def testDeleteOther(self): user = build_user(user_type='commenter') other_user = build_user(user_type='user') username = user.username self.db.session.add(user) self.db.session.add(other_user) self.db.session.commit() self.login_user(other_user) user = User.query.filter(User.username == username).first() resp = self.app.post('/account/' + str(user.id) + '/destroy') self.assertEqual(resp.status_code, 401)
def testUserEditOtherAsAdmin(self): user = build_user(user_type='commenter') other_user = build_user(user_type='admin') username = user.username self.db.session.add(user) self.db.session.add(other_user) self.db.session.commit() self.login_user(other_user) user = User.query.filter(User.username == username).first() resp = self.app.get('/account/' + str(user.id) + '/edit') self.assertEqual(resp.status_code, 200) self.assertTrue(username.encode('utf-8') in resp.data)
def testUsersAdmin(self): user = build_user(user_type='admin') other_user = build_user(user_type='user') username = user.username other_username = other_user.username self.db.session.add(user) self.db.session.add(other_user) self.db.session.commit() self.login_user(user) resp = self.app.get('/admin/users') self.assertEqual(resp.status_code, 200) self.assertTrue(username.encode('utf-8') in resp.data) self.assertTrue(other_username.encode('utf-8') in resp.data)
def testDeleteOtherAdmin(self): user = build_user(user_type='commenter') other_user = build_user(user_type='admin') username = user.username self.db.session.add(user) self.db.session.add(other_user) self.db.session.commit() self.login_user(other_user) user = User.query.filter(User.username == username).first() old_id = user.id resp = self.app.post('/account/' + str(user.id) + '/destroy') self.assert_redirected(resp, '/') deleted_user = User.query.get(old_id) self.assertIsNone(deleted_user)
def testUpdateSelfUsernameTaken(self): other_user = build_user() other_username = other_user.username user = build_user(user_type='commenter') username = user.username self.db.session.add(user) self.db.session.add(other_user) self.db.session.commit() self.login_user(user) user = User.query.filter(User.username == username).first() resp = self.app.post('/account/' + str(user.id), data={'username': other_username}) self.assertEqual(resp.status_code, 200) self.assertTrue(b'This name has been taken.' in resp.data)
def testUpdateOtherUser(self): user = build_user(user_type='commenter') other_user = build_user(user_type='user') username = user.username self.db.session.add(user) self.db.session.add(other_user) self.db.session.commit() self.login_user(other_user) user = User.query.filter(User.username == username).first() resp = self.app.post('/account/' + str(user.id), data={ 'username': username, 'password': '******' }) self.assertEqual(resp.status_code, 401)
def testCommentsCommenter(self): user = build_user(user_type='commenter') self.db.session.add(user) self.db.session.commit() self.login_user(user) resp = self.app.get('/admin/comments') self.assertEqual(resp.status_code, 401)
def testPostCommentBadSlug(self): user = build_user(user_type='commenter') self.db.session.add(user) self.db.session.commit() self.login_user(user) resp = self.app.post('/posts/not-found/comments') self.assertEqual(resp.status_code, 404)
def testPageNewLoggedInUser(self): user = build_user(user_type='user') self.db.session.add(user) self.db.session.commit() self.login_user(user) resp = self.app.get('/pages/new') self.assertEqual(resp.status_code, 401)
def testUpdateOtherUserTypeAdmin(self): user = build_user(user_type='commenter') other_user = build_user(user_type='admin') username = user.username self.db.session.add(user) self.db.session.add(other_user) self.db.session.commit() self.login_user(other_user) user = User.query.filter(User.username == username).first() resp = self.app.post('/account/' + str(user.id), data={ 'username': username, 'user_type': 'user' }) self.assert_redirected(resp, '/') updated_user = User.query.filter(User.username == username).first() self.assertEqual(updated_user.user_type, 'user')
def testPostCreateAsCommenter(self): user = build_user(user_type='commenter') self.db.session.add(user) self.db.session.commit() self.login_user(user) resp = self.app.post('/posts', data={'title': 'My post', 'body': 'Posting it'}) self.assertEqual(resp.status_code, 401)
def testPageNewLoggedInAdmin(self): user = build_user(user_type='admin') self.db.session.add(user) self.db.session.commit() self.login_user(user) resp = self.app.get('/pages/new') self.assertEqual(resp.status_code, 200) self.assertTrue(b'Create Page' in resp.data)
def testPostNewLoggedInUser(self): user = build_user(user_type='user') self.db.session.add(user) self.db.session.commit() self.login_user(user) resp = self.app.get('/posts/new') self.assertEqual(resp.status_code, 200) self.assertTrue(b'Create Post' in resp.data)
def testImageCreateCommenter(self): user = build_user(user_type='commenter') self.db.session.add(user) self.db.session.commit() self.login_user(user) resp = self.app.post('/images', data={'upload': (BytesIO(b'image'), 'image.png')}) self.assertEqual(resp.status_code, 401)
def testNewSessionLoggedIn(self): user = build_user() self.db.session.add(user) self.db.session.commit() self.login_user(user) resp = self.app.get('/sessions/new') self.assert_redirected(resp, '/') self.assert_flashes('You are already logged in', 'error')
def testLoginNoPassword(self): user = build_user() self.db.session.add(user) self.db.session.commit() resp = self.app.post( '/sessions', data={'username': user.username, 'password': ''}) self.assertEqual(resp.status_code, 200) self.assertTrue(b'This field is required' in resp.data)
def testLoginWithExternalReturnTo(self): password = '******' user = build_user(password=password) self.db.session.add(user) self.db.session.commit() resp = self.app.post( '/sessions?return_to=https%3A%2F%2Fwww%2Egoogle%2Ecom', data={'username': user.username, 'password': password}) self.assert_redirected(resp, '/')
def testLoginWithReturnTo(self): password = '******' user = build_user(password=password) self.db.session.add(user) self.db.session.commit() resp = self.app.post( '/sessions?return_to=%2Fposts', data={'username': user.username, 'password': password}) self.assert_redirected(resp, '/posts')
def testImageCreateNoUpload(self): user = build_user(user_type='user') self.db.session.add(user) self.db.session.commit() self.login_user(user) resp = self.app.post('/images', data={}) self.assertEqual(resp.status_code, 200) body = json.loads(resp.data.decode('utf-8')) self.assertEqual(body['error'], 'This field is required.')
