Merge branch 'develop' into update-pre-commit-versions

lucyparsons · Aug 3, 2024 · 743b314 · 743b314
2 parents f6a270d + 7537e32
commit 743b314
Show file tree

Hide file tree

Showing 2 changed files with 87 additions and 1 deletion.
diff --git a/OpenOversight/app/main/views.py b/OpenOversight/app/main/views.py
@@ -288,7 +288,10 @@ def get_tutorial():
 @login_required
 def profile(username: str):
     if re.search("^[A-Za-z][A-Za-z0-9_.]*$", username):
-        user = User.by_username(username).one()
+        try:
+            user = User.by_username(username).one()
+        except NoResultFound:
+            abort(HTTPStatus.NOT_FOUND)
     else:
         abort(HTTPStatus.NOT_FOUND)
 

diff --git a/OpenOversight/tests/routes/test_user.py b/OpenOversight/tests/routes/test_user.py
@@ -0,0 +1,83 @@
+from http import HTTPStatus
+
+from flask import current_app
+
+from OpenOversight.app.models.database import User
+from OpenOversight.app.utils.constants import ENCODING_UTF_8
+from OpenOversight.tests.constants import AC_USER_EMAIL, GENERAL_USER_EMAIL
+from OpenOversight.tests.routes.route_helpers import login_ac, login_admin, login_user
+
+
+def test_user_cannot_see_profile_if_not_logged_in(mockdata, client, session):
+    with current_app.test_request_context():
+        user = User.query.filter_by(email=GENERAL_USER_EMAIL).first()
+        rv = client.get(f"/user/{user.username}")
+
+        # Assert that there is a redirect
+        assert rv.status_code == HTTPStatus.FOUND
+
+
+def test_user_profile_for_invalid_regex_username(mockdata, client, session):
+    with current_app.test_request_context():
+        login_user(client)
+        rv = client.get("/user/this_name_is_mad]]bogus")
+
+        # Assert page returns error
+        assert rv.status_code == HTTPStatus.NOT_FOUND
+
+
+def test_user_profile_for_invalid_username(mockdata, client, session):
+    with current_app.test_request_context():
+        login_user(client)
+        rv = client.get("/user/this_name_is_mad_bogus")
+
+        # Assert page returns error
+        assert rv.status_code == HTTPStatus.NOT_FOUND
+
+
+def test_user_profile_does_not_use_id(mockdata, client, session):
+    with current_app.test_request_context():
+        _, user = login_user(client)
+        rv = client.get(f"/user/{user.id}")
+
+        # Assert page returns error
+        assert rv.status_code == HTTPStatus.NOT_FOUND
+
+
+def test_user_can_see_own_profile(mockdata, client, session):
+    with current_app.test_request_context():
+        _, user = login_user(client)
+        rv = client.get(f"/user/{user.username}")
+
+        assert rv.status_code == HTTPStatus.OK
+        assert bytes(f"Profile: {user.username}", ENCODING_UTF_8) in rv.data
+
+
+def test_user_can_see_other_users_profile(mockdata, client, session):
+    with current_app.test_request_context():
+        login_user(client)
+        other_user = User.query.filter_by(email=AC_USER_EMAIL).first()
+        rv = client.get(f"/user/{other_user.username}")
+
+        assert rv.status_code == HTTPStatus.OK
+        assert bytes(f"Profile: {other_user.username}", ENCODING_UTF_8) in rv.data
+
+
+def test_ac_user_can_see_other_users_profile(mockdata, client, session):
+    with current_app.test_request_context():
+        login_ac(client)
+        other_user = User.query.filter_by(email=GENERAL_USER_EMAIL).first()
+        rv = client.get(f"/user/{other_user.username}")
+
+        assert rv.status_code == HTTPStatus.OK
+        assert bytes(f"Profile: {other_user.username}", ENCODING_UTF_8) in rv.data
+
+
+def test_admin_user_can_see_other_users_profile(mockdata, client, session):
+    with current_app.test_request_context():
+        login_admin(client)
+        other_user = User.query.filter_by(email=GENERAL_USER_EMAIL).first()
+        rv = client.get(f"/user/{other_user.username}")
+
+        assert rv.status_code == HTTPStatus.OK
+        assert bytes(f"Profile: {other_user.username}", ENCODING_UTF_8) in rv.data