routes.py 4.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145
  1. import json
  2. import lc.config as c
  3. import lc.model as m
  4. import lc.request as r
  5. import lc.app as a
  6. class TestRoutes:
  7. def setup_method(self, _):
  8. c.db.init(":memory:")
  9. c.db.create_tables(m.MODELS)
  10. self.app = a.app.test_client()
  11. def teardown_method(self, _):
  12. c.db.close()
  13. def mk_user(self, username="gdritter", password="foo") -> m.User:
  14. return m.User.from_request(r.User(name=username, password=password,))
  15. def test_index(self):
  16. result = self.app.get("/")
  17. assert result.status == "200 OK"
  18. def test_successful_api_login(self):
  19. username = "gdritter"
  20. password = "bar"
  21. u = self.mk_user(username=username, password=password)
  22. result = self.app.post("/auth", json={"name": username, "password": password})
  23. assert result.status == "200 OK"
  24. decoded_token = c.serializer.loads(result.json["token"])
  25. assert decoded_token["name"] == username
  26. def test_failed_api_login(self):
  27. username = "gdritter"
  28. password = "bar"
  29. u = self.mk_user(username=username, password=password)
  30. result = self.app.post("/auth", json={"name": username, "password": "foo"})
  31. assert result.status == "403 FORBIDDEN"
  32. def test_successful_web_login(self):
  33. username = "gdritter"
  34. password = "bar"
  35. u = self.mk_user(username=username, password=password)
  36. result = self.app.post(
  37. "/auth",
  38. data={"username": username, "password": password},
  39. follow_redirects=True,
  40. )
  41. assert result.status == "200 OK"
  42. def test_failed_web_login(self):
  43. username = "gdritter"
  44. password = "bar"
  45. u = self.mk_user(username=username, password=password)
  46. result = self.app.post("/auth", data={"username": username, "password": "foo"})
  47. assert result.status == "403 FORBIDDEN"
  48. def test_successful_api_add_link(self):
  49. password = "foo"
  50. u = self.mk_user(password=password)
  51. result = self.app.post("/auth", json={"name": u.name, "password": password})
  52. assert result.status == "200 OK"
  53. token = result.json["token"]
  54. result = self.app.post(
  55. f"/u/{u.name}/l",
  56. json={
  57. "url": "http://example.com/",
  58. "name": "Example Dot Com",
  59. "description": "Some Description",
  60. "private": False,
  61. "tags": ["website"],
  62. },
  63. headers={"Authorization": f"Bearer {token}"},
  64. )
  65. assert result.status == "200 OK"
  66. assert result.json["url"] == "http://example.com/"
  67. def test_no_permissions_api_add_link(self):
  68. # create a user who owns a link collection
  69. owner = self.mk_user()
  70. password = "foo"
  71. # and another user who should not be able to post to it
  72. interloper = self.mk_user(username="interloper", password=password)
  73. # authenticate as interloper
  74. result = self.app.post(
  75. "/auth", json={"name": interloper.name, "password": password}
  76. )
  77. assert result.status == "200 OK"
  78. token = result.json["token"]
  79. # try to add a link to owner's collection
  80. result = self.app.post(
  81. f"/u/{owner.name}/l",
  82. json={
  83. "url": "http://example.com/",
  84. "name": "Example Dot Com",
  85. "description": "Some Description",
  86. "private": False,
  87. "tags": ["website"],
  88. },
  89. headers={"Authorization": f"Bearer {token}"},
  90. )
  91. assert result.status == "403 FORBIDDEN"
  92. def test_successful_api_delete_link(self):
  93. password = "foo"
  94. u = self.mk_user(password=password)
  95. result = self.app.post("/auth", json={"name": u.name, "password": password})
  96. assert result.status == "200 OK"
  97. token = result.json["token"]
  98. sample_url = "http://example.com/"
  99. result = self.app.post(
  100. f"/u/{u.name}/l",
  101. json={
  102. "url": sample_url,
  103. "name": "Example Dot Com",
  104. "description": "Some Description",
  105. "private": False,
  106. "tags": ["website"],
  107. },
  108. )
  109. link_id = result.json["id"]
  110. # this should be fine
  111. check_link = self.app.get(
  112. f"/u/{u.name}/l/{link_id}", headers={"Content-Type": "application/json"},
  113. )
  114. assert check_link.status == "200 OK"
  115. assert check_link.json["url"] == sample_url
  116. # delete the link
  117. delete_link = self.app.delete(
  118. f"/u/{u.name}/l/{link_id}", headers={"Authorization": f"Bearer {token}"},
  119. )
  120. assert delete_link.status == "200 OK"
  121. # make sure it is gone
  122. bad_result = self.app.get(
  123. f"/u/{u.name}/l/{link_id}", headers={"Content-Type": "application/json"},
  124. )
  125. assert bad_result.status == "404 NOT FOUND"