import sqlite3 import importlib import pytest server_app_module = importlib.import_module("server.app") # Expose app and init_db from the imported module app = server_app_module.app init_db = server_app_module.init_db @pytest.fixture def client(): with app.test_client() as client: yield client def test_get_contact_submissions_requires_auth(client): """Test that getting contact submissions requires authentication.""" resp = client.get("/api/contact") assert resp.status_code == 302 assert resp.headers["Location"] == "/auth/login" def test_get_contact_submissions_with_auth(client): """Test getting contact submissions when authenticated.""" # Login first client.post("/auth/login", data={"username": "admin", "password": "admin"}) # Create some test submissions client.post("/api/contact", data={"name": "Test User 1", "email": "test1@example.com", "message": "Message 1", "consent": "on"}) client.post("/api/contact", data={"name": "Test User 2", "email": "test2@example.com", "message": "Message 2", "consent": "on"}) resp = client.get("/api/contact") assert resp.status_code == 200 data = resp.get_json() assert data["status"] == "ok" assert "submissions" in data assert len(data["submissions"]) == 2 # Check pagination info assert "pagination" in data assert data["pagination"]["total"] == 2 assert data["pagination"]["page"] == 1 assert data["pagination"]["per_page"] == 50 def test_admin_get_contact_submissions_requires_auth(client): """Test that getting contact submissions via admin API requires authentication.""" resp = client.get("/admin/api/contact") assert resp.status_code == 302 assert resp.headers["Location"] == "/auth/login" def test_admin_get_contact_submissions_with_auth(client): """Test getting contact submissions via admin API when authenticated.""" # Login first client.post("/auth/login", data={"username": "admin", "password": "admin"}) # Create some test submissions client.post("/api/contact", data={"name": "Test User 1", "email": "test1@example.com", "message": "Message 1", "consent": "on"}) client.post("/api/contact", data={"name": "Test User 2", "email": "test2@example.com", "message": "Message 2", "consent": "on"}) resp = client.get("/admin/api/contact") assert resp.status_code == 200 data = resp.get_json() assert data["status"] == "ok" assert "submissions" in data assert len(data["submissions"]) == 2 # Check pagination info assert "pagination" in data assert data["pagination"]["total"] == 2 assert data["pagination"]["page"] == 1 assert data["pagination"]["per_page"] == 50 def test_delete_contact_submission_requires_auth(client): """Test that deleting contact submissions requires authentication.""" resp = client.delete("/api/contact/1") assert resp.status_code == 302 assert resp.headers["Location"] == "/auth/login" def test_delete_contact_submission_with_auth(client): """Test deleting contact submissions when authenticated.""" # Login first client.post("/auth/login", data={"username": "admin", "password": "admin"}) # Create a test submission resp = client.post("/api/contact", data={"name": "Test User", "email": "test@example.com", "message": "Message", "consent": "on"}) submission_id = resp.get_json()["id"] # Delete the submission resp = client.delete(f"/api/contact/{submission_id}") assert resp.status_code == 200 data = resp.get_json() assert data["status"] == "ok" assert "deleted successfully" in data["message"] # Verify it's gone resp = client.get("/api/contact") data = resp.get_json() assert len(data["submissions"]) == 0 def test_admin_submissions_page_requires_auth(client): """Test that admin submissions page requires authentication.""" resp = client.get("/admin/submissions") assert resp.status_code == 302 assert resp.headers["Location"] == "/auth/login" def test_admin_submissions_page_with_auth(client): """Test admin submissions page loads when authenticated.""" # Login and access submissions page client.post("/auth/login", data={"username": "admin", "password": "admin"}) resp = client.get("/admin/submissions") assert resp.status_code == 200 assert b"Contact Form Submissions" in resp.data assert b"Loading submissions" in resp.data def test_admin_delete_contact_submission_requires_auth(client): """Test that deleting contact submissions via admin API requires authentication.""" resp = client.delete("/admin/api/contact/1") assert resp.status_code == 302 assert resp.headers["Location"] == "/auth/login" def test_admin_delete_contact_submission_with_auth(client): """Test deleting contact submissions via admin API when authenticated.""" # Login first client.post("/auth/login", data={"username": "admin", "password": "admin"}) # Create a test submission client.post("/api/contact", data={"name": "Test User", "email": "test@example.com", "message": "Message", "consent": "on"}) # Get the submission to find its ID resp = client.get("/admin/api/contact") data = resp.get_json() submission_id = data["submissions"][0]["id"] # Delete the submission resp = client.delete(f"/admin/api/contact/{submission_id}") assert resp.status_code == 200 delete_data = resp.get_json() assert delete_data["status"] == "ok" # Verify it's deleted resp = client.get("/admin/api/contact") data = resp.get_json() assert len(data["submissions"]) == 0 def test_admin_delete_nonexistent_contact_submission(client): """Test deleting a non-existent contact submission.""" # Login first client.post("/auth/login", data={"username": "admin", "password": "admin"}) # Try to delete a non-existent submission resp = client.delete("/admin/api/contact/999") assert resp.status_code == 404 data = resp.get_json() assert data["status"] == "error" assert "not found" in data["message"]