def test_login_user_method():
user = get_user("correct_email")
if not user:
register_user("correct_email", "test_name", "correct_password",
"correct_password", 0)
assert login_user("correct_email",
"correct_password") == get_user("correct_email")
assert login_user("correct_email", "incorrect_password") == None
assert login_user("unregistered_email", "test_password") == None
def register_post():
email = request.form.get('email')
name = request.form.get('name')
password = request.form.get('password')
password2 = request.form.get('password2')
error_message = None
if password != password2:
error_message = "Password format is incorrect"
elif not validateEmail(email):
error_message = "Email format is incorrect"
elif not validatePassword(password):
error_message = "Password format is incorrect"
elif not validateUsername(name):
error_message = "Username format is incorrect"
else:
user = bn.get_user(email)
if user:
error_message = "This email has been ALREADY used"
elif bn.register_user(email, name, password, password2):
error_message = "Failed to store user info."
# if there is any error messages when registering new user
# at the backend, go back to the register page.
if error_message:
return render_template('register.html', message=error_message)
else:
return redirect('/login')
def register_post():
email = request.form.get('email')
name = request.form.get('name')
password = request.form.get('password')
password2 = request.form.get('password2')
error_message = None
# checks validity of email and passwords
if (not checkEmailFormat(email)):
error_message = "email format is incorrect."
elif (not checkUserNameFormat(name)):
error_message = "username format incorrect."
elif (not checkPasswordFormat(password)):
error_message = "password format incorrect."
elif (not checkPasswordFormat(password2)):
error_message = "password format incorrect."
elif (password != password2):
error_message = "passwords not equal"
else:
user = bn.get_user(email)
if user:
error_message = "this email has been ALREADY used"
elif not bn.register_user(email, name, password, password2, 5000.00):
error_message = "Failed to store user info."
# if there is any error messages when registering new user
# at the backend, go back to the register page.
if error_message:
return render_template('register.html', message=error_message)
else:
return redirect('/login')
def sell():
"""
Route to sell a new ticket.
This route will validate the ticket form, if valid it will use a backend function
to commit to the database
"""
if 'logged_in' not in session:
return redirect('/login')
name = request.form.get('name')
quantity = request.form.get('quantity')
price = request.form.get('price')
date = request.form.get('date')
error_message = check_ticket_form(name, quantity, price, date)
tickets = bn.get_all_tickets()
user = bn.get_user(session['logged_in'])
if error_message:
return render_template('index.html',
sell_message=error_message,
tickets=tickets,
user=user)
bn.create_ticket(name, quantity, price, date, user.email)
return redirect('/', code=303)
def sellticket():
message = ""
ticket_name = request.form['name']
ticket_quantity = int(request.form['quantity'])
ticket_price = float(request.form['price'])
ticket_date = request.form['date']
try:
ticket_date = datetime.datetime.strptime(ticket_date, '%Y%m%d')
except ValueError:
message = "Invalid date format. Please use the format YYYMMDD, i.e. 20200421."
user_email = request.form['user']
user = bn.get_user(user_email)
# check name
if not is_ticket_name_valid(ticket_name):
message = "Ticket name is invalid."
# check quantity
if not is_quantity_of_tickets_valid(ticket_quantity):
message = "Ticket quantity must be between 0 and 100."
# check price
if not is_ticket_price_valid(ticket_price):
message = "Ticket price is invalid."
# check date
if not is_ticket_date_valid(ticket_date):
message = "Ticket date is invalid."
if not message: # if message is empty, indicating no validation errors
message = "Ticket created successfully."
bn.sell_ticket(ticket_name, ticket_quantity, ticket_price, ticket_date,
user.id)
# redirect user to profile page with result message
return redirect("/?message={}".format(message))
def updateticket():
ticket_id = request.form['ticket_id']
ticket_name = request.form['name']
ticket_quantity = int(request.form['quantity'])
ticket_price = float(request.form['price'])
ticket_date = request.form['date']
ticket_date = datetime.datetime.strptime(ticket_date, '%Y-%m-%d')
user_email = request.form['user']
user = bn.get_user(user_email)
message = ""
# check ticket exists
if not does_ticket_exist(ticket_id):
message = "Ticket not found."
