Add user profile tests (#1119)

michplunkett · web-flow · commit 7537e322e290 · 2024-08-02T20:08:44.000-05:00
## Fixes issue #436 ## Description of Changes Added tests to validate `/user/` route logic and correct profile logic to match pre-specified tests. <img width="497" alt="Screenshot 2024-07-31 at 5 27 37 PM" src="https://github.com/user-attachments/assets/78703665-1623-4703-8fa9-a1cca59ba319"> There is not a `/users/` route, so I marked it out. ## Tests and Linting - [x] This branch is up-to-date with the `develop` branch. - [x] `pytest` passes on my local development environment. - [x] `pre-commit` passes on my local development environment.
diff --git a/OpenOversight/app/main/views.py b/OpenOversight/app/main/views.py
@@ -288,7 +288,10 @@ def get_tutorial():
 @login_required
 def profile(username: str):
     if re.search("^[A-Za-z][A-Za-z0-9_.]*$", username):
-        user = User.by_username(username).one()
+        try:
+            user = User.by_username(username).one()
+        except NoResultFound:
+            abort(HTTPStatus.NOT_FOUND)
     else:
         abort(HTTPStatus.NOT_FOUND)
 
diff --git a/OpenOversight/tests/routes/test_user.py b/OpenOversight/tests/routes/test_user.py
@@ -0,0 +1,83 @@
+from http import HTTPStatus
+
+from flask import current_app
+
+from OpenOversight.app.models.database import User
+from OpenOversight.app.utils.constants import ENCODING_UTF_8
+from OpenOversight.tests.constants import AC_USER_EMAIL, GENERAL_USER_EMAIL
+from OpenOversight.tests.routes.route_helpers import login_ac, login_admin, login_user
+
+
+def test_user_cannot_see_profile_if_not_logged_in(mockdata, client, session):
+    with current_app.test_request_context():
+        user = User.query.filter_by(email=GENERAL_USER_EMAIL).first()
+        rv = client.get(f"/user/{user.username}")
+
+        # Assert that there is a redirect
+        assert rv.status_code == HTTPStatus.FOUND
+
+
+def test_user_profile_for_invalid_regex_username(mockdata, client, session):
+    with current_app.test_request_context():
+        login_user(client)
+        rv = client.get("/user/this_name_is_mad]]bogus")
+
+        # Assert page returns error
+        assert rv.status_code == HTTPStatus.NOT_FOUND
+
+
+def test_user_profile_for_invalid_username(mockdata, client, session):
+    with current_app.test_request_context():
+        login_user(client)
+        rv = client.get("/user/this_name_is_mad_bogus")
+
+        # Assert page returns error
+        assert rv.status_code == HTTPStatus.NOT_FOUND
+
+
+def test_user_profile_does_not_use_id(mockdata, client, session):
+    with current_app.test_request_context():
+        _, user = login_user(client)
+        rv = client.get(f"/user/{user.id}")
+
+        # Assert page returns error
+        assert rv.status_code == HTTPStatus.NOT_FOUND
+
+
+def test_user_can_see_own_profile(mockdata, client, session):
+    with current_app.test_request_context():
+        _, user = login_user(client)
+        rv = client.get(f"/user/{user.username}")
+
+        assert rv.status_code == HTTPStatus.OK
+        assert bytes(f"Profile: {user.username}", ENCODING_UTF_8) in rv.data
+
+
+def test_user_can_see_other_users_profile(mockdata, client, session):
+    with current_app.test_request_context():
+        login_user(client)
+        other_user = User.query.filter_by(email=AC_USER_EMAIL).first()
+        rv = client.get(f"/user/{other_user.username}")
+
+        assert rv.status_code == HTTPStatus.OK
+        assert bytes(f"Profile: {other_user.username}", ENCODING_UTF_8) in rv.data
+
+
+def test_ac_user_can_see_other_users_profile(mockdata, client, session):
+    with current_app.test_request_context():
+        login_ac(client)
+        other_user = User.query.filter_by(email=GENERAL_USER_EMAIL).first()
+        rv = client.get(f"/user/{other_user.username}")
+
+        assert rv.status_code == HTTPStatus.OK
+        assert bytes(f"Profile: {other_user.username}", ENCODING_UTF_8) in rv.data
+
+
+def test_admin_user_can_see_other_users_profile(mockdata, client, session):
+    with current_app.test_request_context():
+        login_admin(client)
+        other_user = User.query.filter_by(email=GENERAL_USER_EMAIL).first()
+        rv = client.get(f"/user/{other_user.username}")
+
+        assert rv.status_code == HTTPStatus.OK
+        assert bytes(f"Profile: {other_user.username}", ENCODING_UTF_8) in rv.data
