getty
/
lament-configuration


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158
							import os
import json

os.environ["LC_DB_PATH"] = ":memory:"
os.environ["LC_SECRET_KEY"] = "TEST_KEY"
os.environ["LC_APP_PATH"] = "localhost"

import lc.config as c
import lc.model as m
import lc.request as r
import lc.app as a


class TestRoutes:
    def setup_method(self, _):
        c.app.in_memory_db()
        m.create_tables()
        self.app = a.app.test_client()

    def teardown_method(self, _):
        c.app.close_db()

    def mk_user(self, username="gdritter", password="foo") -> m.User:
        return m.User.from_request(
            r.User(
                name=username,
                password=password,
            )
        )

    def test_index(self):
        result = self.app.get("/")
        assert result.status == "200 OK"

    def test_successful_api_login(self):
        username = "gdritter"
        password = "bar"
        u = self.mk_user(username=username, password=password)
        result = self.app.post("/auth", json={"name": username, "password": password})
        assert result.status == "200 OK"
        decoded_token = c.app.load_token(result.json["token"])
        assert decoded_token["name"] == username

    def test_failed_api_login(self):
        username = "gdritter"
        password = "bar"
        u = self.mk_user(username=username, password=password)
        result = self.app.post("/auth", json={"name": username, "password": "foo"})
        assert result.status == "403 FORBIDDEN"

    def test_successful_web_login(self):
        username = "gdritter"
        password = "bar"
        u = self.mk_user(username=username, password=password)
        result = self.app.post(
            "/auth",
            data={"username": username, "password": password},
            follow_redirects=True,
        )
        assert result.status == "200 OK"

    def test_failed_web_login(self):
        username = "gdritter"
        password = "bar"
        u = self.mk_user(username=username, password=password)
        result = self.app.post("/auth", data={"username": username, "password": "foo"})
        assert result.status == "403 FORBIDDEN"

    def test_successful_api_add_link(self):
        password = "foo"
        u = self.mk_user(password=password)
        result = self.app.post("/auth", json={"name": u.name, "password": password})
        assert result.status == "200 OK"
        token = result.json["token"]
        result = self.app.post(
            f"/u/{u.name}/l",
            json={
                "url": "http://example.com/",
                "name": "Example Dot Com",
                "description": "Some Description",
                "private": False,
                "tags": ["website"],
            },
            headers={"Authorization": f"Bearer {token}"},
        )
        assert result.status == "200 OK"
        assert result.json["url"] == "http://example.com/"

    def test_no_permissions_api_add_link(self):
        # create a user who owns a link collection
        owner = self.mk_user()
        password = "foo"

        # and another user who should not be able to post to it
        interloper = self.mk_user(username="interloper", password=password)

        # authenticate as interloper
        result = self.app.post(
            "/auth", json={"name": interloper.name, "password": password}
        )
        assert result.status == "200 OK"
        token = result.json["token"]

        # try to add a link to owner's collection
        result = self.app.post(
            f"/u/{owner.name}/l",
            json={
                "url": "http://example.com/",
                "name": "Example Dot Com",
                "description": "Some Description",
                "private": False,
                "tags": ["website"],
            },
            headers={"Authorization": f"Bearer {token}"},
        )
        assert result.status == "403 FORBIDDEN"

    def test_successful_api_delete_link(self):
        password = "foo"
        u = self.mk_user(password=password)
        result = self.app.post("/auth", json={"name": u.name, "password": password})
        assert result.status == "200 OK"
        token = result.json["token"]

        sample_url = "http://example.com/"
        result = self.app.post(
            f"/u/{u.name}/l",
            json={
                "url": sample_url,
                "name": "Example Dot Com",
                "description": "Some Description",
                "private": False,
                "tags": ["website"],
            },
        )
        link_id = result.json["id"]

        # this should be fine
        check_link = self.app.get(
            f"/u/{u.name}/l/{link_id}",
            headers={"Content-Type": "application/json"},
        )
        assert check_link.status == "200 OK"
        assert check_link.json["url"] == sample_url

        # delete the link
        delete_link = self.app.delete(
            f"/u/{u.name}/l/{link_id}",
            headers={"Authorization": f"Bearer {token}"},
        )
        assert delete_link.status == "200 OK"

        # make sure it is gone
        bad_result = self.app.get(
            f"/u/{u.name}/l/{link_id}",
            headers={"Content-Type": "application/json"},
        )
        assert bad_result.status == "404 NOT FOUND"