user2' assert app.get('/~user2').html.select_one( 'link[rel=canonical]')['href'] == 'https://www.weasyl.com/~user2' form = resp.forms['username_change'] form['new_username'] = '******' assert form.submit('do').html.find( id='error_content').p.string == 'Your username has been changed.' resp = app.get('/control/username') assert resp.html.find(id='avatar')['alt'] == 'user3' assert app.get('/~user1snewusername', status=404).html.find( id='error_content' ).p.string == "This user doesn't seem to be in our database." assert app.get('/~user2').html.select_one( 'link[rel=canonical]')['href'] == 'https://www.weasyl.com/~user3' assert app.get('/~user3').html.select_one( 'link[rel=canonical]')['href'] == 'https://www.weasyl.com/~user3'
def test_profile_user(app): user = db_utils.create_user(config=CharSettings(frozenset(), {}, {'tagging-level': 'max-rating-mature'})) cookie = db_utils.create_session(user) resp = app.get('/~journal_test', headers={'Cookie': cookie}) assert resp.html.find(id='user-journal').h4.string == u'Restricted journal'