aboutsummaryrefslogtreecommitdiff
path: root/ihatemoney/tests
diff options
context:
space:
mode:
Diffstat (limited to 'ihatemoney/tests')
-rw-r--r--ihatemoney/tests/api_test.py748
-rw-r--r--ihatemoney/tests/budget_test.py1451
-rw-r--r--ihatemoney/tests/common/help_functions.py5
-rw-r--r--ihatemoney/tests/common/ihatemoney_testcase.py70
-rw-r--r--ihatemoney/tests/history_test.py599
-rw-r--r--ihatemoney/tests/main_test.py265
-rw-r--r--ihatemoney/tests/tests.py3106
7 files changed, 3138 insertions, 3106 deletions
diff --git a/ihatemoney/tests/api_test.py b/ihatemoney/tests/api_test.py
new file mode 100644
index 0000000..41f5ab2
--- /dev/null
+++ b/ihatemoney/tests/api_test.py
@@ -0,0 +1,748 @@
+import base64
+import datetime
+import json
+import unittest
+
+from ihatemoney.tests.common.help_functions import em_surround
+from ihatemoney.tests.common.ihatemoney_testcase import IhatemoneyTestCase
+
+
+class APITestCase(IhatemoneyTestCase):
+
+ """Tests the API"""
+
+ def api_create(self, name, id=None, password=None, contact=None):
+ id = id or name
+ password = password or name
+ contact = contact or f"{name}@notmyidea.org"
+
+ return self.client.post(
+ "/api/projects",
+ data={
+ "name": name,
+ "id": id,
+ "password": password,
+ "contact_email": contact,
+ "default_currency": "USD",
+ },
+ )
+
+ def api_add_member(self, project, name, weight=1):
+ self.client.post(
+ f"/api/projects/{project}/members",
+ data={"name": name, "weight": weight},
+ headers=self.get_auth(project),
+ )
+
+ def get_auth(self, username, password=None):
+ password = password or username
+ base64string = (
+ base64.encodebytes(f"{username}:{password}".encode("utf-8"))
+ .decode("utf-8")
+ .replace("\n", "")
+ )
+ return {"Authorization": f"Basic {base64string}"}
+
+ def test_cors_requests(self):
+ # Create a project and test that CORS headers are present if requested.
+ resp = self.api_create("raclette")
+ self.assertStatus(201, resp)
+
+ # Try to do an OPTIONS requests and see if the headers are correct.
+ resp = self.client.options(
+ "/api/projects/raclette", headers=self.get_auth("raclette")
+ )
+ self.assertEqual(resp.headers["Access-Control-Allow-Origin"], "*")
+
+ def test_basic_auth(self):
+ # create a project
+ resp = self.api_create("raclette")
+ self.assertStatus(201, resp)
+
+ # try to do something on it being unauth should return a 401
+ resp = self.client.get("/api/projects/raclette")
+ self.assertStatus(401, resp)
+
+ # PUT / POST / DELETE / GET on the different resources
+ # should also return a 401
+ for verb in ("post",):
+ for resource in ("/raclette/members", "/raclette/bills"):
+ url = "/api/projects" + resource
+ self.assertStatus(401, getattr(self.client, verb)(url), verb + resource)
+
+ for verb in ("get", "delete", "put"):
+ for resource in ("/raclette", "/raclette/members/1", "/raclette/bills/1"):
+ url = "/api/projects" + resource
+
+ self.assertStatus(401, getattr(self.client, verb)(url), verb + resource)
+
+ def test_project(self):
+ # wrong email should return an error
+ resp = self.client.post(
+ "/api/projects",
+ data={
+ "name": "raclette",
+ "id": "raclette",
+ "password": "raclette",
+ "contact_email": "not-an-email",
+ "default_currency": "USD",
+ },
+ )
+
+ self.assertTrue(400, resp.status_code)
+ self.assertEqual(
+ '{"contact_email": ["Invalid email address."]}\n', resp.data.decode("utf-8")
+ )
+
+ # create it
+ resp = self.api_create("raclette")
+ self.assertTrue(201, resp.status_code)
+
+ # create it twice should return a 400
+ resp = self.api_create("raclette")
+
+ self.assertTrue(400, resp.status_code)
+ self.assertIn("id", json.loads(resp.data.decode("utf-8")))
+
+ # get information about it
+ resp = self.client.get(
+ "/api/projects/raclette", headers=self.get_auth("raclette")
+ )
+
+ self.assertTrue(200, resp.status_code)
+ expected = {
+ "members": [],
+ "name": "raclette",
+ "contact_email": "raclette@notmyidea.org",
+ "default_currency": "USD",
+ "id": "raclette",
+ "logging_preference": 1,
+ }
+ decoded_resp = json.loads(resp.data.decode("utf-8"))
+ self.assertDictEqual(decoded_resp, expected)
+
+ # edit should work
+ resp = self.client.put(
+ "/api/projects/raclette",
+ data={
+ "contact_email": "yeah@notmyidea.org",
+ "default_currency": "USD",
+ "password": "raclette",
+ "name": "The raclette party",
+ "project_history": "y",
+ },
+ headers=self.get_auth("raclette"),
+ )
+
+ self.assertEqual(200, resp.status_code)
+
+ resp = self.client.get(
+ "/api/projects/raclette", headers=self.get_auth("raclette")
+ )
+
+ self.assertEqual(200, resp.status_code)
+ expected = {
+ "name": "The raclette party",
+ "contact_email": "yeah@notmyidea.org",
+ "default_currency": "USD",
+ "members": [],
+ "id": "raclette",
+ "logging_preference": 1,
+ }
+ decoded_resp = json.loads(resp.data.decode("utf-8"))
+ self.assertDictEqual(decoded_resp, expected)
+
+ # password change is possible via API
+ resp = self.client.put(
+ "/api/projects/raclette",
+ data={
+ "contact_email": "yeah@notmyidea.org",
+ "default_currency": "USD",
+ "password": "tartiflette",
+ "name": "The raclette party",
+ },
+ headers=self.get_auth("raclette"),
+ )
+
+ self.assertEqual(200, resp.status_code)
+
+ resp = self.client.get(
+ "/api/projects/raclette", headers=self.get_auth("raclette", "tartiflette")
+ )
+ self.assertEqual(200, resp.status_code)
+
+ # delete should work
+ resp = self.client.delete(
+ "/api/projects/raclette", headers=self.get_auth("raclette", "tartiflette")
+ )
+
+ # get should return a 401 on an unknown resource
+ resp = self.client.get(
+ "/api/projects/raclette", headers=self.get_auth("raclette")
+ )
+ self.assertEqual(401, resp.status_code)
+
+ def test_token_creation(self):
+ """Test that token of project is generated"""
+
+ # Create project
+ resp = self.api_create("raclette")
+ self.assertTrue(201, resp.status_code)
+
+ # Get token
+ resp = self.client.get(
+ "/api/projects/raclette/token", headers=self.get_auth("raclette")
+ )
+
+ self.assertEqual(200, resp.status_code)
+
+ decoded_resp = json.loads(resp.data.decode("utf-8"))
+
+ # Access with token
+ resp = self.client.get(
+ "/api/projects/raclette/token",
+ headers={"Authorization": f"Basic {decoded_resp['token']}"},
+ )
+
+ self.assertEqual(200, resp.status_code)
+
+ def test_token_login(self):
+ resp = self.api_create("raclette")
+ # Get token
+ resp = self.client.get(
+ "/api/projects/raclette/token", headers=self.get_auth("raclette")
+ )
+ decoded_resp = json.loads(resp.data.decode("utf-8"))
+ resp = self.client.get("/authenticate?token={}".format(decoded_resp["token"]))
+ # Test that we are redirected.
+ self.assertEqual(302, resp.status_code)
+
+ def test_member(self):
+ # create a project
+ self.api_create("raclette")
+
+ # get the list of members (should be empty)
+ req = self.client.get(
+ "/api/projects/raclette/members", headers=self.get_auth("raclette")
+ )
+
+ self.assertStatus(200, req)
+ self.assertEqual("[]\n", req.data.decode("utf-8"))
+
+ # add a member
+ req = self.client.post(
+ "/api/projects/raclette/members",
+ data={"name": "Zorglub"},
+ headers=self.get_auth("raclette"),
+ )
+
+ # the id of the new member should be returned
+ self.assertStatus(201, req)
+ self.assertEqual("1\n", req.data.decode("utf-8"))
+
+ # the list of members should contain one member
+ req = self.client.get(
+ "/api/projects/raclette/members", headers=self.get_auth("raclette")
+ )
+
+ self.assertStatus(200, req)
+ self.assertEqual(len(json.loads(req.data.decode("utf-8"))), 1)
+
+ # Try to add another member with the same name.
+ req = self.client.post(
+ "/api/projects/raclette/members",
+ data={"name": "Zorglub"},
+ headers=self.get_auth("raclette"),
+ )
+ self.assertStatus(400, req)
+
+ # edit the member
+ req = self.client.put(
+ "/api/projects/raclette/members/1",
+ data={"name": "Fred", "weight": 2},
+ headers=self.get_auth("raclette"),
+ )
+
+ self.assertStatus(200, req)
+
+ # get should return the new name
+ req = self.client.get(
+ "/api/projects/raclette/members/1", headers=self.get_auth("raclette")
+ )
+
+ self.assertStatus(200, req)
+ self.assertEqual("Fred", json.loads(req.data.decode("utf-8"))["name"])
+ self.assertEqual(2, json.loads(req.data.decode("utf-8"))["weight"])
+
+ # edit this member with same information
+ # (test PUT idemopotence)
+ req = self.client.put(
+ "/api/projects/raclette/members/1",
+ data={"name": "Fred"},
+ headers=self.get_auth("raclette"),
+ )
+
+ self.assertStatus(200, req)
+
+ # de-activate the user
+ req = self.client.put(
+ "/api/projects/raclette/members/1",
+ data={"name": "Fred", "activated": False},
+ headers=self.get_auth("raclette"),
+ )
+ self.assertStatus(200, req)
+
+ req = self.client.get(
+ "/api/projects/raclette/members/1", headers=self.get_auth("raclette")
+ )
+ self.assertStatus(200, req)
+ self.assertEqual(False, json.loads(req.data.decode("utf-8"))["activated"])
+
+ # re-activate the user
+ req = self.client.put(
+ "/api/projects/raclette/members/1",
+ data={"name": "Fred", "activated": True},
+ headers=self.get_auth("raclette"),
+ )
+
+ req = self.client.get(
+ "/api/projects/raclette/members/1", headers=self.get_auth("raclette")
+ )
+ self.assertStatus(200, req)
+ self.assertEqual(True, json.loads(req.data.decode("utf-8"))["activated"])
+
+ # delete a member
+
+ req = self.client.delete(
+ "/api/projects/raclette/members/1", headers=self.get_auth("raclette")
+ )
+
+ self.assertStatus(200, req)
+
+ # the list of members should be empty
+ req = self.client.get(
+ "/api/projects/raclette/members", headers=self.get_auth("raclette")
+ )
+
+ self.assertStatus(200, req)
+ self.assertEqual("[]\n", req.data.decode("utf-8"))
+
+ def test_bills(self):
+ # create a project
+ self.api_create("raclette")
+
+ # add members
+ self.api_add_member("raclette", "zorglub")
+ self.api_add_member("raclette", "fred")
+ self.api_add_member("raclette", "quentin")
+
+ # get the list of bills (should be empty)
+ req = self.client.get(
+ "/api/projects/raclette/bills", headers=self.get_auth("raclette")
+ )
+ self.assertStatus(200, req)
+
+ self.assertEqual("[]\n", req.data.decode("utf-8"))
+
+ # add a bill
+ req = self.client.post(
+ "/api/projects/raclette/bills",
+ data={
+ "date": "2011-08-10",
+ "what": "fromage",
+ "payer": "1",
+ "payed_for": ["1", "2"],
+ "amount": "25",
+ "external_link": "https://raclette.fr",
+ },
+ headers=self.get_auth("raclette"),
+ )
+
+ # should return the id
+ self.assertStatus(201, req)
+ self.assertEqual(req.data.decode("utf-8"), "1\n")
+
+ # get this bill details
+ req = self.client.get(
+ "/api/projects/raclette/bills/1", headers=self.get_auth("raclette")
+ )
+
+ # compare with the added info
+ self.assertStatus(200, req)
+ expected = {
+ "what": "fromage",
+ "payer_id": 1,
+ "owers": [
+ {"activated": True, "id": 1, "name": "zorglub", "weight": 1},
+ {"activated": True, "id": 2, "name": "fred", "weight": 1},
+ ],
+ "amount": 25.0,
+ "date": "2011-08-10",
+ "id": 1,
+ "converted_amount": 25.0,
+ "original_currency": "USD",
+ "external_link": "https://raclette.fr",
+ }
+
+ got = json.loads(req.data.decode("utf-8"))
+ self.assertEqual(
+ datetime.date.today(),
+ datetime.datetime.strptime(got["creation_date"], "%Y-%m-%d").date(),
+ )
+ del got["creation_date"]
+ self.assertDictEqual(expected, got)
+
+ # the list of bills should length 1
+ req = self.client.get(
+ "/api/projects/raclette/bills", headers=self.get_auth("raclette")
+ )
+ self.assertStatus(200, req)
+ self.assertEqual(1, len(json.loads(req.data.decode("utf-8"))))
+
+ # edit with errors should return an error
+ req = self.client.put(
+ "/api/projects/raclette/bills/1",
+ data={
+ "date": "201111111-08-10", # not a date
+ "what": "fromage",
+ "payer": "1",
+ "payed_for": ["1", "2"],
+ "amount": "25",
+ "external_link": "https://raclette.fr",
+ },
+ headers=self.get_auth("raclette"),
+ )
+
+ self.assertStatus(400, req)
+ self.assertEqual(
+ '{"date": ["This field is required."]}\n', req.data.decode("utf-8")
+ )
+
+ # edit a bill
+ req = self.client.put(
+ "/api/projects/raclette/bills/1",
+ data={
+ "date": "2011-09-10",
+ "what": "beer",
+ "payer": "2",
+ "payed_for": ["1", "2"],
+ "amount": "25",
+ "external_link": "https://raclette.fr",
+ },
+ headers=self.get_auth("raclette"),
+ )
+
+ # check its fields
+ req = self.client.get(
+ "/api/projects/raclette/bills/1", headers=self.get_auth("raclette")
+ )
+ creation_date = datetime.datetime.strptime(
+ json.loads(req.data.decode("utf-8"))["creation_date"], "%Y-%m-%d"
+ ).date()
+
+ expected = {
+ "what": "beer",
+ "payer_id": 2,
+ "owers": [
+ {"activated": True, "id": 1, "name": "zorglub", "weight": 1},
+ {"activated": True, "id": 2, "name": "fred", "weight": 1},
+ ],
+ "amount": 25.0,
+ "date": "2011-09-10",
+ "external_link": "https://raclette.fr",
+ "converted_amount": 25.0,
+ "original_currency": "USD",
+ "id": 1,
+ }
+
+ got = json.loads(req.data.decode("utf-8"))
+ self.assertEqual(
+ creation_date,
+ datetime.datetime.strptime(got["creation_date"], "%Y-%m-%d").date(),
+ )
+ del got["creation_date"]
+ self.assertDictEqual(expected, got)
+
+ # delete a bill
+ req = self.client.delete(
+ "/api/projects/raclette/bills/1", headers=self.get_auth("raclette")
+ )
+ self.assertStatus(200, req)
+
+ # getting it should return a 404
+ req = self.client.get(
+ "/api/projects/raclette/bills/1", headers=self.get_auth("raclette")
+ )
+ self.assertStatus(404, req)
+
+ def test_bills_with_calculation(self):
+ # create a project
+ self.api_create("raclette")
+
+ # add members
+ self.api_add_member("raclette", "zorglub")
+ self.api_add_member("raclette", "fred")
+
+ # valid amounts
+ input_expected = [
+ ("((100 + 200.25) * 2 - 100) / 2", 250.25),
+ ("3/2", 1.5),
+ ("2 + 1 * 5 - 2 / 1", 5),
+ ]
+
+ for i, pair in enumerate(input_expected):
+ input_amount, expected_amount = pair
+ id = i + 1
+
+ req = self.client.post(
+ "/api/projects/raclette/bills",
+ data={
+ "date": "2011-08-10",
+ "what": "fromage",
+ "payer": "1",
+ "payed_for": ["1", "2"],
+ "amount": input_amount,
+ },
+ headers=self.get_auth("raclette"),
+ )
+
+ # should return the id
+ self.assertStatus(201, req)
+ self.assertEqual(req.data.decode("utf-8"), "{}\n".format(id))
+
+ # get this bill's details
+ req = self.client.get(
+ "/api/projects/raclette/bills/{}".format(id),
+ headers=self.get_auth("raclette"),
+ )
+
+ # compare with the added info
+ self.assertStatus(200, req)
+ expected = {
+ "what": "fromage",
+ "payer_id": 1,
+ "owers": [
+ {"activated": True, "id": 1, "name": "zorglub", "weight": 1},
+ {"activated": True, "id": 2, "name": "fred", "weight": 1},
+ ],
+ "amount": expected_amount,
+ "date": "2011-08-10",
+ "id": id,
+ "external_link": "",
+ "original_currency": "USD",
+ "converted_amount": expected_amount,
+ }
+
+ got = json.loads(req.data.decode("utf-8"))
+ self.assertEqual(
+ datetime.date.today(),
+ datetime.datetime.strptime(got["creation_date"], "%Y-%m-%d").date(),
+ )
+ del got["creation_date"]
+ self.assertDictEqual(expected, got)
+
+ # should raise errors
+ erroneous_amounts = [
+ "lambda ", # letters
+ "(20 + 2", # invalid expression
+ "20/0", # invalid calc
+ "9999**99999999999999999", # exponents
+ "2" * 201, # greater than 200 chars,
+ ]
+
+ for amount in erroneous_amounts:
+ req = self.client.post(
+ "/api/projects/raclette/bills",
+ data={
+ "date": "2011-08-10",
+ "what": "fromage",
+ "payer": "1",
+ "payed_for": ["1", "2"],
+ "amount": amount,
+ },
+ headers=self.get_auth("raclette"),
+ )
+ self.assertStatus(400, req)
+
+ def test_statistics(self):
+ # create a project
+ self.api_create("raclette")
+
+ # add members
+ self.api_add_member("raclette", "zorglub")
+ self.api_add_member("raclette", "fred")
+
+ # add a bill
+ req = self.client.post(
+ "/api/projects/raclette/bills",
+ data={
+ "date": "2011-08-10",
+ "what": "fromage",
+ "payer": "1",
+ "payed_for": ["1", "2"],
+ "amount": "25",
+ },
+ headers=self.get_auth("raclette"),
+ )
+
+ # get the list of bills (should be empty)
+ req = self.client.get(
+ "/api/projects/raclette/statistics", headers=self.get_auth("raclette")
+ )
+ self.assertStatus(200, req)
+ self.assertEqual(
+ [
+ {
+ "balance": 12.5,
+ "member": {
+ "activated": True,
+ "id": 1,
+ "name": "zorglub",
+ "weight": 1.0,
+ },
+ "paid": 25.0,
+ "spent": 12.5,
+ },
+ {
+ "balance": -12.5,
+ "member": {
+ "activated": True,
+ "id": 2,
+ "name": "fred",
+ "weight": 1.0,
+ },
+ "paid": 0,
+ "spent": 12.5,
+ },
+ ],
+ json.loads(req.data.decode("utf-8")),
+ )
+
+ def test_username_xss(self):
+ # create a project
+ # self.api_create("raclette")
+ self.post_project("raclette")
+ self.login("raclette")
+
+ # add members
+ self.api_add_member("raclette", "<script>")
+
+ result = self.client.get("/raclette/")
+ self.assertNotIn("<script>", result.data.decode("utf-8"))
+
+ def test_weighted_bills(self):
+ # create a project
+ self.api_create("raclette")
+
+ # add members
+ self.api_add_member("raclette", "zorglub")
+ self.api_add_member("raclette", "freddy familly", 4)
+ self.api_add_member("raclette", "quentin")
+
+ # add a bill
+ req = self.client.post(
+ "/api/projects/raclette/bills",
+ data={
+ "date": "2011-08-10",
+ "what": "fromage",
+ "payer": "1",
+ "payed_for": ["1", "2"],
+ "amount": "25",
+ },
+ headers=self.get_auth("raclette"),
+ )
+
+ # get this bill details
+ req = self.client.get(
+ "/api/projects/raclette/bills/1", headers=self.get_auth("raclette")
+ )
+ creation_date = datetime.datetime.strptime(
+ json.loads(req.data.decode("utf-8"))["creation_date"], "%Y-%m-%d"
+ ).date()
+
+ # compare with the added info
+ self.assertStatus(200, req)
+ expected = {
+ "what": "fromage",
+ "payer_id": 1,
+ "owers": [
+ {"activated": True, "id": 1, "name": "zorglub", "weight": 1},
+ {"activated": True, "id": 2, "name": "freddy familly", "weight": 4},
+ ],
+ "amount": 25.0,
+ "date": "2011-08-10",
+ "id": 1,
+ "external_link": "",
+ "converted_amount": 25.0,
+ "original_currency": "USD",
+ }
+ got = json.loads(req.data.decode("utf-8"))
+ self.assertEqual(
+ creation_date,
+ datetime.datetime.strptime(got["creation_date"], "%Y-%m-%d").date(),
+ )
+ del got["creation_date"]
+ self.assertDictEqual(expected, got)
+
+ # getting it should return a 404
+ req = self.client.get(
+ "/api/projects/raclette", headers=self.get_auth("raclette")
+ )
+
+ expected = {
+ "members": [
+ {
+ "activated": True,
+ "id": 1,
+ "name": "zorglub",
+ "weight": 1.0,
+ "balance": 20.0,
+ },
+ {
+ "activated": True,
+ "id": 2,
+ "name": "freddy familly",
+ "weight": 4.0,
+ "balance": -20.0,
+ },
+ {
+ "activated": True,
+ "id": 3,
+ "name": "quentin",
+ "weight": 1.0,
+ "balance": 0,
+ },
+ ],
+ "contact_email": "raclette@notmyidea.org",
+ "id": "raclette",
+ "name": "raclette",
+ "logging_preference": 1,
+ "default_currency": "USD",
+ }
+
+ self.assertStatus(200, req)
+ decoded_req = json.loads(req.data.decode("utf-8"))
+ self.assertDictEqual(decoded_req, expected)
+
+ def test_log_created_from_api_call(self):
+ # create a project
+ self.api_create("raclette")
+ self.login("raclette")
+
+ # add members
+ self.api_add_member("raclette", "zorglub")
+
+ resp = self.client.get("/raclette/history", follow_redirects=True)
+ self.assertEqual(resp.status_code, 200)
+ self.assertIn(
+ f"Participant {em_surround('zorglub')} added", resp.data.decode("utf-8")
+ )
+ self.assertIn(
+ f"Project {em_surround('raclette')} added", resp.data.decode("utf-8")
+ )
+ self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 2)
+ self.assertNotIn("127.0.0.1", resp.data.decode("utf-8"))
+
+
+if __name__ == "__main__":
+ unittest.main()
diff --git a/ihatemoney/tests/budget_test.py b/ihatemoney/tests/budget_test.py
new file mode 100644
index 0000000..d9da094
--- /dev/null
+++ b/ihatemoney/tests/budget_test.py
@@ -0,0 +1,1451 @@
+from collections import defaultdict
+import io
+import json
+import re
+from time import sleep
+import unittest
+
+from flask import session
+from werkzeug.security import check_password_hash, generate_password_hash
+
+from ihatemoney import models, utils
+from ihatemoney.tests.common.ihatemoney_testcase import IhatemoneyTestCase
+from ihatemoney.versioning import LoggingMode
+
+
+class BudgetTestCase(IhatemoneyTestCase):
+ def test_notifications(self):
+ """Test that the notifications are sent, and that email addresses
+ are checked properly.
