allucanget/contact.allucanget.biz
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v1
Some checks failed
CI / test (3.11) (push) Failing after 5m36s
Details
CI / build-image (push) Has been skipped
Details

Browse Source
This commit is contained in:
zwitschi
2025-10-22 16:48:55 +02:00
commit 4cefd4e3ab
53 changed files with 5837 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

174
tests/test_admin_contact_api.py Normal file
View File

@@ -0,0 +1,174 @@
import sqlite3
import importlib
import pytest
server_app_module = importlib.import_module("server.app")
# Expose app and init_db from the imported module
app = server_app_module.app
init_db = server_app_module.init_db
@pytest.fixture
def client():
with app.test_client() as client:
yield client
def test_get_contact_submissions_requires_auth(client):
"""Test that getting contact submissions requires authentication."""
resp = client.get("/api/contact")
assert resp.status_code == 302
assert resp.headers["Location"] == "/auth/login"
def test_get_contact_submissions_with_auth(client):
"""Test getting contact submissions when authenticated."""
# Login first
client.post("/auth/login", data={"username": "admin", "password": "admin"})
# Create some test submissions
client.post("/api/contact", data={"name": "Test User 1",
"email": "test1@example.com", "message": "Message 1", "consent": "on"})
client.post("/api/contact", data={"name": "Test User 2",
"email": "test2@example.com", "message": "Message 2", "consent": "on"})
resp = client.get("/api/contact")
assert resp.status_code == 200
data = resp.get_json()
assert data["status"] == "ok"
assert "submissions" in data
assert len(data["submissions"]) == 2
# Check pagination info
assert "pagination" in data
assert data["pagination"]["total"] == 2
assert data["pagination"]["page"] == 1
assert data["pagination"]["per_page"] == 50
def test_admin_get_contact_submissions_requires_auth(client):
"""Test that getting contact submissions via admin API requires authentication."""
resp = client.get("/admin/api/contact")
assert resp.status_code == 302
assert resp.headers["Location"] == "/auth/login"
def test_admin_get_contact_submissions_with_auth(client):
"""Test getting contact submissions via admin API when authenticated."""
# Login first
client.post("/auth/login", data={"username": "admin", "password": "admin"})
# Create some test submissions
client.post("/api/contact", data={"name": "Test User 1",
"email": "test1@example.com", "message": "Message 1", "consent": "on"})
client.post("/api/contact", data={"name": "Test User 2",
"email": "test2@example.com", "message": "Message 2", "consent": "on"})
resp = client.get("/admin/api/contact")
assert resp.status_code == 200
data = resp.get_json()
assert data["status"] == "ok"
assert "submissions" in data
assert len(data["submissions"]) == 2
# Check pagination info
assert "pagination" in data
assert data["pagination"]["total"] == 2
assert data["pagination"]["page"] == 1
assert data["pagination"]["per_page"] == 50
def test_delete_contact_submission_requires_auth(client):
"""Test that deleting contact submissions requires authentication."""
resp = client.delete("/api/contact/1")
assert resp.status_code == 302
assert resp.headers["Location"] == "/auth/login"
def test_delete_contact_submission_with_auth(client):
"""Test deleting contact submissions when authenticated."""
# Login first
client.post("/auth/login", data={"username": "admin", "password": "admin"})
# Create a test submission
resp = client.post("/api/contact", data={"name": "Test User",
"email": "test@example.com", "message": "Message", "consent": "on"})
submission_id = resp.get_json()["id"]
# Delete the submission
resp = client.delete(f"/api/contact/{submission_id}")
assert resp.status_code == 200
data = resp.get_json()
assert data["status"] == "ok"
assert "deleted successfully" in data["message"]
# Verify it's gone
resp = client.get("/api/contact")
data = resp.get_json()
assert len(data["submissions"]) == 0
def test_admin_submissions_page_requires_auth(client):
"""Test that admin submissions page requires authentication."""
resp = client.get("/admin/submissions")
assert resp.status_code == 302
assert resp.headers["Location"] == "/auth/login"
def test_admin_submissions_page_with_auth(client):
"""Test admin submissions page loads when authenticated."""
# Login and access submissions page
client.post("/auth/login", data={"username": "admin", "password": "admin"})
resp = client.get("/admin/submissions")
assert resp.status_code == 200
assert b"Contact Form Submissions" in resp.data
assert b"Loading submissions" in resp.data
def test_admin_delete_contact_submission_requires_auth(client):
"""Test that deleting contact submissions via admin API requires authentication."""
resp = client.delete("/admin/api/contact/1")
assert resp.status_code == 302
assert resp.headers["Location"] == "/auth/login"
def test_admin_delete_contact_submission_with_auth(client):
"""Test deleting contact submissions via admin API when authenticated."""
# Login first
client.post("/auth/login", data={"username": "admin", "password": "admin"})
# Create a test submission
client.post("/api/contact", data={"name": "Test User",
"email": "test@example.com", "message": "Message", "consent": "on"})
# Get the submission to find its ID
resp = client.get("/admin/api/contact")
data = resp.get_json()
submission_id = data["submissions"][0]["id"]
# Delete the submission
resp = client.delete(f"/admin/api/contact/{submission_id}")
assert resp.status_code == 200
delete_data = resp.get_json()
assert delete_data["status"] == "ok"
# Verify it's deleted
resp = client.get("/admin/api/contact")
data = resp.get_json()
assert len(data["submissions"]) == 0
def test_admin_delete_nonexistent_contact_submission(client):
"""Test deleting a non-existent contact submission."""
# Login first
client.post("/auth/login", data={"username": "admin", "password": "admin"})
# Try to delete a non-existent submission
resp = client.delete("/admin/api/contact/999")
assert resp.status_code == 404
data = resp.get_json()
assert data["status"] == "error"
assert "not found" in data["message"]