123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107 |
- import json
- import lc.config as c
- import lc.model as m
- import lc.request as r
- import lc.app as a
- class TestRoutes:
- def setup_method(self, _):
- c.db.init(":memory:")
- c.db.create_tables(m.MODELS)
- self.app = a.app.test_client()
- def teardown_method(self, _):
- c.db.close()
- def mk_user(self, username="gdritter", password="foo") -> m.User:
- return m.User.from_request(r.User(name=username, password=password,))
- def test_index(self):
- result = self.app.get("/")
- assert result.status == "200 OK"
- def test_successful_api_login(self):
- username = "gdritter"
- password = "bar"
- u = self.mk_user(username=username, password=password)
- result = self.app.post("/auth", json={"name": username, "password": password})
- assert result.status == "200 OK"
- decoded_token = c.serializer.loads(result.json["token"])
- assert decoded_token["name"] == username
- assert decoded_token["password"] == password
- def test_failed_api_login(self):
- username = "gdritter"
- password = "bar"
- u = self.mk_user(username=username, password=password)
- result = self.app.post("/auth", json={"name": username, "password": "foo"})
- assert result.status == "403 FORBIDDEN"
- def test_successful_web_login(self):
- username = "gdritter"
- password = "bar"
- u = self.mk_user(username=username, password=password)
- result = self.app.post(
- "/auth",
- data={"username": username, "password": password},
- follow_redirects=True,
- )
- assert result.status == "200 OK"
- def test_failed_web_login(self):
- username = "gdritter"
- password = "bar"
- u = self.mk_user(username=username, password=password)
- result = self.app.post("/auth", data={"username": username, "password": "foo"})
- assert result.status == "403 FORBIDDEN"
- def test_successful_api_add_link(self):
- password = "foo"
- u = self.mk_user(password=password)
- result = self.app.post("/auth", json={"name": u.name, "password": password})
- assert result.status == "200 OK"
- token = result.json["token"]
- result = self.app.post(
- f"/u/{u.name}/l",
- json={
- "url": "http://example.com/",
- "name": "Example Dot Com",
- "description": "Some Description",
- "private": False,
- "tags": ["website"],
- },
- headers={"Authorization": f"Bearer {token}"},
- )
- assert result.status == "200 OK"
- assert result.json["url"] == "http://example.com/"
- def test_no_permissions_api_add_link(self):
- # create a user who owns a link collection
- owner = self.mk_user()
- password = "foo"
- # and another user who should not be able to post to it
- interloper = self.mk_user(username="interloper", password=password)
- # authenticate as interloper
- result = self.app.post(
- "/auth", json={"name": interloper.name, "password": password}
- )
- assert result.status == "200 OK"
- token = result.json["token"]
- # try to add a link to owner's collection
- result = self.app.post(
- f"/u/{owner.name}/l",
- json={
- "url": "http://example.com/",
- "name": "Example Dot Com",
- "description": "Some Description",
- "private": False,
- "tags": ["website"],
- },
- headers={"Authorization": f"Bearer {token}"},
- )
- assert result.status == "403 FORBIDDEN"
|