+ """
+ # sending a message to one person
+ with self.app.mail.record_messages() as outbox:
+
+ # create a project
+ self.login("raclette")
+
+ self.post_project("raclette")
+ resp = self.client.post(
+ "/raclette/invite",
+ data={"emails": "zorglub@notmyidea.org"},
+ follow_redirects=True,
+ )
+
+ # success notification
+ self.assertIn("Your invitations have been sent", resp.data.decode("utf-8"))
+
+ self.assertEqual(len(outbox), 2)
+ self.assertEqual(outbox[0].recipients, ["raclette@notmyidea.org"])
+ self.assertEqual(outbox[1].recipients, ["zorglub@notmyidea.org"])
+
+ # sending a message to multiple persons
+ with self.app.mail.record_messages() as outbox:
+ self.client.post(
+ "/raclette/invite",
+ data={"emails": "zorglub@notmyidea.org, toto@notmyidea.org"},
+ )
+
+ # only one message is sent to multiple persons
+ self.assertEqual(len(outbox), 1)
+ self.assertEqual(
+ outbox[0].recipients, ["zorglub@notmyidea.org", "toto@notmyidea.org"]
+ )
+
+ # mail address checking
+ with self.app.mail.record_messages() as outbox:
+ response = self.client.post("/raclette/invite", data={"emails": "toto"})
+ self.assertEqual(len(outbox), 0) # no message sent
+ self.assertIn("The email toto is not valid", response.data.decode("utf-8"))
+
+ # mixing good and wrong addresses shouldn't send any messages
+ with self.app.mail.record_messages() as outbox:
+ self.client.post(
+ "/raclette/invite", data={"emails": "zorglub@notmyidea.org, zorglub"}
+ ) # not valid
+
+ # only one message is sent to multiple persons
+ self.assertEqual(len(outbox), 0)
+
+ def test_invite(self):
+ """Test that invitation e-mails are sent properly"""
+ self.login("raclette")
+ self.post_project("raclette")
+ with self.app.mail.record_messages() as outbox:
+ self.client.post("/raclette/invite", data={"emails": "toto@notmyidea.org"})
+ self.assertEqual(len(outbox), 1)
+ url_start = outbox[0].body.find("You can log in using this link: ") + 32
+ url_end = outbox[0].body.find(".\n", url_start)
+ url = outbox[0].body[url_start:url_end]
+ self.client.get("/exit")
+ # Test that we got a valid token
+ resp = self.client.get(url, follow_redirects=True)
+ self.assertIn(
+ 'You probably want to <a href="/raclette/members/add"',
+ resp.data.decode("utf-8"),
+ )
+ # Test empty and invalid tokens
+ self.client.get("/exit")
+ resp = self.client.get("/authenticate")
+ self.assertIn("You either provided a bad token", resp.data.decode("utf-8"))
+ resp = self.client.get("/authenticate?token=token")
+ self.assertIn("You either provided a bad token", resp.data.decode("utf-8"))
+
+ def test_password_reminder(self):
+ # test that it is possible to have an email containing the password of a
+ # project in case people forget it (and it happens!)
+
+ self.create_project("raclette")
+
+ with self.app.mail.record_messages() as outbox:
+ # a nonexisting project should not send an email
+ self.client.post("/password-reminder", data={"id": "unexisting"})
+ self.assertEqual(len(outbox), 0)
+
+ # a mail should be sent when a project exists
+ self.client.post("/password-reminder", data={"id": "raclette"})
+ self.assertEqual(len(outbox), 1)
+ self.assertIn("raclette", outbox[0].body)
+ self.assertIn("raclette@notmyidea.org", outbox[0].recipients)
+
+ def test_password_reset(self):
+ # test that a password can be changed using a link sent by mail
+
+ self.create_project("raclette")
+ # Get password resetting link from mail
+ with self.app.mail.record_messages() as outbox:
+ resp = self.client.post(
+ "/password-reminder", data={"id": "raclette"}, follow_redirects=True
+ )
+ # Check that we are redirected to the right page
+ self.assertIn(
+ "A link to reset your password has been sent to you",
+ resp.data.decode("utf-8"),
+ )
+ # Check that an email was sent
+ self.assertEqual(len(outbox), 1)
+ url_start = outbox[0].body.find("You can reset it here: ") + 23
+ url_end = outbox[0].body.find(".\n", url_start)
+ url = outbox[0].body[url_start:url_end]
+ # Test that we got a valid token
+ resp = self.client.get(url)
+ self.assertIn("Password confirmation</label>", resp.data.decode("utf-8"))
+ # Test that password can be changed
+ self.client.post(
+ url, data={"password": "pass", "password_confirmation": "pass"}
+ )
+ resp = self.login("raclette", password="pass")
+ self.assertIn(
+ "<title>Account manager - raclette</title>", resp.data.decode("utf-8")
+ )
+ # Test empty and null tokens
+ resp = self.client.get("/reset-password")
+ self.assertIn("No token provided", resp.data.decode("utf-8"))
+ resp = self.client.get("/reset-password?token=token")
+ self.assertIn("Invalid token", resp.data.decode("utf-8"))
+
+ def test_project_creation(self):
+ with self.app.test_client() as c:
+
+ with self.app.mail.record_messages() as outbox:
+ # add a valid project
+ resp = c.post(
+ "/create",
+ data={
+ "name": "The fabulous raclette party",
+ "id": "raclette",
+ "password": "party",
+ "contact_email": "raclette@notmyidea.org",
+ "default_currency": "USD",
+ },
+ follow_redirects=True,
+ )
+ # an email is sent to the owner with a reminder of the password
+ self.assertEqual(len(outbox), 1)
+ self.assertEqual(outbox[0].recipients, ["raclette@notmyidea.org"])
+ self.assertIn(
+ "A reminder email has just been sent to you",
+ resp.data.decode("utf-8"),
+ )
+
+ # session is updated
+ self.assertTrue(session["raclette"])
+
+ # project is created
+ self.assertEqual(len(models.Project.query.all()), 1)
+
+ # Add a second project with the same id
+ models.Project.query.get("raclette")
+
+ c.post(
+ "/create",
+ data={
+ "name": "Another raclette party",
+ "id": "raclette", # already used !
+ "password": "party",
+ "contact_email": "raclette@notmyidea.org",
+ "default_currency": "USD",
+ },
+ )
+
+ # no new project added
+ self.assertEqual(len(models.Project.query.all()), 1)
+
+ def test_project_creation_without_public_permissions(self):
+ self.app.config["ALLOW_PUBLIC_PROJECT_CREATION"] = False
+ with self.app.test_client() as c:
+ # add a valid project
+ c.post(
+ "/create",
+ data={
+ "name": "The fabulous raclette party",
+ "id": "raclette",
+ "password": "party",
+ "contact_email": "raclette@notmyidea.org",
+ "default_currency": "USD",
+ },
+ )
+
+ # session is not updated
+ self.assertNotIn("raclette", session)
+
+ # project is not created
+ self.assertEqual(len(models.Project.query.all()), 0)
+
+ def test_project_creation_with_public_permissions(self):
+ self.app.config["ALLOW_PUBLIC_PROJECT_CREATION"] = True
+ with self.app.test_client() as c:
+ # add a valid project
+ c.post(
+ "/create",
+ data={
+ "name": "The fabulous raclette party",
+ "id": "raclette",
+ "password": "party",
+ "contact_email": "raclette@notmyidea.org",
+ "default_currency": "USD",
+ },
+ )
+
+ # session is updated
+ self.assertTrue(session["raclette"])
+
+ # project is created
+ self.assertEqual(len(models.Project.query.all()), 1)
+
+ def test_project_deletion(self):
+
+ with self.app.test_client() as c:
+ c.post(
+ "/create",
+ data={
+ "name": "raclette party",
+ "id": "raclette",
+ "password": "party",
+ "contact_email": "raclette@notmyidea.org",
+ "default_currency": "USD",
+ },
+ )
+
+ # project added
+ self.assertEqual(len(models.Project.query.all()), 1)
+
+ c.get("/raclette/delete")
+
+ # project removed
+ self.assertEqual(len(models.Project.query.all()), 0)
+
+ def test_bill_placeholder(self):
+ self.post_project("raclette")
+ self.login("raclette")
+
+ result = self.client.get("/raclette/")
+
+ # Empty bill list and no members, should now propose to add members first
+ self.assertIn(
+ 'You probably want to <a href="/raclette/members/add"',
+ result.data.decode("utf-8"),
+ )
+
+ result = self.client.post("/raclette/members/add", data={"name": "zorglub"})
+
+ result = self.client.get("/raclette/")
+
+ # Empty bill with member, list should now propose to add bills
+ self.assertIn(
+ 'You probably want to <a href="/raclette/add"', result.data.decode("utf-8")
+ )
+
+ def test_membership(self):
+ self.post_project("raclette")
+ self.login("raclette")
+
+ # adds a member to this project
+ self.client.post("/raclette/members/add", data={"name": "zorglub"})
+ self.assertEqual(len(models.Project.query.get("raclette").members), 1)
+
+ # adds him twice
+ result = self.client.post("/raclette/members/add", data={"name": "zorglub"})
+
+ # should not accept him
+ self.assertEqual(len(models.Project.query.get("raclette").members), 1)
+
+ # add fred
+ self.client.post("/raclette/members/add", data={"name": "fred"})
+ self.assertEqual(len(models.Project.query.get("raclette").members), 2)
+
+ # check fred is present in the bills page
+ result = self.client.get("/raclette/")
+ self.assertIn("fred", result.data.decode("utf-8"))
+
+ # remove fred
+ self.client.post(
+ "/raclette/members/%s/delete"
+ % models.Project.query.get("raclette").members[-1].id
+ )
+
+ # as fred is not bound to any bill, he is removed
+ self.assertEqual(len(models.Project.query.get("raclette").members), 1)
+
+ # add fred again
+ self.client.post("/raclette/members/add", data={"name": "fred"})
+ fred_id = models.Project.query.get("raclette").members[-1].id
+
+ # bound him to a bill
+ result = self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2011-08-10",
+ "what": "fromage à raclette",
+ "payer": fred_id,
+ "payed_for": [fred_id],
+ "amount": "25",
+ },
+ )
+
+ # remove fred
+ self.client.post(f"/raclette/members/{fred_id}/delete")
+
+ # he is still in the database, but is deactivated
+ self.assertEqual(len(models.Project.query.get("raclette").members), 2)
+ self.assertEqual(len(models.Project.query.get("raclette").active_members), 1)
+
+ # as fred is now deactivated, check that he is not listed when adding
+ # a bill or displaying the balance
+ result = self.client.get("/raclette/")
+ self.assertNotIn(
+ (f"/raclette/members/{fred_id}/delete"), result.data.decode("utf-8")
+ )
+
+ result = self.client.get("/raclette/add")
+ self.assertNotIn("fred", result.data.decode("utf-8"))
+
+ # adding him again should reactivate him
+ self.client.post("/raclette/members/add", data={"name": "fred"})
+ self.assertEqual(len(models.Project.query.get("raclette").active_members), 2)
+
+ # adding an user with the same name as another user from a different
+ # project should not cause any troubles
+ self.post_project("randomid")
+ self.login("randomid")
+ self.client.post("/randomid/members/add", data={"name": "fred"})
+ self.assertEqual(len(models.Project.query.get("randomid").active_members), 1)
+
+ def test_person_model(self):
+ self.post_project("raclette")
+ self.login("raclette")
+
+ # adds a member to this project
+ self.client.post("/raclette/members/add", data={"name": "zorglub"})
+ zorglub = models.Project.query.get("raclette").members[-1]
+
+ # should not have any bills
+ self.assertFalse(zorglub.has_bills())
+
+ # bound him to a bill
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2011-08-10",
+ "what": "fromage à raclette",
+ "payer": zorglub.id,
+ "payed_for": [zorglub.id],
+ "amount": "25",
+ },
+ )
+
+ # should have a bill now
+ zorglub = models.Project.query.get("raclette").members[-1]
+ self.assertTrue(zorglub.has_bills())
+
+ def test_member_delete_method(self):
+ self.post_project("raclette")
+ self.login("raclette")
+
+ # adds a member to this project
+ self.client.post("/raclette/members/add", data={"name": "zorglub"})
+
+ # try to remove the member using GET method
+ response = self.client.get("/raclette/members/1/delete")
+ self.assertEqual(response.status_code, 405)
+
+ # delete user using POST method
+ self.client.post("/raclette/members/1/delete")
+ self.assertEqual(len(models.Project.query.get("raclette").active_members), 0)
+ # try to delete an user already deleted
+ self.client.post("/raclette/members/1/delete")
+
+ def test_demo(self):
+ # test that a demo project is created if none is defined
+ self.assertEqual([], models.Project.query.all())
+ self.client.get("/demo")
+ demo = models.Project.query.get("demo")
+ self.assertTrue(demo is not None)
+
+ self.assertEqual(["Amina", "Georg", "Alice"], [m.name for m in demo.members])
+ self.assertEqual(demo.get_bills().count(), 3)
+
+ def test_deactivated_demo(self):
+ self.app.config["ACTIVATE_DEMO_PROJECT"] = False
+
+ # test redirection to the create project form when demo is deactivated
+ resp = self.client.get("/demo")
+ self.assertIn('<a href="/create?project_id=demo">', resp.data.decode("utf-8"))
+
+ def test_authentication(self):
+ # try to authenticate without credentials should redirect
+ # to the authentication page
+ resp = self.client.post("/authenticate")
+ self.assertIn("Authentication", resp.data.decode("utf-8"))
+
+ # raclette that the login / logout process works
+ self.create_project("raclette")
+
+ # try to see the project while not being authenticated should redirect
+ # to the authentication page
+ resp = self.client.get("/raclette", follow_redirects=True)
+ self.assertIn("Authentication", resp.data.decode("utf-8"))
+
+ # try to connect with wrong credentials should not work
+ with self.app.test_client() as c:
+ resp = c.post("/authenticate", data={"id": "raclette", "password": "nope"})
+
+ self.assertIn("Authentication", resp.data.decode("utf-8"))
+ self.assertNotIn("raclette", session)
+
+ # try to connect with the right credentials should work
+ with self.app.test_client() as c:
+ resp = c.post(
+ "/authenticate", data={"id": "raclette", "password": "raclette"}
+ )
+
+ self.assertNotIn("Authentication", resp.data.decode("utf-8"))
+ self.assertIn("raclette", session)
+ self.assertTrue(session["raclette"])
+
+ # logout should wipe the session out
+ c.get("/exit")
+ self.assertNotIn("raclette", session)
+
+ # test that with admin credentials, one can access every project
+ self.app.config["ADMIN_PASSWORD"] = generate_password_hash("pass")
+ with self.app.test_client() as c:
+ resp = c.post("/admin?goto=%2Fraclette", data={"admin_password": "pass"})
+ self.assertNotIn("Authentication", resp.data.decode("utf-8"))
+ self.assertTrue(session["is_admin"])
+
+ def test_admin_authentication(self):
+ self.app.config["ADMIN_PASSWORD"] = generate_password_hash("pass")
+ # Disable public project creation so we have an admin endpoint to test
+ self.app.config["ALLOW_PUBLIC_PROJECT_CREATION"] = False
+
+ # test the redirection to the authentication page when trying to access admin endpoints
+ resp = self.client.get("/create")
+ self.assertIn('<a href="/admin?goto=%2Fcreate">', resp.data.decode("utf-8"))
+
+ # test right password
+ resp = self.client.post(
+ "/admin?goto=%2Fcreate", data={"admin_password": "pass"}
+ )
+ self.assertIn('<a href="/create">/create</a>', resp.data.decode("utf-8"))
+
+ # test wrong password
+ resp = self.client.post(
+ "/admin?goto=%2Fcreate", data={"admin_password": "wrong"}
+ )
+ self.assertNotIn('<a href="/create">/create</a>', resp.data.decode("utf-8"))
+
+ # test empty password
+ resp = self.client.post("/admin?goto=%2Fcreate", data={"admin_password": ""})
+ self.assertNotIn('<a href="/create">/create</a>', resp.data.decode("utf-8"))
+
+ def test_login_throttler(self):
+ self.app.config["ADMIN_PASSWORD"] = generate_password_hash("pass")
+
+ # Activate admin login throttling by authenticating 4 times with a wrong passsword
+ self.client.post("/admin?goto=%2Fcreate", data={"admin_password": "wrong"})
+ self.client.post("/admin?goto=%2Fcreate", data={"admin_password": "wrong"})
+ self.client.post("/admin?goto=%2Fcreate", data={"admin_password": "wrong"})
+ resp = self.client.post(
+ "/admin?goto=%2Fcreate", data={"admin_password": "wrong"}
+ )
+
+ self.assertIn(
+ "Too many failed login attempts, please retry later.",
+ resp.data.decode("utf-8"),
+ )
+ # Change throttling delay
+ import gc
+
+ for obj in gc.get_objects():
+ if isinstance(obj, utils.LoginThrottler):
+ obj._delay = 0.005
+ break
+ # Wait for delay to expire and retry logging in
+ sleep(1)
+ resp = self.client.post(
+ "/admin?goto=%2Fcreate", data={"admin_password": "wrong"}
+ )
+ self.assertNotIn(
+ "Too many failed login attempts, please retry later.",
+ resp.data.decode("utf-8"),
+ )
+
+ def test_manage_bills(self):
+ self.post_project("raclette")
+
+ # add two persons
+ self.client.post("/raclette/members/add", data={"name": "zorglub"})
+ self.client.post("/raclette/members/add", data={"name": "fred"})
+
+ members_ids = [m.id for m in models.Project.query.get("raclette").members]
+
+ # create a bill
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2011-08-10",
+ "what": "fromage à raclette",
+ "payer": members_ids[0],
+ "payed_for": members_ids,
+ "amount": "25",
+ },
+ )
+ models.Project.query.get("raclette")
+ bill = models.Bill.query.one()
+ self.assertEqual(bill.amount, 25)
+
+ # edit the bill
+ self.client.post(
+ f"/raclette/edit/{bill.id}",
+ data={
+ "date": "2011-08-10",
+ "what": "fromage à raclette",
+ "payer": members_ids[0],
+ "payed_for": members_ids,
+ "amount": "10",
+ },
+ )
+
+ bill = models.Bill.query.one()
+ self.assertEqual(bill.amount, 10, "bill edition")
+
+ # delete the bill
+ self.client.get(f"/raclette/delete/{bill.id}")
+ self.assertEqual(0, len(models.Bill.query.all()), "bill deletion")
+
+ # test balance
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2011-08-10",
+ "what": "fromage à raclette",
+ "payer": members_ids[0],
+ "payed_for": members_ids,
+ "amount": "19",
+ },
+ )
+
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2011-08-10",
+ "what": "fromage à raclette",
+ "payer": members_ids[1],
+ "payed_for": members_ids[0],
+ "amount": "20",
+ },
+ )
+
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2011-08-10",
+ "what": "fromage à raclette",
+ "payer": members_ids[1],
+ "payed_for": members_ids,
+ "amount": "17",
+ },
+ )
+
+ balance = models.Project.query.get("raclette").balance
+ self.assertEqual(set(balance.values()), set([19.0, -19.0]))
+
+ # Bill with negative amount
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2011-08-12",
+ "what": "fromage à raclette",
+ "payer": members_ids[0],
+ "payed_for": members_ids,
+ "amount": "-25",
+ },
+ )
+ bill = models.Bill.query.filter(models.Bill.date == "2011-08-12")[0]
+ self.assertEqual(bill.amount, -25)
+
+ # add a bill with a comma
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2011-08-01",
+ "what": "fromage à raclette",
+ "payer": members_ids[0],
+ "payed_for": members_ids,
+ "amount": "25,02",
+ },
+ )
+ bill = models.Bill.query.filter(models.Bill.date == "2011-08-01")[0]
+ self.assertEqual(bill.amount, 25.02)
+
+ def test_weighted_balance(self):
+ self.post_project("raclette")
+
+ # add two persons
+ self.client.post("/raclette/members/add", data={"name": "zorglub"})
+ self.client.post(
+ "/raclette/members/add", data={"name": "freddy familly", "weight": 4}
+ )
+
+ members_ids = [m.id for m in models.Project.query.get("raclette").members]
+
+ # test balance
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2011-08-10",
+ "what": "fromage à raclette",
+ "payer": members_ids[0],
+ "payed_for": members_ids,
+ "amount": "10",
+ },
+ )
+
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2011-08-10",
+ "what": "pommes de terre",
+ "payer": members_ids[1],
+ "payed_for": members_ids,
+ "amount": "10",
+ },
+ )
+
+ balance = models.Project.query.get("raclette").balance
+ self.assertEqual(set(balance.values()), set([6, -6]))
+
+ def test_trimmed_members(self):
+ self.post_project("raclette")
+
+ # Add two times the same person (with a space at the end).
+ self.client.post("/raclette/members/add", data={"name": "zorglub"})
+ self.client.post("/raclette/members/add", data={"name": "zorglub "})
+ members = models.Project.query.get("raclette").members
+
+ self.assertEqual(len(members), 1)
+
+ def test_weighted_members_list(self):
+ self.post_project("raclette")
+
+ # add two persons
+ self.client.post("/raclette/members/add", data={"name": "zorglub"})
+ self.client.post("/raclette/members/add", data={"name": "tata", "weight": 1})
+
+ resp = self.client.get("/raclette/")
+ self.assertIn("extra-info", resp.data.decode("utf-8"))
+
+ self.client.post(
+ "/raclette/members/add", data={"name": "freddy familly", "weight": 4}
+ )
+
+ resp = self.client.get("/raclette/")
+ self.assertNotIn("extra-info", resp.data.decode("utf-8"))
+
+ def test_negative_weight(self):
+ self.post_project("raclette")
+
+ # Add one user and edit it to have a negative share
+ self.client.post("/raclette/members/add", data={"name": "zorglub"})
+ resp = self.client.post(
+ "/raclette/members/1/edit", data={"name": "zorglub", "weight": -1}
+ )
+
+ # An error should be generated, and its weight should still be 1.
+ self.assertIn('<p class="alert alert-danger">', resp.data.decode("utf-8"))
+ self.assertEqual(len(models.Project.query.get("raclette").members), 1)
+ self.assertEqual(models.Project.query.get("raclette").members[0].weight, 1)
+
+ def test_rounding(self):
+ self.post_project("raclette")
+
+ # add members
+ self.client.post("/raclette/members/add", data={"name": "zorglub"})
+ self.client.post("/raclette/members/add", data={"name": "fred"})
+ self.client.post("/raclette/members/add", data={"name": "tata"})
+
+ # create bills
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2011-08-10",
+ "what": "fromage à raclette",
+ "payer": 1,
+ "payed_for": [1, 2, 3],
+ "amount": "24.36",
+ },
+ )
+
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2011-08-10",
+ "what": "red wine",
+ "payer": 2,
+ "payed_for": [1],
+ "amount": "19.12",
+ },
+ )
+
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2011-08-10",
+ "what": "delicatessen",
+ "payer": 1,
+ "payed_for": [1, 2],
+ "amount": "22",
+ },
+ )
+
+ balance = models.Project.query.get("raclette").balance
+ result = {}
+ result[models.Project.query.get("raclette").members[0].id] = 8.12
+ result[models.Project.query.get("raclette").members[1].id] = 0.0
+ result[models.Project.query.get("raclette").members[2].id] = -8.12
+ # Since we're using floating point to store currency, we can have some
+ # rounding issues that prevent test from working.
+ # However, we should obtain the same values as the theoretical ones if we
+ # round to 2 decimals, like in the UI.
+ for key, value in balance.items():
+ self.assertEqual(round(value, 2), result[key])
+
+ def test_edit_project(self):
+ # A project should be editable
+
+ self.post_project("raclette")
+ new_data = {
+ "name": "Super raclette party!",
+ "contact_email": "zorglub@notmyidea.org",
+ "password": "didoudida",
+ "logging_preference": LoggingMode.ENABLED.value,
+ "default_currency": "USD",
+ }
+
+ resp = self.client.post("/raclette/edit", data=new_data, follow_redirects=True)
+ self.assertEqual(resp.status_code, 200)
+ project = models.Project.query.get("raclette")
+
+ self.assertEqual(project.name, new_data["name"])
+ self.assertEqual(project.contact_email, new_data["contact_email"])
+ self.assertEqual(project.default_currency, new_data["default_currency"])
+ self.assertTrue(check_password_hash(project.password, new_data["password"]))
+
+ # Editing a project with a wrong email address should fail
+ new_data["contact_email"] = "wrong_email"
+
+ resp = self.client.post("/raclette/edit", data=new_data, follow_redirects=True)
+ self.assertIn("Invalid email address", resp.data.decode("utf-8"))
+
+ def test_dashboard(self):
+ # test that the dashboard is deactivated by default
+ resp = self.client.post(
+ "/admin?goto=%2Fdashboard",
+ data={"admin_password": "adminpass"},
+ follow_redirects=True,
+ )
+ self.assertIn('<div class="alert alert-danger">', resp.data.decode("utf-8"))
+
+ # test access to the dashboard when it is activated
+ self.app.config["ACTIVATE_ADMIN_DASHBOARD"] = True
+ self.app.config["ADMIN_PASSWORD"] = generate_password_hash("adminpass")
+ resp = self.client.post(
+ "/admin?goto=%2Fdashboard",
+ data={"admin_password": "adminpass"},
+ follow_redirects=True,
+ )
+ self.assertIn(
+ "<thead><tr><th>Project</th><th>Number of members",
+ resp.data.decode("utf-8"),
+ )
+
+ def test_statistics_page(self):
+ self.post_project("raclette")
+ response = self.client.get("/raclette/statistics")
+ self.assertEqual(response.status_code, 200)
+
+ def test_statistics(self):
+ self.post_project("raclette")
+
+ # add members
+ self.client.post("/raclette/members/add", data={"name": "zorglub", "weight": 2})
+ self.client.post("/raclette/members/add", data={"name": "fred"})
+ self.client.post("/raclette/members/add", data={"name": "tata"})
+ # Add a member with a balance=0 :
+ self.client.post("/raclette/members/add", data={"name": "pépé"})
+
+ # create bills
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2011-08-10",
+ "what": "fromage à raclette",
+ "payer": 1,
+ "payed_for": [1, 2, 3],
+ "amount": "10.0",
+ },
+ )
+
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2011-08-10",
+ "what": "red wine",
+ "payer": 2,
+ "payed_for": [1],
+ "amount": "20",
+ },
+ )
+
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2011-08-10",
+ "what": "delicatessen",
+ "payer": 1,
+ "payed_for": [1, 2],
+ "amount": "10",
+ },
+ )
+
+ response = self.client.get("/raclette/statistics")
+ regex = r"<td class=\"d-md-none\">{}</td>\s+<td>{}</td>\s+<td>{}</td>"
+ self.assertRegex(
+ response.data.decode("utf-8"),
+ regex.format("zorglub", r"\$20\.00", r"\$31\.67"),
+ )
+ self.assertRegex(
+ response.data.decode("utf-8"),
+ regex.format("fred", r"\$20\.00", r"\$5\.83"),
+ )
+ self.assertRegex(
+ response.data.decode("utf-8"), regex.format("tata", r"\$0\.00", r"\$2\.50")
+ )
+ self.assertRegex(
+ response.data.decode("utf-8"), regex.format("pépé", r"\$0\.00", r"\$0\.00")
+ )
+
+ # Check that the order of participants in the sidebar table is the
+ # same as in the main table.
