Home Explore Help
Sign In
getty
/
lament-configuration
1
0
Fork 0
Files Issues 3 Pull Requests 0 Wiki
Tree: 9b4908c433
Branches Tags
lament-confi...
/
tests
/
routes.py

routes.py 5.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152 
  1. import config  # noqa: F401
    2. 

  2. import lc.config as c
    3. 

  3. import lc.model as m
    4. 

  4. import lc.request as r
    5. 

  5. import lc.app as a
    6. 

  6. 

  7. 

  8. class TestRoutes:
    9. 

  9.     def setup_method(self, _):
    10. 

  10.         c.app.in_memory_db()
    11. 

  11.         m.create_tables()
    12. 

  12.         self.app = a.app.test_client()
    13. 

  13. 

  14.     def teardown_method(self, _):
    15. 

  15.         c.app.close_db()
    16. 

  16. 

  17.     def mk_user(self, username="gdritter", password="foo") -> m.User:
    18. 

  18.         return m.User.from_request(
    19. 

  19.             r.User(
    20. 

  20.                 name=username,
    21. 

  21.                 password=password,
    22. 

  22.             )
    23. 

  23.         )
    24. 

  24. 

  25.     def test_index(self):
    26. 

  26.         result = self.app.get("/")
    27. 

  27.         assert result.status == "200 OK"
    28. 

  28. 

  29.     def test_successful_api_login(self):
    30. 

  30.         username = "gdritter"
    31. 

  31.         password = "bar"
    32. 

  32.         self.mk_user(username=username, password=password)
    33. 

  33.         result = self.app.post("/auth", json={"name": username, "password": password})
    34. 

  34.         assert result.status == "200 OK"
    35. 

  35.         decoded_token = c.app.load_token(result.json["token"])
    36. 

  36.         assert decoded_token["name"] == username
    37. 

  37. 

  38.     def test_failed_api_login(self):
    39. 

  39.         username = "gdritter"
    40. 

  40.         password = "bar"
    41. 

  41.         self.mk_user(username=username, password=password)
    42. 

  42.         result = self.app.post("/auth", json={"name": username, "password": "foo"})
    43. 

  43.         assert result.status == "403 FORBIDDEN"
    44. 

  44. 

  45.     def test_successful_web_login(self):
    46. 

  46.         username = "gdritter"
    47. 

  47.         password = "bar"
    48. 

  48.         self.mk_user(username=username, password=password)
    49. 

  49.         result = self.app.post(
    50. 

  50.             "/auth",
    51. 

  51.             data={"username": username, "password": password},
    52. 

  52.             follow_redirects=True,
    53. 

  53.         )
    54. 

  54.         assert result.status == "200 OK"
    55. 

  55. 

  56.     def test_failed_web_login(self):
    57. 

  57.         username = "gdritter"
    58. 

  58.         password = "bar"
    59. 

  59.         self.mk_user(username=username, password=password)
    60. 

  60.         result = self.app.post("/auth", data={"username": username, "password": "foo"})
    61. 

  61.         assert result.status == "403 FORBIDDEN"
    62. 

  62. 

  63.     def test_successful_api_add_link(self):
    64. 

  64.         password = "foo"
    65. 

  65.         u = self.mk_user(password=password)
    66. 

  66.         result = self.app.post("/auth", json={"name": u.name, "password": password})
    67. 

  67.         assert result.status == "200 OK"
    68. 

  68.         token = result.json["token"]
    69. 

  69.         result = self.app.post(
    70. 

  70.             f"/u/{u.name}/l",
    71. 

  71.             json={
    72. 

  72.                 "url": "http://example.com/",
    73. 

  73.                 "name": "Example Dot Com",
    74. 

  74.                 "description": "Some Description",
    75. 

  75.                 "private": False,
    76. 

  76.                 "tags": ["website"],
    77. 

  77.             },
    78. 

  78.             headers={"Authorization": f"Bearer {token}"},
    79. 

  79.         )
    80. 

  80.         assert result.status == "200 OK"
    81. 

  81.         assert result.json["url"] == "http://example.com/"
    82. 

  82. 

  83.     def test_no_permissions_api_add_link(self):
    84. 

  84.         # create a user who owns a link collection
    85. 

  85.         owner = self.mk_user()
    86. 

  86.         password = "foo"
    87. 

  87. 

  88.         # and another user who should not be able to post to it
    89. 

  89.         interloper = self.mk_user(username="interloper", password=password)
    90. 

  90. 

  91.         # authenticate as interloper
    92. 

  92.         result = self.app.post(
    93. 

  93.             "/auth", json={"name": interloper.name, "password": password}
    94. 

  94.         )
    95. 

  95.         assert result.status == "200 OK"
    96. 

  96.         token = result.json["token"]
    97. 

  97. 

  98.         # try to add a link to owner's collection
    99. 

  99.         result = self.app.post(
    100. 

  100.             f"/u/{owner.name}/l",
    101. 

  101.             json={
    102. 

  102.                 "url": "http://example.com/",
    103. 

  103.                 "name": "Example Dot Com",
    104. 

  104.                 "description": "Some Description",
    105. 

  105.                 "private": False,
    106. 

  106.                 "tags": ["website"],
    107. 

  107.             },
    108. 

  108.             headers={"Authorization": f"Bearer {token}"},
    109. 

  109.         )
    110. 

  110.         assert result.status == "403 FORBIDDEN"
    111. 

  111. 

  112.     def test_successful_api_delete_link(self):
    113. 

  113.         password = "foo"
    114. 

  114.         u = self.mk_user(password=password)
    115. 

  115.         result = self.app.post("/auth", json={"name": u.name, "password": password})
    116. 

  116.         assert result.status == "200 OK"
    117. 

  117.         token = result.json["token"]
    118. 

  118. 

  119.         sample_url = "http://example.com/"
    120. 

  120.         result = self.app.post(
    121. 

  121.             f"/u/{u.name}/l",
    122. 

  122.             json={
    123. 

  123.                 "url": sample_url,
    124. 

  124.                 "name": "Example Dot Com",
    125. 

  125.                 "description": "Some Description",
    126. 

  126.                 "private": False,
    127. 

  127.                 "tags": ["website"],
    128. 

  128.             },
    129. 

  129.         )
    130. 

  130.         link_id = result.json["id"]
    131. 

  131. 

  132.         # this should be fine
    133. 

  133.         check_link = self.app.get(
    134. 

  134.             f"/u/{u.name}/l/{link_id}",
    135. 

  135.             headers={"Content-Type": "application/json"},
    136. 

  136.         )
    137. 

  137.         assert check_link.status == "200 OK"
    138. 

  138.         assert check_link.json["url"] == sample_url
    139. 

  139. 

  140.         # delete the link
    141. 

  141.         delete_link = self.app.delete(
    142. 

  142.             f"/u/{u.name}/l/{link_id}",
    143. 

  143.             headers={"Authorization": f"Bearer {token}"},
    144. 

  144.         )
    145. 

  145.         assert delete_link.status == "200 OK"
    146. 

  146. 

  147.         # make sure it is gone
    148. 

  148.         bad_result = self.app.get(
    149. 

  149.             f"/u/{u.name}/l/{link_id}",
    150. 

  150.             headers={"Content-Type": "application/json"},
    151. 

  151.         )
    152. 

  152.         assert bad_result.status == "404 NOT FOUND"
    153.