
873 wiersze
31 KiB
Czysty Zwykły widok Historia

from bs4 import BeautifulSoup as Soup
from datasette.utils import allowed_pragmas
from .fixtures import ( # noqa
2020-10-24 19:03:24 +00:00
2019-05-03 20:40:24 +00:00
from .utils import assert_footer_links, inner_html
2019-05-03 20:40:24 +00:00
import json
import pathlib
import pytest
import re
import urllib.parse
def test_homepage(app_client_two_attached_databases):
response = app_client_two_attached_databases.get("/")
assert response.status == 200
assert "text/html; charset=utf-8" == response.headers["content-type"]
soup = Soup(response.body, "html.parser")
assert "Datasette Fixtures" == soup.find("h1").text
assert (
"An example SQLite database demonstrating Datasette. Sign in as root user"
# Should be two attached databases
assert [
{"href": r"/extra%20database", "text": "extra database"},
{"href": "/fixtures", "text": "fixtures"},
] == [{"href": a["href"], "text": a.text.strip()} for a in"h2 a")]
# Database should show count text and attached tables
h2 ="h2")[0]
assert "extra database" == h2.text.strip()
counts_p, links_p = h2.find_all_next("p")[:2]
assert (
"2 rows in 1 table, 5 rows in 4 hidden tables, 1 view" == counts_p.text.strip()
# We should only show visible, not hidden tables here:
table_links = [
{"href": a["href"], "text": a.text.strip()} for a in links_p.findAll("a")
assert [
{"href": r"/extra%20database/searchable", "text": "searchable"},
{"href": r"/extra%20database/searchable_view", "text": "searchable_view"},
] == table_links
def test_http_head(app_client):
response = app_client.get("/", method="HEAD")
assert response.status == 200
def test_homepage_options(app_client):
response = app_client.get("/", method="OPTIONS")
assert response.status == 405
assert response.text == "Method not allowed"
def test_favicon(app_client):
response = app_client.get("/favicon.ico")
assert response.status == 200
2022-01-20 05:46:03 +00:00
assert response.headers["cache-control"] == "max-age=3600, immutable, public"
assert int(response.headers["content-length"]) > 100
2022-01-20 05:46:03 +00:00
assert response.headers["content-type"] == "image/png"
def test_static(app_client):
response = app_client.get("/-/static/app2.css")
assert response.status == 404
response = app_client.get("/-/static/app.css")
assert response.status == 200
assert "text/css" == response.headers["content-type"]
def test_static_mounts():
with make_app_client(
static_mounts=[("custom-static", str(pathlib.Path(__file__).parent))]
) as client:
response = client.get("/custom-static/")
assert response.status == 200
response = client.get("/custom-static/")
assert response.status == 404
response = client.get("/custom-static/../LICENSE")
assert response.status == 404
def test_memory_database_page():
with make_app_client(memory=True) as client:
response = client.get("/_memory")
assert response.status == 200
2019-05-05 18:01:14 +00:00
2021-06-23 22:27:30 +00:00
def test_not_allowed_methods():
with make_app_client(memory=True) as client:
for method in ("post", "put", "patch", "delete"):
response = client.request(path="/_memory", method=method.upper())
assert response.status == 405
def test_database_page_redirects_with_url_hash(app_client_with_hash):
response = app_client_with_hash.get("/fixtures")
assert response.status == 302
response = app_client_with_hash.get("/fixtures", follow_redirects=True)
assert "fixtures" in response.text
def test_database_page(app_client):
response = app_client.get("/fixtures")
soup = Soup(response.body, "html.parser")
# Should have a <textarea> for executing SQL
assert "<textarea" in response.text
# And a list of tables
for fragment in (
'<h2 id="tables">Tables</h2>',
'<h3><a href="/fixtures/sortable">sortable</a></h3>',
"<p><em>pk, foreign_key_with_label, foreign_key_with_blank_label, ",
assert fragment in response.text
# And views
views_ul = soup.find("h2", text="Views").find_next_sibling("ul")
assert views_ul is not None
assert [
("/fixtures/paginated_view", "paginated_view"),
("/fixtures/searchable_view", "searchable_view"),
("/fixtures/simple_view", "simple_view"),
] == sorted([(a["href"], a.text) for a in views_ul.find_all("a")])
# And a list of canned queries
queries_ul = soup.find("h2", text="Queries").find_next_sibling("ul")
assert queries_ul is not None
assert [
("/fixtures/from_async_hook", "from_async_hook"),
("/fixtures/from_hook", "from_hook"),
2020-06-28 03:22:49 +00:00
("/fixtures/magic_parameters", "magic_parameters"),
("/fixtures/neighborhood_search#fragment-goes-here", "Search neighborhoods"),
