def test_get_close_db(app):
with app.app_context():
db = get_db()
assert db==get_db()
db[0].close()
assert db[0].closed
def test_place_order(client, auth, app):
auth.login()
assert client.get('/request/[email protected]/quote').status_code == 200
response = client.post(
'/request/[email protected]/quote', data={'gal': '500', 'deliv_date': '2020-07-31',
'deliv_time': '05:00','proceed': 'Proceed'},
follow_redirects=True
)
assert b'Quote Order Confirmation' in response.data
assert b'Gallons Requested: 500' in response.data
assert b'Delivery Date: 2020-07-31 05:00' in response.data
assert client.get('/request/[email protected]/quote-confirm').status_code == 200
response = client.post(
'/request/[email protected]/quote-confirm',
data={'confirm': 'Confirm'},
follow_redirects=True
)
assert b'Order Placed' in response.data
assert b'to return to home page' in response.data
with app.app_context():
[conn, cur] = get_db()
cur.execute("select * from history")
order = cur.fetchone()
assert order is not None
def insertToDB(email, password, reason, ip):
(db, cur) = get_db()
cur.execute(
"INSERT INTO attempts (email, password, result, ip_address) VALUES ('"
+ email + "','" + generate_password_hash(password) + "'," +
str(reason) + ",'" + ip + "')")
db.commit()
def logout():
(db, cur) = get_db()
cur.execute("UPDATE users SET logged_in = 0 WHERE email = '" +
session['email'] + "'")
db.commit()
db.close()
session.clear()
# print(session)
return redirect(url_for('welcome'))
def load_logged_in_user():
email = session.get('email')
if email is None:
g.user = None
else:
(db, cur) = get_db()
cur.execute("SELECT * FROM users WHERE email = '" + email + "'")
g.user = cur.fetchone()
def getUserQuotes():
(db, cur) = get_db()
cur.execute("SELECT * FROM history WHERE email = '" + session['email'] +
"'")
orders = cur.fetchall()
x = [10, 2, 3, 4, 5, 6, 7, 8, 9, 14, 12, 13, 16, 11, 17]
# print(len(orders))
# for order in orders:
# print(order)
# print([order[i] for i in x])
# print("")
return [[order[i] for i in x] for order in orders]
def test_register(client, app):
assert client.get('/auth/newuser').status_code == 200
response = client.post('/auth/newuser',
data={
'email': '*****@*****.**',
'password': '******',
'passconf': '123',
'tos': 'TOS',
'register': 'register'
},
follow_redirects=True)
assert b'New User Profile' in response.data
assert client.get('/auth/newprofile').status_code == 200
response = client.post('/auth/newprofile',
data={
'fullname': 'Jacob Smith',
'company': 'New World Inc.',
'addr1': 'somewhere out there',
'addr2': '',
'city': 'unknown',
'state': 'NM',
'zipcode': '99999',
'finish': 'finish'
},
follow_redirects=True)
assert b'Registration Complete' in response.data
assert b'Congratulations!' in response.data
with app.app_context():
[db, cur] = get_db()
cur.execute("SELECT * FROM users")
rows = cur.fetchall()
for r in rows:
print(r)
cur.execute("SELECT * FROM users WHERE email = '*****@*****.**'")
user = cur.fetchone()
assert user is not None
def initProfile():
# print(request.form)
form = RegProfile(request.form)
(db, cur) = get_db()
if request.method == "POST":
if "cancel" in request.form:
return redirect(url_for("auth.login"))
if "finish" in request.form:
fullname = request.form["fullname"]
company = request.form["company"]
addr1 = request.form["addr1"]
addr2 = request.form["addr2"]
city = request.form["city"]
state = request.form["state"]
zipcode = request.form["zipcode"]
if form.validate() or (len(form.errors.items()) == 1
and "csrf_token" in form.errors):
cur.execute(
"INSERT INTO users (email, password, full_name, company_name, addr1, addr2, city, state, zipcode) "
+ "VALUES ('" + session['email'] + "', '" +
session['password'] + "', '" + fullname + "', '" +
company + "', '" + addr1 + "', '" + addr2 + "', '" + city +
"', '" + state.upper() + "', '" + zipcode + "')", )
db.commit()
session.clear()
return redirect(url_for("auth.complete"))
else:
if (len(form.errors.items()) == 1 and "csrf_token"
not in form.errors) or len(form.errors.items()) > 1:
out = "Error(s) encountered!"