# check name
if not is_ticket_name_valid(ticket_name):
message = "Ticket name is invalid."
# check quantity
if not is_quantity_of_tickets_valid(ticket_quantity):
message = "Ticket quantity must be between 0 and 100."
# check price
if not is_ticket_price_valid(ticket_price):
message = "Ticket price is invalid."
# check date
if not is_ticket_date_valid(ticket_date):
message = "Ticket data is invalid."
if not message: # if message is empty, indicating no validation errors
bn.update_ticket(ticket_id, ticket_name, ticket_quantity, ticket_price,
ticket_date)
message = "Ticket successfully updated"
# redirect user to profile page with result message
return redirect("/?message={}".format(message))
def register_post():
email = request.form.get('email')
name = request.form.get('name')
password = request.form.get('password')
password2 = request.form.get('password2')
error_message = None
if password != password2:
error_message = "The passwords do not match"
elif not is_valid_email(email):
error_message = "Email format error"
elif not is_valid_password(password):
error_message = "Password not strong enough"
elif not is_valid_user(name):
error_message = "Username not allowed"
else:
user = bn.get_user(email)
if user:
error_message = "User Already exists"
#*********Getting error message showing up even thou it shouldnt**************************
elif not bn.register_user(email, name, password, password2):
error_message = ""
# if there is any error messages when registering new user
# at the backend, go back to the register page.
if error_message:
return render_template('register.html', message=error_message)
else:
return redirect('/login')
def run_around_tests():
if get_user('*****@*****.**') is None:
register_user('*****@*****.**', 'Tester Zero', 'Password123',
'Password123')
if get_ticket('t1') is None:
create_ticket('t1', 50, 70.50, '20771210')
def buy():
"""
Route to buy a ticket.
This route will validate the ticket form, if valid it will update the database
through a backend function
"""
if 'logged_in' not in session:
return redirect('/login')
email = session['logged_in']
# Get user information
user = bn.get_user(email)
# Sets the error message to blank initially
error_message = ""
# Get information from the form
name = request.form.get('name')
quantity = request.form.get('quantity')
# Get all tickets to pass to backend function
tickets = bn.get_all_tickets()
error_message = check_ticket_form(name, quantity)
if not error_message:
if bn.buy_ticket(name, user, int(quantity)):
message = "Tickets bought succesfully"
else:
error_message = "Ticket could not be bought"
# Checks if there is an error, and if there is set the error message
if len(error_message) > 0:
session['error'] = error_message
message = session["error"]
del session["error"]
return render_template('index.html',
buy_message=message,
user=user,
tickets=tickets)
def test_email_not_exists(self):
'''
Make sure get_user returns None if the user doesn't exist
'''
# Give an impossible email to be in the database from frontend testing
self.assertIsNone(bn.get_user(test_user.email + '1'))
def sell_get():
#returning a user object of the current session to get the current users email.
email = session['logged_in']
#storing the returned user in a variable
user = bn.get_user(email)
tickets = bn.get_all_tickets()
return render_template('index.html', user=user, tickets=tickets)
def sell_post():
ticket_name = request.form['name']
ticket_quantity = int(request.form['quantity'])
ticket_price = float(request.form['price'])
ticket_date = request.form['date']
ticket_date = datetime.datetime.strptime(ticket_date, '%Y-%m-%d')
user_email = request.form['user']
user = bn.get_user(user_email)
message = ""
# check name
if not is_valid_ticket_name(ticket_name):
message = "Ticket name is invalid."
# check quantity
if not is_valid_ticket_quanitity(ticket_quantity):
message = "Ticket quantity must be between 0 and 100."
# check price
if not is_valid_ticket_price(ticket_price):
message = "Ticket price is invalid."