+ order = ["fred", "pépé", "tata", "zorglub"]
+ regex1 = r".*".join(
+ r"<td class=\"balance-name\">{}</td>".format(name) for name in order
+ )
+ regex2 = r".*".join(
+ r"<td class=\"d-md-none\">{}</td>".format(name) for name in order
+ )
+ # Build the regexp ourselves to be able to pass the DOTALL flag
+ # (so that ".*" matches newlines)
+ self.assertRegex(response.data.decode("utf-8"), re.compile(regex1, re.DOTALL))
+ self.assertRegex(response.data.decode("utf-8"), re.compile(regex2, re.DOTALL))
+
+ def test_settle_page(self):
+ self.post_project("raclette")
+ response = self.client.get("/raclette/settle_bills")
+ self.assertEqual(response.status_code, 200)
+
+ def test_settle(self):
+ self.post_project("raclette")
+
+ # add members
+ self.client.post("/raclette/members/add", data={"name": "zorglub"})
+ self.client.post("/raclette/members/add", data={"name": "fred"})
+ self.client.post("/raclette/members/add", data={"name": "tata"})
+ # Add a member with a balance=0 :
+ self.client.post("/raclette/members/add", data={"name": "pépé"})
+
+ # create bills
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2011-08-10",
+ "what": "fromage à raclette",
+ "payer": 1,
+ "payed_for": [1, 2, 3],
+ "amount": "10.0",
+ },
+ )
+
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2011-08-10",
+ "what": "red wine",
+ "payer": 2,
+ "payed_for": [1],
+ "amount": "20",
+ },
+ )
+
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2011-08-10",
+ "what": "delicatessen",
+ "payer": 1,
+ "payed_for": [1, 2],
+ "amount": "10",
+ },
+ )
+ project = models.Project.query.get("raclette")
+ transactions = project.get_transactions_to_settle_bill()
+ members = defaultdict(int)
+ # We should have the same values between transactions and project balances
+ for t in transactions:
+ members[t["ower"]] -= t["amount"]
+ members[t["receiver"]] += t["amount"]
+ balance = models.Project.query.get("raclette").balance
+ for m, a in members.items():
+ assert abs(a - balance[m.id]) < 0.01
+ return
+
+ def test_settle_zero(self):
+ self.post_project("raclette")
+
+ # add members
+ self.client.post("/raclette/members/add", data={"name": "zorglub"})
+ self.client.post("/raclette/members/add", data={"name": "fred"})
+ self.client.post("/raclette/members/add", data={"name": "tata"})
+
+ # create bills
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2016-12-31",
+ "what": "fromage à raclette",
+ "payer": 1,
+ "payed_for": [1, 2, 3],
+ "amount": "10.0",
+ },
+ )
+
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2016-12-31",
+ "what": "red wine",
+ "payer": 2,
+ "payed_for": [1, 3],
+ "amount": "20",
+ },
+ )
+
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2017-01-01",
+ "what": "refund",
+ "payer": 3,
+ "payed_for": [2],
+ "amount": "13.33",
+ },
+ )
+ project = models.Project.query.get("raclette")
+ transactions = project.get_transactions_to_settle_bill()
+
+ # There should not be any zero-amount transfer after rounding
+ for t in transactions:
+ rounded_amount = round(t["amount"], 2)
+ self.assertNotEqual(
+ 0.0,
+ rounded_amount,
+ msg=f"{t['amount']} is equal to zero after rounding",
+ )
+
+ def test_export(self):
+ self.post_project("raclette")
+
+ # add members
+ self.client.post("/raclette/members/add", data={"name": "zorglub", "weight": 2})
+ self.client.post("/raclette/members/add", data={"name": "fred"})
+ self.client.post("/raclette/members/add", data={"name": "tata"})
+ self.client.post("/raclette/members/add", data={"name": "pépé"})
+
+ # create bills
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2016-12-31",
+ "what": "fromage à raclette",
+ "payer": 1,
+ "payed_for": [1, 2, 3, 4],
+ "amount": "10.0",
+ "original_currency": "USD",
+ },
+ )
+
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2016-12-31",
+ "what": "red wine",
+ "payer": 2,
+ "payed_for": [1, 3],
+ "amount": "200",
+ "original_currency": "USD",
+ },
+ )
+
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2017-01-01",
+ "what": "refund",
+ "payer": 3,
+ "payed_for": [2],
+ "amount": "13.33",
+ "original_currency": "USD",
+ },
+ )
+
+ # generate json export of bills
+ resp = self.client.get("/raclette/export/bills.json")
+ expected = [
+ {
+ "date": "2017-01-01",
+ "what": "refund",
+ "amount": 13.33,
+ "payer_name": "tata",
+ "payer_weight": 1.0,
+ "owers": ["fred"],
+ },
+ {
+ "date": "2016-12-31",
+ "what": "red wine",
+ "amount": 200.0,
+ "payer_name": "fred",
+ "payer_weight": 1.0,
+ "owers": ["zorglub", "tata"],
+ },
+ {
+ "date": "2016-12-31",
+ "what": "fromage \xe0 raclette",
+ "amount": 10.0,
+ "payer_name": "zorglub",
+ "payer_weight": 2.0,
+ "owers": ["zorglub", "fred", "tata", "p\xe9p\xe9"],
+ },
+ ]
+ self.assertEqual(json.loads(resp.data.decode("utf-8")), expected)
+
+ # generate csv export of bills
+ resp = self.client.get("/raclette/export/bills.csv")
+ expected = [
+ "date,what,amount,payer_name,payer_weight,owers",
+ "2017-01-01,refund,13.33,tata,1.0,fred",
+ '2016-12-31,red wine,200.0,fred,1.0,"zorglub, tata"',
+ '2016-12-31,fromage à raclette,10.0,zorglub,2.0,"zorglub, fred, tata, pépé"',
+ ]
+ received_lines = resp.data.decode("utf-8").split("\n")
+
+ for i, line in enumerate(expected):
+ self.assertEqual(
+ set(line.split(",")), set(received_lines[i].strip("\r").split(","))
+ )
+
+ # generate json export of transactions
+ resp = self.client.get("/raclette/export/transactions.json")
+ expected = [
+ {"amount": 2.00, "receiver": "fred", "ower": "p\xe9p\xe9"},
+ {"amount": 55.34, "receiver": "fred", "ower": "tata"},
+ {"amount": 127.33, "receiver": "fred", "ower": "zorglub"},
+ ]
+
+ self.assertEqual(json.loads(resp.data.decode("utf-8")), expected)
+
+ # generate csv export of transactions
+ resp = self.client.get("/raclette/export/transactions.csv")
+
+ expected = [
+ "amount,receiver,ower",
+ "2.0,fred,pépé",
+ "55.34,fred,tata",
+ "127.33,fred,zorglub",
+ ]
+ received_lines = resp.data.decode("utf-8").split("\n")
+
+ for i, line in enumerate(expected):
+ self.assertEqual(
+ set(line.split(",")), set(received_lines[i].strip("\r").split(","))
+ )
+
+ # wrong export_format should return a 404
+ resp = self.client.get("/raclette/export/transactions.wrong")
+ self.assertEqual(resp.status_code, 404)
+
+ def test_import_new_project(self):
+ # Import JSON in an empty project
+
+ self.post_project("raclette")
+ self.login("raclette")
+
+ project = models.Project.query.get("raclette")
+
+ json_to_import = [
+ {
+ "date": "2017-01-01",
+ "what": "refund",
+ "amount": 13.33,
+ "payer_name": "tata",
+ "payer_weight": 1.0,
+ "owers": ["fred"],
+ },
+ {
+ "date": "2016-12-31",
+ "what": "red wine",
+ "amount": 200.0,
+ "payer_name": "fred",
+ "payer_weight": 1.0,
+ "owers": ["zorglub", "tata"],
+ },
+ {
+ "date": "2016-12-31",
+ "what": "fromage a raclette",
+ "amount": 10.0,
+ "payer_name": "zorglub",
+ "payer_weight": 2.0,
+ "owers": ["zorglub", "fred", "tata", "pepe"],
+ },
+ ]
+
+ from ihatemoney.web import import_project
+
+ file = io.StringIO()
+ json.dump(json_to_import, file)
+ file.seek(0)
+ import_project(file, project)
+
+ bills = project.get_pretty_bills()
+
+ # Check if all bills has been add
+ self.assertEqual(len(bills), len(json_to_import))
+
+ # Check if name of bills are ok
+ b = [e["what"] for e in bills]
+ b.sort()
+ ref = [e["what"] for e in json_to_import]
+ ref.sort()
+
+ self.assertEqual(b, ref)
+
+ # Check if other informations in bill are ok
+ for i in json_to_import:
+ for j in bills:
+ if j["what"] == i["what"]:
+ self.assertEqual(j["payer_name"], i["payer_name"])
+ self.assertEqual(j["amount"], i["amount"])
+ self.assertEqual(j["payer_weight"], i["payer_weight"])
+ self.assertEqual(j["date"], i["date"])
+
+ list_project = [ower for ower in j["owers"]]
+ list_project.sort()
+ list_json = [ower for ower in i["owers"]]
+ list_json.sort()
+
+ self.assertEqual(list_project, list_json)
+
+ def test_import_partial_project(self):
+ # Import a JSON in a project with already existing data
+
+ self.post_project("raclette")
+ self.login("raclette")
+
+ project = models.Project.query.get("raclette")
+
+ self.client.post("/raclette/members/add", data={"name": "zorglub", "weight": 2})
+ self.client.post("/raclette/members/add", data={"name": "fred"})
+ self.client.post("/raclette/members/add", data={"name": "tata"})
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2016-12-31",
+ "what": "red wine",
+ "payer": 2,
+ "payed_for": [1, 3],
+ "amount": "200",
+ },
+ )
+
+ json_to_import = [
+ {
+ "date": "2017-01-01",
+ "what": "refund",
+ "amount": 13.33,
+ "payer_name": "tata",
+ "payer_weight": 1.0,
+ "owers": ["fred"],
+ },
+ { # This expense does not have to be present twice.
+ "date": "2016-12-31",
+ "what": "red wine",
+ "amount": 200.0,
+ "payer_name": "fred",
+ "payer_weight": 1.0,
+ "owers": ["zorglub", "tata"],
+ },
+ {
+ "date": "2016-12-31",
+ "what": "fromage a raclette",
+ "amount": 10.0,
+ "payer_name": "zorglub",
+ "payer_weight": 2.0,
+ "owers": ["zorglub", "fred", "tata", "pepe"],
+ },
+ ]
+
+ from ihatemoney.web import import_project
+
+ file = io.StringIO()
+ json.dump(json_to_import, file)
+ file.seek(0)
+ import_project(file, project)
+
+ bills = project.get_pretty_bills()
+
+ # Check if all bills has been add
+ self.assertEqual(len(bills), len(json_to_import))
+
+ # Check if name of bills are ok
+ b = [e["what"] for e in bills]
+ b.sort()
+ ref = [e["what"] for e in json_to_import]
+ ref.sort()
+
+ self.assertEqual(b, ref)
+
+ # Check if other informations in bill are ok
+ for i in json_to_import:
+ for j in bills:
+ if j["what"] == i["what"]:
+ self.assertEqual(j["payer_name"], i["payer_name"])
+ self.assertEqual(j["amount"], i["amount"])
+ self.assertEqual(j["payer_weight"], i["payer_weight"])
+ self.assertEqual(j["date"], i["date"])
+
+ list_project = [ower for ower in j["owers"]]
+ list_project.sort()
+ list_json = [ower for ower in i["owers"]]
+ list_json.sort()
+
+ self.assertEqual(list_project, list_json)
+
+ def test_import_wrong_json(self):
+ self.post_project("raclette")
+ self.login("raclette")
+
+ project = models.Project.query.get("raclette")
+
+ json_1 = [
+ { # wrong keys
+ "checked": False,
+ "dimensions": {"width": 5, "height": 10},
+ "id": 1,
+ "name": "A green door",
+ "price": 12.5,
+ "tags": ["home", "green"],
+ }
+ ]
+
+ json_2 = [
+ { # amount missing
+ "date": "2017-01-01",
+ "what": "refund",
+ "payer_name": "tata",
+ "payer_weight": 1.0,
+ "owers": ["fred"],
+ }
+ ]
+
+ from ihatemoney.web import import_project
+
+ try:
+ file = io.StringIO()
+ json.dump(json_1, file)
+ file.seek(0)
+ import_project(file, project)
+ except ValueError:
+ self.assertTrue(True)
+ except Exception:
+ self.fail("unexpected exception raised")
+ else:
+ self.fail("ExpectedException not raised")
+
+ try:
+ file = io.StringIO()
+ json.dump(json_2, file)
+ file.seek(0)
+ import_project(file, project)
+ except ValueError:
+ self.assertTrue(True)
+ except Exception:
+ self.fail("unexpected exception raised")
+ else:
+ self.fail("ExpectedException not raised")
+
+ def test_access_other_projects(self):
+ """Test that accessing or editing bills and members from another project fails"""
+ # Create project
+ self.post_project("raclette")
+
+ # Add members
+ self.client.post("/raclette/members/add", data={"name": "zorglub", "weight": 2})
+ self.client.post("/raclette/members/add", data={"name": "fred"})
+ self.client.post("/raclette/members/add", data={"name": "tata"})
+ self.client.post("/raclette/members/add", data={"name": "pépé"})
+
+ # Create bill
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2016-12-31",
+ "what": "fromage à raclette",
+ "payer": 1,
+ "payed_for": [1, 2, 3, 4],
+ "amount": "10.0",
+ },
+ )
+ # Ensure it has been created
+ raclette = models.Project.query.get("raclette")
+ self.assertEqual(raclette.get_bills().count(), 1)
+
+ # Log out
+ self.client.get("/exit")
+
+ # Create and log in as another project
+ self.post_project("tartiflette")
+
+ modified_bill = {
+ "date": "2018-12-31",
+ "what": "roblochon",
+ "payer": 2,
+ "payed_for": [1, 3, 4],
+ "amount": "100.0",
+ }
+ # Try to access bill of another project
+ resp = self.client.get("/raclette/edit/1")
+ self.assertStatus(303, resp)
+ # Try to access bill of another project by ID
+ resp = self.client.get("/tartiflette/edit/1")
+ self.assertStatus(404, resp)
+ # Try to edit bill
+ resp = self.client.post("/raclette/edit/1", data=modified_bill)
+ self.assertStatus(303, resp)
+ # Try to edit bill by ID
+ resp = self.client.post("/tartiflette/edit/1", data=modified_bill)
+ self.assertStatus(404, resp)
+ # Try to delete bill
+ resp = self.client.get("/raclette/delete/1")
+ self.assertStatus(303, resp)
+ # Try to delete bill by ID
+ resp = self.client.get("/tartiflette/delete/1")
+ self.assertStatus(302, resp)
+
+ # Additional check that the bill was indeed not modified or deleted
+ bill = models.Bill.query.filter(models.Bill.id == 1).one()
+ self.assertEqual(bill.what, "fromage à raclette")
+
+ # Use the correct credentials to modify and delete the bill.
+ # This ensures that modifying and deleting the bill can actually work
+
+ self.client.get("/exit")
+ self.client.post(
+ "/authenticate", data={"id": "raclette", "password": "raclette"}
+ )
+ self.client.post("/raclette/edit/1", data=modified_bill)
+ bill = models.Bill.query.filter(models.Bill.id == 1).one_or_none()
+ self.assertNotEqual(bill, None, "bill not found")
+ self.assertEqual(bill.what, "roblochon")
+ self.client.get("/raclette/delete/1")
+ bill = models.Bill.query.filter(models.Bill.id == 1).one_or_none()
+ self.assertEqual(bill, None)
+
+ # Switch back to the second project
+ self.client.get("/exit")
+ self.client.post(
+ "/authenticate", data={"id": "tartiflette", "password": "tartiflette"}
+ )
+ modified_member = {
+ "name": "bulgroz",
+ "weight": 42,
+ }
+ # Try to access member from another project
+ resp = self.client.get("/raclette/members/1/edit")
+ self.assertStatus(303, resp)
+ # Try to access member by ID
+ resp = self.client.get("/tartiflette/members/1/edit")
+ self.assertStatus(404, resp)
+ # Try to edit member
+ resp = self.client.post("/raclette/members/1/edit", data=modified_member)
+ self.assertStatus(303, resp)
+ # Try to edit member by ID
+ resp = self.client.post("/tartiflette/members/1/edit", data=modified_member)
+ self.assertStatus(404, resp)
+ # Try to delete member
+ resp = self.client.post("/raclette/members/1/delete")
+ self.assertStatus(303, resp)
+ # Try to delete member by ID
+ resp = self.client.post("/tartiflette/members/1/delete")
+ self.assertStatus(302, resp)
+
+ # Additional check that the member was indeed not modified or deleted
+ member = models.Person.query.filter(models.Person.id == 1).one_or_none()
+ self.assertNotEqual(member, None, "member not found")
+ self.assertEqual(member.name, "zorglub")
+ self.assertTrue(member.activated)
+
+ # Use the correct credentials to modify and delete the member.
+ # This ensures that modifying and deleting the member can actually work
+ self.client.get("/exit")
+ self.client.post(
+ "/authenticate", data={"id": "raclette", "password": "raclette"}
+ )
+ self.client.post("/raclette/members/1/edit", data=modified_member)
+ member = models.Person.query.filter(models.Person.id == 1).one()
+ self.assertEqual(member.name, "bulgroz")
+ self.client.post("/raclette/members/1/delete")
+ member = models.Person.query.filter(models.Person.id == 1).one_or_none()
+ self.assertEqual(member, None)
+
+
+if __name__ == "__main__":
+ unittest.main()
diff --git a/ihatemoney/tests/common/help_functions.py b/ihatemoney/tests/common/help_functions.py
new file mode 100644
index 0000000..e9c4dcd
--- /dev/null
+++ b/ihatemoney/tests/common/help_functions.py
@@ -0,0 +1,5 @@
+def em_surround(string, regex_escape=False):
+ if regex_escape:
+ return r'<em class="font-italic">%s<\/em>' % string
+ else:
+ return '<em class="font-italic">%s</em>' % string
diff --git a/ihatemoney/tests/common/ihatemoney_testcase.py b/ihatemoney/tests/common/ihatemoney_testcase.py
new file mode 100644
index 0000000..2e59059
--- /dev/null
+++ b/ihatemoney/tests/common/ihatemoney_testcase.py
@@ -0,0 +1,70 @@
+from flask_testing import TestCase
+from werkzeug.security import generate_password_hash
+
+from ihatemoney import models
+from ihatemoney.run import create_app, db
+
+
+class BaseTestCase(TestCase):
+
+ SECRET_KEY = "TEST SESSION"
+
+ def create_app(self):
+ # Pass the test object as a configuration.
+ return create_app(self)
+
+ def setUp(self):
+ db.create_all()
+
+ def tearDown(self):
+ # clean after testing
+ db.session.remove()
+ db.drop_all()
+
+ def login(self, project, password=None, test_client=None):
+ password = password or project
+
+ return self.client.post(
+ "/authenticate",
+ data=dict(id=project, password=password),
+ follow_redirects=True,
+ )
+
+ def post_project(self, name, follow_redirects=True):
+ """Create a fake project"""
+ # create the project
+ return self.client.post(
+ "/create",
+ data={
+ "name": name,
+ "id": name,
+ "password": name,
+ "contact_email": f"{name}@notmyidea.org",
+ "default_currency": "USD",
+ },
+ follow_redirects=follow_redirects,
+ )
+
+ def create_project(self, name):
+ project = models.Project(
+ id=name,
+ name=str(name),
+ password=generate_password_hash(name),
+ contact_email=f"{name}@notmyidea.org",
+ default_currency="USD",
+ )
+ models.db.session.add(project)
+ models.db.session.commit()
+
+
+class IhatemoneyTestCase(BaseTestCase):
+ SQLALCHEMY_DATABASE_URI = "sqlite://"
+ TESTING = True
+ WTF_CSRF_ENABLED = False # Simplifies the tests.
