-
Notifications
You must be signed in to change notification settings - Fork 0
/
test.py
242 lines (205 loc) · 12.7 KB
/
test.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
#Importing dependencies
import os
import tempfile
from flask import render_template, request, url_for, flash, redirect
import unittest
import requests
import datetime
from sqlalchemy import create_engine
from app import app, bcrypt, db
from app import routes, forms
from app.models import User, Meta_book, Book, Transaction
from flask_login import login_user, current_user, logout_user, login_required
def log_in(self, email, password):
return requests.post('http://ec2-18-219-248-53.us-east-2.compute.amazonaws.com/login', data=dict(email=email, password=password))
hashed_password = bcrypt.generate_password_hash('password').decode('utf-8')
now = datetime.datetime.now()
class FlaskTestCase(unittest.TestCase):
#Ensuring that the default user is able to log in by asserting that the status code for this request is 200
def test_correct_login(self):
#Making a post request to the server with correct login credentials
response = requests.post('http://ec2-18-219-248-53.us-east-2.compute.amazonaws.com/login', data = dict(email="xd@gmail.com", password="111"))
self.assertTrue(response.status_code == 200)
#Ensuring a non-registered user is unable to log in by asserting that the request doesn't redirect ("Log In" still present in raw HTML)
def test_incorrect_login(self):
response = requests.post('http://ec2-18-219-248-53.us-east-2.compute.amazonaws.com/login', data = dict(username="incorrect@email.com", password="hunter12"))
self.assertIn("Log In", response.text)
#Testing whether the log out function works
def test_logout(self):
log_in(self, "xd@gmail.com", "111")
response1 = requests.post('http://ec2-18-219-248-53.us-east-2.compute.amazonaws.com/bookdisplay')
response = requests.post('http://ec2-18-219-248-53.us-east-2.compute.amazonaws.com/logout')
self.assertIn("Sign up now", response.text)
#Testing that the index page loads properly
def test_index(self):
response = requests.get('http://ec2-18-219-248-53.us-east-2.compute.amazonaws.com/')
self.assertTrue('Sign up now' in response.text)
#Testing that login is required to access various pages
def test_login_required_addbooks(self):
response = requests.get('http://ec2-18-219-248-53.us-east-2.compute.amazonaws.com/add_books')
self.assertNotIn('Condition of the book', response.text)
def test_login_required_library(self):
response = requests.get('http://ec2-18-219-248-53.us-east-2.compute.amazonaws.com/book_display')
self.assertNotIn('Explore the available books', response.text)
"""
The next test did not pass. This means that unathorised users are able to access the user pages of everyone. This is a major privacy issue.
I fixed it by adding @login_required to the user page. However, this doesn't fix it suficciently, as it means if user 1 is logged it, he can just
replace the '...ws.com/user/1' with '...ws.com/user/x' to view all the borrowed books of user x, so preferably a more substantial modification to the
code structure will be implemented, but that is not a priority now.
