[5ec3a0b] | 1 | import os |
---|
| 2 | from datetime import datetime, timedelta, timezone |
---|
| 3 | from shutil import copyfileobj |
---|
| 4 | from unittest.mock import Mock, patch |
---|
| 5 | |
---|
| 6 | import pytest |
---|
| 7 | |
---|
| 8 | from ZODB.blob import Blob |
---|
| 9 | |
---|
| 10 | from pyramid.testing import DummyRequest |
---|
| 11 | from pyramid.httpexceptions import HTTPFound |
---|
| 12 | from pyramid.response import Response |
---|
| 13 | |
---|
| 14 | from webob.multidict import MultiDict |
---|
| 15 | |
---|
| 16 | from ow.models.root import OpenWorkouts |
---|
| 17 | from ow.models.user import User |
---|
| 18 | from ow.models.workout import Workout |
---|
| 19 | from ow.views.renderers import OWFormRenderer |
---|
| 20 | import ow.views.user as user_views |
---|
| 21 | |
---|
| 22 | |
---|
| 23 | class TestUserViews(object): |
---|
| 24 | |
---|
| 25 | @pytest.fixture |
---|
| 26 | def root(self): |
---|
| 27 | root = OpenWorkouts() |
---|
| 28 | root['john'] = User(firstname='John', lastname='Doe', |
---|
| 29 | email='john.doe@example.net') |
---|
| 30 | root['john'].password = 's3cr3t' |
---|
| 31 | workout = Workout( |
---|
| 32 | start=datetime(2015, 6, 28, 12, 55, tzinfo=timezone.utc), |
---|
| 33 | duration=timedelta(minutes=60), |
---|
| 34 | distance=30 |
---|
| 35 | ) |
---|
| 36 | root['john'].add_workout(workout) |
---|
| 37 | return root |
---|
| 38 | |
---|
| 39 | @pytest.fixture |
---|
| 40 | def dummy_request(self, root): |
---|
| 41 | request = DummyRequest() |
---|
| 42 | request.root = root |
---|
| 43 | return request |
---|
| 44 | |
---|
| 45 | @pytest.fixture |
---|
| 46 | def profile_post_request(self, root): |
---|
| 47 | """ |
---|
| 48 | This is a valid POST request to update an user profile. |
---|
| 49 | Form will validate, but nothing will be really updated/changed. |
---|
| 50 | """ |
---|
| 51 | user = root['john'] |
---|
| 52 | request = DummyRequest() |
---|
| 53 | request.root = root |
---|
| 54 | request.method = 'POST' |
---|
| 55 | request.POST = MultiDict({ |
---|
| 56 | 'submit': True, |
---|
| 57 | 'firstname': user.firstname, |
---|
| 58 | 'lastname': user.lastname, |
---|
| 59 | 'email': user.email, |
---|
| 60 | 'bio': user.bio, |
---|
| 61 | 'weight': user.weight, |
---|
| 62 | 'height': user.height, |
---|
| 63 | 'gender': user.gender, |
---|
| 64 | 'birth_date': user.birth_date, |
---|
| 65 | 'picture': user.picture, |
---|
| 66 | }) |
---|
| 67 | return request |
---|
| 68 | |
---|
| 69 | @pytest.fixture |
---|
| 70 | def passwd_post_request(self, root): |
---|
| 71 | """ |
---|
| 72 | This is a valid POST request to change the user password, but |
---|
| 73 | the form will not validate (empty fields) |
---|
| 74 | """ |
---|
| 75 | request = DummyRequest() |
---|
| 76 | request.root = root |
---|
| 77 | request.method = 'POST' |
---|
| 78 | request.POST = MultiDict({ |
---|
| 79 | 'submit': True, |
---|
| 80 | 'old_password': '', |
---|
| 81 | 'password': '', |
---|
| 82 | 'password_confirm': '' |
---|
| 83 | }) |
---|
| 84 | return request |
---|
| 85 | |
---|
| 86 | @pytest.fixture |
---|
| 87 | def signup_post_request(self, root): |
---|
| 88 | """ |
---|
| 89 | This is a valid POST request to signup a new user. |
---|
| 90 | """ |
---|
| 91 | request = DummyRequest() |
---|
| 92 | request.root = root |
---|
| 93 | request.method = 'POST' |
---|
| 94 | request.POST = MultiDict({ |
---|
| 95 | 'submit': True, |
---|
| 96 | 'username': 'JackBlack', |
---|
| 97 | 'email': 'jack.black@example.net', |
---|
| 98 | 'firstname': 'Jack', |
---|
| 99 | 'lastname': 'Black', |
---|
| 100 | 'password': 'j4ck s3cr3t', |
---|
| 101 | 'password_confirm': 'j4ck s3cr3t' |
---|
| 102 | }) |
---|
| 103 | return request |
---|
| 104 | |
---|
| 105 | def test_dashboard_redirect_unauthenticated(self, root): |
---|
| 106 | """ |
---|
| 107 | Anoymous access to the root object, send the user to the login page. |
---|
| 108 | |
---|
