From b4f997b15c3bfc4a5f50e8d9be0beb3125dcfa8b Mon Sep 17 00:00:00 2001
From: Chris Sanden <c.sanden@outlook.com>
Date: Wed, 13 May 2026 16:14:36 +0200
Subject: [PATCH] Significantly enhanced testing suite to 69% coverage and
 updated gitignore

---
 .gitignore        |   4 +-
 tests/test_app.py | 162 ++++++++++++++++++++++++++++++++++++++++++++--
 2 files changed, 160 insertions(+), 6 deletions(-)

diff --git a/.gitignore b/.gitignore
index 7e99e36..7c1940f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,3 @@
-*.pyc
\ No newline at end of file
+*.pyc
+.venv
+.coverage
\ No newline at end of file
diff --git a/tests/test_app.py b/tests/test_app.py
index 9babb87..1292fc4 100644
--- a/tests/test_app.py
+++ b/tests/test_app.py
@@ -1,11 +1,163 @@
+import hashlib
+import sqlite3
+import pytest
+import database
 from app import app
 
-def test_basic():
-    assert True
 
-def test_homepage():
-    client = app.test_client()
+def make_user_db(path):
+    conn = sqlite3.connect(path)
+    conn.execute("CREATE TABLE users (id TEXT PRIMARY KEY, pw TEXT NOT NULL)")
+    conn.execute("INSERT INTO users VALUES (?, ?)", ("ADMIN", hashlib.sha256("admin".encode()).hexdigest()))
+    conn.execute("INSERT INTO users VALUES (?, ?)", ("TEST", hashlib.sha256("123456".encode()).hexdigest()))
+    conn.commit()
+    conn.close()
 
-    response = client.get("/")
+def make_notes_db(path):
+    conn = sqlite3.connect(path)
+    conn.execute("""CREATE TABLE notes (
+        user TEXT NOT NULL,
+        timestamp TEXT NOT NULL,
+        note TEXT NOT NULL,
+        note_id TEXT PRIMARY KEY)
+    """)
+    conn.commit()
+    conn.close()
+
+def make_images_db(path):
+  conn = sqlite3.connect(path)
+  conn.execute("""CREATE TABLE images (
+        uid TEXT PRIMARY KEY,
+        owner TEXT NOT NULL,
+        name TEXT NOT NULL,
+        timestamp TEXT NOT NULL)
+    """)
+  conn.commit()
+  conn.close()
+
+@pytest.fixture
+def client(tmp_path, monkeypatch):
+  user_db = tmp_path / "users.db"
+  notes_db = tmp_path / "notes.db"
+  images_db = tmp_path / "images.db"
+
+  make_user_db(user_db)
+  make_notes_db(notes_db)
+  make_images_db(images_db)
+
+  monkeypatch.setattr(database, "user_db_file_location", str(user_db))
+  monkeypatch.setattr(database, "note_db_file_location", str(notes_db))
+  monkeypatch.setattr(database, "image_db_file_location", str(images_db))
+
+  monkeypatch.delenv("DATABASE_URL", raising=False)
+
+  app.config.update(TESTING=True, SECRET_KEY="test-secret")
+
+  return app.test_client()
+
+def test_homepage(client):
+  response = client.get("/")
+  assert response.status_code == 200
+
+def test_public_page(client):
+  response = client.get("/public/")
+  assert response.status_code == 200
+
+def test_private_requires_login(client):
+  response = client.get("/private/")
+  assert response.status_code == 401
+
+def test_admin_requires_login(client):
+  response = client.get("/admin/")
+  assert response.status_code == 401
+
+def test_login_valid_user_redirects(client):
+  response = client.post("/login", data={
+      "id": "test",
+      "pw": "123456",
+  })
+
+  assert response.status_code == 302
+
+def test_private_after_login(client):
+  client.post("/login", data={
+      "id": "test",
+      "pw": "123456",
+  })
+
+  response = client.get("/private/")
+
+  assert response.status_code == 200
+
+def test_admin_page_as_admin(client):
+  client.post("/login", data={
+      "id": "admin",
+      "pw": "admin",
+  })
+
+  response = client.get("/admin/")
+
+  assert response.status_code == 200
+
+def test_invalid_login_does_not_access_private(client):
+    client.post("/login", data={
+        "id": "test",
+        "pw": "wrong",
+    })
+
+    response = client.get("/private/")
+
+    assert response.status_code == 401
+
+def test_logout_removes_session(client):
+    client.post("/login", data={
+        "id": "test",
+        "pw": "123456",
+    })
+
+    response = client.get("/logout/")
+
+    assert response.status_code == 302
+
+    private_response = client.get("/private/")
+    assert private_response.status_code == 401
+
+def test_write_note_after_login(client):
+    client.post("/login", data={
+        "id": "test",
+        "pw": "123456",
+    })
+
+    response = client.post("/write_note", data={
+        "text_note_to_take": "Test note",
+    })
+
+    assert response.status_code == 302
+
+def test_admin_can_add_user(client):
+    client.post("/login", data={
+        "id": "admin",
+        "pw": "admin",
+    })
+
+    response = client.post("/add_user", data={
+        "id": "newuser",
+        "pw": "password",
+    })
+
+    assert response.status_code == 302
+
+def test_admin_cannot_add_duplicate_user(client):
+    client.post("/login", data={
+        "id": "admin",
+        "pw": "admin",
+    })
+
+    response = client.post("/add_user", data={
+        "id": "test",
+        "pw": "whatever",
+    })
 
     assert response.status_code == 200
+    assert b"test" in response.data.lower() or response.status_code == 200
+