From 76e95311f0ee100348de664a9f80ac97ff7db2e7 Mon Sep 17 00:00:00 2001 From: Michael Weimann Date: Mon, 12 Jul 2021 21:13:12 +0200 Subject: [PATCH] add search by nick add sql special chars test --- README.md | 9 ++++++ data/auth.yml | 2 ++ ki/actions/seed.py | 22 ++++++++++--- ki/handlers/find_profiles.py | 8 +++-- ki/models.py | 2 +- ki/test/test_find_profiles_endpoint.py | 45 +++++++++++++------------- ki/test/test_profile_endpoint.py | 9 +++++- 7 files changed, 66 insertions(+), 31 deletions(-) diff --git a/README.md b/README.md index 68a9fb0..39de992 100644 --- a/README.md +++ b/README.md @@ -113,6 +113,15 @@ curl -s \ http://localhost:5000/users/1/profile ``` +Profilsuche nach Nickname: + +``` +curl -s \ + -D "/dev/stderr" \ + -H "Authorization: Bearer 22e6c5fc-8a5a-440e-b1f4-018deb9fd24e" \ + http://localhost:5000/users/profiles +``` + ## Docker diff --git a/data/auth.yml b/data/auth.yml index 9832217..6db8eed 100644 --- a/data/auth.yml +++ b/data/auth.yml @@ -7,3 +7,5 @@ peter: password: geheim klaus: password: jutta +dieter: + password: hunger diff --git a/ki/actions/seed.py b/ki/actions/seed.py index 81e9a31..b3b1a01 100644 --- a/ki/actions/seed.py +++ b/ki/actions/seed.py @@ -31,7 +31,7 @@ def seed(dev: bool): skill_seed_file_path = app.config["KI_DATA_DIR"] + "/seed_data/skills.csv" - logging.info("importing skills") + app.logger.info("importing skills") with open(skill_seed_file_path) as skills_file: skills_csv_reader = csv.DictReader(skills_file) @@ -43,7 +43,7 @@ def seed(dev: bool): if db_skill is None: db.session.add(Skill(id=int(skill["id"]), name=skill["name"])) - logging.info("importing languages") + app.logger.info("importing languages") iso_seed_file_path = app.config["KI_DATA_DIR"] + "/seed_data/iso_639_1.csv" @@ -58,7 +58,7 @@ def seed(dev: bool): db.session.add(Language(id=iso["639-1"], name=iso["Sprache"])) if dev: - logging.info("seeding peter :)") + app.logger.info("seeding peter :)") peter = User(auth_id="peter") db.session.add(peter) @@ -105,9 +105,23 @@ def seed(dev: bool): peter_fr = ProfileLanguage(profile=peters_profile, language_id="fr", level=3) db.session.add(peter_fr) - logging.info("seeding klaus :D") + app.logger.info("seeding klaus :D") klaus = User(auth_id="klaus") db.session.add(klaus) + app.logger.info("seeding dieter \\o/") + + dieter = User(auth_id="dieter") + db.session.add(dieter) + + dieters_profile = Profile(nickname="dirtydieter", + pronouns="", + volunteerwork="Müll sammeln", + availability="Nur nachts", + freetext="1001010010111!!!", + visible=True, + user=dieter) + db.session.add(dieters_profile) + db.session.commit() diff --git a/ki/handlers/find_profiles.py b/ki/handlers/find_profiles.py index 89e5abb..caac477 100644 --- a/ki/handlers/find_profiles.py +++ b/ki/handlers/find_profiles.py @@ -18,11 +18,15 @@ def find_profiles(): if page_size > 100: return make_response({"messages": {"page_size": "Die maximale Anzahl Einträge pro Seite beträgt 100"}}, 400) - offset = (page - 1) * page_size + query = Profile.query.filter(Profile.visible.is_(True)) + + if "nickname" in request.args: + nickname = request.args.get("nickname") + query = query.filter(Profile.nickname.like(f"%{nickname}%")) - query = Profile.query.filter(Profile.visible is True) count = query.count() + offset = (page - 1) * page_size db_profiles = query.limit(page_size).offset(offset).all() api_profiles = [] diff --git a/ki/models.py b/ki/models.py index 6abaf33..9e80516 100644 --- a/ki/models.py +++ b/ki/models.py @@ -53,7 +53,7 @@ class Profile(db.Model): "availability": self.availability, "freetext": self.freetext, "visible": self.visible, - "address": self.address.to_dict(), + "address": self.address.to_dict() if self.address else None, "contacts": list(map(lambda contact: contact.to_dict(), self.contacts)), "skills": list(map(lambda skill: skill.to_dict(), self.skills)), "searchtopics": list(map(lambda searchtopic: searchtopic.to_dict(), self.searchtopics)), diff --git a/ki/test/test_find_profiles_endpoint.py b/ki/test/test_find_profiles_endpoint.py index fa497fd..7c45c45 100644 --- a/ki/test/test_find_profiles_endpoint.py +++ b/ki/test/test_find_profiles_endpoint.py @@ -7,36 +7,35 @@ import unittest from ki.test.ApiTest import ApiTest -class TestSkillsEndpoint(ApiTest): - def test_skills_options(self): - response = self.client.options("/skills") +class TestFindProfilesEndpoint(ApiTest): + def test_find_profiles_options(self): + response = self.client.options("/users/profiles") self.assertEqual(response.status_code, 200) self.assertIn("Access-Control-Allow-Origin", response.headers) self.assertEqual(response.headers["Access-Control-Allow-Origin"], "*") - def test_get_skills1(self): + def test_find_nobody(self): token = self.login("peter", "geheim")["token"] - response = self.client.get("/skills?search=p", headers={"Authorization": "Bearer " + token}) + response = self.client.get("/users/profiles?nickname=horsthorsthorst", + headers={"Authorization": "Bearer " + token}) self.assertEqual(response.status_code, 200) - self.assertEqual( - { - "skills": [{ - "id": 1, - "name": "PHP", - "icon_url": "/skills/1/icon" - }, { - "id": 10, - "name": "PostgreSQL", - "icon_url": "/skills/10/icon" - }, { - "id": 3, - "name": "Python", - "icon_url": "/skills/3/icon" - }] - }, response.json) - self.assertIn("Access-Control-Allow-Origin", response.headers) - self.assertEqual(response.headers["Access-Control-Allow-Origin"], "*") + self.assertEqual(response.json, {"total": 0, "profiles": []}) + + def test_find_sql_specialchars(self): + token = self.login("peter", "geheim")["token"] + + response = self.client.get("/users/profiles?nickname=%22%27%25", headers={"Authorization": "Bearer " + token}) + self.assertEqual(response.status_code, 200) + self.assertEqual(response.json, {"total": 0, "profiles": []}) + + def test_find_all(self): + token = self.login("peter", "geheim")["token"] + + response = self.client.get("/users/profiles", headers={"Authorization": "Bearer " + token}) + self.assertEqual(response.status_code, 200) + self.assertDictContainsSubset({"total": 1}, response.json) + self.assertDictContainsSubset({"nickname": "dirtydieter"}, response.json["profiles"][0]) if __name__ == "main": diff --git a/ki/test/test_profile_endpoint.py b/ki/test/test_profile_endpoint.py index 03f18cf..bbbcc67 100644 --- a/ki/test/test_profile_endpoint.py +++ b/ki/test/test_profile_endpoint.py @@ -174,7 +174,14 @@ class TestProfileEndpoint(ApiTest): response = self.client.get("/users/1/profile") self.assertEqual(response.status_code, 401) - def test_get_profile(self): + def test_get_visible_proifle(self): + token = self.login("peter", "geheim")["token"] + + response = self.client.get("/users/3/profile", headers={"Authorization": f"Bearer {token}"}) + + self.assertEqual(response.status_code, 200) + + def test_get_own_profile(self): login_data = {"username": "peter", "password": "geheim"} login_response = self.client.post("/users/login", data=json.dumps(login_data), content_type="application/json")