+
+ def assertStatus(self, expected, resp, url=""):
+ return self.assertEqual(
+ expected,
+ resp.status_code,
+ f"{url} expected {expected}, got {resp.status_code}",
+ )
diff --git a/ihatemoney/tests/history_test.py b/ihatemoney/tests/history_test.py
new file mode 100644
index 0000000..3ffdbcc
--- /dev/null
+++ b/ihatemoney/tests/history_test.py
@@ -0,0 +1,599 @@
+import unittest
+
+from ihatemoney import history, models
+from ihatemoney.tests.common.help_functions import em_surround
+from ihatemoney.tests.common.ihatemoney_testcase import IhatemoneyTestCase
+from ihatemoney.versioning import LoggingMode
+
+
+class HistoryTestCase(IhatemoneyTestCase):
+ def setUp(self):
+ super().setUp()
+ self.post_project("demo")
+ self.login("demo")
+
+ def test_simple_create_logentry_no_ip(self):
+ resp = self.client.get("/demo/history")
+ self.assertEqual(resp.status_code, 200)
+ self.assertIn(f"Project {em_surround('demo')} added", resp.data.decode("utf-8"))
+ self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 1)
+ self.assertNotIn("127.0.0.1", resp.data.decode("utf-8"))
+
+ def change_privacy_to(self, logging_preference):
+ # Change only logging_preferences
+ new_data = {
+ "name": "demo",
+ "contact_email": "demo@notmyidea.org",
+ "password": "demo",
+ "default_currency": "USD",
+ }
+
+ if logging_preference != LoggingMode.DISABLED:
+ new_data["project_history"] = "y"
+ if logging_preference == LoggingMode.RECORD_IP:
+ new_data["ip_recording"] = "y"
+
+ # Disable History
+ resp = self.client.post("/demo/edit", data=new_data, follow_redirects=True)
+ self.assertEqual(resp.status_code, 200)
+ self.assertNotIn("danger", resp.data.decode("utf-8"))
+
+ resp = self.client.get("/demo/edit")
+ self.assertEqual(resp.status_code, 200)
+ if logging_preference == LoggingMode.DISABLED:
+ self.assertIn('<input id="project_history"', resp.data.decode("utf-8"))
+ else:
+ self.assertIn(
+ '<input checked id="project_history"', resp.data.decode("utf-8")
+ )
+
+ if logging_preference == LoggingMode.RECORD_IP:
+ self.assertIn('<input checked id="ip_recording"', resp.data.decode("utf-8"))
+ else:
+ self.assertIn('<input id="ip_recording"', resp.data.decode("utf-8"))
+
+ def assert_empty_history_logging_disabled(self):
+ resp = self.client.get("/demo/history")
+ self.assertIn(
+ "This project has history disabled. New actions won't appear below. ",
+ resp.data.decode("utf-8"),
+ )
+ self.assertIn("Nothing to list", resp.data.decode("utf-8"))
+ self.assertNotIn(
+ "The table below reflects actions recorded prior to disabling project history.",
+ resp.data.decode("utf-8"),
+ )
+ self.assertNotIn(
+ "Some entries below contain IP addresses,", resp.data.decode("utf-8")
+ )
+ self.assertNotIn("127.0.0.1", resp.data.decode("utf-8"))
+ self.assertNotIn("<td> -- </td>", resp.data.decode("utf-8"))
+ self.assertNotIn(
+ f"Project {em_surround('demo')} added", resp.data.decode("utf-8")
+ )
+
+ def test_project_edit(self):
+ new_data = {
+ "name": "demo2",
+ "contact_email": "demo2@notmyidea.org",
+ "password": "123456",
+ "project_history": "y",
+ "default_currency": "USD",
+ }
+
+ resp = self.client.post("/demo/edit", data=new_data, follow_redirects=True)
+ self.assertEqual(resp.status_code, 200)
+
+ resp = self.client.get("/demo/history")
+ self.assertEqual(resp.status_code, 200)
+ self.assertIn(f"Project {em_surround('demo')} added", resp.data.decode("utf-8"))
+ self.assertIn(
+ f"Project contact email changed to {em_surround('demo2@notmyidea.org')}",
+ resp.data.decode("utf-8"),
+ )
+ self.assertIn("Project private code changed", resp.data.decode("utf-8"))
+ self.assertIn(
+ f"Project renamed to {em_surround('demo2')}", resp.data.decode("utf-8")
+ )
+ self.assertLess(
+ resp.data.decode("utf-8").index("Project renamed "),
+ resp.data.decode("utf-8").index("Project contact email changed to "),
+ )
+ self.assertLess(
+ resp.data.decode("utf-8").index("Project renamed "),
+ resp.data.decode("utf-8").index("Project private code changed"),
+ )
+ self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 4)
+ self.assertNotIn("127.0.0.1", resp.data.decode("utf-8"))
+
+ def test_project_privacy_edit(self):
+ resp = self.client.get("/demo/edit")
+ self.assertEqual(resp.status_code, 200)
+ self.assertIn(
+ '<input checked id="project_history" name="project_history" type="checkbox" value="y">',
+ resp.data.decode("utf-8"),
+ )
+
+ self.change_privacy_to(LoggingMode.DISABLED)
+
+ resp = self.client.get("/demo/history")
+ self.assertEqual(resp.status_code, 200)
+ self.assertIn("Disabled Project History\n", resp.data.decode("utf-8"))
+ self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 2)
+ self.assertNotIn("127.0.0.1", resp.data.decode("utf-8"))
+
+ self.change_privacy_to(LoggingMode.RECORD_IP)
+
+ resp = self.client.get("/demo/history")
+ self.assertEqual(resp.status_code, 200)
+ self.assertIn(
+ "Enabled Project History & IP Address Recording", resp.data.decode("utf-8")
+ )
+ self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 2)
+ self.assertEqual(resp.data.decode("utf-8").count("127.0.0.1"), 1)
+
+ self.change_privacy_to(LoggingMode.ENABLED)
+
+ resp = self.client.get("/demo/history")
+ self.assertEqual(resp.status_code, 200)
+ self.assertIn("Disabled IP Address Recording\n", resp.data.decode("utf-8"))
+ self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 2)
+ self.assertEqual(resp.data.decode("utf-8").count("127.0.0.1"), 2)
+
+ def test_project_privacy_edit2(self):
+ self.change_privacy_to(LoggingMode.RECORD_IP)
+
+ resp = self.client.get("/demo/history")
+ self.assertEqual(resp.status_code, 200)
+ self.assertIn("Enabled IP Address Recording\n", resp.data.decode("utf-8"))
+ self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 1)
+ self.assertEqual(resp.data.decode("utf-8").count("127.0.0.1"), 1)
+
+ self.change_privacy_to(LoggingMode.DISABLED)
+
+ resp = self.client.get("/demo/history")
+ self.assertEqual(resp.status_code, 200)
+ self.assertIn(
+ "Disabled Project History & IP Address Recording", resp.data.decode("utf-8")
+ )
+ self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 1)
+ self.assertEqual(resp.data.decode("utf-8").count("127.0.0.1"), 2)
+
+ self.change_privacy_to(LoggingMode.ENABLED)
+
+ resp = self.client.get("/demo/history")
+ self.assertEqual(resp.status_code, 200)
+ self.assertIn("Enabled Project History\n", resp.data.decode("utf-8"))
+ self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 2)
+ self.assertEqual(resp.data.decode("utf-8").count("127.0.0.1"), 2)
+
+ def do_misc_database_operations(self, logging_mode):
+ new_data = {
+ "name": "demo2",
+ "contact_email": "demo2@notmyidea.org",
+ "password": "123456",
+ "default_currency": "USD",
+ }
+
+ # Keep privacy settings where they were
+ if logging_mode != LoggingMode.DISABLED:
+ new_data["project_history"] = "y"
+ if logging_mode == LoggingMode.RECORD_IP:
+ new_data["ip_recording"] = "y"
+
+ resp = self.client.post("/demo/edit", data=new_data, follow_redirects=True)
+ self.assertEqual(resp.status_code, 200)
+
+ # adds a member to this project
+ resp = self.client.post(
+ "/demo/members/add", data={"name": "zorglub"}, follow_redirects=True
+ )
+ self.assertEqual(resp.status_code, 200)
+
+ user_id = models.Person.query.one().id
+
+ # create a bill
+ resp = self.client.post(
+ "/demo/add",
+ data={
+ "date": "2011-08-10",
+ "what": "fromage à raclette",
+ "payer": user_id,
+ "payed_for": [user_id],
+ "amount": "25",
+ },
+ follow_redirects=True,
+ )
+ self.assertEqual(resp.status_code, 200)
+
+ bill_id = models.Bill.query.one().id
+
+ # edit the bill
+ resp = self.client.post(
+ f"/demo/edit/{bill_id}",
+ data={
+ "date": "2011-08-10",
+ "what": "fromage à raclette",
+ "payer": user_id,
+ "payed_for": [user_id],
+ "amount": "10",
+ },
+ follow_redirects=True,
+ )
+ self.assertEqual(resp.status_code, 200)
+ # delete the bill
+ resp = self.client.get(f"/demo/delete/{bill_id}", follow_redirects=True)
+ self.assertEqual(resp.status_code, 200)
+
+ # delete user using POST method
+ resp = self.client.post(
+ f"/demo/members/{user_id}/delete", follow_redirects=True
+ )
+ self.assertEqual(resp.status_code, 200)
+
+ def test_disable_clear_no_new_records(self):
+ # Disable logging
+ self.change_privacy_to(LoggingMode.DISABLED)
+
+ resp = self.client.get("/demo/history")
+ self.assertEqual(resp.status_code, 200)
+ self.assertIn(
+ "This project has history disabled. New actions won't appear below. ",
+ resp.data.decode("utf-8"),
+ )
+ self.assertIn(
+ "The table below reflects actions recorded prior to disabling project history.",
+ resp.data.decode("utf-8"),
+ )
+ self.assertNotIn("Nothing to list", resp.data.decode("utf-8"))
+ self.assertNotIn(
+ "Some entries below contain IP addresses,", resp.data.decode("utf-8")
+ )
+
+ # Clear Existing Entries
+ resp = self.client.post("/demo/erase_history", follow_redirects=True)
+ self.assertEqual(resp.status_code, 200)
+ self.assert_empty_history_logging_disabled()
+
+ # Do lots of database operations & check that there's still no history
+ self.do_misc_database_operations(LoggingMode.DISABLED)
+
+ self.assert_empty_history_logging_disabled()
+
+ def test_clear_ip_records(self):
+ # Enable IP Recording
+ self.change_privacy_to(LoggingMode.RECORD_IP)
+
+ # Do lots of database operations to generate IP address entries
+ self.do_misc_database_operations(LoggingMode.RECORD_IP)
+
+ # Disable IP Recording
+ self.change_privacy_to(LoggingMode.ENABLED)
+
+ resp = self.client.get("/demo/history")
+ self.assertEqual(resp.status_code, 200)
+ self.assertNotIn(
+ "This project has history disabled. New actions won't appear below. ",
+ resp.data.decode("utf-8"),
+ )
+ self.assertNotIn(
+ "The table below reflects actions recorded prior to disabling project history.",
+ resp.data.decode("utf-8"),
+ )
+ self.assertNotIn("Nothing to list", resp.data.decode("utf-8"))
+ self.assertIn(
+ "Some entries below contain IP addresses,", resp.data.decode("utf-8")
+ )
+ self.assertEqual(resp.data.decode("utf-8").count("127.0.0.1"), 10)
+ self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 1)
+
+ # Generate more operations to confirm additional IP info isn't recorded
+ self.do_misc_database_operations(LoggingMode.ENABLED)
+
+ resp = self.client.get("/demo/history")
+ self.assertEqual(resp.status_code, 200)
+ self.assertEqual(resp.data.decode("utf-8").count("127.0.0.1"), 10)
+ self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 6)
+
+ # Clear IP Data
+ resp = self.client.post("/demo/strip_ip_addresses", follow_redirects=True)
+ self.assertEqual(resp.status_code, 200)
+ self.assertNotIn(
+ "This project has history disabled. New actions won't appear below. ",
+ resp.data.decode("utf-8"),
+ )
+ self.assertNotIn(
+ "The table below reflects actions recorded prior to disabling project history.",
+ resp.data.decode("utf-8"),
+ )
+ self.assertNotIn("Nothing to list", resp.data.decode("utf-8"))
+ self.assertNotIn(
+ "Some entries below contain IP addresses,", resp.data.decode("utf-8")
+ )
+ self.assertEqual(resp.data.decode("utf-8").count("127.0.0.1"), 0)
+ self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 16)
+
+ def test_logs_for_common_actions(self):
+ # adds a member to this project
+ resp = self.client.post(
+ "/demo/members/add", data={"name": "zorglub"}, follow_redirects=True
+ )
+ self.assertEqual(resp.status_code, 200)
+
+ resp = self.client.get("/demo/history")
+ self.assertEqual(resp.status_code, 200)
+ self.assertIn(
+ f"Participant {em_surround('zorglub')} added", resp.data.decode("utf-8")
+ )
+
+ # create a bill
+ resp = self.client.post(
+ "/demo/add",
+ data={
+ "date": "2011-08-10",
+ "what": "fromage à raclette",
+ "payer": 1,
+ "payed_for": [1],
+ "amount": "25",
+ },
+ follow_redirects=True,
+ )
+ self.assertEqual(resp.status_code, 200)
+
+ resp = self.client.get("/demo/history")
+ self.assertEqual(resp.status_code, 200)
+ self.assertIn(
+ f"Bill {em_surround('fromage à raclette')} added",
+ resp.data.decode("utf-8"),
+ )
+
+ # edit the bill
+ resp = self.client.post(
+ "/demo/edit/1",
+ data={
+ "date": "2011-08-10",
+ "what": "new thing",
+ "payer": 1,
+ "payed_for": [1],
+ "amount": "10",
+ },
+ follow_redirects=True,
+ )
+ self.assertEqual(resp.status_code, 200)
+
+ resp = self.client.get("/demo/history")
+ self.assertEqual(resp.status_code, 200)
+ self.assertIn(
+ f"Bill {em_surround('fromage à raclette')} added",
+ resp.data.decode("utf-8"),
+ )
+ self.assertRegex(
+ resp.data.decode("utf-8"),
+ r"Bill %s:\s* Amount changed\s* from %s\s* to %s"
+ % (
+ em_surround("fromage à raclette", regex_escape=True),
+ em_surround("25.0", regex_escape=True),
+ em_surround("10.0", regex_escape=True),
+ ),
+ )
+ self.assertIn(
+ "Bill %s renamed to %s"
+ % (em_surround("fromage à raclette"), em_surround("new thing")),
+ resp.data.decode("utf-8"),
+ )
+ self.assertLess(
+ resp.data.decode("utf-8").index(
+ f"Bill {em_surround('fromage à raclette')} renamed to"
+ ),
+ resp.data.decode("utf-8").index("Amount changed"),
+ )
+
+ # delete the bill
+ resp = self.client.get("/demo/delete/1", follow_redirects=True)
+ self.assertEqual(resp.status_code, 200)
+
+ resp = self.client.get("/demo/history")
+ self.assertEqual(resp.status_code, 200)
+ self.assertIn(
+ f"Bill {em_surround('new thing')} removed", resp.data.decode("utf-8")
+ )
+
+ # edit user
+ resp = self.client.post(
+ "/demo/members/1/edit",
+ data={"weight": 2, "name": "new name"},
+ follow_redirects=True,
+ )
+ self.assertEqual(resp.status_code, 200)
+
+ resp = self.client.get("/demo/history")
+ self.assertEqual(resp.status_code, 200)
+ self.assertRegex(
+ resp.data.decode("utf-8"),
+ r"Participant %s:\s* Weight changed\s* from %s\s* to %s"
+ % (
+ em_surround("zorglub", regex_escape=True),
+ em_surround("1.0", regex_escape=True),
+ em_surround("2.0", regex_escape=True),
+ ),
+ )
+ self.assertIn(
+ "Participant %s renamed to %s"
+ % (em_surround("zorglub"), em_surround("new name")),
+ resp.data.decode("utf-8"),
+ )
+ self.assertLess(
+ resp.data.decode("utf-8").index(
+ f"Participant {em_surround('zorglub')} renamed"
+ ),
+ resp.data.decode("utf-8").index("Weight changed"),
+ )
+
+ # delete user using POST method
+ resp = self.client.post("/demo/members/1/delete", follow_redirects=True)
+ self.assertEqual(resp.status_code, 200)
+
+ resp = self.client.get("/demo/history")
+ self.assertEqual(resp.status_code, 200)
+ self.assertIn(
+ f"Participant {em_surround('new name')} removed", resp.data.decode("utf-8")
+ )
+
+ def test_double_bill_double_person_edit_second(self):
+
+ # add two members
+ self.client.post("/demo/members/add", data={"name": "User 1"})
+ self.client.post("/demo/members/add", data={"name": "User 2"})
+
+ # add two bills
+ self.client.post(
+ "/demo/add",
+ data={
+ "date": "2020-04-13",
+ "what": "Bill 1",
+ "payer": 1,
+ "payed_for": [1, 2],
+ "amount": "25",
+ },
+ )
+ self.client.post(
+ "/demo/add",
+ data={
+ "date": "2020-04-13",
+ "what": "Bill 2",
+ "payer": 1,
+ "payed_for": [1, 2],
+ "amount": "20",
+ },
+ )
+
+ # Should be 5 history entries at this point
+ resp = self.client.get("/demo/history")
+ self.assertEqual(resp.status_code, 200)
+ self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 5)
+ self.assertNotIn("127.0.0.1", resp.data.decode("utf-8"))
+
+ # Edit ONLY the amount on the first bill
+ self.client.post(
+ "/demo/edit/1",
+ data={
+ "date": "2020-04-13",
+ "what": "Bill 1",
+ "payer": 1,
+ "payed_for": [1, 2],
+ "amount": "88",
+ },
+ )
+
+ resp = self.client.get("/demo/history")
+ self.assertEqual(resp.status_code, 200)
+ self.assertRegex(
+ resp.data.decode("utf-8"),
+ r"Bill {}:\s* Amount changed\s* from {}\s* to {}".format(
+ em_surround("Bill 1", regex_escape=True),
+ em_surround("25.0", regex_escape=True),
+ em_surround("88.0", regex_escape=True),
+ ),
+ )
+
+ self.assertNotRegex(
+ resp.data.decode("utf-8"),
+ r"Removed\s* {}\s* and\s* {}\s* from\s* owers list".format(
+ em_surround("User 1", regex_escape=True),
+ em_surround("User 2", regex_escape=True),
+ ),
+ resp.data.decode("utf-8"),
+ )
+
+ # Should be 6 history entries at this point
+ self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 6)
+ self.assertNotIn("127.0.0.1", resp.data.decode("utf-8"))
+
+ def test_bill_add_remove_add(self):
+ # add two members
+ self.client.post("/demo/members/add", data={"name": "User 1"})
+ self.client.post("/demo/members/add", data={"name": "User 2"})
+
+ # add 1 bill
+ self.client.post(
+ "/demo/add",
+ data={
+ "date": "2020-04-13",
+ "what": "Bill 1",
+ "payer": 1,
+ "payed_for": [1, 2],
+ "amount": "25",
+ },
+ )
+
+ # delete the bill
+ self.client.get("/demo/delete/1", follow_redirects=True)
+
+ resp = self.client.get("/demo/history")
+ self.assertEqual(resp.status_code, 200)
+ self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 5)
+ self.assertNotIn("127.0.0.1", resp.data.decode("utf-8"))
+ self.assertIn(f"Bill {em_surround('Bill 1')} added", resp.data.decode("utf-8"))
+ self.assertIn(
+ f"Bill {em_surround('Bill 1')} removed", resp.data.decode("utf-8")
+ )
+
+ # Add a new bill
+ self.client.post(
+ "/demo/add",
+ data={
+ "date": "2020-04-13",
+ "what": "Bill 2",
+ "payer": 1,
+ "payed_for": [1, 2],
+ "amount": "20",
+ },
+ )
+
+ resp = self.client.get("/demo/history")
+ self.assertEqual(resp.status_code, 200)
+ self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 6)
+ self.assertNotIn("127.0.0.1", resp.data.decode("utf-8"))
+ self.assertIn(f"Bill {em_surround('Bill 1')} added", resp.data.decode("utf-8"))
+ self.assertEqual(
+ resp.data.decode("utf-8").count(f"Bill {em_surround('Bill 1')} added"), 1
+ )
+ self.assertIn(f"Bill {em_surround('Bill 2')} added", resp.data.decode("utf-8"))
+ self.assertIn(
+ f"Bill {em_surround('Bill 1')} removed", resp.data.decode("utf-8")
+ )
+
+ def test_double_bill_double_person_edit_second_no_web(self):
+ u1 = models.Person(project_id="demo", name="User 1")
+ u2 = models.Person(project_id="demo", name="User 1")
+
+ models.db.session.add(u1)
+ models.db.session.add(u2)
+ models.db.session.commit()
+
+ b1 = models.Bill(what="Bill 1", payer_id=u1.id, owers=[u2], amount=10)
+ b2 = models.Bill(what="Bill 2", payer_id=u2.id, owers=[u2], amount=11)
+
+ # This db commit exposes the "spurious owers edit" bug
+ models.db.session.add(b1)
+ models.db.session.commit()
+
+ models.db.session.add(b2)
+ models.db.session.commit()
+
+ history_list = history.get_history(models.Project.query.get("demo"))
+ self.assertEqual(len(history_list), 5)
+
+ # Change just the amount
+ b1.amount = 5
+ models.db.session.commit()
+
+ history_list = history.get_history(models.Project.query.get("demo"))
+ for entry in history_list:
+ if "prop_changed" in entry:
+ self.assertNotIn("owers", entry["prop_changed"])
+ self.assertEqual(len(history_list), 6)
+
+
+if __name__ == "__main__":
+ unittest.main()
diff --git a/ihatemoney/tests/main_test.py b/ihatemoney/tests/main_test.py
new file mode 100644
index 0000000..06dbfac
--- /dev/null
+++ b/ihatemoney/tests/main_test.py
@@ -0,0 +1,265 @@
+import io
+import os
+import smtplib
+import socket
+import unittest
+from unittest.mock import MagicMock, patch
+
+from sqlalchemy import orm
+
+from ihatemoney import models
+from ihatemoney.currency_convertor import CurrencyConverter
+from ihatemoney.manage import DeleteProject, GenerateConfig, GeneratePasswordHash
+from ihatemoney.run import load_configuration
+from ihatemoney.tests.common.ihatemoney_testcase import BaseTestCase, IhatemoneyTestCase
+
+# Unset configuration file env var if previously set
+os.environ.pop("IHATEMONEY_SETTINGS_FILE_PATH", None)
+
+__HERE__ = os.path.dirname(os.path.abspath(__file__))
+
+
+class ConfigurationTestCase(BaseTestCase):
+ def test_default_configuration(self):
+ """Test that default settings are loaded when no other configuration file is specified"""
+ self.assertFalse(self.app.config["DEBUG"])
+ self.assertEqual(
+ self.app.config["SQLALCHEMY_DATABASE_URI"], "sqlite:////tmp/ihatemoney.db"
+ )
+ self.assertFalse(self.app.config["SQLALCHEMY_TRACK_MODIFICATIONS"])
+ self.assertEqual(
+ self.app.config["MAIL_DEFAULT_SENDER"],
+ ("Budget manager", "budget@notmyidea.org"),
+ )
+
+ def test_env_var_configuration_file(self):
+ """Test that settings are loaded from the specified configuration file"""
+ os.environ["IHATEMONEY_SETTINGS_FILE_PATH"] = os.path.join(
+ __HERE__, "ihatemoney_envvar.cfg"
+ )
+ load_configuration(self.app)
+ self.assertEqual(self.app.config["SECRET_KEY"], "lalatra")
+
+ # Test that the specified configuration file is loaded
+ # even if the default configuration file ihatemoney.cfg exists
+ os.environ["IHATEMONEY_SETTINGS_FILE_PATH"] = os.path.join(
+ __HERE__, "ihatemoney_envvar.cfg"
+ )
+ self.app.config.root_path = __HERE__
+ load_configuration(self.app)
+ self.assertEqual(self.app.config["SECRET_KEY"], "lalatra")
+
+ os.environ.pop("IHATEMONEY_SETTINGS_FILE_PATH", None)
+
+ def test_default_configuration_file(self):
+ """Test that settings are loaded from the default configuration file"""
+ self.app.config.root_path = __HERE__
+ load_configuration(self.app)
+ self.assertEqual(self.app.config["SECRET_KEY"], "supersecret")
+
+
+class ServerTestCase(IhatemoneyTestCase):
+ def test_homepage(self):
+ # See https://github.com/spiral-project/ihatemoney/pull/358
+ self.app.config["APPLICATION_ROOT"] = "/"
+ req = self.client.get("/")
+ self.assertStatus(200, req)
+
+ def test_unprefixed(self):
+ self.app.config["APPLICATION_ROOT"] = "/"
+ req = self.client.get("/foo/")
+ self.assertStatus(303, req)
+
+ def test_prefixed(self):
+ self.app.config["APPLICATION_ROOT"] = "/foo"
+ req = self.client.get("/foo/")
+ self.assertStatus(200, req)
+
+
+class CommandTestCase(BaseTestCase):
+ def test_generate_config(self):
+ """Simply checks that all config file generation
+ - raise no exception
+ - produce something non-empty
+ """
+ cmd = GenerateConfig()
+ for config_file in cmd.get_options()[0].kwargs["choices"]:
+ with patch("sys.stdout", new=io.StringIO()) as stdout:
+ cmd.run(config_file)
+ print(stdout.getvalue())
+ self.assertNotEqual(len(stdout.getvalue().strip()), 0)
+
+ def test_generate_password_hash(self):
+ cmd = GeneratePasswordHash()
+ with patch("sys.stdout", new=io.StringIO()) as stdout, patch(
+ "getpass.getpass", new=lambda prompt: "secret"
+ ): # NOQA
+ cmd.run()
+ print(stdout.getvalue())
+ self.assertEqual(len(stdout.getvalue().strip()), 189)
+
+ def test_demo_project_deletion(self):
+ self.create_project("demo")
+ self.assertEquals(models.Project.query.get("demo").name, "demo")
+
+ cmd = DeleteProject()
+ cmd.run("demo")
+
+ self.assertEqual(len(models.Project.query.all()), 0)
+
+
+class ModelsTestCase(IhatemoneyTestCase):
+ def test_bill_pay_each(self):
+
+ self.post_project("raclette")
+
+ # add members
+ self.client.post("/raclette/members/add", data={"name": "zorglub", "weight": 2})
+ self.client.post("/raclette/members/add", data={"name": "fred"})
+ self.client.post("/raclette/members/add", data={"name": "tata"})
+ # Add a member with a balance=0 :
+ self.client.post("/raclette/members/add", data={"name": "pépé"})
+
+ # create bills
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2011-08-10",
+ "what": "fromage à raclette",
+ "payer": 1,
+ "payed_for": [1, 2, 3],
+ "amount": "10.0",
+ },
+ )
+
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2011-08-10",
+ "what": "red wine",
+ "payer": 2,
+ "payed_for": [1],
+ "amount": "20",
+ },
+ )
+
+ self.client.post(
+ "/raclette/add",
+ data={
+ "date": "2011-08-10",
+ "what": "delicatessen",
+ "payer": 1,
+ "payed_for": [1, 2],
+ "amount": "10",
+ },
+ )
+
+ project = models.Project.query.get_by_name(name="raclette")
+ zorglub = models.Person.query.get_by_name(name="zorglub", project=project)
+ zorglub_bills = models.Bill.query.options(
+ orm.subqueryload(models.Bill.owers)
+ ).filter(models.Bill.owers.contains(zorglub))
+ for bill in zorglub_bills.all():
+ if bill.what == "red wine":
+ pay_each_expected = 20 / 2
+ self.assertEqual(bill.pay_each(), pay_each_expected)
+ if bill.what == "fromage à raclette":
+ pay_each_expected = 10 / 4
+ self.assertEqual(bill.pay_each(), pay_each_expected)
+ if bill.what == "delicatessen":
+ pay_each_expected = 10 / 3
+ self.assertEqual(bill.pay_each(), pay_each_expected)
+
+
+class EmailFailureTestCase(IhatemoneyTestCase):
+ def test_creation_email_failure_smtp(self):
+ self.login("raclette")
+ with patch.object(
+ self.app.mail, "send", MagicMock(side_effect=smtplib.SMTPException)
+ ):
+ resp = self.post_project("raclette")
+ # Check that an error message is displayed
+ self.assertIn(
+ "We tried to send you an reminder email, but there was an error",
+ resp.data.decode("utf-8"),
+ )
+ # Check that we were redirected to the home page anyway
+ self.assertIn(
+ 'You probably want to <a href="/raclette/members/add"',
+ resp.data.decode("utf-8"),
+ )
+
+ def test_creation_email_failure_socket(self):
+ self.login("raclette")
+ with patch.object(self.app.mail, "send", MagicMock(side_effect=socket.error)):
+ resp = self.post_project("raclette")
+ # Check that an error message is displayed
+ self.assertIn(
+ "We tried to send you an reminder email, but there was an error",
+ resp.data.decode("utf-8"),
+ )
+ # Check that we were redirected to the home page anyway
+ self.assertIn(
+ 'You probably want to <a href="/raclette/members/add"',
+ resp.data.decode("utf-8"),
+ )
+
+ def test_password_reset_email_failure(self):
+ self.create_project("raclette")
+ for exception in (smtplib.SMTPException, socket.error):
+ with patch.object(self.app.mail, "send", MagicMock(side_effect=exception)):
+ resp = self.client.post(
+ "/password-reminder", data={"id": "raclette"}, follow_redirects=True
+ )
+ # Check that an error message is displayed
+ self.assertIn(
+ "there was an error while sending you an email",
+ resp.data.decode("utf-8"),
+ )
+ # Check that we were not redirected to the success page
+ self.assertNotIn(
+ "A link to reset your password has been sent to you",
+ resp.data.decode("utf-8"),
+ )
+
+ def test_invitation_email_failure(self):
+ self.login("raclette")
+ self.post_project("raclette")
+ for exception in (smtplib.SMTPException, socket.error):
+ with patch.object(self.app.mail, "send", MagicMock(side_effect=exception)):
+ resp = self.client.post(
+ "/raclette/invite",
+ data={"emails": "toto@notmyidea.org"},
+ follow_redirects=True,
+ )
+ # Check that an error message is displayed
+ self.assertIn(
+ "there was an error while trying to send the invitation emails",
+ resp.data.decode("utf-8"),
+ )
+ # Check that we are still on the same page (no redirection)
+ self.assertIn(
+ "Invite people to join this project", resp.data.decode("utf-8")
+ )
+
+
+class TestCurrencyConverter(unittest.TestCase):
+ converter = CurrencyConverter()
+ mock_data = {"USD": 1, "EUR": 0.8115}
+ converter.get_rates = MagicMock(return_value=mock_data)
+
+ def test_only_one_instance(self):
+ one = id(CurrencyConverter())
+ two = id(CurrencyConverter())
+ self.assertEqual(one, two)
+
+ def test_get_currencies(self):
+ self.assertCountEqual(self.converter.get_currencies(), ["USD", "EUR"])
+
+ def test_exchange_currency(self):
+ result = self.converter.exchange_currency(100, "USD", "EUR")
+ self.assertEqual(result, 81.15)
+
+
+if __name__ == "__main__":
+ unittest.main()
diff --git a/ihatemoney/tests/tests.py b/ihatemoney/tests/tests.py
deleted file mode 100644
index 8f7f747..0000000
--- a/ihatemoney/tests/tests.py
+++ /dev/null
@@ -1,3106 +0,0 @@
-import base64
-from collections import defaultdict
-import datetime
-import io
-import json
-import os
-import re
-import smtplib
-import socket
-from time import sleep
-import unittest
-from unittest.mock import MagicMock, patch
-
-from flask import session
-from flask_testing import TestCase
-from sqlalchemy import orm
-from werkzeug.security import check_password_hash, generate_password_hash
-
-from ihatemoney import history, models, utils
-from ihatemoney.currency_convertor import CurrencyConverter
-from ihatemoney.manage import DeleteProject, GenerateConfig, GeneratePasswordHash
-from ihatemoney.run import create_app, db, load_configuration
-from ihatemoney.versioning import LoggingMode
-
-# Unset configuration file env var if previously set
-os.environ.pop("IHATEMONEY_SETTINGS_FILE_PATH", None)
-
-__HERE__ = os.path.dirname(os.path.abspath(__file__))
-
-
-class BaseTestCase(TestCase):
-
- SECRET_KEY = "TEST SESSION"
-
- def create_app(self):
- # Pass the test object as a configuration.
