From f42411db1a473c9d303b592868d71456e5497eab Mon Sep 17 00:00:00 2001
From: marcsello <punkosdmarcell@rocketmail.com>
Date: Sun, 29 Nov 2020 21:53:57 +0100
Subject: [PATCH] Added more tests

---
 requirements-dev.txt       |  4 +-
 src/tests/test_blackbox.py | 86 +++++++++++++++++++++++++++++++-------
 2 files changed, 73 insertions(+), 17 deletions(-)

diff --git a/requirements-dev.txt b/requirements-dev.txt
index fc37628..364d85e 100644
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@@ -1,3 +1,5 @@
 pytest
 bandit
-beautifulsoup4
\ No newline at end of file
+beautifulsoup4
+mock
+pytest-mock
\ No newline at end of file
diff --git a/src/tests/test_blackbox.py b/src/tests/test_blackbox.py
index 9167bc2..21d5f59 100644
--- a/src/tests/test_blackbox.py
+++ b/src/tests/test_blackbox.py
@@ -2,11 +2,34 @@ import pytest
 
 from bs4 import BeautifulSoup
 
+from flask import Response
 from utils import user_datastore
-from models import db
+from models import db, Item, Purchase
 import app
 
 
+def create_db_setup():
+    db.drop_all()
+    db.create_all()
+    user_datastore.create_role(name='administrator')
+    admin_user = user_datastore.create_user(email="admin", password="admin", roles=['administrator'])
+    other_user = user_datastore.create_user(email="user", password="user")
+    admin_user.name = 'admin'
+    other_user.name = 'user'
+
+    item_a = Item(name="a", uploader=admin_user)
+    item_b = Item(name="b", uploader=admin_user)
+    item_c = Item(name="c", uploader=other_user)
+    purchase = Purchase(item=item_a, purchaser=other_user)
+
+    db.session.add(item_a)
+    db.session.add(item_b)
+    db.session.add(item_c)
+    db.session.add(purchase)
+
+    db.session.commit()
+
+
 @pytest.fixture
 def anonymous_client():
     app.app.config['TESTING'] = True
@@ -24,11 +47,7 @@ def logged_in_client():
 
     with app.app.test_client() as client:
         with app.app.app_context():
-            db.drop_all()
-            db.create_all()
-            user = user_datastore.create_user(email="test", password="test")
-            user.name = 'test'
-
+            create_db_setup()
             r = client.get('/login')
 
             soup = BeautifulSoup(r.data.decode(), 'html.parser')
@@ -38,8 +57,8 @@ def logged_in_client():
                     csrf_token = input_tag['value']
 
             r = client.post('/login', data=dict(
-                email='test',
-                password='test',
+                email='user',
+                password='user',
                 csrf_token=csrf_token
             ), follow_redirects=True)
 
@@ -53,11 +72,7 @@ def admin_client():
 
     with app.app.test_client() as client:
         with app.app.app_context():
-            db.drop_all()
-            db.create_all()
-            user_datastore.create_role(name='administrator')
-            user = user_datastore.create_user(email="test", password="test", roles=['administrator'])
-            user.name = 'test'
+            create_db_setup()
 
             r = client.get('/login')
 
@@ -68,8 +83,8 @@ def admin_client():
                     csrf_token = input_tag['value']
 
             r = client.post('/login', data=dict(
-                email='test',
-                password='test',
+                email='admin',
+                password='admin',
                 csrf_token=csrf_token
             ), follow_redirects=True)
 
@@ -143,6 +158,11 @@ def test_anonymous_have_to_login_protected_pages(anonymous_client):
     assert 'Log in' == soup.find_all('p')[0].a.string
 
 
+#
+# Some status code based tests
+#
+
+
 def test_anonymous_get_login_required_redirect(anonymous_client):
     for path in ['/content/caff/1', '/profile']:
         r = anonymous_client.get(path)
@@ -155,10 +175,44 @@ def test_anonymous_post_login_required_redirect(anonymous_client):
         assert r.status_code == 302
 
 
-def test_logged_in_ok(logged_in_client):
+def test_user_profile_ok(logged_in_client):
     r = logged_in_client.get('/profile')
     assert r.status_code == 200
 
+#
+# Content stuff
+#
+
+def test_user_content_nonexistent(logged_in_client):
+    r = logged_in_client.get('/content/caff/4')  # nonexistant
+    assert r.status_code == 404
+
+
+def test_user_content_uploaded(logged_in_client, mocker):
+    mocker.patch(
+        'views.contentview.ContentView._stream_from_minio',
+        side_effect=lambda bucket, id, fname: Response(status=200)
+    )
+
+    r = logged_in_client.get('/content/caff/3')  # existant, uploaded
+    assert r.status_code == 200
+
+
+def test_user_content_unpurchased(logged_in_client):
+    r = logged_in_client.get('/content/caff/2')  # existant, unpurchased
+    assert r.status_code == 403
+
+
+def test_user_content_purchased(logged_in_client, mocker):
+    mocker.patch(
+        'views.contentview.ContentView._stream_from_minio',
+        side_effect=lambda bucket, id, fname: Response(status=200)
+    )
+
+    r = logged_in_client.get('/content/caff/1')  # purchased
+    assert r.status_code == 200
+
+
 
 #
 # Admin pages