def test_login_required_userpage(self):
response = requests.get('http://ec2-18-219-248-53.us-east-2.compute.amazonaws.com/user/1')
self.assertNotIn('Borrowed Books', response.text)
"""
def test_login_required_notification(self):
response = requests.get('http://ec2-18-219-248-53.us-east-2.compute.amazonaws.com/notification')
self.assertNotIn('Requests sent', response.text)
#Test whether users are able to add books
def test_user_add_book(self):
log_in(self, "xd@gmail.com", "111")
response = requests.post('http://ec2-18-219-248-53.us-east-2.compute.amazonaws.com/add_books', data=dict(bookname="Bible", author="God", numpages=666, condition="torn"))
self.assertTrue(response.status_code == 200)
#Setting up a test database to check whether
def setUp(self):
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:////tmp/test.db'
db.create_all()
#function for tearing down the database
def tearDown(self):
db.session.remove()
db.drop_all()
#Checking whether the password hashing function works properly
def test_password_hashing(self):
new_user = User(username="John Doe",
email="john@aol.com",
password=hashed_password,
region="sf")
self.assertFalse(bcrypt.check_password_hash(new_user.password, "incorrect password"))
self.assertTrue(bcrypt.check_password_hash(new_user.password, "password"))
#Checking whether the database can add new users
def test_adding_users(self):
u1 = User(username="John Doe",
email="john@aol.com",
password=hashed_password,
region="sf")
u2 = User(username="Jane Doe",
email="jane@aol.com",
password=hashed_password,
region="hyd")
u3 = User(username="Simon Golombek",
email="simon@minerva.kgi.edu",
password=hashed_password,
region="ber")
db.session.add_all([u1, u2, u3])
db.session.commit()
thirduser = User.query.filter_by(id=3).first()
self.assertEqual(thirduser.username, "Simon Golombek")
#Testing the book properties
def test_book_properties(self):
mb1 = Meta_book(name="bible", author="god", numpages=666)
b1 = Book(metabook_id=1, owner_id=1,
condition="new", region="sf")
self.assertEqual(mb1.author, "god")
self.assertEqual(b1.owner_id, 1)
self.assertNotEqual(b1.owner_id, 2)
#Testing whether the database is able to add books
def test_adding_books(self):
b1 = Book(metabook_id=1, owner_id=1,
condition="new", region="sf")
b2 = Book(metabook_id=1, owner_id=1,
condition="used", region="hyd")
b3 = Book(metabook_id=1, owner_id=1,
condition="torn", region="sel")
db.session.add_all([b1, b2, b3])
db.session.commit()
hydbook = Book.query.filter_by(region="hyd").first()
numbertorn = Book.query.filter_by(condition="torn").all()
self.assertEqual(hydbook.owner_id, 1)
self.assertEqual(len(numbertorn), 1)
"""
The next test checks whether we can add transactions to the database. Unfortunately, it is also possible to add into the database
a transaction where the end date comes before the start date. This is unfortunate and should be fixes, but not a priority as this
will likely never happen if new transactions are added programmatically by having the end date say 14 days after the start date.
In addition, it is possible to insert a start date that comes before the current date, but this might actually be beneficial as
it allows admins to override the database if something unforseen happens.
"""
def test_adding_transactions(self):
t1 = Transaction(book_id=1, borrower_id=1,
date_created=datetime.datetime(2019, 5, 26), startdate=datetime.datetime(2019, 4, 16),
enddate=datetime.datetime(2019, 3, 30), status="open")
db.session.add(t1)
db.session.commit()
numtrans = Transaction.query.all()
self.assertEqual(len(numtrans), 1)
#Checking whether the enddate comes before the startdate
#self.assertTrue((t1.startdate-t1.enddate).days <= 0)
#self.assertTrue((now-t1.startdate).days <= 0)
"""Testing the addition of meta books"""
def test_add_meta_books(self):
mb1 = Meta_book(name = "1984", author = "George Orwell", numpages = 352, copies = 1)
db.session.add(mb)
db.session.commit()
number_mb = Meta_book.query.all()
self.assertEqual(len(number_mb),1)
"""Testing user, meta books and transactions properties"""
def test_user_properties(self):
user1 = User(username = "Jane", email = "jane@gmail.com", password = "12345", region = "sf" )