- return create_app(self)
-
- def setUp(self):
- db.create_all()
-
- def tearDown(self):
- # clean after testing
- db.session.remove()
- db.drop_all()
-
- def login(self, project, password=None, test_client=None):
- password = password or project
-
- return self.client.post(
- "/authenticate",
- data=dict(id=project, password=password),
- follow_redirects=True,
- )
-
- def post_project(self, name, follow_redirects=True):
- """Create a fake project"""
- # create the project
- return self.client.post(
- "/create",
- data={
- "name": name,
- "id": name,
- "password": name,
- "contact_email": f"{name}@notmyidea.org",
- "default_currency": "USD",
- },
- follow_redirects=follow_redirects,
- )
-
- def create_project(self, name):
- project = models.Project(
- id=name,
- name=str(name),
- password=generate_password_hash(name),
- contact_email=f"{name}@notmyidea.org",
- default_currency="USD",
- )
- models.db.session.add(project)
- models.db.session.commit()
-
-
-class IhatemoneyTestCase(BaseTestCase):
- SQLALCHEMY_DATABASE_URI = "sqlite://"
- TESTING = True
- WTF_CSRF_ENABLED = False # Simplifies the tests.
-
- def assertStatus(self, expected, resp, url=""):
- return self.assertEqual(
- expected,
- resp.status_code,
- f"{url} expected {expected}, got {resp.status_code}",
- )
-
-
-class ConfigurationTestCase(BaseTestCase):
- def test_default_configuration(self):
- """Test that default settings are loaded when no other configuration file is specified"""
- self.assertFalse(self.app.config["DEBUG"])
- self.assertEqual(
- self.app.config["SQLALCHEMY_DATABASE_URI"], "sqlite:////tmp/ihatemoney.db"
- )
- self.assertFalse(self.app.config["SQLALCHEMY_TRACK_MODIFICATIONS"])
- self.assertEqual(
- self.app.config["MAIL_DEFAULT_SENDER"],
- ("Budget manager", "budget@notmyidea.org"),
- )
-
- def test_env_var_configuration_file(self):
- """Test that settings are loaded from the specified configuration file"""
- os.environ["IHATEMONEY_SETTINGS_FILE_PATH"] = os.path.join(
- __HERE__, "ihatemoney_envvar.cfg"
- )
- load_configuration(self.app)
- self.assertEqual(self.app.config["SECRET_KEY"], "lalatra")
-
- # Test that the specified configuration file is loaded
- # even if the default configuration file ihatemoney.cfg exists
- os.environ["IHATEMONEY_SETTINGS_FILE_PATH"] = os.path.join(
- __HERE__, "ihatemoney_envvar.cfg"
- )
- self.app.config.root_path = __HERE__
- load_configuration(self.app)
- self.assertEqual(self.app.config["SECRET_KEY"], "lalatra")
-
- os.environ.pop("IHATEMONEY_SETTINGS_FILE_PATH", None)
-
- def test_default_configuration_file(self):
- """Test that settings are loaded from the default configuration file"""
- self.app.config.root_path = __HERE__
- load_configuration(self.app)
- self.assertEqual(self.app.config["SECRET_KEY"], "supersecret")
-
-
-class BudgetTestCase(IhatemoneyTestCase):
- def test_notifications(self):
- """Test that the notifications are sent, and that email addresses
- are checked properly.
- """
- # sending a message to one person
- with self.app.mail.record_messages() as outbox:
-
- # create a project
- self.login("raclette")
-
- self.post_project("raclette")
- resp = self.client.post(
- "/raclette/invite",
- data={"emails": "zorglub@notmyidea.org"},
- follow_redirects=True,
- )
-
- # success notification
- self.assertIn("Your invitations have been sent", resp.data.decode("utf-8"))
-
- self.assertEqual(len(outbox), 2)
- self.assertEqual(outbox[0].recipients, ["raclette@notmyidea.org"])
- self.assertEqual(outbox[1].recipients, ["zorglub@notmyidea.org"])
-
- # sending a message to multiple persons
- with self.app.mail.record_messages() as outbox:
- self.client.post(
- "/raclette/invite",
- data={"emails": "zorglub@notmyidea.org, toto@notmyidea.org"},
- )
-
- # only one message is sent to multiple persons
- self.assertEqual(len(outbox), 1)
- self.assertEqual(
- outbox[0].recipients, ["zorglub@notmyidea.org", "toto@notmyidea.org"]
- )
-
- # mail address checking
- with self.app.mail.record_messages() as outbox:
- response = self.client.post("/raclette/invite", data={"emails": "toto"})
- self.assertEqual(len(outbox), 0) # no message sent
- self.assertIn("The email toto is not valid", response.data.decode("utf-8"))
-
- # mixing good and wrong addresses shouldn't send any messages
- with self.app.mail.record_messages() as outbox:
- self.client.post(
- "/raclette/invite", data={"emails": "zorglub@notmyidea.org, zorglub"}
- ) # not valid
-
- # only one message is sent to multiple persons
- self.assertEqual(len(outbox), 0)
-
- def test_invite(self):
- """Test that invitation e-mails are sent properly"""
- self.login("raclette")
- self.post_project("raclette")
- with self.app.mail.record_messages() as outbox:
- self.client.post("/raclette/invite", data={"emails": "toto@notmyidea.org"})
- self.assertEqual(len(outbox), 1)
- url_start = outbox[0].body.find("You can log in using this link: ") + 32
- url_end = outbox[0].body.find(".\n", url_start)
- url = outbox[0].body[url_start:url_end]
- self.client.get("/exit")
- # Test that we got a valid token
- resp = self.client.get(url, follow_redirects=True)
- self.assertIn(
- 'You probably want to <a href="/raclette/members/add"',
- resp.data.decode("utf-8"),
- )
- # Test empty and invalid tokens
- self.client.get("/exit")
- resp = self.client.get("/authenticate")
- self.assertIn("You either provided a bad token", resp.data.decode("utf-8"))
- resp = self.client.get("/authenticate?token=token")
- self.assertIn("You either provided a bad token", resp.data.decode("utf-8"))
-
- def test_password_reminder(self):
- # test that it is possible to have an email containing the password of a
- # project in case people forget it (and it happens!)
-
- self.create_project("raclette")
-
- with self.app.mail.record_messages() as outbox:
- # a nonexisting project should not send an email
- self.client.post("/password-reminder", data={"id": "unexisting"})
- self.assertEqual(len(outbox), 0)
-
- # a mail should be sent when a project exists
- self.client.post("/password-reminder", data={"id": "raclette"})
- self.assertEqual(len(outbox), 1)
- self.assertIn("raclette", outbox[0].body)
- self.assertIn("raclette@notmyidea.org", outbox[0].recipients)
-
- def test_password_reset(self):
- # test that a password can be changed using a link sent by mail
-
- self.create_project("raclette")
- # Get password resetting link from mail
- with self.app.mail.record_messages() as outbox:
- resp = self.client.post(
- "/password-reminder", data={"id": "raclette"}, follow_redirects=True
- )
- # Check that we are redirected to the right page
- self.assertIn(
- "A link to reset your password has been sent to you",
- resp.data.decode("utf-8"),
- )
- # Check that an email was sent
- self.assertEqual(len(outbox), 1)
- url_start = outbox[0].body.find("You can reset it here: ") + 23
- url_end = outbox[0].body.find(".\n", url_start)
- url = outbox[0].body[url_start:url_end]
- # Test that we got a valid token
- resp = self.client.get(url)
- self.assertIn("Password confirmation</label>", resp.data.decode("utf-8"))
- # Test that password can be changed
- self.client.post(
- url, data={"password": "pass", "password_confirmation": "pass"}
- )
- resp = self.login("raclette", password="pass")
- self.assertIn(
- "<title>Account manager - raclette</title>", resp.data.decode("utf-8")
- )
- # Test empty and null tokens
- resp = self.client.get("/reset-password")
- self.assertIn("No token provided", resp.data.decode("utf-8"))
- resp = self.client.get("/reset-password?token=token")
- self.assertIn("Invalid token", resp.data.decode("utf-8"))
-
- def test_project_creation(self):
- with self.app.test_client() as c:
-
- with self.app.mail.record_messages() as outbox:
- # add a valid project
- resp = c.post(
- "/create",
- data={
- "name": "The fabulous raclette party",
- "id": "raclette",
- "password": "party",
- "contact_email": "raclette@notmyidea.org",
- "default_currency": "USD",
- },
- follow_redirects=True,
- )
- # an email is sent to the owner with a reminder of the password
- self.assertEqual(len(outbox), 1)
- self.assertEqual(outbox[0].recipients, ["raclette@notmyidea.org"])
- self.assertIn(
- "A reminder email has just been sent to you",
- resp.data.decode("utf-8"),
- )
-
- # session is updated
- self.assertTrue(session["raclette"])
-
- # project is created
- self.assertEqual(len(models.Project.query.all()), 1)
-
- # Add a second project with the same id
- models.Project.query.get("raclette")
-
- c.post(
- "/create",
- data={
- "name": "Another raclette party",
- "id": "raclette", # already used !
- "password": "party",
- "contact_email": "raclette@notmyidea.org",
- "default_currency": "USD",
- },
- )
-
- # no new project added
- self.assertEqual(len(models.Project.query.all()), 1)
-
- def test_project_creation_without_public_permissions(self):
- self.app.config["ALLOW_PUBLIC_PROJECT_CREATION"] = False
- with self.app.test_client() as c:
- # add a valid project
- c.post(
- "/create",
- data={
- "name": "The fabulous raclette party",
- "id": "raclette",
- "password": "party",
- "contact_email": "raclette@notmyidea.org",
- "default_currency": "USD",
- },
- )
-
- # session is not updated
- self.assertNotIn("raclette", session)
-
- # project is not created
- self.assertEqual(len(models.Project.query.all()), 0)
-
- def test_project_creation_with_public_permissions(self):
- self.app.config["ALLOW_PUBLIC_PROJECT_CREATION"] = True
- with self.app.test_client() as c:
- # add a valid project
- c.post(
- "/create",
- data={
- "name": "The fabulous raclette party",
- "id": "raclette",
- "password": "party",
- "contact_email": "raclette@notmyidea.org",
- "default_currency": "USD",
- },
- )
-
- # session is updated
- self.assertTrue(session["raclette"])
-
- # project is created
- self.assertEqual(len(models.Project.query.all()), 1)
-
- def test_project_deletion(self):
-
- with self.app.test_client() as c:
- c.post(
- "/create",
- data={
- "name": "raclette party",
- "id": "raclette",
- "password": "party",
- "contact_email": "raclette@notmyidea.org",
- "default_currency": "USD",
- },
- )
-
- # project added
- self.assertEqual(len(models.Project.query.all()), 1)
-
- c.get("/raclette/delete")
-
- # project removed
- self.assertEqual(len(models.Project.query.all()), 0)
-
- def test_bill_placeholder(self):
- self.post_project("raclette")
- self.login("raclette")
-
- result = self.client.get("/raclette/")
-
- # Empty bill list and no members, should now propose to add members first
- self.assertIn(
- 'You probably want to <a href="/raclette/members/add"',
- result.data.decode("utf-8"),
- )
-
- result = self.client.post("/raclette/members/add", data={"name": "zorglub"})
-
- result = self.client.get("/raclette/")
-
- # Empty bill with member, list should now propose to add bills
- self.assertIn(
- 'You probably want to <a href="/raclette/add"', result.data.decode("utf-8")
- )
-
- def test_membership(self):
- self.post_project("raclette")
- self.login("raclette")
-
- # adds a member to this project
- self.client.post("/raclette/members/add", data={"name": "zorglub"})
- self.assertEqual(len(models.Project.query.get("raclette").members), 1)
-
- # adds him twice
- result = self.client.post("/raclette/members/add", data={"name": "zorglub"})
-
- # should not accept him
- self.assertEqual(len(models.Project.query.get("raclette").members), 1)
-
- # add fred
- self.client.post("/raclette/members/add", data={"name": "fred"})
- self.assertEqual(len(models.Project.query.get("raclette").members), 2)
-
- # check fred is present in the bills page
- result = self.client.get("/raclette/")
- self.assertIn("fred", result.data.decode("utf-8"))
-
- # remove fred
- self.client.post(
- "/raclette/members/%s/delete"
- % models.Project.query.get("raclette").members[-1].id
- )
-
- # as fred is not bound to any bill, he is removed
- self.assertEqual(len(models.Project.query.get("raclette").members), 1)
-
- # add fred again
- self.client.post("/raclette/members/add", data={"name": "fred"})
- fred_id = models.Project.query.get("raclette").members[-1].id
-
- # bound him to a bill
- result = self.client.post(
- "/raclette/add",
- data={
- "date": "2011-08-10",
- "what": "fromage à raclette",
- "payer": fred_id,
- "payed_for": [fred_id],
- "amount": "25",
- },
- )
-
- # remove fred
- self.client.post(f"/raclette/members/{fred_id}/delete")
-
- # he is still in the database, but is deactivated
- self.assertEqual(len(models.Project.query.get("raclette").members), 2)
- self.assertEqual(len(models.Project.query.get("raclette").active_members), 1)
-
- # as fred is now deactivated, check that he is not listed when adding
- # a bill or displaying the balance
- result = self.client.get("/raclette/")
- self.assertNotIn(
- (f"/raclette/members/{fred_id}/delete"), result.data.decode("utf-8")
- )
-
- result = self.client.get("/raclette/add")
- self.assertNotIn("fred", result.data.decode("utf-8"))
-
- # adding him again should reactivate him
- self.client.post("/raclette/members/add", data={"name": "fred"})
- self.assertEqual(len(models.Project.query.get("raclette").active_members), 2)
-
- # adding an user with the same name as another user from a different
- # project should not cause any troubles
- self.post_project("randomid")
- self.login("randomid")
- self.client.post("/randomid/members/add", data={"name": "fred"})
- self.assertEqual(len(models.Project.query.get("randomid").active_members), 1)
-
- def test_person_model(self):
- self.post_project("raclette")
- self.login("raclette")
-
- # adds a member to this project
- self.client.post("/raclette/members/add", data={"name": "zorglub"})
- zorglub = models.Project.query.get("raclette").members[-1]
-
- # should not have any bills
- self.assertFalse(zorglub.has_bills())
-
- # bound him to a bill
- self.client.post(
- "/raclette/add",
- data={
- "date": "2011-08-10",
- "what": "fromage à raclette",
- "payer": zorglub.id,
- "payed_for": [zorglub.id],
- "amount": "25",
- },
- )
-
- # should have a bill now
- zorglub = models.Project.query.get("raclette").members[-1]
- self.assertTrue(zorglub.has_bills())
-
- def test_member_delete_method(self):
- self.post_project("raclette")
- self.login("raclette")
-
- # adds a member to this project
- self.client.post("/raclette/members/add", data={"name": "zorglub"})
-
- # try to remove the member using GET method
- response = self.client.get("/raclette/members/1/delete")
- self.assertEqual(response.status_code, 405)
-
- # delete user using POST method
- self.client.post("/raclette/members/1/delete")
- self.assertEqual(len(models.Project.query.get("raclette").active_members), 0)
- # try to delete an user already deleted
- self.client.post("/raclette/members/1/delete")
-
- def test_demo(self):
- # test that a demo project is created if none is defined
- self.assertEqual([], models.Project.query.all())
- self.client.get("/demo")
- demo = models.Project.query.get("demo")
- self.assertTrue(demo is not None)
-
- self.assertEqual(["Amina", "Georg", "Alice"], [m.name for m in demo.members])
- self.assertEqual(demo.get_bills().count(), 3)
-
- def test_deactivated_demo(self):
- self.app.config["ACTIVATE_DEMO_PROJECT"] = False
-
- # test redirection to the create project form when demo is deactivated
- resp = self.client.get("/demo")
- self.assertIn('<a href="/create?project_id=demo">', resp.data.decode("utf-8"))
-
- def test_authentication(self):
- # try to authenticate without credentials should redirect
- # to the authentication page
- resp = self.client.post("/authenticate")
- self.assertIn("Authentication", resp.data.decode("utf-8"))
-
- # raclette that the login / logout process works
- self.create_project("raclette")
-
- # try to see the project while not being authenticated should redirect
- # to the authentication page
- resp = self.client.get("/raclette", follow_redirects=True)
- self.assertIn("Authentication", resp.data.decode("utf-8"))
-
- # try to connect with wrong credentials should not work
- with self.app.test_client() as c:
- resp = c.post("/authenticate", data={"id": "raclette", "password": "nope"})
-
- self.assertIn("Authentication", resp.data.decode("utf-8"))
- self.assertNotIn("raclette", session)
-
- # try to connect with the right credentials should work
- with self.app.test_client() as c:
- resp = c.post(
- "/authenticate", data={"id": "raclette", "password": "raclette"}
- )
-
- self.assertNotIn("Authentication", resp.data.decode("utf-8"))
- self.assertIn("raclette", session)
- self.assertTrue(session["raclette"])
-
- # logout should wipe the session out
- c.get("/exit")
- self.assertNotIn("raclette", session)
-
- # test that with admin credentials, one can access every project
- self.app.config["ADMIN_PASSWORD"] = generate_password_hash("pass")
- with self.app.test_client() as c:
- resp = c.post("/admin?goto=%2Fraclette", data={"admin_password": "pass"})
- self.assertNotIn("Authentication", resp.data.decode("utf-8"))
- self.assertTrue(session["is_admin"])
-
- def test_admin_authentication(self):
- self.app.config["ADMIN_PASSWORD"] = generate_password_hash("pass")
- # Disable public project creation so we have an admin endpoint to test
- self.app.config["ALLOW_PUBLIC_PROJECT_CREATION"] = False
-
- # test the redirection to the authentication page when trying to access admin endpoints
- resp = self.client.get("/create")
- self.assertIn('<a href="/admin?goto=%2Fcreate">', resp.data.decode("utf-8"))
-
- # test right password
- resp = self.client.post(
- "/admin?goto=%2Fcreate", data={"admin_password": "pass"}
- )
- self.assertIn('<a href="/create">/create</a>', resp.data.decode("utf-8"))
-
- # test wrong password
- resp = self.client.post(
- "/admin?goto=%2Fcreate", data={"admin_password": "wrong"}
- )
- self.assertNotIn('<a href="/create">/create</a>', resp.data.decode("utf-8"))
-
- # test empty password
- resp = self.client.post("/admin?goto=%2Fcreate", data={"admin_password": ""})
- self.assertNotIn('<a href="/create">/create</a>', resp.data.decode("utf-8"))
-
- def test_login_throttler(self):
- self.app.config["ADMIN_PASSWORD"] = generate_password_hash("pass")
-
- # Activate admin login throttling by authenticating 4 times with a wrong passsword
- self.client.post("/admin?goto=%2Fcreate", data={"admin_password": "wrong"})
- self.client.post("/admin?goto=%2Fcreate", data={"admin_password": "wrong"})
- self.client.post("/admin?goto=%2Fcreate", data={"admin_password": "wrong"})
- resp = self.client.post(
- "/admin?goto=%2Fcreate", data={"admin_password": "wrong"}
- )
-
- self.assertIn(
- "Too many failed login attempts, please retry later.",
- resp.data.decode("utf-8"),
- )
- # Change throttling delay
- import gc
-
- for obj in gc.get_objects():
- if isinstance(obj, utils.LoginThrottler):
- obj._delay = 0.005
- break
- # Wait for delay to expire and retry logging in
- sleep(1)
- resp = self.client.post(
- "/admin?goto=%2Fcreate", data={"admin_password": "wrong"}
- )
- self.assertNotIn(
- "Too many failed login attempts, please retry later.",
- resp.data.decode("utf-8"),
- )
-
- def test_manage_bills(self):
- self.post_project("raclette")
-
- # add two persons
- self.client.post("/raclette/members/add", data={"name": "zorglub"})
- self.client.post("/raclette/members/add", data={"name": "fred"})
-
- members_ids = [m.id for m in models.Project.query.get("raclette").members]
-
- # create a bill
- self.client.post(
- "/raclette/add",
- data={
- "date": "2011-08-10",
- "what": "fromage à raclette",
- "payer": members_ids[0],
- "payed_for": members_ids,
- "amount": "25",
- },
- )
- models.Project.query.get("raclette")
- bill = models.Bill.query.one()
- self.assertEqual(bill.amount, 25)
-
- # edit the bill
- self.client.post(
- f"/raclette/edit/{bill.id}",
- data={
- "date": "2011-08-10",
- "what": "fromage à raclette",
- "payer": members_ids[0],
- "payed_for": members_ids,
- "amount": "10",
- },
- )
-
- bill = models.Bill.query.one()
- self.assertEqual(bill.amount, 10, "bill edition")
-
- # delete the bill
- self.client.get(f"/raclette/delete/{bill.id}")
- self.assertEqual(0, len(models.Bill.query.all()), "bill deletion")
-
- # test balance
- self.client.post(
- "/raclette/add",
- data={
- "date": "2011-08-10",
- "what": "fromage à raclette",
- "payer": members_ids[0],
- "payed_for": members_ids,
- "amount": "19",
- },
- )
-
- self.client.post(
- "/raclette/add",
- data={
- "date": "2011-08-10",
- "what": "fromage à raclette",
- "payer": members_ids[1],
- "payed_for": members_ids[0],
- "amount": "20",
- },
- )
-
- self.client.post(
- "/raclette/add",
- data={
- "date": "2011-08-10",
- "what": "fromage à raclette",
- "payer": members_ids[1],
- "payed_for": members_ids,
- "amount": "17",
- },
- )
-
- balance = models.Project.query.get("raclette").balance
- self.assertEqual(set(balance.values()), set([19.0, -19.0]))
-
- # Bill with negative amount
- self.client.post(
- "/raclette/add",
- data={
- "date": "2011-08-12",
- "what": "fromage à raclette",
- "payer": members_ids[0],
- "payed_for": members_ids,
- "amount": "-25",
- },
- )
- bill = models.Bill.query.filter(models.Bill.date == "2011-08-12")[0]
- self.assertEqual(bill.amount, -25)
-
- # add a bill with a comma
- self.client.post(
- "/raclette/add",
- data={
- "date": "2011-08-01",
- "what": "fromage à raclette",
- "payer": members_ids[0],
- "payed_for": members_ids,
- "amount": "25,02",
- },
- )
- bill = models.Bill.query.filter(models.Bill.date == "2011-08-01")[0]
- self.assertEqual(bill.amount, 25.02)
-
- def test_weighted_balance(self):
- self.post_project("raclette")
-
- # add two persons
- self.client.post("/raclette/members/add", data={"name": "zorglub"})
- self.client.post(
- "/raclette/members/add", data={"name": "freddy familly", "weight": 4}
- )
-
- members_ids = [m.id for m in models.Project.query.get("raclette").members]
-
- # test balance
- self.client.post(
- "/raclette/add",
- data={
- "date": "2011-08-10",
- "what": "fromage à raclette",
- "payer": members_ids[0],
- "payed_for": members_ids,
- "amount": "10",
- },
- )
-
- self.client.post(
- "/raclette/add",
- data={
- "date": "2011-08-10",
- "what": "pommes de terre",
- "payer": members_ids[1],
- "payed_for": members_ids,
- "amount": "10",
- },
- )
-
- balance = models.Project.query.get("raclette").balance
- self.assertEqual(set(balance.values()), set([6, -6]))
-
- def test_trimmed_members(self):
- self.post_project("raclette")
-
- # Add two times the same person (with a space at the end).
