bton/matekasse
2
1
Fork 2
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: bton:e91905089d0c4b9e45360cc50d0829376dfa6e1b
Branches Tags
bton:master
..
compare: bton:bb7168e3cabdb44fa154ae70b15d727f94b29742
Branches Tags
bton:master

No commits in common. "e91905089d0c4b9e45360cc50d0829376dfa6e1b" and "bb7168e3cabdb44fa154ae70b15d727f94b29742" have entirely different histories.
e91905089d ... bb7168e3ca

4 changed files with 11 additions and 33 deletions
Show stats Expand all files Collapse all files

15
Website/__init__.py
View file

@ -1,5 +1,5 @@
import queue, time, uuid, json, logging, datetime, os import queue, time, uuid, json, logging, datetime, os
from flask import Flask, render_template, request, make_response, session, send_file, g from flask import Flask, render_template, request, make_response, session, url_for, g
from flask_socketio import SocketIO, join_room, leave_room from flask_socketio import SocketIO, join_room, leave_room
from flask_session import Session from flask_session import Session
from markupsafe import escape from markupsafe import escape
@ -49,11 +49,11 @@ def create_app(test_config=None):
#website #website
@app.route('/favicon.ico') @app.route('/favicon.ico')
def favicon(): def favicon():
return send_file("../static/Logo_CCC.svg.png") return url_for('static', filename='Logo_CCC.svg.png')
#@app.route('/socket.io.js') @app.route('/socket.io.js')
#def socketiojs(): def socketiojs():
# return url_for('static', filename='socket.io.js') return url_for('static', filename='socket.io.js')
@app.route("/") @app.route("/")
def index(): def index():
@ -134,6 +134,11 @@ def create_app(test_config=None):
def new_user(): def new_user():
return render_template("adduser.html") return render_template("adduser.html")
@app.route("/removeuser/confirmation", methods=['GET'])
def confirm_remove_user():
user_id = request.args.get("id")
return f'<p><a href="/list">user and tag list</a> | <a href="/documentation">Documentation</a></p> <p>Do your realy want to <a href="/removeuser?id={user_id}">remove the user</a></p>'
@app.route("/removeuser", methods=['GET']) @app.route("/removeuser", methods=['GET'])
def remove_user(): def remove_user():
db = get_db() db = get_db()

BIN
Website/__pycache__/__init__.cpython-311.pyc
View file

Binary file not shown.

BIN
tests/__pycache__/test_website.cpython-311-pytest-7.4.0.pyc
View file

Binary file not shown.

29
tests/test_website.py
View file

@ -12,15 +12,6 @@ def test_config():
assert not create_app()["app"].testing assert not create_app()["app"].testing
assert create_app({'TESTING': True})["app"].testing assert create_app({'TESTING': True})["app"].testing
#basic tests
def test_favicon(client):
response = client.get("/favicon.ico")
assert response.status_code == 200
def test_index(client):
response = client.get("/")
assert 'window.location="/list"' in response.data.decode('utf-8')
#/adduser #/adduser
def test_adduser(client): def test_adduser(client):
response = client.get('/adduser/user') response = client.get('/adduser/user')
@ -148,22 +139,4 @@ def test_api_tagid_right_seconttag(app, client):
assert data[0] == 1 assert data[0] == 1
assert data[1] == "test" assert data[1] == "test"
assert data[2] == -2 assert data[2] == -2
assert json.loads(response.data.decode('utf-8')) == {'balance': -2, 'mode': 'balance', 'username': 'test'} assert json.loads(response.data.decode('utf-8')) == {'balance': -2, 'mode': 'balance', 'username': 'test'}
#db
def test_sqlinjektion_adduser(app, client):
injektion_list = ['"', "'--"]
count = 2
for i in injektion_list:
with app.app_context():
db = get_db()
assert db is get_db()
response = client.get('/adduser/user?username={i}')
c = db.cursor()
c.execute("SELECT * FROM users WHERE username = ?", [i])
data = c.fetchone()
assert data[0] == count
assert data[1] == i
assert data[2] == 0
assert "tag was sucsesfully added" in response.data.decode('utf-8')
count += 1