for item, error in form.errors.items():
if item != "csrf_token":
out += "<br/>" + error[0]
session['flash'] = out
flash(session['flash'], 'error')
return render_template("auth/initProfile.html", form=form)
def signup():
form = SignUp(request.form)
if request.method == "POST":
# print(form.errors)
if "cancel" in request.form:
return redirect(url_for("auth.login"))
if "register" in request.form:
email = request.form["email"]
password = request.form["password"]
(db, cur) = get_db()
error = None
if form.validate() or (len(form.errors.items()) == 1
and "csrf_token" in form.errors):
cur.execute("SELECT email FROM users WHERE email = '" + email +
"'")
row = cur.fetchone()
# print("does "+email+" exist?", row)
if row is not None:
session['flash'] = "Error: " + email + " already exists."
flash(session['flash'], 'error')
else:
session.clear()
session['email'] = email
session['password'] = generate_password_hash(password)
return redirect(url_for("auth.initProfile"))
else:
if (len(form.errors.items()) == 1 and "csrf_token"
not in form.errors) or len(form.errors.items()) > 1:
out = "Error(s) encountered!"
for item, error in form.errors.items():
if item != "csrf_token":
out += "<br/>" + error[0]
session['flash'] = out
flash(session['flash'], 'error')
return render_template("auth/register.html", form=form)
def test_history(client, auth, app):
auth.login()
response = client.post('/tools/[email protected]/history',
follow_redirects=True)
assert response.status_code == 200
assert b'No orders placed yet!' in response.data
#Place order 1
assert client.get('/request/[email protected]/quote').status_code == 200
response = client.post('/request/[email protected]/quote',
data={
'gal': '500',
'deliv_date': '2020-07-31',
'deliv_time': '05:00',
'proceed': 'Proceed'
},
follow_redirects=True)
assert b'Quote Order Confirmation' in response.data
assert b'Gallons Requested: 500' in response.data
assert b'Delivery Date: 2020-07-31 05:00' in response.data
assert client.get(
'/request/[email protected]/quote-confirm').status_code == 200
response = client.post('/request/[email protected]/quote-confirm',
data={'confirm': 'Confirm'},
follow_redirects=True)
assert b'Order Placed' in response.data
assert b'to return to home page' in response.data
with app.app_context():
[conn, cur] = get_db()
cur.execute("select * from history")
order = cur.fetchone()
assert order is not None
print("order 1 placed")
# Place order 2
assert client.get('/request/[email protected]/quote').status_code == 200
response = client.post('/request/[email protected]/quote',
data={
'gal': '1500',
'deliv_date': '2021-01-31',
'deliv_time': '05:00',
'proceed': 'Proceed'
},
follow_redirects=True)
assert b'Quote Order Confirmation' in response.data
assert b'Gallons Requested: 1500' in response.data
assert b'Delivery Date: 2021-01-31 05:00' in response.data
assert client.get(
'/request/[email protected]/quote-confirm').status_code == 200
response = client.post('/request/[email protected]/quote-confirm',
data={'confirm': 'Confirm'},
follow_redirects=True)
assert b'Order Placed' in response.data
assert b'to return to home page' in response.data
with app.app_context():
[conn, cur] = get_db()
cur.execute("select * from history")
order = cur.fetchone()
assert order is not None
print("order 2 placed")
response = client.post('/tools/[email protected]/history',
follow_redirects=True)
assert response.status_code == 200
print(response.data)
x = [
b'Date', b'Full Name', b'Company', b'Address 1', b'Address 2', b'City',
b'State', b'Zipcode', b'Gallons', b'Fuel Factor', b'Location Factor',
b'History Factor', b'Seasonal Factor', b'$/Gal', b'Total ($)'
]
for header in x:
assert header in response.data
info = [
b'<td>2020-07-31 05:00:00</td><td>John Doe</td><td>John Doe Ltd.</td><td>1234 Main St.</td><td></td><td>Houston</td><td>TX</td><td>77002</td><td>500</td><td>0.03</td><td>0.02</td><td>0</td><td>0.15</td><td>1.950</td><td>975.00</td>',
b'<td>2021-01-31 05:00:00</td><td>John Doe</td><td>John Doe Ltd.</td><td>1234 Main St.</td><td></td><td>Houston</td><td>TX</td><td>77002</td><td>1500</td><td>0.02</td><td>0.02</td><td>0.01</td><td>0.05</td><td>1.770</td><td>2655.00</td>'
]
for row in info:
assert row in response.data
def test_validate_profile_input(auth, client, app, fullname, company, addr1,
addr2, city, state, zipcode, password, newpass,
confpass, button, good_msg, bad_msg):
auth.login()
if button == 'submit':
response = client.post('/tools/[email protected]/profile',
data={
'fullname': fullname,
'company': company,
'addr1': addr1,
'addr2': addr2,
'city': city,
'state': state,
'zipcode': zipcode,
'currpass': password,
'newpass': newpass,
'confpass': confpass,
'submit': button
},
follow_redirects=True)
if b'Incorrect password' in response.data:
with app.app_context():
[conn, cur] = get_db()
cur.execute(
"SELECT password FROM users WHERE email='*****@*****.**'")
pw = cur.fetchone()
assert not check_password_hash(pw[0], password)
elif b'update profile or change password' not in response.data:
with app.app_context():