- self.client.post("/raclette/members/add", data={"name": "zorglub"})
- self.client.post("/raclette/members/add", data={"name": "zorglub "})
- members = models.Project.query.get("raclette").members
-
- self.assertEqual(len(members), 1)
-
- def test_weighted_members_list(self):
- self.post_project("raclette")
-
- # add two persons
- self.client.post("/raclette/members/add", data={"name": "zorglub"})
- self.client.post("/raclette/members/add", data={"name": "tata", "weight": 1})
-
- resp = self.client.get("/raclette/")
- self.assertIn("extra-info", resp.data.decode("utf-8"))
-
- self.client.post(
- "/raclette/members/add", data={"name": "freddy familly", "weight": 4}
- )
-
- resp = self.client.get("/raclette/")
- self.assertNotIn("extra-info", resp.data.decode("utf-8"))
-
- def test_negative_weight(self):
- self.post_project("raclette")
-
- # Add one user and edit it to have a negative share
- self.client.post("/raclette/members/add", data={"name": "zorglub"})
- resp = self.client.post(
- "/raclette/members/1/edit", data={"name": "zorglub", "weight": -1}
- )
-
- # An error should be generated, and its weight should still be 1.
- self.assertIn('<p class="alert alert-danger">', resp.data.decode("utf-8"))
- self.assertEqual(len(models.Project.query.get("raclette").members), 1)
- self.assertEqual(models.Project.query.get("raclette").members[0].weight, 1)
-
- def test_rounding(self):
- self.post_project("raclette")
-
- # add members
- self.client.post("/raclette/members/add", data={"name": "zorglub"})
- self.client.post("/raclette/members/add", data={"name": "fred"})
- self.client.post("/raclette/members/add", data={"name": "tata"})
-
- # create bills
- self.client.post(
- "/raclette/add",
- data={
- "date": "2011-08-10",
- "what": "fromage à raclette",
- "payer": 1,
- "payed_for": [1, 2, 3],
- "amount": "24.36",
- },
- )
-
- self.client.post(
- "/raclette/add",
- data={
- "date": "2011-08-10",
- "what": "red wine",
- "payer": 2,
- "payed_for": [1],
- "amount": "19.12",
- },
- )
-
- self.client.post(
- "/raclette/add",
- data={
- "date": "2011-08-10",
- "what": "delicatessen",
- "payer": 1,
- "payed_for": [1, 2],
- "amount": "22",
- },
- )
-
- balance = models.Project.query.get("raclette").balance
- result = {}
- result[models.Project.query.get("raclette").members[0].id] = 8.12
- result[models.Project.query.get("raclette").members[1].id] = 0.0
- result[models.Project.query.get("raclette").members[2].id] = -8.12
- # Since we're using floating point to store currency, we can have some
- # rounding issues that prevent test from working.
- # However, we should obtain the same values as the theoretical ones if we
- # round to 2 decimals, like in the UI.
- for key, value in balance.items():
- self.assertEqual(round(value, 2), result[key])
-
- def test_edit_project(self):
- # A project should be editable
-
- self.post_project("raclette")
- new_data = {
- "name": "Super raclette party!",
- "contact_email": "zorglub@notmyidea.org",
- "password": "didoudida",
- "logging_preference": LoggingMode.ENABLED.value,
- "default_currency": "USD",
- }
-
- resp = self.client.post("/raclette/edit", data=new_data, follow_redirects=True)
- self.assertEqual(resp.status_code, 200)
- project = models.Project.query.get("raclette")
-
- self.assertEqual(project.name, new_data["name"])
- self.assertEqual(project.contact_email, new_data["contact_email"])
- self.assertEqual(project.default_currency, new_data["default_currency"])
- self.assertTrue(check_password_hash(project.password, new_data["password"]))
-
- # Editing a project with a wrong email address should fail
- new_data["contact_email"] = "wrong_email"
-
- resp = self.client.post("/raclette/edit", data=new_data, follow_redirects=True)
- self.assertIn("Invalid email address", resp.data.decode("utf-8"))
-
- def test_dashboard(self):
- # test that the dashboard is deactivated by default
- resp = self.client.post(
- "/admin?goto=%2Fdashboard",
- data={"admin_password": "adminpass"},
- follow_redirects=True,
- )
- self.assertIn('<div class="alert alert-danger">', resp.data.decode("utf-8"))
-
- # test access to the dashboard when it is activated
- self.app.config["ACTIVATE_ADMIN_DASHBOARD"] = True
- self.app.config["ADMIN_PASSWORD"] = generate_password_hash("adminpass")
- resp = self.client.post(
- "/admin?goto=%2Fdashboard",
- data={"admin_password": "adminpass"},
- follow_redirects=True,
- )
- self.assertIn(
- "<thead><tr><th>Project</th><th>Number of members",
- resp.data.decode("utf-8"),
- )
-
- def test_statistics_page(self):
- self.post_project("raclette")
- response = self.client.get("/raclette/statistics")
- self.assertEqual(response.status_code, 200)
-
- def test_statistics(self):
- self.post_project("raclette")
-
- # add members
- self.client.post("/raclette/members/add", data={"name": "zorglub", "weight": 2})
- self.client.post("/raclette/members/add", data={"name": "fred"})
- self.client.post("/raclette/members/add", data={"name": "tata"})
- # Add a member with a balance=0 :
- self.client.post("/raclette/members/add", data={"name": "pépé"})
-
- # create bills
- self.client.post(
- "/raclette/add",
- data={
- "date": "2011-08-10",
- "what": "fromage à raclette",
- "payer": 1,
- "payed_for": [1, 2, 3],
- "amount": "10.0",
- },
- )
-
- self.client.post(
- "/raclette/add",
- data={
- "date": "2011-08-10",
- "what": "red wine",
- "payer": 2,
- "payed_for": [1],
- "amount": "20",
- },
- )
-
- self.client.post(
- "/raclette/add",
- data={
- "date": "2011-08-10",
- "what": "delicatessen",
- "payer": 1,
- "payed_for": [1, 2],
- "amount": "10",
- },
- )
-
- response = self.client.get("/raclette/statistics")
- regex = r"<td class=\"d-md-none\">{}</td>\s+<td>{}</td>\s+<td>{}</td>"
- self.assertRegex(
- response.data.decode("utf-8"),
- regex.format("zorglub", r"\$20\.00", r"\$31\.67"),
- )
- self.assertRegex(
- response.data.decode("utf-8"),
- regex.format("fred", r"\$20\.00", r"\$5\.83"),
- )
- self.assertRegex(
- response.data.decode("utf-8"), regex.format("tata", r"\$0\.00", r"\$2\.50")
- )
- self.assertRegex(
- response.data.decode("utf-8"), regex.format("pépé", r"\$0\.00", r"\$0\.00")
- )
-
- # Check that the order of participants in the sidebar table is the
- # same as in the main table.
- order = ["fred", "pépé", "tata", "zorglub"]
- regex1 = r".*".join(
- r"<td class=\"balance-name\">{}</td>".format(name) for name in order
- )
- regex2 = r".*".join(
- r"<td class=\"d-md-none\">{}</td>".format(name) for name in order
- )
- # Build the regexp ourselves to be able to pass the DOTALL flag
- # (so that ".*" matches newlines)
- self.assertRegex(response.data.decode("utf-8"), re.compile(regex1, re.DOTALL))
- self.assertRegex(response.data.decode("utf-8"), re.compile(regex2, re.DOTALL))
-
- def test_settle_page(self):
- self.post_project("raclette")
- response = self.client.get("/raclette/settle_bills")
- self.assertEqual(response.status_code, 200)
-
- def test_settle(self):
- self.post_project("raclette")
-
- # add members
- self.client.post("/raclette/members/add", data={"name": "zorglub"})
- self.client.post("/raclette/members/add", data={"name": "fred"})
- self.client.post("/raclette/members/add", data={"name": "tata"})
- # Add a member with a balance=0 :
- self.client.post("/raclette/members/add", data={"name": "pépé"})
-
- # create bills
- self.client.post(
- "/raclette/add",
- data={
- "date": "2011-08-10",
- "what": "fromage à raclette",
- "payer": 1,
- "payed_for": [1, 2, 3],
- "amount": "10.0",
- },
- )
-
- self.client.post(
- "/raclette/add",
- data={
- "date": "2011-08-10",
- "what": "red wine",
- "payer": 2,
- "payed_for": [1],
- "amount": "20",
- },
- )
-
- self.client.post(
- "/raclette/add",
- data={
- "date": "2011-08-10",
- "what": "delicatessen",
- "payer": 1,
- "payed_for": [1, 2],
- "amount": "10",
- },
- )
- project = models.Project.query.get("raclette")
- transactions = project.get_transactions_to_settle_bill()
- members = defaultdict(int)
- # We should have the same values between transactions and project balances
- for t in transactions:
- members[t["ower"]] -= t["amount"]
- members[t["receiver"]] += t["amount"]
- balance = models.Project.query.get("raclette").balance
- for m, a in members.items():
- assert abs(a - balance[m.id]) < 0.01
- return
-
- def test_settle_zero(self):
- self.post_project("raclette")
-
- # add members
- self.client.post("/raclette/members/add", data={"name": "zorglub"})
- self.client.post("/raclette/members/add", data={"name": "fred"})
- self.client.post("/raclette/members/add", data={"name": "tata"})
-
- # create bills
- self.client.post(
- "/raclette/add",
- data={
- "date": "2016-12-31",
- "what": "fromage à raclette",
- "payer": 1,
- "payed_for": [1, 2, 3],
- "amount": "10.0",
- },
- )
-
- self.client.post(
- "/raclette/add",
- data={
- "date": "2016-12-31",
- "what": "red wine",
- "payer": 2,
- "payed_for": [1, 3],
- "amount": "20",
- },
- )
-
- self.client.post(
- "/raclette/add",
- data={
- "date": "2017-01-01",
- "what": "refund",
- "payer": 3,
- "payed_for": [2],
- "amount": "13.33",
- },
- )
- project = models.Project.query.get("raclette")
- transactions = project.get_transactions_to_settle_bill()
-
- # There should not be any zero-amount transfer after rounding
- for t in transactions:
- rounded_amount = round(t["amount"], 2)
- self.assertNotEqual(
- 0.0,
- rounded_amount,
- msg=f"{t['amount']} is equal to zero after rounding",
- )
-
- def test_export(self):
- self.post_project("raclette")
-
- # add members
- self.client.post("/raclette/members/add", data={"name": "zorglub", "weight": 2})
- self.client.post("/raclette/members/add", data={"name": "fred"})
- self.client.post("/raclette/members/add", data={"name": "tata"})
- self.client.post("/raclette/members/add", data={"name": "pépé"})
-
- # create bills
- self.client.post(
- "/raclette/add",
- data={
- "date": "2016-12-31",
- "what": "fromage à raclette",
- "payer": 1,
- "payed_for": [1, 2, 3, 4],
- "amount": "10.0",
- "original_currency": "USD",
- },
- )
-
- self.client.post(
- "/raclette/add",
- data={
- "date": "2016-12-31",
- "what": "red wine",
- "payer": 2,
- "payed_for": [1, 3],
- "amount": "200",
- "original_currency": "USD",
- },
- )
-
- self.client.post(
- "/raclette/add",
- data={
- "date": "2017-01-01",
- "what": "refund",
- "payer": 3,
- "payed_for": [2],
- "amount": "13.33",
- "original_currency": "USD",
- },
- )
-
- # generate json export of bills
- resp = self.client.get("/raclette/export/bills.json")
- expected = [
- {
- "date": "2017-01-01",
- "what": "refund",
- "amount": 13.33,
- "payer_name": "tata",
- "payer_weight": 1.0,
- "owers": ["fred"],
- },
- {
- "date": "2016-12-31",
- "what": "red wine",
- "amount": 200.0,
- "payer_name": "fred",
- "payer_weight": 1.0,
- "owers": ["zorglub", "tata"],
- },
- {
- "date": "2016-12-31",
- "what": "fromage \xe0 raclette",
- "amount": 10.0,
- "payer_name": "zorglub",
- "payer_weight": 2.0,
- "owers": ["zorglub", "fred", "tata", "p\xe9p\xe9"],
- },
- ]
- self.assertEqual(json.loads(resp.data.decode("utf-8")), expected)
-
- # generate csv export of bills
- resp = self.client.get("/raclette/export/bills.csv")
- expected = [
- "date,what,amount,payer_name,payer_weight,owers",
- "2017-01-01,refund,13.33,tata,1.0,fred",
- '2016-12-31,red wine,200.0,fred,1.0,"zorglub, tata"',
- '2016-12-31,fromage à raclette,10.0,zorglub,2.0,"zorglub, fred, tata, pépé"',
- ]
- received_lines = resp.data.decode("utf-8").split("\n")
-
- for i, line in enumerate(expected):
- self.assertEqual(
- set(line.split(",")), set(received_lines[i].strip("\r").split(","))
- )
-
- # generate json export of transactions
- resp = self.client.get("/raclette/export/transactions.json")
- expected = [
- {"amount": 2.00, "receiver": "fred", "ower": "p\xe9p\xe9"},
- {"amount": 55.34, "receiver": "fred", "ower": "tata"},
- {"amount": 127.33, "receiver": "fred", "ower": "zorglub"},
- ]
-
- self.assertEqual(json.loads(resp.data.decode("utf-8")), expected)
-
- # generate csv export of transactions
- resp = self.client.get("/raclette/export/transactions.csv")
-
- expected = [
- "amount,receiver,ower",
- "2.0,fred,pépé",
- "55.34,fred,tata",
- "127.33,fred,zorglub",
- ]
- received_lines = resp.data.decode("utf-8").split("\n")
-
- for i, line in enumerate(expected):
- self.assertEqual(
- set(line.split(",")), set(received_lines[i].strip("\r").split(","))
- )
-
- # wrong export_format should return a 404
- resp = self.client.get("/raclette/export/transactions.wrong")
- self.assertEqual(resp.status_code, 404)
-
- def test_import_new_project(self):
- # Import JSON in an empty project
-
- self.post_project("raclette")
- self.login("raclette")
-
- project = models.Project.query.get("raclette")
-
- json_to_import = [
- {
- "date": "2017-01-01",
- "what": "refund",
- "amount": 13.33,
- "payer_name": "tata",
- "payer_weight": 1.0,
- "owers": ["fred"],
- },
- {
- "date": "2016-12-31",
- "what": "red wine",
- "amount": 200.0,
- "payer_name": "fred",
- "payer_weight": 1.0,
- "owers": ["zorglub", "tata"],
- },
- {
- "date": "2016-12-31",
- "what": "fromage a raclette",
- "amount": 10.0,
- "payer_name": "zorglub",
- "payer_weight": 2.0,
- "owers": ["zorglub", "fred", "tata", "pepe"],
- },
- ]
-
- from ihatemoney.web import import_project
-
- file = io.StringIO()
- json.dump(json_to_import, file)
- file.seek(0)
- import_project(file, project)
-
- bills = project.get_pretty_bills()
-
- # Check if all bills has been add
- self.assertEqual(len(bills), len(json_to_import))
-
- # Check if name of bills are ok
- b = [e["what"] for e in bills]
- b.sort()
- ref = [e["what"] for e in json_to_import]
- ref.sort()
-
- self.assertEqual(b, ref)
-
- # Check if other informations in bill are ok
- for i in json_to_import:
- for j in bills:
- if j["what"] == i["what"]:
- self.assertEqual(j["payer_name"], i["payer_name"])
- self.assertEqual(j["amount"], i["amount"])
- self.assertEqual(j["payer_weight"], i["payer_weight"])
- self.assertEqual(j["date"], i["date"])
-
- list_project = [ower for ower in j["owers"]]
- list_project.sort()
- list_json = [ower for ower in i["owers"]]
- list_json.sort()
-
- self.assertEqual(list_project, list_json)
-
- def test_import_partial_project(self):
- # Import a JSON in a project with already existing data
-
- self.post_project("raclette")
- self.login("raclette")
-
- project = models.Project.query.get("raclette")
-
- self.client.post("/raclette/members/add", data={"name": "zorglub", "weight": 2})
- self.client.post("/raclette/members/add", data={"name": "fred"})
- self.client.post("/raclette/members/add", data={"name": "tata"})
- self.client.post(
- "/raclette/add",
- data={
- "date": "2016-12-31",
- "what": "red wine",
- "payer": 2,
- "payed_for": [1, 3],
- "amount": "200",
- },
- )
-
- json_to_import = [
- {
- "date": "2017-01-01",
- "what": "refund",
- "amount": 13.33,
- "payer_name": "tata",
- "payer_weight": 1.0,
- "owers": ["fred"],
- },
- { # This expense does not have to be present twice.
- "date": "2016-12-31",
- "what": "red wine",
- "amount": 200.0,
- "payer_name": "fred",
- "payer_weight": 1.0,
- "owers": ["zorglub", "tata"],
- },
- {
- "date": "2016-12-31",
- "what": "fromage a raclette",
- "amount": 10.0,
- "payer_name": "zorglub",
- "payer_weight": 2.0,
- "owers": ["zorglub", "fred", "tata", "pepe"],
- },
- ]
-
- from ihatemoney.web import import_project
-
- file = io.StringIO()
- json.dump(json_to_import, file)
- file.seek(0)
- import_project(file, project)
-
- bills = project.get_pretty_bills()
-
- # Check if all bills has been add
- self.assertEqual(len(bills), len(json_to_import))
-
- # Check if name of bills are ok
- b = [e["what"] for e in bills]
- b.sort()
- ref = [e["what"] for e in json_to_import]
- ref.sort()
-
- self.assertEqual(b, ref)
-
- # Check if other informations in bill are ok
- for i in json_to_import:
- for j in bills:
- if j["what"] == i["what"]:
- self.assertEqual(j["payer_name"], i["payer_name"])
- self.assertEqual(j["amount"], i["amount"])
- self.assertEqual(j["payer_weight"], i["payer_weight"])
- self.assertEqual(j["date"], i["date"])
-
- list_project = [ower for ower in j["owers"]]
- list_project.sort()
- list_json = [ower for ower in i["owers"]]
- list_json.sort()
-
- self.assertEqual(list_project, list_json)
-
- def test_import_wrong_json(self):
- self.post_project("raclette")
- self.login("raclette")
-
- project = models.Project.query.get("raclette")
-
- json_1 = [
- { # wrong keys
- "checked": False,
- "dimensions": {"width": 5, "height": 10},
- "id": 1,
- "name": "A green door",
- "price": 12.5,
- "tags": ["home", "green"],
- }
- ]
-
- json_2 = [
- { # amount missing
- "date": "2017-01-01",
- "what": "refund",
- "payer_name": "tata",
- "payer_weight": 1.0,
- "owers": ["fred"],
- }
- ]
-
- from ihatemoney.web import import_project
-
- try:
- file = io.StringIO()
- json.dump(json_1, file)
- file.seek(0)
- import_project(file, project)
- except ValueError:
- self.assertTrue(True)
- except Exception:
- self.fail("unexpected exception raised")
- else:
- self.fail("ExpectedException not raised")
-
- try:
- file = io.StringIO()
- json.dump(json_2, file)
- file.seek(0)
- import_project(file, project)
- except ValueError:
- self.assertTrue(True)
- except Exception:
- self.fail("unexpected exception raised")
- else:
- self.fail("ExpectedException not raised")
-
- def test_access_other_projects(self):
- """Test that accessing or editing bills and members from another project fails"""
- # Create project
- self.post_project("raclette")
-
- # Add members
- self.client.post("/raclette/members/add", data={"name": "zorglub", "weight": 2})
- self.client.post("/raclette/members/add", data={"name": "fred"})
- self.client.post("/raclette/members/add", data={"name": "tata"})
- self.client.post("/raclette/members/add", data={"name": "pépé"})
-
- # Create bill
- self.client.post(
- "/raclette/add",
- data={
- "date": "2016-12-31",
- "what": "fromage à raclette",
- "payer": 1,
- "payed_for": [1, 2, 3, 4],
- "amount": "10.0",
- },
- )
- # Ensure it has been created
- raclette = models.Project.query.get("raclette")
- self.assertEqual(raclette.get_bills().count(), 1)
-
- # Log out
- self.client.get("/exit")
-
- # Create and log in as another project
- self.post_project("tartiflette")
-
- modified_bill = {
- "date": "2018-12-31",
- "what": "roblochon",
- "payer": 2,
- "payed_for": [1, 3, 4],
- "amount": "100.0",
- }
- # Try to access bill of another project
- resp = self.client.get("/raclette/edit/1")
- self.assertStatus(303, resp)
- # Try to access bill of another project by ID
- resp = self.client.get("/tartiflette/edit/1")
- self.assertStatus(404, resp)
- # Try to edit bill
- resp = self.client.post("/raclette/edit/1", data=modified_bill)
- self.assertStatus(303, resp)
- # Try to edit bill by ID
- resp = self.client.post("/tartiflette/edit/1", data=modified_bill)
- self.assertStatus(404, resp)
- # Try to delete bill
- resp = self.client.get("/raclette/delete/1")
- self.assertStatus(303, resp)
- # Try to delete bill by ID
- resp = self.client.get("/tartiflette/delete/1")
- self.assertStatus(302, resp)
-
- # Additional check that the bill was indeed not modified or deleted
- bill = models.Bill.query.filter(models.Bill.id == 1).one()
- self.assertEqual(bill.what, "fromage à raclette")
-
- # Use the correct credentials to modify and delete the bill.
