import hashlib import sqlite3 import pytest import database from app import app def make_user_db(path): conn = sqlite3.connect(path) conn.execute("CREATE TABLE users (id TEXT PRIMARY KEY, pw TEXT NOT NULL)") conn.execute("INSERT INTO users VALUES (?, ?)", ("ADMIN", hashlib.sha256("admin".encode()).hexdigest())) conn.execute("INSERT INTO users VALUES (?, ?)", ("TEST", hashlib.sha256("123456".encode()).hexdigest())) conn.commit() conn.close() def make_notes_db(path): conn = sqlite3.connect(path) conn.execute("""CREATE TABLE notes ( user TEXT NOT NULL, timestamp TEXT NOT NULL, note TEXT NOT NULL, note_id TEXT PRIMARY KEY) """) conn.commit() conn.close() def make_images_db(path): conn = sqlite3.connect(path) conn.execute("""CREATE TABLE images ( uid TEXT PRIMARY KEY, owner TEXT NOT NULL, name TEXT NOT NULL, timestamp TEXT NOT NULL) """) conn.commit() conn.close() @pytest.fixture def client(tmp_path, monkeypatch): user_db = tmp_path / "users.db" notes_db = tmp_path / "notes.db" images_db = tmp_path / "images.db" make_user_db(user_db) make_notes_db(notes_db) make_images_db(images_db) monkeypatch.setattr(database, "user_db_file_location", str(user_db)) monkeypatch.setattr(database, "note_db_file_location", str(notes_db)) monkeypatch.setattr(database, "image_db_file_location", str(images_db)) monkeypatch.delenv("DATABASE_URL", raising=False) app.config.update(TESTING=True, SECRET_KEY="test-secret") return app.test_client() def test_homepage(client): response = client.get("/") assert response.status_code == 200 def test_public_page(client): response = client.get("/public/") assert response.status_code == 200 def test_private_requires_login(client): response = client.get("/private/") assert response.status_code == 401 def test_admin_requires_login(client): response = client.get("/admin/") assert response.status_code == 401 def test_login_valid_user_redirects(client): response = client.post("/login", data={ "id": "test", "pw": "123456", }) assert response.status_code == 302 def test_private_after_login(client): client.post("/login", data={ "id": "test", "pw": "123456", }) response = client.get("/private/") assert response.status_code == 200 def test_admin_page_as_admin(client): client.post("/login", data={ "id": "admin", "pw": "admin", }) response = client.get("/admin/") assert response.status_code == 200 def test_invalid_login_does_not_access_private(client): client.post("/login", data={ "id": "test", "pw": "wrong", }) response = client.get("/private/") assert response.status_code == 401 def test_logout_removes_session(client): client.post("/login", data={ "id": "test", "pw": "123456", }) response = client.get("/logout/") assert response.status_code == 302 private_response = client.get("/private/") assert private_response.status_code == 401 def test_write_note_after_login(client): client.post("/login", data={ "id": "test", "pw": "123456", }) response = client.post("/write_note", data={ "text_note_to_take": "Test note", }) assert response.status_code == 302 def test_admin_can_add_user(client): client.post("/login", data={ "id": "admin", "pw": "admin", }) response = client.post("/add_user", data={ "id": "newuser", "pw": "password", }) assert response.status_code == 302 def test_admin_cannot_add_duplicate_user(client): client.post("/login", data={ "id": "admin", "pw": "admin", }) response = client.post("/add_user", data={ "id": "test", "pw": "whatever", }) assert response.status_code == 200 assert b"test" in response.data.lower() or response.status_code == 200