def testLoginBadPassword(self): password = '******' user = build_user(password=password) self.db.session.add(user) self.db.session.commit() resp = self.app.post( '/sessions', data={'username': user.username, 'password': password + '1'}) self.assertEqual(resp.status_code, 200) self.assertTrue(b'Invalid password' in resp.data)
def testPostDeleteWrongUser(self): user = build_user(user_type='user') post = build_post() slug = post.slug self.db.session.add(user) self.db.session.add(post) self.db.session.commit() self.login_user(user) resp = self.app.post('/posts/' + slug + '/destroy') self.assertEqual(resp.status_code, 401)
def testPostEditAsAuthor(self): user = build_user(user_type='user') post = build_post(user=user) slug = post.slug self.db.session.add(post) self.db.session.commit() self.login_user(user) resp = self.app.get('/posts/' + slug + '/edit') self.assertEqual(resp.status_code, 200) self.assertTrue(slug.encode('utf-8') in resp.data)
def testPageCreateAsAdminMissingData(self): user = build_user(user_type='admin') self.db.session.add(user) self.db.session.commit() self.login_user(user) resp = self.app.post('/pages', data={'title': 'About', 'body': ''}) self.assertEqual(resp.status_code, 200) self.assertTrue(b'This field is required' in resp.data) page = Page.query.filter(Page.slug == 'about').first() self.assertIsNone(page)
def testPostEditAsUserNotAuthor(self): user = build_user(user_type='user') post = build_post() slug = post.slug self.db.session.add(user) self.db.session.add(post) self.db.session.commit() self.login_user(user) resp = self.app.get('/posts/' + slug + '/edit') self.assertEqual(resp.status_code, 401)
def testPageDeleteNotAdmin(self): user = build_user(user_type='user') page = build_page() slug = page.slug self.db.session.add(user) self.db.session.add(page) self.db.session.commit() self.login_user(user) resp = self.app.post('/pages/' + slug + '/destroy') self.assertEqual(resp.status_code, 401)
def testPageEditAsUser(self): user = build_user(user_type='user') page = build_page() slug = page.slug self.db.session.add(user) self.db.session.add(page) self.db.session.commit() self.login_user(user) resp = self.app.get('/pages/' + slug + '/edit') self.assertEqual(resp.status_code, 401)
def testDeleteCommentCommenter(self): user = build_user(user_type='commenter') comment = build_comment() self.db.session.add(user) self.db.session.add(comment) self.db.session.commit() comment_id = comment.id self.login_user(user) resp = self.app.post('/comments/' + str(comment_id) + '/destroy') self.assertEqual(resp.status_code, 401)
def testPostShowUnpublishedAdmin(self): post = build_post(published_at=None) slug = post.slug user = build_user(user_type='admin') self.db.session.add(post) self.db.session.add(user) self.db.session.commit() self.login_user(user) resp = self.app.get('/posts/' + slug) self.assertEqual(resp.status_code, 200)
def testPageCreateAsUser(self): user = build_user(user_type='user') self.db.session.add(user) self.db.session.commit() self.login_user(user) resp = self.app.post('/pages', data={ 'title': 'About', 'body': 'About' }) self.assertEqual(resp.status_code, 401)
def testPageEditAsAdmin(self): user = build_user(user_type='admin') page = build_page() slug = page.slug self.db.session.add(user) self.db.session.add(page) self.db.session.commit() self.login_user(user) resp = self.app.get('/pages/' + slug + '/edit') self.assertEqual(resp.status_code, 200) self.assertTrue(slug.encode('utf-8') in resp.data)