# check date
if not is_ticket_date_valid(ticket_date):
message = "Ticket date is invalid."
if not message: # if message is empty, indicating no validation errors
message = "Ticket created successfully."
bn.sell_ticket(ticket_name, ticket_quantity, ticket_price, ticket_date,
user.id)
# redirect user to profile page with result message
return redirect("/?message={}".format(message))
def register_post():
email = request.form.get('email')
name = request.form.get('name')
password = request.form.get('password')
password2 = request.form.get('password2')
error_message = None
# These helper functions return the error with a field if there is any, or False otherwise
email_error = validate_email(email)
name_error = validate_name(name)
password_error = validate_password(password)
if password != password2:
error_message = "The passwords do not match"
elif name_error:
error_message = name_error
elif email_error:
error_message = email_error
elif password_error:
error_message = password_error
else:
user = bn.get_user(email)
if user:
error_message = "User exists"
elif bn.register_user(email, name, password, password2):
error_message = "Failed to store user info."
# if there is any error messages when registering new user
# at the backend, go back to the register page.
if error_message:
return render_template('register.html', message=error_message)
else:
return redirect('/login')
def buy_post():
title = request.form.get('buy-name')
try:
quantity = int(request.form.get('buy-quantity'))
except:
return redirect('/?bMessage=Field Requires Integer')
ticket = bn.get_ticket(title)
if not re.search(regex_title, title):
return redirect('/?bMessage=Name Format Error')
elif not ticket:
return redirect('/?bMessage=Ticket Does Not Exist')
email = session['logged_in']
user = bn.get_user(email)
serviceFee = ticket.price * quantity * 0.35
tax = ticket.price * quantity * 0.05
cost = (ticket.price * quantity + serviceFee + tax)
if quantity <= 0 or quantity > 100:
return redirect('/?bMessage=Invalid Quantity')
elif quantity > ticket.quantity:
return redirect('/?bMessage=Not Enough Tickets Left')
elif user.balance < cost:
return redirect('/?bMessage=Insufficient Funds')
bn.buy_ticket(title, quantity, cost, user)
return render_template('temp.html', message='Bought')
def register_post():
email = request.form.get('email')
name = request.form.get('name')
password = request.form.get('password')
password2 = request.form.get('password2')
error_message = None
if password != password2:
error_message = "The passwords do not match"
elif len(email) < 1:
error_message = "Email format error"
elif len(password) < 1:
error_message = "Password not strong enough"
else:
user = bn.get_user(email)
if user:
error_message = "User exists"
elif not bn.register_user(email, name, password, password2):
error_message = "Failed to store user info."
# if there is any error messages when registering new user
# at the backend, go back to the register page.
if error_message:
return render_template('register.html', message=error_message)
else:
return redirect('/login')
def register_post():
email = request.form.get('email')
name = request.form.get('name')
password = request.form.get('password')
password2 = request.form.get('password2')
error_message = None
if password != password2:
error_message = "The passwords do not match"
elif not is_valid_email(email):
error_message = "Email format error"
elif not is_valid_password(password):
error_message = "Password not strong enough"
elif not name.replace(' ',
'').isalnum() or name[0] == ' ' or name[-1] == ' ':
error_message = "Username is not alphanumeric and cannot start or end with a space"
else:
user = bn.get_user(email)
if user:
error_message = "User exists"
elif bn.register_user(email, name, password, password2):
error_message = "Failed to store user info."
