2023-07-28 23:30:45 +02:00
|
|
|
from pydoc import cli
|
|
|
|
from urllib import response
|
|
|
|
from Website import create_app
|
|
|
|
import json
|
|
|
|
import pdb
|
2023-07-29 00:15:09 +02:00
|
|
|
import Website
|
2023-07-28 23:30:45 +02:00
|
|
|
from Website.db import get_db
|
|
|
|
from .test_conf import client, app
|
|
|
|
|
|
|
|
|
|
|
|
def test_config():
|
|
|
|
assert not create_app()["app"].testing
|
|
|
|
assert create_app({'TESTING': True})["app"].testing
|
|
|
|
|
2023-08-16 23:02:36 +02:00
|
|
|
#basic tests
|
|
|
|
def test_favicon(client):
|
|
|
|
response = client.get("/favicon.ico")
|
|
|
|
assert response.status_code == 200
|
|
|
|
|
2023-08-16 23:18:53 +02:00
|
|
|
def test_index(client):
|
|
|
|
response = client.get("/")
|
|
|
|
assert 'window.location="/list"' in response.data.decode('utf-8')
|
|
|
|
|
2023-07-28 23:30:45 +02:00
|
|
|
#/adduser
|
|
|
|
def test_adduser(client):
|
2024-03-06 20:41:45 +01:00
|
|
|
response = client.post('/adduser/user', data={})
|
2023-07-28 23:30:45 +02:00
|
|
|
assert "418" in response.data.decode('utf-8')
|
|
|
|
|
|
|
|
def test_adduser_new(app, client):
|
|
|
|
with app.app_context():
|
|
|
|
db = get_db()
|
|
|
|
assert db is get_db()
|
2024-03-06 20:41:45 +01:00
|
|
|
response = client.post('/adduser/user', data={user_name:"test"})
|
2023-07-28 23:30:45 +02:00
|
|
|
c = db.cursor()
|
|
|
|
c.execute("SELECT * FROM users WHERE username = ?", ["test"])
|
|
|
|
data = c.fetchone()
|
|
|
|
assert "tag was sucsesfully added" in response.data.decode('utf-8')
|
|
|
|
assert data[0] == 1
|
|
|
|
assert data[1] == "test"
|
|
|
|
assert data[2] == 0
|
|
|
|
|
|
|
|
def test_adduser_allreadyexists(client):
|
2024-03-06 20:41:45 +01:00
|
|
|
response = client.post('/adduser/user', data={username:"test"})
|
2023-07-28 23:30:45 +02:00
|
|
|
assert "Error: 757" in response.data.decode('utf-8')
|
|
|
|
|
|
|
|
#/addtag
|
|
|
|
def test_addtag(client):
|
|
|
|
response = client.get('/addtag')
|
|
|
|
assert response.data.decode('utf-8') == "Error: 095"
|
|
|
|
|
|
|
|
def test_addtag_userid_nan(client):
|
2024-03-06 20:41:45 +01:00
|
|
|
response = client.post('/addtag', data={id:1})
|
2023-07-28 23:30:45 +02:00
|
|
|
assert response.data.decode('utf-8') == "Error: 095"
|
|
|
|
|
2023-08-16 21:36:23 +02:00
|
|
|
def test_add_tag_direktli(app):
|
|
|
|
with app.app_context():
|
|
|
|
db = get_db()
|
|
|
|
assert db is get_db()
|
|
|
|
c = db.cursor()
|
|
|
|
c.execute("INSERT INTO tags (tagid, userid) VALUES (12345678, 1)")
|
|
|
|
c.execute("INSERT INTO tags (tagid, userid) VALUES (23456789, 1)")
|
|
|
|
db.commit()
|
|
|
|
c.execute("SELECT * FROM tags WHERE tagid = 12345678")
|
|
|
|
data_1 = c.fetchone()
|
|
|
|
c.execute("SELECT * FROM tags WHERE tagid = 23456789")
|
|
|
|
data_2 = c.fetchone()
|
|
|
|
assert data_1[0] == 12345678
|
|
|
|
assert data_1[1] == 1
|
|
|
|
assert data_2[0] == 23456789
|
|
|
|
assert data_2[1] == 1
|
2023-07-28 23:30:45 +02:00
|
|
|
|
|
|
|
#/api
|
|
|
|
def test_api_change(client):
|
|
|
|
response = client.get('/api/change')
|
|
|
|
assert json.loads(response.data.decode('utf-8')) == {"mode":"error", "error":"043"}
|
|
|
|
|
|
|
|
def test_api_change_wrong_user(client):
|
|
|
|
response = client.get('/api/change?id=2')
|
|
|
|
assert json.loads(response.data.decode('utf-8')) == {"mode":"error", "error":"043"}
|
|
|
|
|
|
|
|
def test_api_change_nan(client):
|
|
|
|
response = client.get('/api/change?id=1&?change=test')
|
|
|
|
assert json.loads(response.data.decode('utf-8')) == {"mode":"balance", "username":"test", "balance":-1}
|
|
|
|
|
|
|
|
