routes.py 3.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107
  1. import json
  2. import lc.config as c
  3. import lc.model as m
  4. import lc.request as r
  5. import lc.app as a
  6. class TestRoutes:
  7. def setup_method(self, _):
  8. c.db.init(":memory:")
  9. c.db.create_tables(m.MODELS)
  10. self.app = a.app.test_client()
  11. def teardown_method(self, _):
  12. c.db.close()
  13. def mk_user(self, username="gdritter", password="foo") -> m.User:
  14. return m.User.from_request(r.User(name=username, password=password,))
  15. def test_index(self):
  16. result = self.app.get("/")
  17. assert result.status == "200 OK"
  18. def test_successful_api_login(self):
  19. username = "gdritter"
  20. password = "bar"
  21. u = self.mk_user(username=username, password=password)
  22. result = self.app.post("/auth", json={"name": username, "password": password})
  23. assert result.status == "200 OK"
  24. decoded_token = c.serializer.loads(result.json["token"])
  25. assert decoded_token["name"] == username
  26. assert decoded_token["password"] == password
  27. def test_failed_api_login(self):
  28. username = "gdritter"
  29. password = "bar"
  30. u = self.mk_user(username=username, password=password)
  31. result = self.app.post("/auth", json={"name": username, "password": "foo"})
  32. assert result.status == "403 FORBIDDEN"
  33. def test_successful_web_login(self):
  34. username = "gdritter"
  35. password = "bar"
  36. u = self.mk_user(username=username, password=password)
  37. result = self.app.post(
  38. "/auth",
  39. data={"username": username, "password": password},
  40. follow_redirects=True,
  41. )
  42. assert result.status == "200 OK"
  43. def test_failed_web_login(self):
  44. username = "gdritter"
  45. password = "bar"
  46. u = self.mk_user(username=username, password=password)
  47. result = self.app.post("/auth", data={"username": username, "password": "foo"})
  48. assert result.status == "403 FORBIDDEN"
  49. def test_successful_api_add_link(self):
  50. password = "foo"
  51. u = self.mk_user(password=password)
  52. result = self.app.post("/auth", json={"name": u.name, "password": password})
  53. assert result.status == "200 OK"
  54. token = result.json["token"]
  55. result = self.app.post(
  56. f"/u/{u.name}/l",
  57. json={
  58. "url": "http://example.com/",
  59. "name": "Example Dot Com",
  60. "description": "Some Description",
  61. "private": False,
  62. "tags": ["website"],
  63. },
  64. headers={"Authorization": f"Bearer {token}"},
  65. )
  66. assert result.status == "200 OK"
  67. assert result.json["url"] == "http://example.com/"
  68. def test_no_permissions_api_add_link(self):
  69. # create a user who owns a link collection
  70. owner = self.mk_user()
  71. password = "foo"
  72. # and another user who should not be able to post to it
  73. interloper = self.mk_user(username="interloper", password=password)
  74. # authenticate as interloper
  75. result = self.app.post(
  76. "/auth", json={"name": interloper.name, "password": password}
  77. )
  78. assert result.status == "200 OK"
  79. token = result.json["token"]
  80. # try to add a link to owner's collection
  81. result = self.app.post(
  82. f"/u/{owner.name}/l",
  83. json={
  84. "url": "http://example.com/",
  85. "name": "Example Dot Com",
  86. "description": "Some Description",
  87. "private": False,
  88. "tags": ["website"],
  89. },
  90. headers={"Authorization": f"Bearer {token}"},
  91. )
  92. assert result.status == "403 FORBIDDEN"