| 109 | Instead of reusing the DummyRequest from the request fixture, we do |
---|
| 110 | Mock fully the request here, because we need to use |
---|
| 111 | authenticated_userid, which cannot be easily set in the DummyRequest |
---|
| 112 | """ |
---|
| 113 | request = DummyRequest() |
---|
| 114 | request.root = root |
---|
| 115 | response = user_views.dashboard_redirect(root, request) |
---|
| 116 | assert isinstance(response, HTTPFound) |
---|
| 117 | assert response.location == request.resource_url(root, 'login') |
---|
| 118 | |
---|
| 119 | def test_dashboard_redirect_authenticated(self, root): |
---|
| 120 | """ |
---|
| 121 | Authenticated user accesing the root object, send the user to her |
---|
| 122 | dashboard |
---|
| 123 | |
---|
| 124 | Instead of reusing the DummyRequest from the request fixture, we do |
---|
| 125 | Mock fully the request here, because we need to use |
---|
| 126 | authenticated_userid, which cannot be easily set in the DummyRequest |
---|
| 127 | """ |
---|
| 128 | request = Mock() |
---|
| 129 | request.root = root |
---|
| 130 | request.authenticated_userid = 'john' |
---|
| 131 | request.resource_url.return_value = '/dashboard' |
---|
| 132 | response = user_views.dashboard_redirect(root, request) |
---|
| 133 | assert isinstance(response, HTTPFound) |
---|
| 134 | assert response.location == '/dashboard' |
---|
| 135 | |
---|
| 136 | def test_dashboard(self, dummy_request): |
---|
| 137 | """ |
---|
| 138 | Renders the user dashboard |
---|
| 139 | """ |
---|
| 140 | request = dummy_request |
---|
| 141 | user = request.root['john'] |
---|
| 142 | response = user_views.dashboard(user, request) |
---|
| 143 | assert response == {} |
---|
| 144 | |
---|
| 145 | def test_profile(self, dummy_request): |
---|
| 146 | """ |
---|
| 147 | Renders the user profile page |
---|
| 148 | """ |
---|
| 149 | request = dummy_request |
---|
| 150 | user = request.root['john'] |
---|
| 151 | response = user_views.profile(user, request) |
---|
| 152 | assert response == {} |
---|
| 153 | |
---|
| 154 | def test_login_get(self, dummy_request): |
---|
| 155 | """ |
---|
| 156 | GET request to access the login page |
---|
| 157 | """ |
---|
| 158 | request = dummy_request |
---|
| 159 | response = user_views.login(request.root, request) |
---|
| 160 | assert response['message'] == '' |
---|
| 161 | assert response['username'] == '' |
---|
| 162 | assert response['password'] == '' |
---|
| 163 | assert response['redirect_url'] == request.resource_url(request.root) |
---|
| 164 | |
---|
| 165 | def test_login_get_return_to(self, dummy_request): |
---|
| 166 | """ |
---|
| 167 | GET request to access the login page, if there is a page set to where |
---|
| 168 | the user should be sent to, the response "redirect_url" key will have |
---|
| 169 | such url |
---|
| 170 | """ |
---|
| 171 | request = dummy_request |
---|
| 172 | workout = request.root['john'].workouts()[0] |
---|
| 173 | workout_url = request.resource_url(workout) |
---|
| 174 | request.params['return_to'] = workout_url |
---|
| 175 | response = user_views.login(request.root, request) |
---|
| 176 | assert response['redirect_url'] == workout_url |
---|
| 177 | |
---|
| 178 | def test_login_post_bad_username(self, dummy_request): |
---|
| 179 | request = dummy_request |
---|
| 180 | request.method = 'POST' |
---|
| 181 | request.POST['submit'] = True |
---|
| 182 | request.POST['username'] = 'jack' |
---|
| 183 | response = user_views.login(request.root, request) |
---|
| 184 | assert response['message'] == u'Bad username' |
---|
| 185 | |
---|
| 186 | def test_login_post_bad_password(self, dummy_request): |
---|
| 187 | request = dummy_request |
---|
| 188 | request.method = 'POST' |
---|
| 189 | request.POST['submit'] = True |
---|
| 190 | request.POST['username'] = 'john' |
---|
| 191 | request.POST['password'] = 'badpassword' |
---|
| 192 | response = user_views.login(request.root, request) |
---|
| 193 | assert response['message'] == u'Bad password' |
