From de580d9a7ee32f83ee6c60bda3bb37e85a32537e Mon Sep 17 00:00:00 2001 From: Peter Heijstek Date: Thu, 3 Apr 2025 11:15:08 +0200 Subject: [PATCH 1/2] Initial fix --- ihatemoney/static/css/main.css | 7 ++++++- ihatemoney/templates/home.html | 14 ++++++++++++++ ihatemoney/tests/api_test.py | 27 +++++++++++++++++++++++++++ ihatemoney/web.py | 9 +++++---- 4 files changed, 52 insertions(+), 5 deletions(-) diff --git a/ihatemoney/static/css/main.css b/ihatemoney/static/css/main.css index 46c24642..2249cabf 100644 --- a/ihatemoney/static/css/main.css +++ b/ihatemoney/static/css/main.css @@ -644,4 +644,9 @@ footer .icon svg { .edit-project .custom-file { margin-bottom: 2em; -} \ No newline at end of file +} + +.connected-projects { + a { + } +} diff --git a/ihatemoney/templates/home.html b/ihatemoney/templates/home.html index f2c70d01..b27d7c0b 100644 --- a/ihatemoney/templates/home.html +++ b/ihatemoney/templates/home.html @@ -33,6 +33,20 @@
+ {% if 'projects' in session %} +
+
+ {{ _("Open a project in your current session") }} +
+
+
    + {% for id, name in session['projects'].items() %} +
  • {{name}} + {% endfor %} +
+
+
+ {% endif %}
{{ _("Log in to an existing project") }} diff --git a/ihatemoney/tests/api_test.py b/ihatemoney/tests/api_test.py index 40054f75..d9f655ed 100644 --- a/ihatemoney/tests/api_test.py +++ b/ihatemoney/tests/api_test.py @@ -6,6 +6,7 @@ import pytest from ihatemoney.tests.common.help_functions import em_surround from ihatemoney.tests.common.ihatemoney_testcase import IhatemoneyTestCase +from flask import session class TestAPI(IhatemoneyTestCase): @@ -1079,3 +1080,29 @@ class TestAPI(IhatemoneyTestCase): # Bill type should now be "Expense" got = json.loads(req.data.decode("utf-8")) assert got["bill_type"] == "Expense" + + def test_get_auth(self): + """ + Redirects to logged in projects + """ + self.create_project("test-project") + self.login("test-project") + + def test_post_auth_wrong_password(self): + """ + Rejects wrong passwords for projects + in the session + """ + self.create_project("project1", password="a") + self.login("project1", "a") + + print(session["projects"]) + + + def test_post_auth_correct_password(self): + """ + Accepts correct passwords for projects + in the session + """ + pass + diff --git a/ihatemoney/web.py b/ihatemoney/web.py index 37bd811f..ce3b62ce 100644 --- a/ihatemoney/web.py +++ b/ihatemoney/web.py @@ -258,6 +258,7 @@ def join_project(token): def authenticate(project_id=None): """Authentication form""" form = AuthenticationForm() + is_post_auth = request.method == "POST" and form.validate() if not form.id.data and request.args.get("project_id"): form.id.data = request.args["project_id"] @@ -270,14 +271,13 @@ def authenticate(project_id=None): return render_template( "authenticate.html", form=form, create_project=project_id ) - - # if credentials are already in session, redirect - if session.get(project_id): + + # if credentials are already in session and no password is provided, redirect + if session.get(project_id) and not is_post_auth: setattr(g, "project", project) return redirect(url_for(".list_bills")) # else do form authentication authentication - is_post_auth = request.method == "POST" and form.validate() if is_post_auth and check_password_hash(project.password, form.password.data): set_authorized_project(project) setattr(g, "project", project) @@ -290,6 +290,7 @@ def authenticate(project_id=None): def get_project_form(): + fancy = {'complexity':'Cyclo. compl.', 'churn': 'Churn', 'comments_ratio': 'Ratio', 'loc': 'LOC', 