def test_api_change_none(client):
|
|
|
|
response = client.get('/api/change?id=1')
|
|
|
|
assert json.loads(response.data.decode('utf-8')) == {"mode":"balance", "username":"test", "balance":-2}
|
|
|
|
|
|
|
|
def test_api_change_right_positiv(app, client):
|
|
|
|
response = client.get('/api/change?id=1&change=7')
|
|
|
|
with app.app_context():
|
|
|
|
db = get_db()
|
|
|
|
assert db is get_db()
|
|
|
|
c = db.cursor()
|
|
|
|
c.execute("SELECT * FROM users WHERE username = ?", ["test"])
|
|
|
|
data = c.fetchone()
|
|
|
|
assert json.loads(response.data.decode('utf-8')) == {"mode":"balance", "username":"test", "balance":5}
|
|
|
|
assert data[0] == 1
|
|
|
|
assert data[1] == "test"
|
|
|
|
assert data[2] == 5
|
|
|
|
|
|
|
|
def test_api_change_right_negativ(app, client):
|
|
|
|
response = client.get('/api/change?id=1&change=-5')
|
|
|
|
with app.app_context():
|
|
|
|
db = get_db()
|
|
|
|
assert db is get_db()
|
|
|
|
c = db.cursor()
|
|
|
|
c.execute("SELECT * FROM users WHERE username = ?", ["test"])
|
|
|
|
data = c.fetchone()
|
|
|
|
assert json.loads(response.data.decode('utf-8')) == {"mode":"balance", "username":"test", "balance":0}
|
|
|
|
assert data[0] == 1
|
|
|
|
assert data[1] == "test"
|
|
|
|
assert data[2] == 0
|
2023-08-16 21:36:23 +02:00
|
|
|
|
|
|
|
def test_api_tagid(app, client):
|
|
|
|
response = client.get("/api/tag_id")
|
|
|
|
assert json.loads(response.data.decode('utf-8')) == {'error': '054', 'mode': 'error'}
|
|
|
|
|
|
|
|
def test_api_tagid_NaN(app, client):
|
|
|
|
response = client.get("/api/tag_id?id=test")
|
|
|
|
assert json.loads(response.data.decode('utf-8')) == {'error': '054', 'mode': 'error'}
|
|
|
|
|
|
|
|
def test_api_tagid_wrong_id(app, client):
|
|
|
|
response = client.get("/api/tag_id?id=1234")
|
|
|
|
assert json.loads(response.data.decode('utf-8')) == {'error': '054', 'mode': 'error'}
|
|
|
|
|
|
|
|
def test_api_tagid_right_firsttag(app, client):
|
|
|
|
response = client.get("/api/tag_id?id=12345678")
|
|
|
|
with app.app_context():
|
|
|
|
db = get_db()
|
|
|
|
assert db is get_db()
|
|
|
|
c = db.cursor()
|
|
|
|
c.execute("SELECT * FROM users WHERE id = 1")
|
|
|
|
data = c.fetchone()
|
|
|
|
assert data[0] == 1
|
|
|
|
assert data[1] == "test"
|
|
|
|
assert data[2] == -1
|
|
|
|
assert json.loads(response.data.decode('utf-8')) == {'balance': -1, 'mode': 'balance', 'username': 'test'}
|
|
|
|
|
2023-08-16 21:41:10 +02:00
|
|
|
def test_api_tagid_right_seconttag(app, client):
|
2023-08-16 21:36:23 +02:00
|
|
|
response = client.get("/api/tag_id?id=23456789")
|
|
|
|
with app.app_context():
|
|
|
|
db = get_db()
|
|
|
|
assert db is get_db()
|
|
|
|
c = db.cursor()
|
|
|
|
c.execute("SELECT * FROM users WHERE id = 1")
|
|
|
|
data = c.fetchone()
|
|
|
|
assert data[0] == 1
|
|
|
|
assert data[1] == "test"
|
|
|
|
assert data[2] == -2
|
2023-08-25 18:33:48 +02:00
|
|
|
assert json.loads(response.data.decode('utf-8')) == {'balance': -2, 'mode': 'balance', 'username': 'test'}
|
|
|
|
|
|
|
|
#db
|
|
|
|
def test_sqlinjektion_adduser(app, client):
|
|
|
|
injektion_list = ['"', "'--"]
|
|
|
|
count = 2
|
|
|
|
for i in injektion_list:
|
|
|
|
with app.app_context():
|
|
|
|
db = get_db()
|
|
|
|
assert db is get_db()
|
|
|
|
response = client.get('/adduser/user?username={i}')
|
|
|
|
c = db.cursor()
|
|
|
|
c.execute("SELECT * FROM users WHERE username = ?", [i])
|
|
|
|
data = c.fetchone()
|
|
|
|
assert data[0] == count
|
|
|
|
assert data[1] == i
|
|
|
|
assert data[2] == 0
|
|
|
|
assert "tag was sucsesfully added" in response.data.decode('utf-8')
|
2024-03-06 20:41:45 +01:00
|
|
|
count += 1
|