self.assertEqual(user1.username, "Jane")
self.assertEqual(user1.email, "jane@gmail.com")
self.assertEqual(user1.password, "12345")
self.assertEqual(user1.region, "sf")
def test_meta_book_properties(self):
mb1 = Meta_book(name = "1984", author = "George Orwell", numpages = 352, copies = 1)
self.assertEqual(mb1.name, "1984")
self.assertEqual(mb1.author, "George Orwell")
self.assertEqual(mb1.numpages, 352)
self.assertNotEqual(mb1.numpages, 451)
self.assertEqual(mb1.copies, 1)
def test_transaction_properties(self):
mb1 = Meta_book(name = "1984", author = "George Orwell", numpages = 352)
user1 = User(username = "Jane", email = "jane@gmail.com", password = "12345", region = "sf" )
book1 = Book(metabook_id = 1, owner_id = 1, condition = "used", region = "sf")
t1 = Transaction(book_id = 1, borrower_id = 1, date_created = datetime.datetime(2019, 4, 28), startdate = datetime.datetime(2019, 4, 30), enddate = datetime.datetime(2019, 5, 10), status = "open")
self.assertNotEqual(t1.status, "closed")
self.assertEqual(t1.book_id, 1)
self.assertEqual(t1.borrower_id, 1)
self.assertNotEqual(t1.startdate, datetime.datetime(2019, 4, 28) )
#Testing whether it's possible to initiate a borrowing request for a book in the database
def test_borrowing_book(self):
mb1 = Meta_book(name = "1984", author = "George Orwell", numpages = 352)
book1 = Book(metabook_id = 1, owner_id = 1, condition = "used", region = "sf")
db.session.add(mb1)
db.session.add(book1)
response = requests.post('http://ec2-18-219-248-53.us-east-2.compute.amazonaws.com/borrowing_request/1', data = dict(start_date = datetime.datetime(2019,5,1), enddate = datetime.datetime(2019,5,10)))
self.assertEqual(response.status_code, 200)
#Testing whether it's possible to borrow a borrowed book
def test_borrowing_borrowed_book(self):
mb1 = Meta_book(name = "1984", author = "George Orwell", numpages = 352)
user1 = User(username = "Jane", email = "jane@gmail.com", password = "12345", region = "sf" )
book1 = Book(metabook_id = 1, owner_id = 1, condition = "used", region = "sf")
t1 = Transaction(book_id = 1, borrower_id = 1, date_created = datetime.datetime(2019, 4, 28), startdate = datetime.datetime(2019, 4, 30), enddate = datetime.datetime(2019, 5, 10), status = "open")
db.session.add(mb1)
db.session.add(user1)
db.session.add(book1)
db.session.add(t1)
response = requests.post('http://ec2-18-219-248-53.us-east-2.compute.amazonaws.com/borrowing_request/1', data = dict(start_date = datetime.datetime(2019,5,1), enddate = datetime.datetime(2019,5,10)))
self.assertNotEqual(response.status_code, 200)
#Testing whether users are able to see their requests once logged in
def test_notification(self):
log_in(self, "xd@gmail.com", "111")
response = requests.get('http://ec2-18-219-248-53.us-east-2.compute.amazonaws.com/notification')
self.assertIn('Requests sent', response.text)
#Testing whether the register function works
def test_register(self):
response = requests.post('http://ec2-18-219-248-53.us-east-2.compute.amazonaws.com/register', data = dict(username="Joe", email = "xd@gmail.com", password="111", confirm_password = "111", region = "sf"))
self.assertEqual(response.status_code, 200)
#Testing whether it is possible to request a book, request for which just got cancelled
def test_borrowing_book_after_cancelled_request(self):
mb1 = Meta_book(name = "1984", author = "George Orwell", numpages = 352)
book1 = Book(metabook_id = 1, owner_id = 1, condition = "used", region = "sf")
db.session.add(mb1)
db.session.add(book1)
response = requests.post('http://ec2-18-219-248-53.us-east-2.compute.amazonaws.com/borrowing_request/1', data = dict(start_date = datetime.datetime(2019,5,1), enddate = datetime.datetime(2019,5,10)))
response1 = requests.post('http://ec2-18-219-248-53.us-east-2.compute.amazonaws.com/cancel_request/1')
response2 = requests.post('http://ec2-18-219-248-53.us-east-2.compute.amazonaws.com/borrowing_request/1', data = dict(start_date = datetime.datetime(2019,5,1), enddate = datetime.datetime(2019,5,10)))
self.assertEqual(response2.status_code, 200)
if __name__ == '__main__':
unittest.main()