# if there is any error messages when registering new user
# at the backend, go back to the register page.
if error_message:
return render_template('register.html', message=error_message)
else:
return redirect('/login')
def sell_ticket():
email = session['logged_in']
user = bn.get_user(email)
ticket_name = request.form.get('name_sell')
ticket_quantity = int(request.form.get('quantity_sell'))
ticket_price = int(request.form.get('price_sell'))
ticket_date = request.form.get('expdate_sell')
error_message = ""
error_list = []
# validate ticket name
error_list.append(validate_ticket_name(ticket_name, error_message))
# validate ticket quantity
error_list.append(validate_ticket_quantity(ticket_quantity, error_message))
# validate ticket price
error_list.append(validate_ticket_price(ticket_price, error_message))
# validate ticket date
error_list.append(validate_ticket_date(ticket_date, error_message))
# For any errors, redirect back to / and show an error message
tickets = bn.get_all_tickets()
if error_list[0] != "":
return render_template('index.html',
user=user,
sell_message=error_list[0],
tickets=tickets)
elif error_list[1] != "":
return render_template('index.html',
user=user,
sell_message=error_list[1],
tickets=tickets)
elif error_list[2] != "":
return render_template('index.html',
user=user,
sell_message=error_list[2],
tickets=tickets)
elif error_list[3] != "":
return render_template('index.html',
user=user,
sell_message=error_list[3],
tickets=tickets)
# The added new ticket information will be posted on the user profile page
else:
try:
bn.sell_ticket(user, ticket_name, ticket_quantity, ticket_price,
ticket_date)
tickets = bn.get_all_tickets()
return render_template('index.html', user=user, tickets=tickets)
except exc.IntegrityError:
bn.rollback(
) # need to roll the database back before uniquness error
return render_template(
'index.html',
user=user,
sell_message="This ticket name already exists",
tickets=tickets)
def test_get_user_nonexistent_email(self):
"""
Input Partion: nonexistent user email
"""
# Test is started with clean table. No need to remove data
#Get user by email and assert equal to the test user
user = get_user("*****@*****.**")
self.assert_equal(user, None)
def test_get_user(self, *_):
"""
**Test backend method get_user**
Mocking:
None
Actions:
- validate that an email with no existing user returns None
- open /logout (to invalidate any logged-in sessions that may exist)
- open /register
- register new user
- validate if the two emails are returning existing users
- delete user
"""
# validate that get_user() does not return a user if the new_email does not yet belong to a user
assert get_user(invalid_email) is None
assert get_user(valid_email) is None
# open /logout
self.open(base_url + '/logout')
# open /register
self.open(base_url + '/register')
# enter new user's info into the appropriate forms
self.type("#email", valid_email)
self.type("#name", valid_name)
self.type('#password', valid_password)
self.type('#password2', valid_password)
# submit the forms
self.click('input[type="submit"]')
# Validate get_user(). One should return a user. The other should return None
assert get_user(valid_email) is not None
assert get_user(invalid_email) is None
#must remove this user from db.sqlite in order to run test again
new_user = User.query.filter_by(email=valid_email).first()
db.session.delete(new_user)
db.session.commit()
def login_get():
if "logged_in" in session:
email = session['logged_in']
user = bn.get_user(email)
if user:
return redirect('/') # redirect to user profile page
else:
return redirect('/logout') # log out of invalid session
return render_template('login.html', message='Please login')
def wrapped_inner():
# check did we store the key in the session
if 'logged_in' in session:
email = session['logged_in']
user = bn.get_user(email)
if user:
# if the user exists, redirect to /
return redirect('/')
else:
# else, call the inner function
return inner_function()
def register_get():
# Check if there is an existing logged in user
if "logged_in" in session:
email = session['logged_in']
user = bn.get_user(email)
if user:
return redirect('/') # redirect to user profile page
else:
return redirect('/logout') # log out of invalid session
return render_template('register.html', message='')
def wrapped_inner():
# check did we store the key in the session
if 'logged_in' in session:
email = session['logged_in']
user = bn.get_user(email)
if user:
# if the user exists, call the inner_function
# with user as parameter
return inner_function(user)
return redirect('/login')
def update_post():
name = request.form.get('tname')
quantity = request.form.get('tquantity')
price = request.form.get('price')
expiration = request.form.get('expiration')
email = session['logged_in']
user = bn.get_user(email)
ticket = bn.get_ticket(name)
error_message = None
#checks if the expiration date is in the correct format, assigns checkDate
#to None if it is not
try:
checkDate = datetime.datetime.strptime(expiration, '%Y%m%d')
except:
checkDate = None
#verifies that checkDate is not equal to None
if checkDate == None:
error_message = "Incorrect expiration date format"
#redirects for any errors
# elif error_message:
#return render_template('/', message=error_message)
#error_message = None
#Validating information submitted in update form
#Name of ticket has to be alphanumeric only
elif not all(chr.isalnum() or chr.isspace() for chr in name):
error_message = "name not alphanumeric"
#Name must have no spaces at the beginning or end
elif name.startswith(" ") or name.endswith(" "):
error_message = "The ticket name can't begin or end with a space."