[conn, cur] = get_db()
cur.execute(
"SELECT password FROM users WHERE email='*****@*****.**'")
pw = cur.fetchone()
assert check_password_hash(pw[0], password)
if newpass and b'Error(s)' not in response.data:
with app.app_context():
[conn, cur] = get_db()
cur.execute(
"SELECT password FROM users WHERE email='*****@*****.**'")
pw = cur.fetchone()
assert check_password_hash(pw[0], newpass)
else:
response = client.post('/tools/[email protected]/profile',
data={
'fullname': fullname,
'company': company,
'addr1': addr1,
'addr2': addr2,
'city': city,
'state': state,
'zipcode': zipcode,
'currpass': password,
'newpass': newpass,
'confpass': confpass,
'cancel': button
},
follow_redirects=True)
for msg in good_msg:
assert msg in response.data
for msg in bad_msg:
assert msg not in response.data
def test_profile_change(client, auth, app):
auth.login()
fullname, company, addr1, addr2, city, state, zipcode, password, button = 'Jose Dose', 'Dose Dudes LLC', '4321 Moan Street', '', 'Hooston', 'AL', '22997', 'password', 'submit'
with app.app_context():
[conn, cur] = get_db()
cur.execute(
"SELECT full_name, company_name, addr1,addr2, city, state, zipcode FROM users WHERE email='*****@*****.**'"
)
user = cur.fetchone()
assert user is not None
assert client.get('/tools/[email protected]/profile').status_code == 200
response = client.post('/tools/[email protected]/profile',
data={
'fullname': fullname,
'company': company,
'addr1': addr1,
'addr2': addr2,
'city': city,
'state': state,
'zipcode': zipcode,
'currpass': password,
'newpass': '',
'submit': button
},
follow_redirects=True)
assert b'Jose' in response.data
assert b'Dose' in response.data
assert b'Dose Dudes LLC' in response.data
assert b'4321 Moan Street' in response.data
assert b'Hooston' in response.data
assert b'AL' in response.data
assert b'22997' in response.data
assert b'Information updated!' in response.data
with app.app_context():
[conn, cur] = get_db()
cur.execute(
"SELECT full_name, company_name, addr1,addr2, city, state, zipcode FROM users WHERE email='*****@*****.**'"
)
user = cur.fetchone()
assert user is not None
assert [fullname, company, addr1, addr2, city, state,
zipcode] == [user[i] for i in range(len(user))]
fullname, company, addr1, addr2, city, state, zipcode, currpass, newpass, confpass, button = 'John Doe', 'John Doe Ltd', '1234 Main St', '', 'Houston', 'TX', '77002', 'password', 'newpass', 'newpass', 'submit'
with app.app_context():
[conn, cur] = get_db()
cur.execute(
"SELECT full_name, company_name, addr1,addr2, city, state, zipcode FROM users WHERE email='*****@*****.**'"
)
user = cur.fetchone()
assert client.get('/tools/[email protected]/profile').status_code == 200
response = client.post('/tools/[email protected]/profile',
data={
'fullname': fullname,
'company': company,
'addr1': addr1,
'addr2': addr2,
'city': city,
'state': state,
'zipcode': zipcode,
'currpass': currpass,
'newpass': newpass,
'confpass': confpass,
'submit': button
},
follow_redirects=True)
assert b'John Doe' in response.data
assert b'John Doe Ltd' in response.data
assert b'1234 Main St' in response.data
assert b'Houston' in response.data
assert b'TX' in response.data
assert b'77002' in response.data
assert b'Information updated!' in response.data
assert b'New password stored!' in response.data
with app.app_context():
[conn, cur] = get_db()
cur.execute(
"SELECT password, full_name, company_name, addr1,addr2, city, state, zipcode FROM users WHERE email='*****@*****.**'"
)
user = cur.fetchone()
assert user is not None
assert [
newpass, fullname, company, addr1, addr2, city, state, zipcode
] == [user[i] for i in range(len(user))]
def manageProfile(email):
form = ProfileChange()
if request.method == "POST":
button = userButtons(request.form)
if button is not None:
return button
if "cancel" in request.form:
return redirect(url_for("userPage", email=email))
if "submit" in request.form:
(db, cur) = get_db()
if form.validate() or (len(form.errors.items()) == 1
and "csrf_token" in form.errors):
cur.execute("SELECT password FROM users WHERE email = '" +
email + "'")
pw = cur.fetchone()
# print("\n\n")
# print([pw[x] for x in range(len(pw))])
currpass = request.form["currpass"]
"""confirm password with database"""
if check_password_hash(pw[0], currpass):
session['fullname'] = fullname = request.form["fullname"]
session['company'] = company = request.form["company"]
session['addr1'] = addr1 = request.form["addr1"]
session['addr2'] = addr2 = request.form["addr2"]
session['city'] = city = request.form["city"]
session['state'] = state = request.form["state"]
session['zipcode'] = zipcode = request.form["zipcode"]
session['newpass'] = newpass = request.form["newpass"]
if newpass:
cur.execute("UPDATE users SET password = '******',full_name = '" + fullname +
"',company_name = '" + company +
"',addr1 = '" + addr1 + "',addr2 = '" +
addr2 + "',city = '" + city +
"',state = '" + state + "', zipcode = '" +
zipcode + "' WHERE email = '" + email +
"'")
db.commit()
session[
'flash'] = "Information updated! New password stored!"
