From 8458271a5ca1b989e78e28b395ab3c43ed3826e4 Mon Sep 17 00:00:00 2001
From: Stephan Porada <sporada@uni-bielefeld.de>
Date: Tue, 9 Jul 2019 15:41:28 +0200
Subject: [PATCH] Add some tests

---
 tests/test_client.py     | 66 ++++++++++++++++++++++++++++++++++++----
 tests/test_user_model.py | 26 ++++++++++++++--
 2 files changed, 84 insertions(+), 8 deletions(-)

diff --git a/tests/test_client.py b/tests/test_client.py
index f1f07958..584d9691 100644
--- a/tests/test_client.py
+++ b/tests/test_client.py
@@ -23,7 +23,7 @@ class FlaskClientTestCase(unittest.TestCase):
         self.assertEqual(response.status_code, 200)
         self.assertTrue('Stranger' in response.get_data(as_text=True))
 
-    def test_register_and_login(self):
+    def test_register(self):
         # register a new account
         response = self.client.post('/auth/register', data={
             'email': 'john@example.com',
@@ -33,14 +33,68 @@ class FlaskClientTestCase(unittest.TestCase):
         })
         self.assertEqual(response.status_code, 302)
 
+    def test_login(self):
         # login with the new account
         response = self.client.post('/auth/login', data={
             'email': 'john@example.com',
             'password': 'cat'
         }, follow_redirects=True)
         self.assertEqual(response.status_code, 200)
-        self.assertTrue(re.search(r'Hello,\sjohn!',
-                                  response.get_data(as_text=True)))
-        self.assertTrue(
-            'You have not confirmed your account yet' in response.get_data(
-                as_text=True))
+
+    def test_register_false_username(self):
+        # register a new account with wrong username
+        response = self.client.post('/auth/register', data={
+            'email': 'john@example.com',
+            'username': 'john.,*Ä#ä+=?',
+            'password': 'cat',
+            'password2': 'cat'
+        })
+        self.assertEqual(response.status_code, 200)
+        self.assertTrue('Usernames must have only letters, numbers, dots or underscores' in response.get_data(as_text=True))
+
+    def test_register_false_email(self):
+        # register a new account with wrong username
+        response = self.client.post('/auth/register', data={
+            'email': 'john@example',
+            'username': 'john',
+            'password': 'cat',
+            'password2': 'cat'
+        })
+        self.assertEqual(response.status_code, 200)
+        self.assertTrue('Invalid email address.' in response.get_data(as_text=True))
+
+    def test_duplicates(self):
+        # tries to register an account that has already been registered
+        # test duplicate username and duplicate email
+        response = self.client.post('/auth/register', data={
+            'email': 'john@example.com',
+            'username': 'john',
+            'password': 'cat',
+            'password2': 'cat'
+        })
+        self.assertEqual(response.status_code, 302)
+        response = self.client.post('/auth/register', data={
+            'email': 'john@example2.com',
+            'username': 'john',
+            'password': 'cat',
+            'password2': 'cat'
+        })
+        self.assertEqual(response.status_code, 200)
+        self.assertTrue('Username already in use.' in response.get_data(as_text=True))
+        response = self.client.post('/auth/register', data={
+            'email': 'john@example.com',
+            'username': 'johnsmith',
+            'password': 'cat',
+            'password2': 'cat'
+        })
+        self.assertEqual(response.status_code, 200)
+        self.assertTrue('Email already registered.' in response.get_data(as_text=True))
+
+        def test_admin_forbidden(self):
+            response = self.client.post('/auth/login', data={
+                'email': 'john@example.com',
+                'password': 'cat'
+            }, follow_redirects=True)
+            self.assertEqual(response.status_code, 200)
+            response = self.client.get('/admin')
+            self.assertEqual(response.status_code, 403)
diff --git a/tests/test_user_model.py b/tests/test_user_model.py
index b7d08147..adc650bd 100644
--- a/tests/test_user_model.py
+++ b/tests/test_user_model.py
@@ -1,10 +1,22 @@
 import unittest
 import time
-from app.models import User
-from app import db
+from app import create_app, db
+from app.models import User, AnonymousUser, Role, Permission
 
 
 class UserModelTestCase(unittest.TestCase):
+    def setUp(self):
+        self.app = create_app('testing')
+        self.app_context = self.app.app_context()
+        self.app_context.push()
+        db.create_all()
+        Role.insert_roles()
+
+    def tearDown(self):
+        db.session.remove()
+        db.drop_all()
+        self.app_context.pop()
+
     def test_password_setter(self):
         u = User(password='cat')
         self.assertTrue(u.password_hash is not None)
@@ -47,3 +59,13 @@ class UserModelTestCase(unittest.TestCase):
         token = u.generate_confirmation_token(1)
         time.sleep(2)
         self.assertFalse(u.confirm(token))
+
+    def test_user_role(self):
+        u = User(email='john@example.com', password='cat')
+        self.assertTrue(u.can(Permission.CREATE_JOB))
+        self.assertFalse(u.can(Permission.ADMIN))
+
+    def test_anonymous_user(self):
+        u = AnonymousUser()
+        self.assertFalse(u.can(Permission.CREATE_JOB))
+        self.assertFalse(u.can(Permission.ADMIN))