#Name of the ticket can't be longer than 60 characters
elif len(name) > 60:
error_message = "The ticket name can't be longer than 60 characters."
#Quantity has to be more than zero, and less than or equal to 100
elif int(quantity) <= 0 or int(quantity) > 100:
error_message = "The ticket quantity must be between 1 and 100 (inclusive)."
#Price has to be in the range 10-100
elif int(price) < 10 or int(price) > 100:
error_message = "The ticket price must be between 10 and 100 (inclusive)."
elif ticket == None:
error_message = "Sorry, this ticket is not available."
if error_message:
tickets = bn.get_all_tickets()
return render_template('index.html', message=error_message, user=user, tickets=tickets)
else:
bn.update_ticket(name,quantity,price,int(expiration))
return redirect('/')
def register_post():
email = request.form.get('email')
name = request.form.get('name')
password = request.form.get('password')
password2 = request.form.get('password2')
login_message = "Please login"
# regex's to check the inputs against
# please note that the email pattern doesn't actually work for all RFC5322 emails
# if you can find a regex that does please replace it and then remove this comment, thanks
passwordPattern = re.compile(
"(?=.*[a-z])(?=.*[A-Z])(?=.*([!-/]|[:-@])).{6,}")
emailPattern = re.compile(
"([!#-'*+/-9=?A-Z^-~-]+(\.[!#-'*+/-9=?A-Z^-~-]+)*|\"([]!#-[^-~ \t]|(\\[\t -~]))+\")@([0-9A-Za-z]([0-9A-Za-z-]{0,61}[0-9A-Za-z])?(\.[0-9A-Za-z]([0-9A-Za-z-]{0,61}[0-9A-Za-z])?)*|\[((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])){3}|IPv6:((((0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}):){6}|::((0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}):){5}|[0-9A-Fa-f]{0,4}::((0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}):){4}|(((0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}):)?(0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}))?::((0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}):){3}|(((0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}):){0,2}(0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}))?::((0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}):){2}|(((0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}):){0,3}(0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}))?::(0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}):|(((0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}):){0,4}(0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}))?::)((0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}):(0|[1-9A-Fa-f][0-9A-Fa-f]{0,3})|(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])){3})|(((0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}):){0,5}(0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}))?::(0|[1-9A-Fa-f][0-9A-Fa-f]{0,3})|(((0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}):){0,6}(0|[1-9A-Fa-f][0-9A-Fa-f]{0,3}))?::)|(?!IPv6:)[0-9A-Za-z-]*[0-9A-Za-z]:[!-Z^-~]+)])"
)
lengthPattern = re.compile("^.{1,63}$")
usernamePattern = re.compile("^[\w][\w| ]{0,18}[\w]$")
# check that both passwords match
if password != password2:
login_message = "password format is incorrect"
# check that the forms all match the required patterns using regular expressions
elif not (emailPattern.match(email)) or not (lengthPattern.match(email)):
login_message = "email format is incorrect"
elif not (passwordPattern.match(password)):
login_message = "password format is incorrect"
elif not (usernamePattern.match(name)):
login_message = "username format is incorrect"
# if all forms are correct, attempt to register the user
else:
user = bn.get_user(email)
# if the user already exists, send an error message
if user:
return render_template('register.html',
message="this email has been ALREADY used")
# if the registration fails for some reason (register_user doesn't return none) send an error message
elif bn.register_user(email, name, password, password2) != None:
return render_template('register.html',
message="failed to register new user")
# if no errors occur, set balance to 5000
else:
login_message = "Registration successful, please login now"
if bn.set_balance(email, 5000) != None:
login_message = "Registration successful, but failed to set new balance"
# return to login with the appropriate message
#return render_template('login.html', message=login_message)
#return redirect('/login')
return redirect(url_for('login_get', message=login_message))
def register_post():
email = request.form.get('email')