flash(session['flash'], 'success')
else:
cur.execute("UPDATE users SET full_name = '" +
fullname + "',company_name = '" + company +
"',addr1 = '" + addr1 + "',addr2 = '" +
addr2 + "',city = '" + city +
"',state = '" + state + "', zipcode = '" +
zipcode + "' WHERE email = '" + email +
"'")
db.commit()
session['flash'] = "Information updated!"
flash(session['flash'], 'success')
else:
session['flash'] = "Incorrect password"
flash(session['flash'], 'error')
else:
if (len(form.errors.items()) == 1 and 'csrf_token'
not in form.errors) or len(form.errors.items()) > 1:
out = "Error(s) encountered!"
for item, error in form.errors.items():
if item != "csrf_token":
out += "<br/>" + error[0]
session['flash'] = out
flash(session['flash'], 'error')
return render_template("tools/manageProfile.html",
form=form,
session=session)
def login():
form = LoginForm(request.form)
# print(form.errors)
# print(generate_password_hash('password'))
if request.method == "POST":
if "register" in request.form:
return redirect(url_for("auth.signup"))
if "login" in request.form:
# print(request.form)
password = request.form["password"]
email = request.form["email"]
(db, cur) = get_db()
if form.validate() or (len(form.errors.items()) == 1
and "csrf_token" in form.errors):
ip = socket.gethostbyname(socket.gethostname())
# print("flag user check")
cur.execute("SELECT * FROM users WHERE email = '" + email +
"'")
user = cur.fetchone()
# print(user)
if user is None:
insertToDB(email, password, 0, ip)
session[
'flash'] = "Error: Email or password is incorrect. Try again..."
flash(session['flash'], 'error')
elif not check_password_hash(user[1], password):
if user[9] < max_attempt - 1:
insertToDB(email, password, 1, ip)
cur.execute("UPDATE users SET number_of_attempts = " +
str(user[9] + 1) + " WHERE email = '" +
email + "'")
db.commit()
session[
'flash'] = "Error: Email or password is incorrect. Try again..."
flash(session['flash'], 'error')
else:
insertToDB(email, password, 2, ip)
cur.execute("UPDATE users SET number_of_attempts = " +
str(max_attempt) + " WHERE email = '" +
email + "'")
db.commit()
session[
'flash'] = "Error: Email or password is incorrect. Account is locked. Contact Customer Support for assistance."
flash(session['flash'], 'error')
else:
if user[9] == max_attempt:
insertToDB(email, password, 2, ip)
session[
'flash'] = "Error: Account is locked. Contact Customer Support for assistance."
flash(session['flash'], 'error')
else:
session['flash'] = ''
insertToDB(email, password, 3, ip)
cur.execute(
"UPDATE users SET number_of_attempts = 0, logged_in = 1 WHERE email = '"
+ email + "'")
db.commit()
session.clear()
session['email'] = email
[
session['fullname'], session['company'],
session['addr1'], session['addr2'],
session['city'], session['state'],
session['zipcode']
] = [user[x] for x in range(2,
len(user) - 2)]
return redirect(url_for("userPage", email=email))
else:
if (len(form.errors.items()) == 1 and "csrf_token"
not in form.errors) or len(form.errors.items()) > 1:
out = "Error(s) encountered!"
for item, error in form.errors.items():
if item != "csrf_token":
out += "<br/>" + error[0]
session['flash'] = out
flash(session['flash'], 'error')
# print(form.errors)
return render_template("auth/login.html", form=form)