---|
| 194 | |
---|
| 195 | @patch('ow.views.user.remember') |
---|
| 196 | def test_login_post_ok(self, rem, dummy_request): |
---|
| 197 | request = dummy_request |
---|
| 198 | request.method = 'POST' |
---|
| 199 | request.POST['submit'] = True |
---|
| 200 | request.POST['username'] = 'john' |
---|
| 201 | request.POST['password'] = 's3cr3t' |
---|
| 202 | response = user_views.login(request.root, request) |
---|
| 203 | assert isinstance(response, HTTPFound) |
---|
| 204 | assert rem.called |
---|
| 205 | assert response.location == request.resource_url(request.root) |
---|
| 206 | |
---|
| 207 | @patch('ow.views.user.forget') |
---|
| 208 | def test_logout(self, forg, dummy_request): |
---|
| 209 | request = dummy_request |
---|
| 210 | response = user_views.logout(request.root, request) |
---|
| 211 | assert isinstance(response, HTTPFound) |
---|
| 212 | assert forg.called |
---|
| 213 | assert response.location == request.resource_url(request.root) |
---|
| 214 | |
---|
| 215 | extensions = ('png', 'jpg', 'jpeg', 'gif') |
---|
| 216 | |
---|
| 217 | @pytest.mark.parametrize('extension', extensions) |
---|
| 218 | def test_profile_picture(self, extension, dummy_request): |
---|
| 219 | """ |
---|
| 220 | GET request to get the profile picture of an user. |
---|
| 221 | """ |
---|
| 222 | request = dummy_request |
---|
| 223 | # Get the user |
---|
| 224 | user = request.root['john'] |
---|
| 225 | # Get the path to the image, then open it and copy it to a new Blob |
---|
| 226 | # object |
---|
| 227 | path = 'fixtures/image.' + extension |
---|
| 228 | image_path = os.path.join( |
---|
| 229 | os.path.dirname(os.path.dirname(__file__)), path) |
---|
| 230 | blob = Blob() |
---|
| 231 | with open(image_path, 'rb') as infile, blob.open('w') as out: |
---|
| 232 | infile.seek(0) |
---|
| 233 | copyfileobj(infile, out) |
---|
| 234 | |
---|
| 235 | # Set the blob with the picture |
---|
| 236 | user.picture = blob |
---|
| 237 | |
---|
| 238 | # Call the profile_picture view |
---|
| 239 | response = user_views.profile_picture(user, request) |
---|
| 240 | assert isinstance(response, Response) |
---|
| 241 | assert response.status_int == 200 |
---|
| 242 | assert response.content_type == 'image' |
---|
| 243 | |
---|
| 244 | def test_edit_profile_get(self, dummy_request): |
---|
| 245 | """ |
---|
| 246 | GET request to the edit profile page, returns the form ready to |
---|
| 247 | be rendered |
---|
| 248 | """ |
---|
| 249 | request = dummy_request |
---|
| 250 | user = request.root['john'] |
---|
| 251 | response = user_views.edit_profile(user, request) |
---|
| 252 | assert isinstance(response['form'], OWFormRenderer) |
---|
| 253 | # no errors in the form (first load) |
---|
| 254 | assert response['form'].errorlist() == '' |
---|
| 255 | # the form carries along the proper data keys, taken from the |
---|
| 256 | # loaded user profile |
---|
| 257 | data = ['firstname', 'lastname', 'email', 'bio', 'birth_date', |
---|
| 258 | 'height', 'weight', 'gender'] |
---|
| 259 | assert list(response['form'].data.keys()) == data |
---|
| 260 | # and check the email to see data is properly loaded |
---|
| 261 | assert response['form'].data['email'] == 'john.doe@example.net' |
---|
| 262 | |
---|
| 263 | def test_edit_profile_post_ok(self, profile_post_request): |
---|
| 264 | request = profile_post_request |
---|
| 265 | user = request.root['john'] |
---|
| 266 | # Update the bio field |
---|
| 267 | bio = 'Some text about this user' |
---|
| 268 | request.POST['bio'] = bio |
---|
| 269 | response = user_views.edit_profile(user, request) |
---|
| 270 | assert isinstance(response, HTTPFound) |
---|
| 271 | assert response.location == request.resource_url(user, 'profile') |
---|
| 272 | assert user.bio == bio |
---|
| 273 | |
---|
| 274 | def test_edit_profile_post_missing_required(self, profile_post_request): |
---|
| 275 | request = profile_post_request |
---|
| 276 | request.POST['email'] = '' |
