Initial commit - Mold Cost Calculator Application (Security Fixed)
This commit is contained in:
@@ -0,0 +1,116 @@
|
||||
import pytest
|
||||
from flask import url_for
|
||||
from app.models import User, Quotation
|
||||
from datetime import datetime, timezone
|
||||
import os
|
||||
|
||||
def test_home_page(client):
|
||||
response = client.get('/')
|
||||
assert response.status_code == 200
|
||||
|
||||
def test_login_page(client):
|
||||
response = client.get('/login')
|
||||
assert response.status_code == 200
|
||||
assert b'Login' in response.data
|
||||
|
||||
def test_register_page(client):
|
||||
response = client.get('/register')
|
||||
assert response.status_code == 200
|
||||
assert b'Register' in response.data
|
||||
|
||||
def test_calculator_page_redirect(client):
|
||||
response = client.get('/calculator')
|
||||
assert response.status_code == 302
|
||||
assert '/login' in response.headers['Location']
|
||||
|
||||
def test_login_success(client, app):
|
||||
with app.app_context():
|
||||
test_password = os.getenv('TEST_USER_PASSWORD', 'Test123!')
|
||||
user = User.create(
|
||||
username='testuser',
|
||||
email='test@example.com',
|
||||
company='Test Company',
|
||||
password=test_password
|
||||
)
|
||||
db.session.commit()
|
||||
|
||||
response = client.post('/login', data={
|
||||
'email': 'test@example.com',
|
||||
'password': test_password,
|
||||
'remember_me': False
|
||||
}, follow_redirects=True)
|
||||
|
||||
assert response.status_code == 200
|
||||
assert b'Calculator' in response.data
|
||||
|
||||
def test_login_failure(client):
|
||||
response = client.post('/login', data={
|
||||
'email': 'wrong@example.com',
|
||||
'password': 'WrongPass123!',
|
||||
'remember_me': False
|
||||
}, follow_redirects=True)
|
||||
|
||||
assert response.status_code == 200
|
||||
assert b'Invalid email or password' in response.data
|
||||
|
||||
def test_register_success(client, app):
|
||||
response = client.post('/register', data={
|
||||
'username': 'newuser',
|
||||
'email': 'jenny.tay@adidas.com',
|
||||
'company': 'New Company',
|
||||
'password': 'NewPass123!',
|
||||
'password_confirm': 'NewPass123!',
|
||||
'terms': True
|
||||
}, follow_redirects=True)
|
||||
|
||||
assert response.status_code == 200
|
||||
assert b'Registration successful' in response.data
|
||||
|
||||
def test_register_duplicate_email(client, app):
|
||||
with app.app_context():
|
||||
user = User.create(
|
||||
username='testuser',
|
||||
email='jenny.tay@adidas.com',
|
||||
company='Test Company',
|
||||
password='Test123!'
|
||||
)
|
||||
db.session.commit()
|
||||
|
||||
response = client.post('/register', data={
|
||||
'username': 'newuser',
|
||||
'email': 'jenny.tay@adidas.com',
|
||||
'company': 'New Company',
|
||||
'password': 'NewPass123!',
|
||||
'password_confirm': 'NewPass123!',
|
||||
'terms': True
|
||||
}, follow_redirects=True)
|
||||
|
||||
assert response.status_code == 200
|
||||
assert b'Email already registered' in response.data
|
||||
|
||||
def test_admin_management_unauthorized(client):
|
||||
response = client.get('/admin/management')
|
||||
assert response.status_code == 302
|
||||
assert '/login' in response.headers['Location']
|
||||
|
||||
def test_admin_management_authorized(client, app):
|
||||
with app.app_context():
|
||||
admin = User.create(
|
||||
username='admin',
|
||||
email='admin@example.com',
|
||||
company='Admin Company',
|
||||
password='Admin123!'
|
||||
)
|
||||
admin.is_admin = True
|
||||
db.session.commit()
|
||||
|
||||
client.post('/login', data={
|
||||
'email': 'admin@example.com',
|
||||
'password': 'Admin123!',
|
||||
'remember_me': False
|
||||
})
|
||||
|
||||
response = client.get('/admin/management')
|
||||
assert response.status_code == 200
|
||||
assert b'User Management' in response.data
|
||||
|
||||
Reference in New Issue
Block a user