routes.py 5.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152
  1. import config # noqa: F401
  2. import lc.config as c
  3. import lc.model as m
  4. import lc.request as r
  5. import lc.app as a
  6. class TestRoutes:
  7. def setup_method(self, _):
  8. c.app.in_memory_db()
  9. m.create_tables()
  10. self.app = a.app.test_client()
  11. def teardown_method(self, _):
  12. c.app.close_db()
  13. def mk_user(self, username="gdritter", password="foo") -> m.User:
  14. return m.User.from_request(
  15. r.User(
  16. name=username,
  17. password=password,
  18. )
  19. )
  20. def test_index(self):
  21. result = self.app.get("/")
  22. assert result.status == "200 OK"
  23. def test_successful_api_login(self):
  24. username = "gdritter"
  25. password = "bar"
  26. self.mk_user(username=username, password=password)
  27. result = self.app.post("/auth", json={"name": username, "password": password})
  28. assert result.status == "200 OK"
  29. decoded_token = c.app.load_token(result.json["token"])
  30. assert decoded_token["name"] == username
  31. def test_failed_api_login(self):
  32. username = "gdritter"
  33. password = "bar"
  34. self.mk_user(username=username, password=password)
  35. result = self.app.post("/auth", json={"name": username, "password": "foo"})
  36. assert result.status == "403 FORBIDDEN"
  37. def test_successful_web_login(self):
  38. username = "gdritter"
  39. password = "bar"
  40. self.mk_user(username=username, password=password)
  41. result = self.app.post(
  42. "/auth",
  43. data={"username": username, "password": password},
  44. follow_redirects=True,
  45. )
  46. assert result.status == "200 OK"
  47. def test_failed_web_login(self):
  48. username = "gdritter"
  49. password = "bar"
  50. self.mk_user(username=username, password=password)
  51. result = self.app.post("/auth", data={"username": username, "password": "foo"})
  52. assert result.status == "403 FORBIDDEN"
  53. def test_successful_api_add_link(self):
  54. password = "foo"
  55. u = self.mk_user(password=password)
  56. result = self.app.post("/auth", json={"name": u.name, "password": password})
  57. assert result.status == "200 OK"
  58. token = result.json["token"]
  59. result = self.app.post(
  60. f"/u/{u.name}/l",
  61. json={
  62. "url": "http://example.com/",
  63. "name": "Example Dot Com",
  64. "description": "Some Description",
  65. "private": False,
  66. "tags": ["website"],
  67. },
  68. headers={"Authorization": f"Bearer {token}"},
  69. )
  70. assert result.status == "200 OK"
  71. assert result.json["url"] == "http://example.com/"
  72. def test_no_permissions_api_add_link(self):
  73. # create a user who owns a link collection
  74. owner = self.mk_user()
  75. password = "foo"
  76. # and another user who should not be able to post to it
  77. interloper = self.mk_user(username="interloper", password=password)
  78. # authenticate as interloper
  79. result = self.app.post(
  80. "/auth", json={"name": interloper.name, "password": password}
  81. )
  82. assert result.status == "200 OK"
  83. token = result.json["token"]
  84. # try to add a link to owner's collection
  85. result = self.app.post(
  86. f"/u/{owner.name}/l",
  87. json={
  88. "url": "http://example.com/",
  89. "name": "Example Dot Com",
  90. "description": "Some Description",
  91. "private": False,
  92. "tags": ["website"],
  93. },
  94. headers={"Authorization": f"Bearer {token}"},
  95. )
  96. assert result.status == "403 FORBIDDEN"
  97. def test_successful_api_delete_link(self):
  98. password = "foo"
  99. u = self.mk_user(password=password)
  100. result = self.app.post("/auth", json={"name": u.name, "password": password})
  101. assert result.status == "200 OK"
  102. token = result.json["token"]
  103. sample_url = "http://example.com/"
  104. result = self.app.post(
  105. f"/u/{u.name}/l",
  106. json={
  107. "url": sample_url,
  108. "name": "Example Dot Com",
  109. "description": "Some Description",
  110. "private": False,
  111. "tags": ["website"],
  112. },
  113. )
  114. link_id = result.json["id"]
  115. # this should be fine
  116. check_link = self.app.get(
  117. f"/u/{u.name}/l/{link_id}",
  118. headers={"Content-Type": "application/json"},
  119. )
  120. assert check_link.status == "200 OK"
  121. assert check_link.json["url"] == sample_url
  122. # delete the link
  123. delete_link = self.app.delete(
  124. f"/u/{u.name}/l/{link_id}",
  125. headers={"Authorization": f"Bearer {token}"},
  126. )
  127. assert delete_link.status == "200 OK"
  128. # make sure it is gone
  129. bad_result = self.app.get(
  130. f"/u/{u.name}/l/{link_id}",
  131. headers={"Content-Type": "application/json"},
  132. )
  133. assert bad_result.status == "404 NOT FOUND"