routes.py 5.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150
  1. import os
  2. import json
  3. os.environ["LC_DB_PATH"] = ":memory:"
  4. os.environ["LC_SECRET_KEY"] = "TEST_KEY"
  5. os.environ["LC_APP_PATH"] = "localhost"
  6. import lc.config as c
  7. import lc.model as m
  8. import lc.request as r
  9. import lc.app as a
  10. class TestRoutes:
  11. def setup_method(self, _):
  12. c.app.in_memory_db()
  13. m.create_tables()
  14. self.app = a.app.test_client()
  15. def teardown_method(self, _):
  16. c.app.close_db()
  17. def mk_user(self, username="gdritter", password="foo") -> m.User:
  18. return m.User.from_request(r.User(name=username, password=password,))
  19. def test_index(self):
  20. result = self.app.get("/")
  21. assert result.status == "200 OK"
  22. def test_successful_api_login(self):
  23. username = "gdritter"
  24. password = "bar"
  25. u = self.mk_user(username=username, password=password)
  26. result = self.app.post("/auth", json={"name": username, "password": password})
  27. assert result.status == "200 OK"
  28. decoded_token = c.app.load_token(result.json["token"])
  29. assert decoded_token["name"] == username
  30. def test_failed_api_login(self):
  31. username = "gdritter"
  32. password = "bar"
  33. u = self.mk_user(username=username, password=password)
  34. result = self.app.post("/auth", json={"name": username, "password": "foo"})
  35. assert result.status == "403 FORBIDDEN"
  36. def test_successful_web_login(self):
  37. username = "gdritter"
  38. password = "bar"
  39. u = self.mk_user(username=username, password=password)
  40. result = self.app.post(
  41. "/auth",
  42. data={"username": username, "password": password},
  43. follow_redirects=True,
  44. )
  45. assert result.status == "200 OK"
  46. def test_failed_web_login(self):
  47. username = "gdritter"
  48. password = "bar"
  49. u = self.mk_user(username=username, password=password)
  50. result = self.app.post("/auth", data={"username": username, "password": "foo"})
  51. assert result.status == "403 FORBIDDEN"
  52. def test_successful_api_add_link(self):
  53. password = "foo"
  54. u = self.mk_user(password=password)
  55. result = self.app.post("/auth", json={"name": u.name, "password": password})
  56. assert result.status == "200 OK"
  57. token = result.json["token"]
  58. result = self.app.post(
  59. f"/u/{u.name}/l",
  60. json={
  61. "url": "http://example.com/",
  62. "name": "Example Dot Com",
  63. "description": "Some Description",
  64. "private": False,
  65. "tags": ["website"],
  66. },
  67. headers={"Authorization": f"Bearer {token}"},
  68. )
  69. assert result.status == "200 OK"
  70. assert result.json["url"] == "http://example.com/"
  71. def test_no_permissions_api_add_link(self):
  72. # create a user who owns a link collection
  73. owner = self.mk_user()
  74. password = "foo"
  75. # and another user who should not be able to post to it
  76. interloper = self.mk_user(username="interloper", password=password)
  77. # authenticate as interloper
  78. result = self.app.post(
  79. "/auth", json={"name": interloper.name, "password": password}
  80. )
  81. assert result.status == "200 OK"
  82. token = result.json["token"]
  83. # try to add a link to owner's collection
  84. result = self.app.post(
  85. f"/u/{owner.name}/l",
  86. json={
  87. "url": "http://example.com/",
  88. "name": "Example Dot Com",
  89. "description": "Some Description",
  90. "private": False,
  91. "tags": ["website"],
  92. },
  93. headers={"Authorization": f"Bearer {token}"},
  94. )
  95. assert result.status == "403 FORBIDDEN"
  96. def test_successful_api_delete_link(self):
  97. password = "foo"
  98. u = self.mk_user(password=password)
  99. result = self.app.post("/auth", json={"name": u.name, "password": password})
  100. assert result.status == "200 OK"
  101. token = result.json["token"]
  102. sample_url = "http://example.com/"
  103. result = self.app.post(
  104. f"/u/{u.name}/l",
  105. json={
  106. "url": sample_url,
  107. "name": "Example Dot Com",
  108. "description": "Some Description",
  109. "private": False,
  110. "tags": ["website"],
  111. },
  112. )
  113. link_id = result.json["id"]
  114. # this should be fine
  115. check_link = self.app.get(
  116. f"/u/{u.name}/l/{link_id}", headers={"Content-Type": "application/json"},
  117. )
  118. assert check_link.status == "200 OK"
  119. assert check_link.json["url"] == sample_url
  120. # delete the link
  121. delete_link = self.app.delete(
  122. f"/u/{u.name}/l/{link_id}", headers={"Authorization": f"Bearer {token}"},
  123. )
  124. assert delete_link.status == "200 OK"
  125. # make sure it is gone
  126. bad_result = self.app.get(
  127. f"/u/{u.name}/l/{link_id}", headers={"Content-Type": "application/json"},
  128. )
  129. assert bad_result.status == "404 NOT FOUND"