---|
| 277 | user = request.root['john'] |
---|
| 278 | response = user_views.edit_profile(user, request) |
---|
| 279 | assert isinstance(response['form'], OWFormRenderer) |
---|
| 280 | # error on the missing email field |
---|
| 281 | error = u'Please enter an email address' |
---|
| 282 | html_error = u'<ul class="error"><li>' + error + '</li></ul>' |
---|
| 283 | assert response['form'].errorlist() == html_error |
---|
| 284 | assert response['form'].errors_for('email') == [error] |
---|
| 285 | |
---|
| 286 | def test_change_password_get(self, dummy_request): |
---|
| 287 | request = dummy_request |
---|
| 288 | user = request.root['john'] |
---|
| 289 | response = user_views.change_password(user, request) |
---|
| 290 | assert isinstance(response['form'], OWFormRenderer) |
---|
| 291 | # no errors in the form (first load) |
---|
| 292 | assert response['form'].errorlist() == '' |
---|
| 293 | |
---|
| 294 | def test_change_password_post_ok(self, passwd_post_request): |
---|
| 295 | request = passwd_post_request |
---|
| 296 | user = request.root['john'] |
---|
| 297 | request.POST['old_password'] = 's3cr3t' |
---|
| 298 | request.POST['password'] = 'h1dd3n s3cr3t' |
---|
| 299 | request.POST['password_confirm'] = 'h1dd3n s3cr3t' |
---|
| 300 | response = user_views.change_password(user, request) |
---|
| 301 | assert isinstance(response, HTTPFound) |
---|
| 302 | assert response.location == request.resource_url(user, 'profile') |
---|
| 303 | # password was changed |
---|
| 304 | assert not user.check_password('s3cr3t') |
---|
| 305 | assert user.check_password('h1dd3n s3cr3t') |
---|
| 306 | |
---|
| 307 | def test_change_password_post_no_values(self, passwd_post_request): |
---|
| 308 | request = passwd_post_request |
---|
| 309 | user = request.root['john'] |
---|
| 310 | response = user_views.change_password(user, request) |
---|
| 311 | assert isinstance(response['form'], OWFormRenderer) |
---|
| 312 | error = u'Please enter a value' |
---|
| 313 | html_error = u'<ul class="error">' |
---|
| 314 | html_error += ('<li>' + error + '</li>') * 3 # 3 fields |
---|
| 315 | html_error += '</ul>' |
---|
| 316 | errorlist = response['form'].errorlist().replace('\n', '') |
---|
| 317 | assert errorlist == html_error |
---|
| 318 | assert response['form'].errors_for('old_password') == [error] |
---|
| 319 | assert response['form'].errors_for('password') == [error] |
---|
| 320 | assert response['form'].errors_for('password_confirm') == [error] |
---|
| 321 | # password was not changed |
---|
| 322 | assert user.check_password('s3cr3t') |
---|
| 323 | |
---|
| 324 | def test_change_password_post_bad_old_password(self, passwd_post_request): |
---|
| 325 | request = passwd_post_request |
---|
| 326 | user = request.root['john'] |
---|
| 327 | request.POST['old_password'] = 'FAIL PASSWORD' |
---|
| 328 | request.POST['password'] = 'h1dd3n s3cr3t' |
---|
| 329 | request.POST['password_confirm'] = 'h1dd3n s3cr3t' |
---|
| 330 | response = user_views.change_password(user, request) |
---|
| 331 | assert isinstance(response['form'], OWFormRenderer) |
---|
| 332 | error = u'The given password does not match the existing one ' |
---|
| 333 | html_error = u'<ul class="error"><li>' + error + '</li></ul>' |
---|
| 334 | assert response['form'].errorlist() == html_error |
---|
| 335 | assert response['form'].errors_for('old_password') == [error] |
---|
| 336 | # password was not changed |
---|
| 337 | assert user.check_password('s3cr3t') |
---|
| 338 | assert not user.check_password('h1dd3n s3cr3t') |
---|
| 339 | |
---|
| 340 | def test_change_password_post_password_mismatch(self, passwd_post_request): |
---|
| 341 | request = passwd_post_request |
---|
| 342 | user = request.root['john'] |
---|
| 343 | request.POST['old_password'] = 's3cr3t' |
---|
| 344 | request.POST['password'] = 'h1dd3n s3cr3ts' |
---|
| 345 | request.POST['password_confirm'] = 'h1dd3n s3cr3t' |
---|
| 346 | response = user_views.change_password(user, request) |