name = request.form.get('name')
password = request.form.get('password')
password2 = request.form.get('password2')
error_message = ""
# The passwords do not match
if password != password2:
return render_template('register.html',
message="The passwords do not match")
# The email format and email length is wrong
if not check_email_format(email):
return render_template('register.html',
message="Email format is incorrect")
# The password format is wrong
if not check_special_pass(password):
return render_template('register.html',
message="Password format is incorrect")
# Name is less than 2 characters or longer than 20 character
if len(name) <= 2 or len(name) >= 20:
return render_template('register.html',
message="Name length formatting error")
# Name has special char
if not check_alnum(name):
return render_template('register.html',
message="Name contains special characters")
# Space error
if not check_spaces(name):
return render_template('register.html',
message="Invalid spaces found in word")
# No errors, so no returns on function has been called, so no issue with validity of credentials
user = bn.get_user(email)
if user:
error_message = "This email has already been used" # changed error message to satisfy requirement
elif not bn.register_user(email, name, password,
password2): # new instance of user created
error_message = "Failed to store user info."
# if there is any error messages when registering new user
# at the backend, go back to the register page.
if error_message != "":
return render_template('register.html', message=error_message)
else:
return redirect('/login')
def wrapped_inner():
# check did we store the key in the session
if 'logged_in' in session:
email = session['logged_in']
user = bn.get_user(email)
if user:
# if the user exists, call the inner_function
# with user as parameter
return inner_function(user)
else:
# If user does not exist, reset logged_in
del session['logged_in']
# if we haven't returned a value yet (invalid token or not logged in),
# redirect to the login page
return redirect('/login')
def register_post():
email = request.form.get('email')
name = request.form.get('name')
password = request.form.get('password')
password2 = request.form.get('password2')
user = bn.get_user(email)
error_message = None
# validate email
check_email = validate_email(email, error_message, user)
# validate password and password2
check_pwd = validate_password(password, password2, error_message)
# validate username
check_name = validate_username(name, error_message)
'''
validate user informations
#if there is any error messages when registering new user
# at the backend, go back to the register page.
'''
# email
if check_pwd == "" and check_name == "":
if check_email != "":
return render_template('register.html', message=check_email)
if check_pwd == "" or check_name == "":
if check_email != "":
return render_template('register.html', message=check_email)
# password
if check_email == "" and check_name == "":
if check_pwd != "":
return render_template('register.html', message=check_pwd)
# name
if check_email == "" and check_pwd == "":
if check_name != "":
return render_template('register.html', message=check_name)
# fail to store
if not bn.register_user(email, name, password, password2):
error_message = "Failed to store user info."
# If no error regarding the inputs following the rules above, create a new user, set the balance to 5000, and go back to the /login page
if check_email == "" and check_pwd == "" and check_name == "":
return redirect('/login')
def test_get_user_valid_email(self):
"""
Input Partion: valid email
"""
# Test is started with clean table. No need to remove data
#Add test user to database
hashed_pw = generate_password_hash('q1w2e3Q!W@E#', method='sha256')
test_user = User(email='*****@*****.**', name='Test Email Input', password=hashed_pw, balance=5000)
db.session.add(test_user)
#Get user by email and assert equal to the test user
user = get_user("*****@*****.**")
self.assert_equal(user, test_user)
#Clean up by deleting test user
db.session.delete(test_user)
def wrapped_inner():
user = None
# check did we store the key in the session
if 'logged_in' in session:
email = session['logged_in']
user = bn.get_user(email)
if user is None:
del session['logged_in']
if user:
# if the user exists, call the inner_function
# with user as parameter
return inner_function(user)
else:
# else, redirect to the login page
return redirect('/login')