- # This ensures that modifying and deleting the bill can actually work
-
- self.client.get("/exit")
- self.client.post(
- "/authenticate", data={"id": "raclette", "password": "raclette"}
- )
- self.client.post("/raclette/edit/1", data=modified_bill)
- bill = models.Bill.query.filter(models.Bill.id == 1).one_or_none()
- self.assertNotEqual(bill, None, "bill not found")
- self.assertEqual(bill.what, "roblochon")
- self.client.get("/raclette/delete/1")
- bill = models.Bill.query.filter(models.Bill.id == 1).one_or_none()
- self.assertEqual(bill, None)
-
- # Switch back to the second project
- self.client.get("/exit")
- self.client.post(
- "/authenticate", data={"id": "tartiflette", "password": "tartiflette"}
- )
- modified_member = {
- "name": "bulgroz",
- "weight": 42,
- }
- # Try to access member from another project
- resp = self.client.get("/raclette/members/1/edit")
- self.assertStatus(303, resp)
- # Try to access member by ID
- resp = self.client.get("/tartiflette/members/1/edit")
- self.assertStatus(404, resp)
- # Try to edit member
- resp = self.client.post("/raclette/members/1/edit", data=modified_member)
- self.assertStatus(303, resp)
- # Try to edit member by ID
- resp = self.client.post("/tartiflette/members/1/edit", data=modified_member)
- self.assertStatus(404, resp)
- # Try to delete member
- resp = self.client.post("/raclette/members/1/delete")
- self.assertStatus(303, resp)
- # Try to delete member by ID
- resp = self.client.post("/tartiflette/members/1/delete")
- self.assertStatus(302, resp)
-
- # Additional check that the member was indeed not modified or deleted
- member = models.Person.query.filter(models.Person.id == 1).one_or_none()
- self.assertNotEqual(member, None, "member not found")
- self.assertEqual(member.name, "zorglub")
- self.assertTrue(member.activated)
-
- # Use the correct credentials to modify and delete the member.
- # This ensures that modifying and deleting the member can actually work
- self.client.get("/exit")
- self.client.post(
- "/authenticate", data={"id": "raclette", "password": "raclette"}
- )
- self.client.post("/raclette/members/1/edit", data=modified_member)
- member = models.Person.query.filter(models.Person.id == 1).one()
- self.assertEqual(member.name, "bulgroz")
- self.client.post("/raclette/members/1/delete")
- member = models.Person.query.filter(models.Person.id == 1).one_or_none()
- self.assertEqual(member, None)
-
-
-class APITestCase(IhatemoneyTestCase):
-
- """Tests the API"""
-
- def api_create(self, name, id=None, password=None, contact=None):
- id = id or name
- password = password or name
- contact = contact or f"{name}@notmyidea.org"
-
- return self.client.post(
- "/api/projects",
- data={
- "name": name,
- "id": id,
- "password": password,
- "contact_email": contact,
- "default_currency": "USD",
- },
- )
-
- def api_add_member(self, project, name, weight=1):
- self.client.post(
- f"/api/projects/{project}/members",
- data={"name": name, "weight": weight},
- headers=self.get_auth(project),
- )
-
- def get_auth(self, username, password=None):
- password = password or username
- base64string = (
- base64.encodebytes(f"{username}:{password}".encode("utf-8"))
- .decode("utf-8")
- .replace("\n", "")
- )
- return {"Authorization": f"Basic {base64string}"}
-
- def test_cors_requests(self):
- # Create a project and test that CORS headers are present if requested.
- resp = self.api_create("raclette")
- self.assertStatus(201, resp)
-
- # Try to do an OPTIONS requests and see if the headers are correct.
- resp = self.client.options(
- "/api/projects/raclette", headers=self.get_auth("raclette")
- )
- self.assertEqual(resp.headers["Access-Control-Allow-Origin"], "*")
-
- def test_basic_auth(self):
- # create a project
- resp = self.api_create("raclette")
- self.assertStatus(201, resp)
-
- # try to do something on it being unauth should return a 401
- resp = self.client.get("/api/projects/raclette")
- self.assertStatus(401, resp)
-
- # PUT / POST / DELETE / GET on the different resources
- # should also return a 401
- for verb in ("post",):
- for resource in ("/raclette/members", "/raclette/bills"):
- url = "/api/projects" + resource
- self.assertStatus(401, getattr(self.client, verb)(url), verb + resource)
-
- for verb in ("get", "delete", "put"):
- for resource in ("/raclette", "/raclette/members/1", "/raclette/bills/1"):
- url = "/api/projects" + resource
-
- self.assertStatus(401, getattr(self.client, verb)(url), verb + resource)
-
- def test_project(self):
- # wrong email should return an error
- resp = self.client.post(
- "/api/projects",
- data={
- "name": "raclette",
- "id": "raclette",
- "password": "raclette",
- "contact_email": "not-an-email",
- "default_currency": "USD",
- },
- )
-
- self.assertTrue(400, resp.status_code)
- self.assertEqual(
- '{"contact_email": ["Invalid email address."]}\n', resp.data.decode("utf-8")
- )
-
- # create it
- resp = self.api_create("raclette")
- self.assertTrue(201, resp.status_code)
-
- # create it twice should return a 400
- resp = self.api_create("raclette")
-
- self.assertTrue(400, resp.status_code)
- self.assertIn("id", json.loads(resp.data.decode("utf-8")))
-
- # get information about it
- resp = self.client.get(
- "/api/projects/raclette", headers=self.get_auth("raclette")
- )
-
- self.assertTrue(200, resp.status_code)
- expected = {
- "members": [],
- "name": "raclette",
- "contact_email": "raclette@notmyidea.org",
- "default_currency": "USD",
- "id": "raclette",
- "logging_preference": 1,
- }
- decoded_resp = json.loads(resp.data.decode("utf-8"))
- self.assertDictEqual(decoded_resp, expected)
-
- # edit should work
- resp = self.client.put(
- "/api/projects/raclette",
- data={
- "contact_email": "yeah@notmyidea.org",
- "default_currency": "USD",
- "password": "raclette",
- "name": "The raclette party",
- "project_history": "y",
- },
- headers=self.get_auth("raclette"),
- )
-
- self.assertEqual(200, resp.status_code)
-
- resp = self.client.get(
- "/api/projects/raclette", headers=self.get_auth("raclette")
- )
-
- self.assertEqual(200, resp.status_code)
- expected = {
- "name": "The raclette party",
- "contact_email": "yeah@notmyidea.org",
- "default_currency": "USD",
- "members": [],
- "id": "raclette",
- "logging_preference": 1,
- }
- decoded_resp = json.loads(resp.data.decode("utf-8"))
- self.assertDictEqual(decoded_resp, expected)
-
- # password change is possible via API
- resp = self.client.put(
- "/api/projects/raclette",
- data={
- "contact_email": "yeah@notmyidea.org",
- "default_currency": "USD",
- "password": "tartiflette",
- "name": "The raclette party",
- },
- headers=self.get_auth("raclette"),
- )
-
- self.assertEqual(200, resp.status_code)
-
- resp = self.client.get(
- "/api/projects/raclette", headers=self.get_auth("raclette", "tartiflette")
- )
- self.assertEqual(200, resp.status_code)
-
- # delete should work
- resp = self.client.delete(
- "/api/projects/raclette", headers=self.get_auth("raclette", "tartiflette")
- )
-
- # get should return a 401 on an unknown resource
- resp = self.client.get(
- "/api/projects/raclette", headers=self.get_auth("raclette")
- )
- self.assertEqual(401, resp.status_code)
-
- def test_token_creation(self):
- """Test that token of project is generated"""
-
- # Create project
- resp = self.api_create("raclette")
- self.assertTrue(201, resp.status_code)
-
- # Get token
- resp = self.client.get(
- "/api/projects/raclette/token", headers=self.get_auth("raclette")
- )
-
- self.assertEqual(200, resp.status_code)
-
- decoded_resp = json.loads(resp.data.decode("utf-8"))
-
- # Access with token
- resp = self.client.get(
- "/api/projects/raclette/token",
- headers={"Authorization": f"Basic {decoded_resp['token']}"},
- )
-
- self.assertEqual(200, resp.status_code)
-
- def test_token_login(self):
- resp = self.api_create("raclette")
- # Get token
- resp = self.client.get(
- "/api/projects/raclette/token", headers=self.get_auth("raclette")
- )
- decoded_resp = json.loads(resp.data.decode("utf-8"))
- resp = self.client.get("/authenticate?token={}".format(decoded_resp["token"]))
- # Test that we are redirected.
- self.assertEqual(302, resp.status_code)
-
- def test_member(self):
- # create a project
- self.api_create("raclette")
-
- # get the list of members (should be empty)
- req = self.client.get(
- "/api/projects/raclette/members", headers=self.get_auth("raclette")
- )
-
- self.assertStatus(200, req)
- self.assertEqual("[]\n", req.data.decode("utf-8"))
-
- # add a member
- req = self.client.post(
- "/api/projects/raclette/members",
- data={"name": "Zorglub"},
- headers=self.get_auth("raclette"),
- )
-
- # the id of the new member should be returned
- self.assertStatus(201, req)
- self.assertEqual("1\n", req.data.decode("utf-8"))
-
- # the list of members should contain one member
- req = self.client.get(
- "/api/projects/raclette/members", headers=self.get_auth("raclette")
- )
-
- self.assertStatus(200, req)
- self.assertEqual(len(json.loads(req.data.decode("utf-8"))), 1)
-
- # Try to add another member with the same name.
- req = self.client.post(
- "/api/projects/raclette/members",
- data={"name": "Zorglub"},
- headers=self.get_auth("raclette"),
- )
- self.assertStatus(400, req)
-
- # edit the member
- req = self.client.put(
- "/api/projects/raclette/members/1",
- data={"name": "Fred", "weight": 2},
- headers=self.get_auth("raclette"),
- )
-
- self.assertStatus(200, req)
-
- # get should return the new name
- req = self.client.get(
- "/api/projects/raclette/members/1", headers=self.get_auth("raclette")
- )
-
- self.assertStatus(200, req)
- self.assertEqual("Fred", json.loads(req.data.decode("utf-8"))["name"])
- self.assertEqual(2, json.loads(req.data.decode("utf-8"))["weight"])
-
- # edit this member with same information
- # (test PUT idemopotence)
- req = self.client.put(
- "/api/projects/raclette/members/1",
- data={"name": "Fred"},
- headers=self.get_auth("raclette"),
- )
-
- self.assertStatus(200, req)
-
- # de-activate the user
- req = self.client.put(
- "/api/projects/raclette/members/1",
- data={"name": "Fred", "activated": False},
- headers=self.get_auth("raclette"),
- )
- self.assertStatus(200, req)
-
- req = self.client.get(
- "/api/projects/raclette/members/1", headers=self.get_auth("raclette")
- )
- self.assertStatus(200, req)
- self.assertEqual(False, json.loads(req.data.decode("utf-8"))["activated"])
-
- # re-activate the user
- req = self.client.put(
- "/api/projects/raclette/members/1",
- data={"name": "Fred", "activated": True},
- headers=self.get_auth("raclette"),
- )
-
- req = self.client.get(
- "/api/projects/raclette/members/1", headers=self.get_auth("raclette")
- )
- self.assertStatus(200, req)
- self.assertEqual(True, json.loads(req.data.decode("utf-8"))["activated"])
-
- # delete a member
-
- req = self.client.delete(
- "/api/projects/raclette/members/1", headers=self.get_auth("raclette")
- )
-
- self.assertStatus(200, req)
-
- # the list of members should be empty
- req = self.client.get(
- "/api/projects/raclette/members", headers=self.get_auth("raclette")
- )
-
- self.assertStatus(200, req)
- self.assertEqual("[]\n", req.data.decode("utf-8"))
-
- def test_bills(self):
- # create a project
- self.api_create("raclette")
-
- # add members
- self.api_add_member("raclette", "zorglub")
- self.api_add_member("raclette", "fred")
- self.api_add_member("raclette", "quentin")
-
- # get the list of bills (should be empty)
- req = self.client.get(
- "/api/projects/raclette/bills", headers=self.get_auth("raclette")
- )
- self.assertStatus(200, req)
-
- self.assertEqual("[]\n", req.data.decode("utf-8"))
-
- # add a bill
- req = self.client.post(
- "/api/projects/raclette/bills",
- data={
- "date": "2011-08-10",
- "what": "fromage",
- "payer": "1",
- "payed_for": ["1", "2"],
- "amount": "25",
- "external_link": "https://raclette.fr",
- },
- headers=self.get_auth("raclette"),
- )
-
- # should return the id
- self.assertStatus(201, req)
- self.assertEqual(req.data.decode("utf-8"), "1\n")
-
- # get this bill details
- req = self.client.get(
- "/api/projects/raclette/bills/1", headers=self.get_auth("raclette")
- )
-
- # compare with the added info
- self.assertStatus(200, req)
- expected = {
- "what": "fromage",
- "payer_id": 1,
- "owers": [
- {"activated": True, "id": 1, "name": "zorglub", "weight": 1},
- {"activated": True, "id": 2, "name": "fred", "weight": 1},
- ],
- "amount": 25.0,
- "date": "2011-08-10",
- "id": 1,
- "converted_amount": 25.0,
- "original_currency": "USD",
- "external_link": "https://raclette.fr",
- }
-
- got = json.loads(req.data.decode("utf-8"))
- self.assertEqual(
- datetime.date.today(),
- datetime.datetime.strptime(got["creation_date"], "%Y-%m-%d").date(),
- )
- del got["creation_date"]
- self.assertDictEqual(expected, got)
-
- # the list of bills should length 1
- req = self.client.get(
- "/api/projects/raclette/bills", headers=self.get_auth("raclette")
- )
- self.assertStatus(200, req)
- self.assertEqual(1, len(json.loads(req.data.decode("utf-8"))))
-
- # edit with errors should return an error
- req = self.client.put(
- "/api/projects/raclette/bills/1",
- data={
- "date": "201111111-08-10", # not a date
- "what": "fromage",
- "payer": "1",
- "payed_for": ["1", "2"],
- "amount": "25",
- "external_link": "https://raclette.fr",
- },
- headers=self.get_auth("raclette"),
- )
-
- self.assertStatus(400, req)
- self.assertEqual(
- '{"date": ["This field is required."]}\n', req.data.decode("utf-8")
- )
-
- # edit a bill
- req = self.client.put(
- "/api/projects/raclette/bills/1",
- data={
- "date": "2011-09-10",
- "what": "beer",
- "payer": "2",
- "payed_for": ["1", "2"],
- "amount": "25",
- "external_link": "https://raclette.fr",
- },
- headers=self.get_auth("raclette"),
- )
-
- # check its fields
- req = self.client.get(
- "/api/projects/raclette/bills/1", headers=self.get_auth("raclette")
- )
- creation_date = datetime.datetime.strptime(
- json.loads(req.data.decode("utf-8"))["creation_date"], "%Y-%m-%d"
- ).date()
-
- expected = {
- "what": "beer",
- "payer_id": 2,
- "owers": [
- {"activated": True, "id": 1, "name": "zorglub", "weight": 1},
- {"activated": True, "id": 2, "name": "fred", "weight": 1},
- ],
- "amount": 25.0,
- "date": "2011-09-10",
- "external_link": "https://raclette.fr",
- "converted_amount": 25.0,
- "original_currency": "USD",
- "id": 1,
- }
-
- got = json.loads(req.data.decode("utf-8"))
- self.assertEqual(
- creation_date,
- datetime.datetime.strptime(got["creation_date"], "%Y-%m-%d").date(),
- )
- del got["creation_date"]
- self.assertDictEqual(expected, got)
-
- # delete a bill
- req = self.client.delete(
- "/api/projects/raclette/bills/1", headers=self.get_auth("raclette")
- )
- self.assertStatus(200, req)
-
- # getting it should return a 404
- req = self.client.get(
- "/api/projects/raclette/bills/1", headers=self.get_auth("raclette")
- )
- self.assertStatus(404, req)
-
- def test_bills_with_calculation(self):
- # create a project
- self.api_create("raclette")
-
- # add members
- self.api_add_member("raclette", "zorglub")
- self.api_add_member("raclette", "fred")
-
- # valid amounts
- input_expected = [
- ("((100 + 200.25) * 2 - 100) / 2", 250.25),
- ("3/2", 1.5),
- ("2 + 1 * 5 - 2 / 1", 5),
- ]
-
- for i, pair in enumerate(input_expected):
- input_amount, expected_amount = pair
- id = i + 1
-
- req = self.client.post(
- "/api/projects/raclette/bills",
- data={
- "date": "2011-08-10",
- "what": "fromage",
- "payer": "1",
- "payed_for": ["1", "2"],
- "amount": input_amount,
- },
- headers=self.get_auth("raclette"),
- )
-
- # should return the id
- self.assertStatus(201, req)
- self.assertEqual(req.data.decode("utf-8"), "{}\n".format(id))
-
- # get this bill's details
- req = self.client.get(
- "/api/projects/raclette/bills/{}".format(id),
- headers=self.get_auth("raclette"),
- )
-
- # compare with the added info
- self.assertStatus(200, req)
- expected = {
- "what": "fromage",
- "payer_id": 1,
- "owers": [
- {"activated": True, "id": 1, "name": "zorglub", "weight": 1},
- {"activated": True, "id": 2, "name": "fred", "weight": 1},
- ],
- "amount": expected_amount,
- "date": "2011-08-10",
- "id": id,
- "external_link": "",
- "original_currency": "USD",
- "converted_amount": expected_amount,
- }
-
- got = json.loads(req.data.decode("utf-8"))
- self.assertEqual(
- datetime.date.today(),
- datetime.datetime.strptime(got["creation_date"], "%Y-%m-%d").date(),
- )
- del got["creation_date"]
- self.assertDictEqual(expected, got)
-
- # should raise errors
- erroneous_amounts = [
- "lambda ", # letters
- "(20 + 2", # invalid expression
- "20/0", # invalid calc
- "9999**99999999999999999", # exponents
- "2" * 201, # greater than 200 chars,
- ]
-
- for amount in erroneous_amounts:
- req = self.client.post(
- "/api/projects/raclette/bills",
- data={
- "date": "2011-08-10",
- "what": "fromage",
- "payer": "1",
- "payed_for": ["1", "2"],
- "amount": amount,
- },
- headers=self.get_auth("raclette"),
- )
- self.assertStatus(400, req)
-
- def test_statistics(self):
- # create a project
- self.api_create("raclette")
-
- # add members
- self.api_add_member("raclette", "zorglub")
- self.api_add_member("raclette", "fred")
-
- # add a bill
- req = self.client.post(
- "/api/projects/raclette/bills",
- data={
- "date": "2011-08-10",
- "what": "fromage",
- "payer": "1",
- "payed_for": ["1", "2"],
- "amount": "25",
- },
- headers=self.get_auth("raclette"),
- )
-
- # get the list of bills (should be empty)
- req = self.client.get(
- "/api/projects/raclette/statistics", headers=self.get_auth("raclette")
- )
- self.assertStatus(200, req)
- self.assertEqual(
- [
- {
- "balance": 12.5,
- "member": {
- "activated": True,
- "id": 1,
- "name": "zorglub",
- "weight": 1.0,
- },
- "paid": 25.0,
- "spent": 12.5,
- },
- {
- "balance": -12.5,
- "member": {
- "activated": True,
- "id": 2,
- "name": "fred",
- "weight": 1.0,
- },
- "paid": 0,
- "spent": 12.5,
- },
- ],
- json.loads(req.data.decode("utf-8")),
- )
-
- def test_username_xss(self):
- # create a project
- # self.api_create("raclette")
- self.post_project("raclette")
- self.login("raclette")
-
- # add members
- self.api_add_member("raclette", "<script>")
-
- result = self.client.get("/raclette/")
- self.assertNotIn("<script>", result.data.decode("utf-8"))
-
- def test_weighted_bills(self):
- # create a project
- self.api_create("raclette")
-
- # add members
- self.api_add_member("raclette", "zorglub")
- self.api_add_member("raclette", "freddy familly", 4)
- self.api_add_member("raclette", "quentin")
-
- # add a bill
- req = self.client.post(
- "/api/projects/raclette/bills",
- data={
- "date": "2011-08-10",
- "what": "fromage",
- "payer": "1",
- "payed_for": ["1", "2"],
- "amount": "25",
- },
- headers=self.get_auth("raclette"),
- )
-
- # get this bill details
- req = self.client.get(
- "/api/projects/raclette/bills/1", headers=self.get_auth("raclette")
- )
- creation_date = datetime.datetime.strptime(
- json.loads(req.data.decode("utf-8"))["creation_date"], "%Y-%m-%d"
- ).date()
-
- # compare with the added info
- self.assertStatus(200, req)
- expected = {
- "what": "fromage",
- "payer_id": 1,
- "owers": [
- {"activated": True, "id": 1, "name": "zorglub", "weight": 1},
- {"activated": True, "id": 2, "name": "freddy familly", "weight": 4},
- ],
- "amount": 25.0,
- "date": "2011-08-10",
- "id": 1,
- "external_link": "",
- "converted_amount": 25.0,
- "original_currency": "USD",
- }
- got = json.loads(req.data.decode("utf-8"))
- self.assertEqual(
- creation_date,
- datetime.datetime.strptime(got["creation_date"], "%Y-%m-%d").date(),
- )
- del got["creation_date"]
- self.assertDictEqual(expected, got)
-
- # getting it should return a 404
- req = self.client.get(
- "/api/projects/raclette", headers=self.get_auth("raclette")
- )
-
- expected = {
- "members": [
- {
- "activated": True,
- "id": 1,
- "name": "zorglub",
- "weight": 1.0,
- "balance": 20.0,
- },
- {
- "activated": True,
- "id": 2,
- "name": "freddy familly",
- "weight": 4.0,
- "balance": -20.0,
- },
- {
- "activated": True,
- "id": 3,
- "name": "quentin",
- "weight": 1.0,
- "balance": 0,
- },
- ],
- "contact_email": "raclette@notmyidea.org",
- "id": "raclette",
- "name": "raclette",
- "logging_preference": 1,
- "default_currency": "USD",
- }
-
- self.assertStatus(200, req)
- decoded_req = json.loads(req.data.decode("utf-8"))
- self.assertDictEqual(decoded_req, expected)
-
- def test_log_created_from_api_call(self):
- # create a project
- self.api_create("raclette")
- self.login("raclette")
-
- # add members
- self.api_add_member("raclette", "zorglub")
-
- resp = self.client.get("/raclette/history", follow_redirects=True)
- self.assertEqual(resp.status_code, 200)
- self.assertIn(
- f"Participant {em_surround('zorglub')} added", resp.data.decode("utf-8")
- )
- self.assertIn(
- f"Project {em_surround('raclette')} added", resp.data.decode("utf-8")
- )
- self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 2)
- self.assertNotIn("127.0.0.1", resp.data.decode("utf-8"))
-
-
-class ServerTestCase(IhatemoneyTestCase):
- def test_homepage(self):
- # See https://github.com/spiral-project/ihatemoney/pull/358
- self.app.config["APPLICATION_ROOT"] = "/"
- req = self.client.get("/")
- self.assertStatus(200, req)
-
- def test_unprefixed(self):
- self.app.config["APPLICATION_ROOT"] = "/"
- req = self.client.get("/foo/")
- self.assertStatus(303, req)
-
- def test_prefixed(self):
- self.app.config["APPLICATION_ROOT"] = "/foo"
- req = self.client.get("/foo/")
- self.assertStatus(200, req)
-
-
-class CommandTestCase(BaseTestCase):
- def test_generate_config(self):
- """Simply checks that all config file generation
- - raise no exception
- - produce something non-empty
- """
- cmd = GenerateConfig()
- for config_file in cmd.get_options()[0].kwargs["choices"]:
- with patch("sys.stdout", new=io.StringIO()) as stdout:
- cmd.run(config_file)
- print(stdout.getvalue())
- self.assertNotEqual(len(stdout.getvalue().strip()), 0)
-
- def test_generate_password_hash(self):
- cmd = GeneratePasswordHash()
- with patch("sys.stdout", new=io.StringIO()) as stdout, patch(
- "getpass.getpass", new=lambda prompt: "secret"
- ): # NOQA
- cmd.run()
- print(stdout.getvalue())
- self.assertEqual(len(stdout.getvalue().strip()), 189)
-
- def test_demo_project_deletion(self):
- self.create_project("demo")
- self.assertEquals(models.Project.query.get("demo").name, "demo")
-
- cmd = DeleteProject()
- cmd.run("demo")
-
- self.assertEqual(len(models.Project.query.all()), 0)
-
-
-class ModelsTestCase(IhatemoneyTestCase):
- def test_bill_pay_each(self):
-
- self.post_project("raclette")
-
- # add members
- self.client.post("/raclette/members/add", data={"name": "zorglub", "weight": 2})
- self.client.post("/raclette/members/add", data={"name": "fred"})
