almet/ihatemoney
1
0
Fork 0
mirror of https://github.com/spiral-project/ihatemoney.git synced 2025-04-28 17:32:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge d8223cb297 into 56bee93346

Browse source
This commit is contained in:
Peter Heijstek 2025-04-03 12:21:19 +00:00 committed by GitHub
commit d92cc1730d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 76 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
ihatemoney/templates/home.html
View file

@ -33,6 +33,20 @@
</header> </header>
<main class="row home"> <main class="row home">
<div class="card-deck ml-auto mr-auto"> <div class="card-deck ml-auto mr-auto">
{% if 'projects' in session %}
<div class="card">
<div class="card-header">
{{ _("Open a connected project") }}
</div>
<div class="card-body">
<ul>
{% for id, name in session['projects'].items() %}
<li><a href="{{ url_for("main.list_bills", project_id=id )}}">{{name}}</a>
{% endfor %}
</ul>
</div>
</div>
{% endif %}
<div class="card"> <div class="card">
<div class="card-header"> <div class="card-header">
{{ _("Log in to an existing project") }} {{ _("Log in to an existing project") }}

56
ihatemoney/tests/api_test.py
View file

@ -6,6 +6,7 @@ import pytest
from ihatemoney.tests.common.help_functions import em_surround from ihatemoney.tests.common.help_functions import em_surround
from ihatemoney.tests.common.ihatemoney_testcase import IhatemoneyTestCase from ihatemoney.tests.common.ihatemoney_testcase import IhatemoneyTestCase
from flask import url_for
class TestAPI(IhatemoneyTestCase): class TestAPI(IhatemoneyTestCase):
@ -1079,3 +1080,58 @@ class TestAPI(IhatemoneyTestCase):
# Bill type should now be "Expense" # Bill type should now be "Expense"
got = json.loads(req.data.decode("utf-8")) got = json.loads(req.data.decode("utf-8"))
assert got["bill_type"] == "Expense" assert got["bill_type"] == "Expense"
def test_project_list_redirection(self):
self.post_project("project1", default_currency="USD")
self.post_project("project2", default_currency="EUR")
# Step 2: Log into these projects (simulate a user accessing them)
self.login("project1")
self.login("project2")
# Step 3: Access the homepage where the project list should be displayed
response = self.client.get("/")
self.assertStatus(200, response)
page_content = response.data.decode("utf-8")
# Check that both project names appear in the list
assert "project1" in page_content
assert "project2" in page_content
# Step 4: Simulate clicking on "project1" by visiting its link
response = self.client.get("/project1/")
self.assertStatus(200, response) # Should load the project page
assert "project1" in response.data.decode("utf-8") # Project content should be visible
def test_get_auth(self):
"""
Redirects to logged in projects
"""
self.create_project("test-project")
self.login("test-project")
req = self.client.get(url_for('main.list_bills', project_id='test-project'))
self.assertStatus(200, req)
def test_post_auth_wrong_password(self):
"""
Rejects wrong passwords for projects
in the session
"""
self.create_project("project1", password="a")
req = self.login("project1", "b")
assert req.request.path == '/authenticate'
def test_post_auth_correct_password(self):
"""
Accepts correct passwords for projects
in the session
"""
self.create_project("project1", password="a")
req = self.login("project1", "a")
assert req.request.path == '/project1/'

7
ihatemoney/web.py
View file

@ -258,6 +258,7 @@ def join_project(token):
def authenticate(project_id=None): def authenticate(project_id=None):
"""Authentication form""" """Authentication form"""
form = AuthenticationForm() form = AuthenticationForm()
is_post_auth = request.method == "POST" and form.validate()
if not form.id.data and request.args.get("project_id"): if not form.id.data and request.args.get("project_id"):
form.id.data = request.args["project_id"] form.id.data = request.args["project_id"]
@ -271,13 +272,12 @@ def authenticate(project_id=None):
"authenticate.html", form=form, create_project=project_id "authenticate.html", form=form, create_project=project_id
) )
# if credentials are already in session, redirect # if credentials are already in session and no password is provided, redirect
if session.get(project_id): if session.get(project_id) and not is_post_auth:
setattr(g, "project", project) setattr(g, "project", project)
return redirect(url_for(".list_bills")) return redirect(url_for(".list_bills"))
# else do form authentication authentication # else do form authentication authentication
is_post_auth = request.method == "POST" and form.validate()
if is_post_auth and check_password_hash(project.password, form.password.data): if is_post_auth and check_password_hash(project.password, form.password.data):
set_authorized_project(project) set_authorized_project(project)
setattr(g, "project", project) setattr(g, "project", project)
@ -290,6 +290,7 @@ def authenticate(project_id=None):
def get_project_form(): def get_project_form():
fancy = {'complexity':'Cyclo. compl.', 'churn': 'Churn', 'comments_ratio': 'Ratio', 'loc': 'LOC', 'dit': 'DIT', 'cbo': 'CBO', 'vulns': 'Vuln.', 'smells': 'Smells'}
if current_app.config.get("ENABLE_CAPTCHA", False): if current_app.config.get("ENABLE_CAPTCHA", False):
return ProjectFormWithCaptcha() return ProjectFormWithCaptcha()
return ProjectForm() return ProjectForm()