'dit': 'DIT', 'cbo': 'CBO', 'vulns': 'Vuln.', 'smells': 'Smells'} if current_app.config.get("ENABLE_CAPTCHA", False): return ProjectFormWithCaptcha() return ProjectForm() From d8223cb2973d4bd8c74c83df7e8f7590a5994bec Mon Sep 17 00:00:00 2001 From: Peter Heijstek Date: Thu, 3 Apr 2025 14:15:43 +0200 Subject: [PATCH 2/2] add tests and remove unused css class --- ihatemoney/static/css/main.css | 5 ----- ihatemoney/templates/home.html | 4 ++-- ihatemoney/tests/api_test.py | 39 +++++++++++++++++++++++++++++----- 3 files changed, 36 insertions(+), 12 deletions(-) diff --git a/ihatemoney/static/css/main.css b/ihatemoney/static/css/main.css index 2249cabf..bbe8f15e 100644 --- a/ihatemoney/static/css/main.css +++ b/ihatemoney/static/css/main.css @@ -645,8 +645,3 @@ footer .icon svg { .edit-project .custom-file { margin-bottom: 2em; } - -.connected-projects { - a { - } -} diff --git a/ihatemoney/templates/home.html b/ihatemoney/templates/home.html index b27d7c0b..f748f9f5 100644 --- a/ihatemoney/templates/home.html +++ b/ihatemoney/templates/home.html @@ -36,10 +36,10 @@ {% if 'projects' in session %}
- {{ _("Open a project in your current session") }} + {{ _("Open a connected project") }}
-
    +
      {% for id, name in session['projects'].items() %}
    • {{name}} {% endfor %} diff --git a/ihatemoney/tests/api_test.py b/ihatemoney/tests/api_test.py index d9f655ed..6e5d6b3b 100644 --- a/ihatemoney/tests/api_test.py +++ b/ihatemoney/tests/api_test.py @@ -6,7 +6,7 @@ import pytest from ihatemoney.tests.common.help_functions import em_surround from ihatemoney.tests.common.ihatemoney_testcase import IhatemoneyTestCase -from flask import session +from flask import url_for class TestAPI(IhatemoneyTestCase): @@ -1081,6 +1081,29 @@ class TestAPI(IhatemoneyTestCase): got = json.loads(req.data.decode("utf-8")) assert got["bill_type"] == "Expense" + def test_project_list_redirection(self): + self.post_project("project1", default_currency="USD") + self.post_project("project2", default_currency="EUR") + + # Step 2: Log into these projects (simulate a user accessing them) + self.login("project1") + self.login("project2") + + # Step 3: Access the homepage where the project list should be displayed + response = self.client.get("/") + self.assertStatus(200, response) + page_content = response.data.decode("utf-8") + + # Check that both project names appear in the list + assert "project1" in page_content + assert "project2" in page_content + + # Step 4: Simulate clicking on "project1" by visiting its link + response = self.client.get("/project1/") + self.assertStatus(200, response) # Should load the project page + + assert "project1" in response.data.decode("utf-8") # Project content should be visible + def test_get_auth(self): """ Redirects to logged in projects @@ -1088,21 +1111,27 @@ class TestAPI(IhatemoneyTestCase): self.create_project("test-project") self.login("test-project") + req = self.client.get(url_for('main.list_bills', project_id='test-project')) + self.assertStatus(200, req) + def test_post_auth_wrong_password(self): """ Rejects wrong passwords for projects in the session """ self.create_project("project1", password="a") - self.login("project1", "a") + req = self.login("project1", "b") - print(session["projects"]) - + + assert req.request.path == '/authenticate' def test_post_auth_correct_password(self): """ Accepts correct passwords for projects in the session """ - pass + self.create_project("project1", password="a") + req = self.login("project1", "a") + + assert req.request.path == '/project1/'