diff --git a/requirements-dev.txt b/requirements-dev.txt index fc37628..364d85e 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -1,3 +1,5 @@ pytest bandit -beautifulsoup4 \ No newline at end of file +beautifulsoup4 +mock +pytest-mock \ No newline at end of file diff --git a/src/tests/test_blackbox.py b/src/tests/test_blackbox.py index 9167bc2..21d5f59 100644 --- a/src/tests/test_blackbox.py +++ b/src/tests/test_blackbox.py @@ -2,11 +2,34 @@ import pytest from bs4 import BeautifulSoup +from flask import Response from utils import user_datastore -from models import db +from models import db, Item, Purchase import app +def create_db_setup(): + db.drop_all() + db.create_all() + user_datastore.create_role(name='administrator') + admin_user = user_datastore.create_user(email="admin", password="admin", roles=['administrator']) + other_user = user_datastore.create_user(email="user", password="user") + admin_user.name = 'admin' + other_user.name = 'user' + + item_a = Item(name="a", uploader=admin_user) + item_b = Item(name="b", uploader=admin_user) + item_c = Item(name="c", uploader=other_user) + purchase = Purchase(item=item_a, purchaser=other_user) + + db.session.add(item_a) + db.session.add(item_b) + db.session.add(item_c) + db.session.add(purchase) + + db.session.commit() + + @pytest.fixture def anonymous_client(): app.app.config['TESTING'] = True @@ -24,11 +47,7 @@ def logged_in_client(): with app.app.test_client() as client: with app.app.app_context(): - db.drop_all() - db.create_all() - user = user_datastore.create_user(email="test", password="test") - user.name = 'test' - + create_db_setup() r = client.get('/login') soup = BeautifulSoup(r.data.decode(), 'html.parser') @@ -38,8 +57,8 @@ def logged_in_client(): csrf_token = input_tag['value'] r = client.post('/login', data=dict( - email='test', - password='test', + email='user', + password='user', csrf_token=csrf_token ), follow_redirects=True) @@ -53,11 +72,7 @@ def admin_client(): with app.app.test_client() as client: with app.app.app_context(): - db.drop_all() - db.create_all() - user_datastore.create_role(name='administrator') - user = user_datastore.create_user(email="test", password="test", roles=['administrator']) - user.name = 'test' + create_db_setup() r = client.get('/login') @@ -68,8 +83,8 @@ def admin_client(): csrf_token = input_tag['value'] r = client.post('/login', data=dict( - email='test', - password='test', + email='admin', + password='admin', csrf_token=csrf_token ), follow_redirects=True) @@ -143,6 +158,11 @@ def test_anonymous_have_to_login_protected_pages(anonymous_client): assert 'Log in' == soup.find_all('p')[0].a.string +# +# Some status code based tests +# + + def test_anonymous_get_login_required_redirect(anonymous_client): for path in ['/content/caff/1', '/profile']: r = anonymous_client.get(path) @@ -155,10 +175,44 @@ def test_anonymous_post_login_required_redirect(anonymous_client): assert r.status_code == 302 -def test_logged_in_ok(logged_in_client): +def test_user_profile_ok(logged_in_client): r = logged_in_client.get('/profile') assert r.status_code == 200 +# +# Content stuff +# + +def test_user_content_nonexistent(logged_in_client): + r = logged_in_client.get('/content/caff/4') # nonexistant + assert r.status_code == 404 + + +def test_user_content_uploaded(logged_in_client, mocker): + mocker.patch( + 'views.contentview.ContentView._stream_from_minio', + side_effect=lambda bucket, id, fname: Response(status=200) + ) + + r = logged_in_client.get('/content/caff/3') # existant, uploaded + assert r.status_code == 200 + + +def test_user_content_unpurchased(logged_in_client): + r = logged_in_client.get('/content/caff/2') # existant, unpurchased + assert r.status_code == 403 + + +def test_user_content_purchased(logged_in_client, mocker): + mocker.patch( + 'views.contentview.ContentView._stream_from_minio', + side_effect=lambda bucket, id, fname: Response(status=200) + ) + + r = logged_in_client.get('/content/caff/1') # purchased + assert r.status_code == 200 + + # # Admin pages