---|
| 347 | assert isinstance(response['form'], OWFormRenderer) |
---|
| 348 | error = u'Fields do not match' |
---|
| 349 | html_error = u'<ul class="error"><li>' + error + '</li></ul>' |
---|
| 350 | assert response['form'].errorlist() == html_error |
---|
| 351 | assert response['form'].errors_for('password_confirm') == [error] |
---|
| 352 | # password was not changed |
---|
| 353 | assert user.check_password('s3cr3t') |
---|
| 354 | assert not user.check_password('h1dd3n s3cr3t') |
---|
| 355 | |
---|
| 356 | def test_signup_get(self, dummy_request): |
---|
| 357 | request = dummy_request |
---|
| 358 | response = user_views.signup(request.root, request) |
---|
| 359 | assert isinstance(response['form'], OWFormRenderer) |
---|
| 360 | # no errors in the form (first load) |
---|
| 361 | assert response['form'].errorlist() == '' |
---|
| 362 | |
---|
| 363 | def test_signup_post_ok(self, signup_post_request): |
---|
| 364 | request = signup_post_request |
---|
| 365 | assert 'JackBlack' not in request.root.all_usernames() |
---|
| 366 | response = user_views.signup(request.root, request) |
---|
| 367 | assert isinstance(response, HTTPFound) |
---|
| 368 | assert response.location == request.resource_url(request.root) |
---|
| 369 | assert 'JackBlack' in request.root.all_usernames() |
---|
| 370 | |
---|
| 371 | def test_signup_missing_required(self, signup_post_request): |
---|
| 372 | request = signup_post_request |
---|
| 373 | request.POST['email'] = '' |
---|
| 374 | assert 'JackBlack' not in request.root.all_usernames() |
---|
| 375 | response = user_views.signup(request.root, request) |
---|
| 376 | assert isinstance(response['form'], OWFormRenderer) |
---|
| 377 | error = u'Please enter an email address' |
---|
| 378 | html_error = '<ul class="error">' |
---|
| 379 | html_error += '<li>' + error + '</li>' |
---|
| 380 | html_error += '</ul>' |
---|
| 381 | errorlist = response['form'].errorlist().replace('\n', '') |
---|
| 382 | assert errorlist == html_error |
---|
| 383 | assert response['form'].errors_for('email') == [error] |
---|
| 384 | assert 'JackBlack' not in request.root.all_usernames() |
---|
| 385 | |
---|
| 386 | def test_signup_existing_username(self, signup_post_request): |
---|
| 387 | request = signup_post_request |
---|
| 388 | request.POST['username'] = 'john' |
---|
| 389 | assert 'JackBlack' not in request.root.all_usernames() |
---|
| 390 | response = user_views.signup(request.root, request) |
---|
| 391 | assert isinstance(response['form'], OWFormRenderer) |
---|
| 392 | error = u'Another user is already registered with the username john' |
---|
| 393 | html_error = '<ul class="error">' |
---|
| 394 | html_error += '<li>' + error + '</li>' |
---|
| 395 | html_error += '</ul>' |
---|
| 396 | errorlist = response['form'].errorlist().replace('\n', '') |
---|
| 397 | assert errorlist == html_error |
---|
| 398 | assert response['form'].errors_for('username') == [error] |
---|
| 399 | assert 'JackBlack' not in request.root.all_usernames() |
---|
| 400 | |
---|
| 401 | def test_signup_existing_email(self, signup_post_request): |
---|
| 402 | request = signup_post_request |
---|
| 403 | request.POST['email'] = 'john.doe@example.net' |
---|
| 404 | assert 'JackBlack' not in request.root.all_usernames() |
---|
| 405 | response = user_views.signup(request.root, request) |
---|
| 406 | assert isinstance(response['form'], OWFormRenderer) |
---|
| 407 | error = u'Another user is already registered with the email ' |
---|
| 408 | error += u'john.doe@example.net' |
---|
| 409 | html_error = '<ul class="error">' |
---|
| 410 | html_error += '<li>' + error + '</li>' |
---|
| 411 | html_error += '</ul>' |
---|
| 412 | errorlist = response['form'].errorlist().replace('\n', '') |
---|
| 413 | assert errorlist == html_error |
---|
| 414 | assert response['form'].errors_for('email') == [error] |
---|
| 415 | assert 'JackBlack' not in request.root.all_usernames() |
---|