- self.client.post("/raclette/members/add", data={"name": "tata"})
- # Add a member with a balance=0 :
- self.client.post("/raclette/members/add", data={"name": "pépé"})
-
- # create bills
- self.client.post(
- "/raclette/add",
- data={
- "date": "2011-08-10",
- "what": "fromage à raclette",
- "payer": 1,
- "payed_for": [1, 2, 3],
- "amount": "10.0",
- },
- )
-
- self.client.post(
- "/raclette/add",
- data={
- "date": "2011-08-10",
- "what": "red wine",
- "payer": 2,
- "payed_for": [1],
- "amount": "20",
- },
- )
-
- self.client.post(
- "/raclette/add",
- data={
- "date": "2011-08-10",
- "what": "delicatessen",
- "payer": 1,
- "payed_for": [1, 2],
- "amount": "10",
- },
- )
-
- project = models.Project.query.get_by_name(name="raclette")
- zorglub = models.Person.query.get_by_name(name="zorglub", project=project)
- zorglub_bills = models.Bill.query.options(
- orm.subqueryload(models.Bill.owers)
- ).filter(models.Bill.owers.contains(zorglub))
- for bill in zorglub_bills.all():
- if bill.what == "red wine":
- pay_each_expected = 20 / 2
- self.assertEqual(bill.pay_each(), pay_each_expected)
- if bill.what == "fromage à raclette":
- pay_each_expected = 10 / 4
- self.assertEqual(bill.pay_each(), pay_each_expected)
- if bill.what == "delicatessen":
- pay_each_expected = 10 / 3
- self.assertEqual(bill.pay_each(), pay_each_expected)
-
-
-class EmailFailureTestCase(IhatemoneyTestCase):
- def test_creation_email_failure_smtp(self):
- self.login("raclette")
- with patch.object(
- self.app.mail, "send", MagicMock(side_effect=smtplib.SMTPException)
- ):
- resp = self.post_project("raclette")
- # Check that an error message is displayed
- self.assertIn(
- "We tried to send you an reminder email, but there was an error",
- resp.data.decode("utf-8"),
- )
- # Check that we were redirected to the home page anyway
- self.assertIn(
- 'You probably want to <a href="/raclette/members/add"',
- resp.data.decode("utf-8"),
- )
-
- def test_creation_email_failure_socket(self):
- self.login("raclette")
- with patch.object(self.app.mail, "send", MagicMock(side_effect=socket.error)):
- resp = self.post_project("raclette")
- # Check that an error message is displayed
- self.assertIn(
- "We tried to send you an reminder email, but there was an error",
- resp.data.decode("utf-8"),
- )
- # Check that we were redirected to the home page anyway
- self.assertIn(
- 'You probably want to <a href="/raclette/members/add"',
- resp.data.decode("utf-8"),
- )
-
- def test_password_reset_email_failure(self):
- self.create_project("raclette")
- for exception in (smtplib.SMTPException, socket.error):
- with patch.object(self.app.mail, "send", MagicMock(side_effect=exception)):
- resp = self.client.post(
- "/password-reminder", data={"id": "raclette"}, follow_redirects=True
- )
- # Check that an error message is displayed
- self.assertIn(
- "there was an error while sending you an email",
- resp.data.decode("utf-8"),
- )
- # Check that we were not redirected to the success page
- self.assertNotIn(
- "A link to reset your password has been sent to you",
- resp.data.decode("utf-8"),
- )
-
- def test_invitation_email_failure(self):
- self.login("raclette")
- self.post_project("raclette")
- for exception in (smtplib.SMTPException, socket.error):
- with patch.object(self.app.mail, "send", MagicMock(side_effect=exception)):
- resp = self.client.post(
- "/raclette/invite",
- data={"emails": "toto@notmyidea.org"},
- follow_redirects=True,
- )
- # Check that an error message is displayed
- self.assertIn(
- "there was an error while trying to send the invitation emails",
- resp.data.decode("utf-8"),
- )
- # Check that we are still on the same page (no redirection)
- self.assertIn(
- "Invite people to join this project", resp.data.decode("utf-8")
- )
-
-
-def em_surround(string, regex_escape=False):
- if regex_escape:
- return r'<em class="font-italic">%s<\/em>' % string
- else:
- return '<em class="font-italic">%s</em>' % string
-
-
-class HistoryTestCase(IhatemoneyTestCase):
- def setUp(self):
- super().setUp()
- self.post_project("demo")
- self.login("demo")
-
- def test_simple_create_logentry_no_ip(self):
- resp = self.client.get("/demo/history")
- self.assertEqual(resp.status_code, 200)
- self.assertIn(f"Project {em_surround('demo')} added", resp.data.decode("utf-8"))
- self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 1)
- self.assertNotIn("127.0.0.1", resp.data.decode("utf-8"))
-
- def change_privacy_to(self, logging_preference):
- # Change only logging_preferences
- new_data = {
- "name": "demo",
- "contact_email": "demo@notmyidea.org",
- "password": "demo",
- "default_currency": "USD",
- }
-
- if logging_preference != LoggingMode.DISABLED:
- new_data["project_history"] = "y"
- if logging_preference == LoggingMode.RECORD_IP:
- new_data["ip_recording"] = "y"
-
- # Disable History
- resp = self.client.post("/demo/edit", data=new_data, follow_redirects=True)
- self.assertEqual(resp.status_code, 200)
- self.assertNotIn("danger", resp.data.decode("utf-8"))
-
- resp = self.client.get("/demo/edit")
- self.assertEqual(resp.status_code, 200)
- if logging_preference == LoggingMode.DISABLED:
- self.assertIn('<input id="project_history"', resp.data.decode("utf-8"))
- else:
- self.assertIn(
- '<input checked id="project_history"', resp.data.decode("utf-8")
- )
-
- if logging_preference == LoggingMode.RECORD_IP:
- self.assertIn('<input checked id="ip_recording"', resp.data.decode("utf-8"))
- else:
- self.assertIn('<input id="ip_recording"', resp.data.decode("utf-8"))
-
- def assert_empty_history_logging_disabled(self):
- resp = self.client.get("/demo/history")
- self.assertIn(
- "This project has history disabled. New actions won't appear below. ",
- resp.data.decode("utf-8"),
- )
- self.assertIn("Nothing to list", resp.data.decode("utf-8"))
- self.assertNotIn(
- "The table below reflects actions recorded prior to disabling project history.",
- resp.data.decode("utf-8"),
- )
- self.assertNotIn(
- "Some entries below contain IP addresses,", resp.data.decode("utf-8")
- )
- self.assertNotIn("127.0.0.1", resp.data.decode("utf-8"))
- self.assertNotIn("<td> -- </td>", resp.data.decode("utf-8"))
- self.assertNotIn(
- f"Project {em_surround('demo')} added", resp.data.decode("utf-8")
- )
-
- def test_project_edit(self):
- new_data = {
- "name": "demo2",
- "contact_email": "demo2@notmyidea.org",
- "password": "123456",
- "project_history": "y",
- "default_currency": "USD",
- }
-
- resp = self.client.post("/demo/edit", data=new_data, follow_redirects=True)
- self.assertEqual(resp.status_code, 200)
-
- resp = self.client.get("/demo/history")
- self.assertEqual(resp.status_code, 200)
- self.assertIn(f"Project {em_surround('demo')} added", resp.data.decode("utf-8"))
- self.assertIn(
- f"Project contact email changed to {em_surround('demo2@notmyidea.org')}",
- resp.data.decode("utf-8"),
- )
- self.assertIn("Project private code changed", resp.data.decode("utf-8"))
- self.assertIn(
- f"Project renamed to {em_surround('demo2')}", resp.data.decode("utf-8")
- )
- self.assertLess(
- resp.data.decode("utf-8").index("Project renamed "),
- resp.data.decode("utf-8").index("Project contact email changed to "),
- )
- self.assertLess(
- resp.data.decode("utf-8").index("Project renamed "),
- resp.data.decode("utf-8").index("Project private code changed"),
- )
- self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 4)
- self.assertNotIn("127.0.0.1", resp.data.decode("utf-8"))
-
- def test_project_privacy_edit(self):
- resp = self.client.get("/demo/edit")
- self.assertEqual(resp.status_code, 200)
- self.assertIn(
- '<input checked id="project_history" name="project_history" type="checkbox" value="y">',
- resp.data.decode("utf-8"),
- )
-
- self.change_privacy_to(LoggingMode.DISABLED)
-
- resp = self.client.get("/demo/history")
- self.assertEqual(resp.status_code, 200)
- self.assertIn("Disabled Project History\n", resp.data.decode("utf-8"))
- self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 2)
- self.assertNotIn("127.0.0.1", resp.data.decode("utf-8"))
-
- self.change_privacy_to(LoggingMode.RECORD_IP)
-
- resp = self.client.get("/demo/history")
- self.assertEqual(resp.status_code, 200)
- self.assertIn(
- "Enabled Project History & IP Address Recording", resp.data.decode("utf-8")
- )
- self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 2)
- self.assertEqual(resp.data.decode("utf-8").count("127.0.0.1"), 1)
-
- self.change_privacy_to(LoggingMode.ENABLED)
-
- resp = self.client.get("/demo/history")
- self.assertEqual(resp.status_code, 200)
- self.assertIn("Disabled IP Address Recording\n", resp.data.decode("utf-8"))
- self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 2)
- self.assertEqual(resp.data.decode("utf-8").count("127.0.0.1"), 2)
-
- def test_project_privacy_edit2(self):
- self.change_privacy_to(LoggingMode.RECORD_IP)
-
- resp = self.client.get("/demo/history")
- self.assertEqual(resp.status_code, 200)
- self.assertIn("Enabled IP Address Recording\n", resp.data.decode("utf-8"))
- self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 1)
- self.assertEqual(resp.data.decode("utf-8").count("127.0.0.1"), 1)
-
- self.change_privacy_to(LoggingMode.DISABLED)
-
- resp = self.client.get("/demo/history")
- self.assertEqual(resp.status_code, 200)
- self.assertIn(
- "Disabled Project History & IP Address Recording", resp.data.decode("utf-8")
- )
- self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 1)
- self.assertEqual(resp.data.decode("utf-8").count("127.0.0.1"), 2)
-
- self.change_privacy_to(LoggingMode.ENABLED)
-
- resp = self.client.get("/demo/history")
- self.assertEqual(resp.status_code, 200)
- self.assertIn("Enabled Project History\n", resp.data.decode("utf-8"))
- self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 2)
- self.assertEqual(resp.data.decode("utf-8").count("127.0.0.1"), 2)
-
- def do_misc_database_operations(self, logging_mode):
- new_data = {
- "name": "demo2",
- "contact_email": "demo2@notmyidea.org",
- "password": "123456",
- "default_currency": "USD",
- }
-
- # Keep privacy settings where they were
- if logging_mode != LoggingMode.DISABLED:
- new_data["project_history"] = "y"
- if logging_mode == LoggingMode.RECORD_IP:
- new_data["ip_recording"] = "y"
-
- resp = self.client.post("/demo/edit", data=new_data, follow_redirects=True)
- self.assertEqual(resp.status_code, 200)
-
- # adds a member to this project
- resp = self.client.post(
- "/demo/members/add", data={"name": "zorglub"}, follow_redirects=True
- )
- self.assertEqual(resp.status_code, 200)
-
- user_id = models.Person.query.one().id
-
- # create a bill
- resp = self.client.post(
- "/demo/add",
- data={
- "date": "2011-08-10",
- "what": "fromage à raclette",
- "payer": user_id,
- "payed_for": [user_id],
- "amount": "25",
- },
- follow_redirects=True,
- )
- self.assertEqual(resp.status_code, 200)
-
- bill_id = models.Bill.query.one().id
-
- # edit the bill
- resp = self.client.post(
- f"/demo/edit/{bill_id}",
- data={
- "date": "2011-08-10",
- "what": "fromage à raclette",
- "payer": user_id,
- "payed_for": [user_id],
- "amount": "10",
- },
- follow_redirects=True,
- )
- self.assertEqual(resp.status_code, 200)
- # delete the bill
- resp = self.client.get(f"/demo/delete/{bill_id}", follow_redirects=True)
- self.assertEqual(resp.status_code, 200)
-
- # delete user using POST method
- resp = self.client.post(
- f"/demo/members/{user_id}/delete", follow_redirects=True
- )
- self.assertEqual(resp.status_code, 200)
-
- def test_disable_clear_no_new_records(self):
- # Disable logging
- self.change_privacy_to(LoggingMode.DISABLED)
-
- resp = self.client.get("/demo/history")
- self.assertEqual(resp.status_code, 200)
- self.assertIn(
- "This project has history disabled. New actions won't appear below. ",
- resp.data.decode("utf-8"),
- )
- self.assertIn(
- "The table below reflects actions recorded prior to disabling project history.",
- resp.data.decode("utf-8"),
- )
- self.assertNotIn("Nothing to list", resp.data.decode("utf-8"))
- self.assertNotIn(
- "Some entries below contain IP addresses,", resp.data.decode("utf-8")
- )
-
- # Clear Existing Entries
- resp = self.client.post("/demo/erase_history", follow_redirects=True)
- self.assertEqual(resp.status_code, 200)
- self.assert_empty_history_logging_disabled()
-
- # Do lots of database operations & check that there's still no history
- self.do_misc_database_operations(LoggingMode.DISABLED)
-
- self.assert_empty_history_logging_disabled()
-
- def test_clear_ip_records(self):
- # Enable IP Recording
- self.change_privacy_to(LoggingMode.RECORD_IP)
-
- # Do lots of database operations to generate IP address entries
- self.do_misc_database_operations(LoggingMode.RECORD_IP)
-
- # Disable IP Recording
- self.change_privacy_to(LoggingMode.ENABLED)
-
- resp = self.client.get("/demo/history")
- self.assertEqual(resp.status_code, 200)
- self.assertNotIn(
- "This project has history disabled. New actions won't appear below. ",
- resp.data.decode("utf-8"),
- )
- self.assertNotIn(
- "The table below reflects actions recorded prior to disabling project history.",
- resp.data.decode("utf-8"),
- )
- self.assertNotIn("Nothing to list", resp.data.decode("utf-8"))
- self.assertIn(
- "Some entries below contain IP addresses,", resp.data.decode("utf-8")
- )
- self.assertEqual(resp.data.decode("utf-8").count("127.0.0.1"), 10)
- self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 1)
-
- # Generate more operations to confirm additional IP info isn't recorded
- self.do_misc_database_operations(LoggingMode.ENABLED)
-
- resp = self.client.get("/demo/history")
- self.assertEqual(resp.status_code, 200)
- self.assertEqual(resp.data.decode("utf-8").count("127.0.0.1"), 10)
- self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 6)
-
- # Clear IP Data
- resp = self.client.post("/demo/strip_ip_addresses", follow_redirects=True)
- self.assertEqual(resp.status_code, 200)
- self.assertNotIn(
- "This project has history disabled. New actions won't appear below. ",
- resp.data.decode("utf-8"),
- )
- self.assertNotIn(
- "The table below reflects actions recorded prior to disabling project history.",
- resp.data.decode("utf-8"),
- )
- self.assertNotIn("Nothing to list", resp.data.decode("utf-8"))
- self.assertNotIn(
- "Some entries below contain IP addresses,", resp.data.decode("utf-8")
- )
- self.assertEqual(resp.data.decode("utf-8").count("127.0.0.1"), 0)
- self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 16)
-
- def test_logs_for_common_actions(self):
- # adds a member to this project
- resp = self.client.post(
- "/demo/members/add", data={"name": "zorglub"}, follow_redirects=True
- )
- self.assertEqual(resp.status_code, 200)
-
- resp = self.client.get("/demo/history")
- self.assertEqual(resp.status_code, 200)
- self.assertIn(
- f"Participant {em_surround('zorglub')} added", resp.data.decode("utf-8")
- )
-
- # create a bill
- resp = self.client.post(
- "/demo/add",
- data={
- "date": "2011-08-10",
- "what": "fromage à raclette",
- "payer": 1,
- "payed_for": [1],
- "amount": "25",
- },
- follow_redirects=True,
- )
- self.assertEqual(resp.status_code, 200)
-
- resp = self.client.get("/demo/history")
- self.assertEqual(resp.status_code, 200)
- self.assertIn(
- f"Bill {em_surround('fromage à raclette')} added",
- resp.data.decode("utf-8"),
- )
-
- # edit the bill
- resp = self.client.post(
- "/demo/edit/1",
- data={
- "date": "2011-08-10",
- "what": "new thing",
- "payer": 1,
- "payed_for": [1],
- "amount": "10",
- },
- follow_redirects=True,
- )
- self.assertEqual(resp.status_code, 200)
-
- resp = self.client.get("/demo/history")
- self.assertEqual(resp.status_code, 200)
- self.assertIn(
- f"Bill {em_surround('fromage à raclette')} added",
- resp.data.decode("utf-8"),
- )
- self.assertRegex(
- resp.data.decode("utf-8"),
- r"Bill %s:\s* Amount changed\s* from %s\s* to %s"
- % (
- em_surround("fromage à raclette", regex_escape=True),
- em_surround("25.0", regex_escape=True),
- em_surround("10.0", regex_escape=True),
- ),
- )
- self.assertIn(
- "Bill %s renamed to %s"
- % (em_surround("fromage à raclette"), em_surround("new thing")),
- resp.data.decode("utf-8"),
- )
- self.assertLess(
- resp.data.decode("utf-8").index(
- f"Bill {em_surround('fromage à raclette')} renamed to"
- ),
- resp.data.decode("utf-8").index("Amount changed"),
- )
-
- # delete the bill
- resp = self.client.get("/demo/delete/1", follow_redirects=True)
- self.assertEqual(resp.status_code, 200)
-
- resp = self.client.get("/demo/history")
- self.assertEqual(resp.status_code, 200)
- self.assertIn(
- f"Bill {em_surround('new thing')} removed", resp.data.decode("utf-8")
- )
-
- # edit user
- resp = self.client.post(
- "/demo/members/1/edit",
- data={"weight": 2, "name": "new name"},
- follow_redirects=True,
- )
- self.assertEqual(resp.status_code, 200)
-
- resp = self.client.get("/demo/history")
- self.assertEqual(resp.status_code, 200)
- self.assertRegex(
- resp.data.decode("utf-8"),
- r"Participant %s:\s* Weight changed\s* from %s\s* to %s"
- % (
- em_surround("zorglub", regex_escape=True),
- em_surround("1.0", regex_escape=True),
- em_surround("2.0", regex_escape=True),
- ),
- )
- self.assertIn(
- "Participant %s renamed to %s"
- % (em_surround("zorglub"), em_surround("new name")),
- resp.data.decode("utf-8"),
- )
- self.assertLess(
- resp.data.decode("utf-8").index(
- f"Participant {em_surround('zorglub')} renamed"
- ),
- resp.data.decode("utf-8").index("Weight changed"),
- )
-
- # delete user using POST method
- resp = self.client.post("/demo/members/1/delete", follow_redirects=True)
- self.assertEqual(resp.status_code, 200)
-
- resp = self.client.get("/demo/history")
- self.assertEqual(resp.status_code, 200)
- self.assertIn(
- f"Participant {em_surround('new name')} removed", resp.data.decode("utf-8")
- )
-
- def test_double_bill_double_person_edit_second(self):
-
- # add two members
- self.client.post("/demo/members/add", data={"name": "User 1"})
- self.client.post("/demo/members/add", data={"name": "User 2"})
-
- # add two bills
- self.client.post(
- "/demo/add",
- data={
- "date": "2020-04-13",
- "what": "Bill 1",
- "payer": 1,
- "payed_for": [1, 2],
- "amount": "25",
- },
- )
- self.client.post(
- "/demo/add",
- data={
- "date": "2020-04-13",
- "what": "Bill 2",
- "payer": 1,
- "payed_for": [1, 2],
- "amount": "20",
- },
- )
-
- # Should be 5 history entries at this point
- resp = self.client.get("/demo/history")
- self.assertEqual(resp.status_code, 200)
- self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 5)
- self.assertNotIn("127.0.0.1", resp.data.decode("utf-8"))
-
- # Edit ONLY the amount on the first bill
- self.client.post(
- "/demo/edit/1",
- data={
- "date": "2020-04-13",
- "what": "Bill 1",
- "payer": 1,
- "payed_for": [1, 2],
- "amount": "88",
- },
- )
-
- resp = self.client.get("/demo/history")
- self.assertEqual(resp.status_code, 200)
- self.assertRegex(
- resp.data.decode("utf-8"),
- r"Bill {}:\s* Amount changed\s* from {}\s* to {}".format(
- em_surround("Bill 1", regex_escape=True),
- em_surround("25.0", regex_escape=True),
- em_surround("88.0", regex_escape=True),
- ),
- )
-
- self.assertNotRegex(
- resp.data.decode("utf-8"),
- r"Removed\s* {}\s* and\s* {}\s* from\s* owers list".format(
- em_surround("User 1", regex_escape=True),
- em_surround("User 2", regex_escape=True),
- ),
- resp.data.decode("utf-8"),
- )
-
- # Should be 6 history entries at this point
- self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 6)
- self.assertNotIn("127.0.0.1", resp.data.decode("utf-8"))
-
- def test_bill_add_remove_add(self):
- # add two members
- self.client.post("/demo/members/add", data={"name": "User 1"})
- self.client.post("/demo/members/add", data={"name": "User 2"})
-
- # add 1 bill
- self.client.post(
- "/demo/add",
- data={
- "date": "2020-04-13",
- "what": "Bill 1",
- "payer": 1,
- "payed_for": [1, 2],
- "amount": "25",
- },
- )
-
- # delete the bill
- self.client.get("/demo/delete/1", follow_redirects=True)
-
- resp = self.client.get("/demo/history")
- self.assertEqual(resp.status_code, 200)
- self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 5)
- self.assertNotIn("127.0.0.1", resp.data.decode("utf-8"))
- self.assertIn(f"Bill {em_surround('Bill 1')} added", resp.data.decode("utf-8"))
- self.assertIn(
- f"Bill {em_surround('Bill 1')} removed", resp.data.decode("utf-8")
- )
-
- # Add a new bill
- self.client.post(
- "/demo/add",
- data={
- "date": "2020-04-13",
- "what": "Bill 2",
- "payer": 1,
- "payed_for": [1, 2],
- "amount": "20",
- },
- )
-
- resp = self.client.get("/demo/history")
- self.assertEqual(resp.status_code, 200)
- self.assertEqual(resp.data.decode("utf-8").count("<td> -- </td>"), 6)
- self.assertNotIn("127.0.0.1", resp.data.decode("utf-8"))
- self.assertIn(f"Bill {em_surround('Bill 1')} added", resp.data.decode("utf-8"))
- self.assertEqual(
- resp.data.decode("utf-8").count(f"Bill {em_surround('Bill 1')} added"), 1
- )
- self.assertIn(f"Bill {em_surround('Bill 2')} added", resp.data.decode("utf-8"))
- self.assertIn(
- f"Bill {em_surround('Bill 1')} removed", resp.data.decode("utf-8")
- )
-
- def test_double_bill_double_person_edit_second_no_web(self):
- u1 = models.Person(project_id="demo", name="User 1")
- u2 = models.Person(project_id="demo", name="User 1")
-
- models.db.session.add(u1)
- models.db.session.add(u2)
- models.db.session.commit()
-
- b1 = models.Bill(what="Bill 1", payer_id=u1.id, owers=[u2], amount=10)
- b2 = models.Bill(what="Bill 2", payer_id=u2.id, owers=[u2], amount=11)
-
- # This db commit exposes the "spurious owers edit" bug
- models.db.session.add(b1)
- models.db.session.commit()
-
- models.db.session.add(b2)
- models.db.session.commit()
-
- history_list = history.get_history(models.Project.query.get("demo"))
- self.assertEqual(len(history_list), 5)
-
- # Change just the amount
- b1.amount = 5
- models.db.session.commit()
-
- history_list = history.get_history(models.Project.query.get("demo"))
- for entry in history_list:
- if "prop_changed" in entry:
- self.assertNotIn("owers", entry["prop_changed"])
- self.assertEqual(len(history_list), 6)
-
-
-class TestCurrencyConverter(unittest.TestCase):
- converter = CurrencyConverter()
- mock_data = {"USD": 1, "EUR": 0.8115}
- converter.get_rates = MagicMock(return_value=mock_data)
-
- def test_only_one_instance(self):
- one = id(CurrencyConverter())
- two = id(CurrencyConverter())
- self.assertEqual(one, two)
-
- def test_get_currencies(self):
- self.assertCountEqual(self.converter.get_currencies(), ["USD", "EUR"])
-
- def test_exchange_currency(self):
- result = self.converter.exchange_currency(100, "USD", "EUR")
- self.assertEqual(result, 81.15)
-
-
-if __name__ == "__main__":
- unittest.main()
generated by cgit v1.1 at 2025-12-06 04:32:42 +0000