From 7537e322e290d515ed95e6940e367f71b5ba8da3 Mon Sep 17 00:00:00 2001
From: Michael Plunkett <5885605+michplunkett@users.noreply.github.com>
Date: Fri, 2 Aug 2024 20:08:44 -0500
Subject: [PATCH] Add user profile tests (#1119)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

## Fixes issue
https://github.com/lucyparsons/OpenOversight/issues/436

## Description of Changes
Added tests to validate `/user/` route logic and correct profile logic
to match pre-specified tests.

<img width="497" alt="Screenshot 2024-07-31 at 5 27 37 PM"
src="https://github.com/user-attachments/assets/78703665-1623-4703-8fa9-a1cca59ba319">

There is not a `/users/` route, so I marked it out.

## Tests and Linting
- [x] This branch is up-to-date with the `develop` branch.
- [x] `pytest` passes on my local development environment.
- [x] `pre-commit` passes on my local development environment.
---
 OpenOversight/app/main/views.py         |  5 +-
 OpenOversight/tests/routes/test_user.py | 83 +++++++++++++++++++++++++
 2 files changed, 87 insertions(+), 1 deletion(-)
 create mode 100644 OpenOversight/tests/routes/test_user.py

diff --git a/OpenOversight/app/main/views.py b/OpenOversight/app/main/views.py
index b4e2cb1d9..fc93fcbb3 100644
--- a/OpenOversight/app/main/views.py
+++ b/OpenOversight/app/main/views.py
@@ -288,7 +288,10 @@ def get_tutorial():
 @login_required
 def profile(username: str):
     if re.search("^[A-Za-z][A-Za-z0-9_.]*$", username):
-        user = User.by_username(username).one()
+        try:
+            user = User.by_username(username).one()
+        except NoResultFound:
+            abort(HTTPStatus.NOT_FOUND)
     else:
         abort(HTTPStatus.NOT_FOUND)
 
diff --git a/OpenOversight/tests/routes/test_user.py b/OpenOversight/tests/routes/test_user.py
new file mode 100644
index 000000000..78bac7a91
--- /dev/null
+++ b/OpenOversight/tests/routes/test_user.py
@@ -0,0 +1,83 @@
+from http import HTTPStatus
+
+from flask import current_app
+
+from OpenOversight.app.models.database import User
+from OpenOversight.app.utils.constants import ENCODING_UTF_8
+from OpenOversight.tests.constants import AC_USER_EMAIL, GENERAL_USER_EMAIL
+from OpenOversight.tests.routes.route_helpers import login_ac, login_admin, login_user
+
+
+def test_user_cannot_see_profile_if_not_logged_in(mockdata, client, session):
+    with current_app.test_request_context():
+        user = User.query.filter_by(email=GENERAL_USER_EMAIL).first()
+        rv = client.get(f"/user/{user.username}")
+
+        # Assert that there is a redirect
+        assert rv.status_code == HTTPStatus.FOUND
+
+
+def test_user_profile_for_invalid_regex_username(mockdata, client, session):
+    with current_app.test_request_context():
+        login_user(client)
+        rv = client.get("/user/this_name_is_mad]]bogus")
+
+        # Assert page returns error
+        assert rv.status_code == HTTPStatus.NOT_FOUND
+
+
+def test_user_profile_for_invalid_username(mockdata, client, session):
+    with current_app.test_request_context():
+        login_user(client)
+        rv = client.get("/user/this_name_is_mad_bogus")
+
+        # Assert page returns error
+        assert rv.status_code == HTTPStatus.NOT_FOUND
+
+
+def test_user_profile_does_not_use_id(mockdata, client, session):
+    with current_app.test_request_context():
+        _, user = login_user(client)
+        rv = client.get(f"/user/{user.id}")
+
+        # Assert page returns error
+        assert rv.status_code == HTTPStatus.NOT_FOUND
+
+
+def test_user_can_see_own_profile(mockdata, client, session):
+    with current_app.test_request_context():
+        _, user = login_user(client)
+        rv = client.get(f"/user/{user.username}")
+
+        assert rv.status_code == HTTPStatus.OK
+        assert bytes(f"Profile: {user.username}", ENCODING_UTF_8) in rv.data
+
+
+def test_user_can_see_other_users_profile(mockdata, client, session):
+    with current_app.test_request_context():
+        login_user(client)
+        other_user = User.query.filter_by(email=AC_USER_EMAIL).first()
+        rv = client.get(f"/user/{other_user.username}")
+
+        assert rv.status_code == HTTPStatus.OK
+        assert bytes(f"Profile: {other_user.username}", ENCODING_UTF_8) in rv.data
+
+
+def test_ac_user_can_see_other_users_profile(mockdata, client, session):
+    with current_app.test_request_context():
+        login_ac(client)
+        other_user = User.query.filter_by(email=GENERAL_USER_EMAIL).first()
+        rv = client.get(f"/user/{other_user.username}")
+
+        assert rv.status_code == HTTPStatus.OK
+        assert bytes(f"Profile: {other_user.username}", ENCODING_UTF_8) in rv.data
+
+
+def test_admin_user_can_see_other_users_profile(mockdata, client, session):
+    with current_app.test_request_context():
+        login_admin(client)
+        other_user = User.query.filter_by(email=GENERAL_USER_EMAIL).first()
+        rv = client.get(f"/user/{other_user.username}")
+
+        assert rv.status_code == HTTPStatus.OK
+        assert bytes(f"Profile: {other_user.username}", ENCODING_UTF_8) in rv.data