def test_get_close_db(app):
with app.app_context():
db = get_db()
assert db is get_db()
with pytest.raises(sqlite3.ProgrammingError) as e:
db.execute('SELECT 1')
assert 'closed' in str(e)
def index():
db = get_db()
todos = db.execute(
'SELECT t.id, name, description, created, deadline, user_id, username'
' FROM todo t JOIN user u ON t.user_id = u.id'
' ORDER BY created DESC').fetchall()
return render_template('todo/index.html', todos=todos)
def load_logged_in_user():
user_id = session.get('user_id')
if user_id is None:
g.user = None
else:
g.user = get_db().execute('SELECT * FROM user WHERE id = ?',
(user_id, )).fetchone()
def test_delete(client, auth, app):
auth.login()
response = client.post('/1/delete')
assert response.headers['Location'] == 'http://localhost/'
with app.app_context():
db = get_db()
todo = db.execute('SELECT * FROM todo WHERE id = 1').fetchone()
assert todo is None
def test_create(client, auth, app):
auth.login()
assert client.get('/create').status_code == 200
client.post('/create', data={'name':'created',
'description': '',
'deadline': '2018-12-31'})
with app.app_context():
db = get_db()
count = db.execute('SELECT COUNT(id) FROM todo').fetchone()[0]
assert count == 2
def test_register(client, app):
assert client.get('/auth/register').status_code == 200
response = client.post('/auth/register',
data={
'username': '******',
'password': '******'
})
assert 'http://localhost/auth/login' == response.headers['Location']
with app.app_context():
assert get_db().execute(
"select * from user where username = '******'", ).fetchone() is not None
def test_author_required(app, client, auth):
# change the host author to another author
with app.app_context():
db = get_db()
db.execute('UPDATE todo SET user_id = 2 WHERE id=1')
db.commit()
auth.login()
# current user cannot modify another user's post
assert client.post('/1/update').status_code == 403
assert client.post('/1/delete').status_code == 403
# current user does not see edit link
assert b'href=="/1/update"' not in client.get('/').data
def get_todo(id, check_author=True):
todo = get_db().execute(
'SELECT t.id, name, description, deadline, created,'
'user_id, username'
' FROM todo t JOIN user u ON t.user_id = u.id'
' WHERE t.id = ?', (id, )).fetchone()
if todo is None:
abort(404, 'Todo id {0} does not exist'.format(id))
if check_author and todo['user_id'] != g.user['id']:
abort(403)
return todo
def test_update(client, auth, app):
auth.login()
assert client.get('/1/update').status_code == 200
client.post('/1/update',
data={'name': 'updated',
'description': 'new desc',
'deadline':'2018-06-01' })
with app.app_context():
db = get_db()
todo = db.execute('SELECT * FROM todo WHERE id = 1').fetchone()
assert todo['name'] == 'updated'
assert todo['description'] == 'new desc'
assert todo['deadline'] == '2018-06-01'
def create():
if request.method == 'POST':
name = request.form['name']
description = request.form['description']
deadline = request.form['deadline']
error = None
if not name:
error = 'Name is required.'
if error is not None:
flash(error)
else:
db = get_db()
db.execute(
'INSERT INTO todo (name, description, deadline, user_id)'
' VALUES (?, ?, ?, ?)',
(name, description, deadline, g.user['id']))
db.commit()
return redirect(url_for('todo.index'))
return render_template('todo/create.html')
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
user = db.execute('SELECT * FROM user WHERE username = ?',
(username, )).fetchone()
if user is None:
error = 'Incorrect username.'
elif not check_password_hash(user['password'], password):
error = 'Incorrect password.'
if error is None:
session.clear()
session['user_id'] = user['id']
return redirect(url_for('index'))
flash(error)
return render_template('auth/login.html')
def update(id):
todo = get_todo(id)
if request.method == 'POST':
name = request.form['name']
description = request.form['description']
deadline = request.form['deadline']
error = None
if not name:
error = 'Name is required.'
if error is not None:
flash(error)
else:
db = get_db()
db.execute(
'UPDATE todo SET name = ?, description = ?, deadline = ?'
' WHERE id = ?', (name, description, deadline, id))
db.commit()
return redirect(url_for('todo.index'))
return render_template('todo/update.html', todo=todo)
def register():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
if not username:
error = 'Username is required.'
elif not password:
error = 'Password is required.'
elif db.execute('SELECT id FROM user WHERE username = ?',
(username, )).fetchone() is not None:
error = 'User {} is already registered.'.format(username)
if error is None:
db.execute('INSERT INTO user (username, password) VALUES (?, ?)',
(username, generate_password_hash(password)))
db.commit()
return redirect(url_for('auth.login'))
flash(error)
return render_template('auth/register.html')
def delete(id):
get_todo(id)
db = get_db()
db.execute('DELETE FROM todo WHERE id = ?', (id, ))
db.commit()
return redirect(url_for('todo.index'))
