diff --git a/.DS_Store b/.DS_Store index 88af8f9..2c84697 100644 Binary files a/.DS_Store and b/.DS_Store differ diff --git a/app/routes.py b/app/routes.py index a5b5b89..1492269 100644 --- a/app/routes.py +++ b/app/routes.py @@ -101,13 +101,19 @@ def page_content(): @app.route('/forum') def forum(): + """API for viewing all forum topics""" intializeDB() topics = forumDB.find() return render_template('forum.html', topics=topics) @app.route('/forum/new', methods=['GET', 'POST']) def new_topic(): + """API for creating a new forum topic""" intializeDB() + # Check if 'username' is in session + if 'username' not in session: + return redirect('/login') # Redirect to login if not authenticated + if request.method == 'POST': title = request.form['title'] content = request.form['content'] @@ -117,22 +123,35 @@ def new_topic(): @app.route('/forum/', methods=['GET', 'POST']) def view_topic(topic_id): + """API for viewing a specific forum topic""" intializeDB() topic = forumDB.find_one({'_id': ObjectId(topic_id)}) + if request.method == 'POST': + # Check if 'username' is in session before allowing comments + if 'username' not in session: + return redirect('/login') # Redirect to login if not authenticated + comment = request.form['comment'] forumDB.update_one( {'_id': ObjectId(topic_id)}, {'$push': {'comments': comment}} ) return redirect(url_for('view_topic', topic_id=topic_id)) + return render_template('view_topic.html', topic=topic) + # view all @app.route('/myjobs') def myjobs(): """An API for the user to view all the reviews created by them""" intializeDB() + + # Check if 'username' is in session + if 'username' not in session: + return redirect('/login') # Redirect to login if not authenticated + entries = get_my_jobs(session['username']) page, per_page, offset = get_page_args( page_parameter="page", per_page_parameter="per_page") @@ -141,16 +160,16 @@ def myjobs(): if not page or not per_page: offset = 0 per_page = 10 - pagination_entries = entries[offset: offset+per_page] + pagination_entries = entries[offset: offset + per_page] else: - pagination_entries = entries[offset: offset+per_page] - # print("ELSE!!!") + pagination_entries = entries[offset: offset + per_page] pagination = Pagination(page=page, per_page=per_page, total=total, css_framework='bootstrap4') return render_template('myjobs.html', entries=pagination_entries, page=page, per_page=per_page, pagination=pagination) + #Get the top jobs @app.route('/top_jobs') def top_jobs(): @@ -239,11 +258,19 @@ def add(): intializeDB() user = usersDb.find_one({"username": session['username']}) if user == None: - pass + flash('User not found. Please log in again.', 'error') + return redirect('/login') # Redirect to a login page or wherever appropriate + reviews = user['reviews'] if request.method == 'POST': - form = request.form + form = request.form + # Validate required fields + required_fields = ['job_title', 'company', 'locations', 'job_description', 'department', 'hourly_pay', 'benefits', 'review', 'rating', 'recommendation'] + missing_fields = [field for field in required_fields if not form.get(field)] + + if missing_fields: + flash('Please fill out the fields.', 'error') job = { "_id": form.get('job_title') + "_" + form.get('company') + "_" + form.get('locations'), diff --git a/tests/test_app.py b/tests/test_app.py index df6a48f..629d35f 100644 --- a/tests/test_app.py +++ b/tests/test_app.py @@ -19,12 +19,13 @@ def setUp(self): self.mock_jobsDb = self.mock_db.Jobs self.mock_forumDb = self.mock_db.Forum - response = self.client.post('/signup', data={ + # Signup two users for testing + self.client.post('/signup', data={ 'username': 'testuser', 'password': 'testpass', 'confirm_password': 'testpass' }) - response = self.client.post('/signup', data={ + self.client.post('/signup', data={ 'username': 'existinguser', 'password': 'password123', 'confirm_password': 'password123' @@ -139,5 +140,43 @@ def test_delete_review(self): self.assertEqual(response.status_code, 302) self.assertEqual(response.location, '/myjobs') + def test_login_empty_fields(self): + """Test login with empty username or password fields.""" + response = self.client.post('/login', data={'username': '', 'password': ''}, follow_redirects=True) + self.assertEqual(response.status_code, 200) + self.assertIn(b'Invalid username or password.', response.data) + + def test_access_restricted_route_without_login(self): + """Test that restricted routes require authentication.""" + response = self.client.get('/myjobs') + # Check that the response is a redirect + self.assertEqual(response.status_code, 302) # 302 for redirect + self.assertIn('/login', response.location) # Ensure + + def test_access_restricted_new_topic_route_without_login(self): + """Test that creating a new topic requires authentication.""" + response = self.client.get('/forum/new') + self.assertEqual(response.status_code, 302) + self.assertIn('/login', response.headers['Location']) + + def test_forum_page_access_without_login(self): + """Test that accessing the forum page is allowed without login.""" + response = self.client.get('/forum') + self.assertEqual(response.status_code, 200) + + self.assertIn(b'Discussion Forum', response.data) + + + + def test_logout(self): + """Test logout functionality.""" + with self.client.session_transaction() as session: + session['username'] = 'testuser' + + response = self.client.get('/logout') + self.assertEqual(response.status_code, 302) + self.assertEqual(response.location, '/') + + if __name__ == "__main__": unittest.main()