contact.allucanget.biz/tests/test_admin_contact_api.py

import sqlite3
import importlib

import pytest

server_app_module = importlib.import_module("server.app")

# Expose app and init_db from the imported module
app = server_app_module.app
init_db = server_app_module.init_db


@pytest.fixture
def client():
    with app.test_client() as client:
        yield client


def test_get_contact_submissions_requires_auth(client):
    """Test that getting contact submissions requires authentication."""
    resp = client.get("/api/contact")
    assert resp.status_code == 302
    assert resp.headers["Location"] == "/auth/login"


def test_get_contact_submissions_with_auth(client):
    """Test getting contact submissions when authenticated."""
    # Login first
    client.post("/auth/login", data={"username": "admin", "password": "admin"})

    # Create some test submissions
    client.post("/api/contact", data={"name": "Test User 1",
                "email": "test1@example.com", "message": "Message 1", "consent": "on"})
    client.post("/api/contact", data={"name": "Test User 2",
                "email": "test2@example.com", "message": "Message 2", "consent": "on"})

    resp = client.get("/api/contact")
    assert resp.status_code == 200
    data = resp.get_json()
    assert data["status"] == "ok"
    assert "submissions" in data
    assert len(data["submissions"]) == 2

    # Check pagination info
    assert "pagination" in data
    assert data["pagination"]["total"] == 2
    assert data["pagination"]["page"] == 1
    assert data["pagination"]["per_page"] == 50


def test_admin_get_contact_submissions_requires_auth(client):
    """Test that getting contact submissions via admin API requires authentication."""
    resp = client.get("/admin/api/contact")
    assert resp.status_code == 302
    assert resp.headers["Location"] == "/auth/login"


def test_admin_get_contact_submissions_with_auth(client):
    """Test getting contact submissions via admin API when authenticated."""
    # Login first
    client.post("/auth/login", data={"username": "admin", "password": "admin"})

    # Create some test submissions
    client.post("/api/contact", data={"name": "Test User 1",
                "email": "test1@example.com", "message": "Message 1", "consent": "on"})
    client.post("/api/contact", data={"name": "Test User 2",
                "email": "test2@example.com", "message": "Message 2", "consent": "on"})

    resp = client.get("/admin/api/contact")
    assert resp.status_code == 200
    data = resp.get_json()
    assert data["status"] == "ok"
    assert "submissions" in data
    assert len(data["submissions"]) == 2

    # Check pagination info
    assert "pagination" in data
    assert data["pagination"]["total"] == 2
    assert data["pagination"]["page"] == 1
    assert data["pagination"]["per_page"] == 50


def test_delete_contact_submission_requires_auth(client):
    """Test that deleting contact submissions requires authentication."""
    resp = client.delete("/api/contact/1")
    assert resp.status_code == 302
    assert resp.headers["Location"] == "/auth/login"


def test_delete_contact_submission_with_auth(client):
    """Test deleting contact submissions when authenticated."""
    # Login first
    client.post("/auth/login", data={"username": "admin", "password": "admin"})

    # Create a test submission
    resp = client.post("/api/contact", data={"name": "Test User",
                       "email": "test@example.com", "message": "Message", "consent": "on"})
    submission_id = resp.get_json()["id"]

    # Delete the submission
    resp = client.delete(f"/api/contact/{submission_id}")
    assert resp.status_code == 200
    data = resp.get_json()
    assert data["status"] == "ok"
    assert "deleted successfully" in data["message"]

    # Verify it's gone
    resp = client.get("/api/contact")
    data = resp.get_json()
    assert len(data["submissions"]) == 0


def test_admin_submissions_page_requires_auth(client):
    """Test that admin submissions page requires authentication."""
    resp = client.get("/admin/submissions")
    assert resp.status_code == 302
    assert resp.headers["Location"] == "/auth/login"


def test_admin_submissions_page_with_auth(client):
    """Test admin submissions page loads when authenticated."""
    # Login and access submissions page
    client.post("/auth/login", data={"username": "admin", "password": "admin"})
    resp = client.get("/admin/submissions")

    assert resp.status_code == 200
    assert b"Contact Form Submissions" in resp.data
    assert b"Loading submissions" in resp.data


def test_admin_delete_contact_submission_requires_auth(client):
    """Test that deleting contact submissions via admin API requires authentication."""
    resp = client.delete("/admin/api/contact/1")
    assert resp.status_code == 302
    assert resp.headers["Location"] == "/auth/login"


def test_admin_delete_contact_submission_with_auth(client):
    """Test deleting contact submissions via admin API when authenticated."""
    # Login first
    client.post("/auth/login", data={"username": "admin", "password": "admin"})

    # Create a test submission
    client.post("/api/contact", data={"name": "Test User",
                "email": "test@example.com", "message": "Message", "consent": "on"})

    # Get the submission to find its ID
    resp = client.get("/admin/api/contact")
    data = resp.get_json()
    submission_id = data["submissions"][0]["id"]

    # Delete the submission
    resp = client.delete(f"/admin/api/contact/{submission_id}")
    assert resp.status_code == 200
    delete_data = resp.get_json()
    assert delete_data["status"] == "ok"

    # Verify it's deleted
    resp = client.get("/admin/api/contact")
    data = resp.get_json()
    assert len(data["submissions"]) == 0


def test_admin_delete_nonexistent_contact_submission(client):
    """Test deleting a non-existent contact submission."""
    # Login first
    client.post("/auth/login", data={"username": "admin", "password": "admin"})

    # Try to delete a non-existent submission
    resp = client.delete("/admin/api/contact/999")
    assert resp.status_code == 404
    data = resp.get_json()
    assert data["status"] == "error"
    assert "not found" in data["message"]