("/fixtures/pragma_cache_size", "pragma_cache_size"),
] == sorted(
[(a["href"], a.text) for a in queries_ul.find_all("a")], key=lambda p: p[0]
def test_invalid_custom_sql(app_client):
response = app_client.get("/fixtures?sql=.schema")
assert response.status == 400
assert "Statement must be a SELECT" in response.text
def test_disallowed_custom_sql_pragma(app_client):
response = app_client.get(
assert response.status == 400
pragmas = ", ".join("pragma_{}()".format(pragma) for pragma in allowed_pragmas)
assert (
"Statement contained a disallowed PRAGMA. Allowed pragma functions are {}".format(
in response.text
def test_sql_time_limit(app_client_shorter_time_limit):
response = app_client_shorter_time_limit.get("/fixtures?sql=select+sleep(0.5)")
assert 400 == response.status
expected_html_fragment = """
<a href="">sql_time_limit_ms</a>
assert expected_html_fragment in response.text
def test_row_redirects_with_url_hash(app_client_with_hash):
response = app_client_with_hash.get("/fixtures/simple_primary_key/1")
assert response.status == 302
assert response.headers["Location"].endswith("/1")
response = app_client_with_hash.get(
"/fixtures/simple_primary_key/1", follow_redirects=True
assert response.status == 200
def test_row_strange_table_name_with_url_hash(app_client_with_hash):
response = app_client_with_hash.get("/fixtures/table%2Fwith%2Fslashes.csv/3")
assert response.status == 302
assert response.headers["Location"].endswith("/table%2Fwith%2Fslashes.csv/3")
response = app_client_with_hash.get(
"/fixtures/table%2Fwith%2Fslashes.csv/3", follow_redirects=True
assert response.status == 200
def test_row_page_does_not_truncate():
with make_app_client(settings={"truncate_cells_html": 5}) as client:
response = client.get("/fixtures/facetable/1")
assert response.status == 200
table = Soup(response.body, "html.parser").find("table")
assert table["class"] == ["rows-and-columns"]
assert ["Mission"] == [
for td in table.findAll("td", {"class": "col-neighborhood-b352a7"})
("/", ["index"]),
("/fixtures", ["db", "db-fixtures"]),
("/fixtures?sql=select+1", ["query", "db-fixtures"]),
["table", "db-fixtures", "table-simple_primary_key"],
["query", "db-fixtures", "query-neighborhood_search"],
["table", "db-fixtures", "table-tablewithslashescsv-fa7563"],
["row", "db-fixtures", "table-simple_primary_key"],
def test_css_classes_on_body(app_client, path, expected_classes):
response = app_client.get(path)
2018-04-16 20:22:04 +00:00
assert response.status == 200
classes ='<body class="(.*)">', response.text).group(1).split()
assert classes == expected_classes
("/", "*index.html"),
("/fixtures", "database-fixtures.html, *database.html"),
"table-fixtures-simple_primary_key.html, *table.html",
"table-fixtures-tablewithslashescsv-fa7563.html, *table.html",
"row-fixtures-simple_primary_key.html, *row.html",
def test_templates_considered(app_client, path, expected_considered):
response = app_client.get(path)
assert response.status == 200
assert f"<!-- Templates considered: {expected_considered} -->" in response.text
def test_row_json_export_link(app_client):
response = app_client.get("/fixtures/simple_primary_key/1")
assert response.status == 200
assert '<a href="/fixtures/simple_primary_key/1.json">json</a>' in response.text
def test_query_json_csv_export_links(app_client):
response = app_client.get("/fixtures?sql=select+1")
assert response.status == 200
assert '<a href="/fixtures.json?sql=select+1">json</a>' in response.text
assert '<a href="/fixtures.csv?sql=select+1&amp;_size=max">CSV</a>' in response.text
def test_row_html_simple_primary_key(app_client):
response = app_client.get("/fixtures/simple_primary_key/1")
2018-04-16 20:22:04 +00:00
assert response.status == 200
table = Soup(response.body, "html.parser").find("table")
assert ["id", "content"] == [th.string.strip() for th in"thead th")]
assert [
'<td class="col-id type-str">1</td>',
'<td class="col-content type-str">hello</td>',
] == [[str(td) for td in"td")] for tr in"tbody tr")]
def test_row_html_no_primary_key(app_client):
response = app_client.get("/fixtures/no_primary_key/1")
2018-04-16 20:22:04 +00:00
assert response.status == 200
table = Soup(response.body, "html.parser").find("table")
assert ["rowid", "content", "a", "b", "c"] == [
th.string.strip() for th in"thead th")
expected = [
'<td class="col-rowid type-int">1</td>',
'<td class="col-content type-str">1</td>',
'<td class="col-a type-str">a1</td>',
'<td class="col-b type-str">b1</td>',
'<td class="col-c type-str">c1</td>',
assert expected == [
[str(td) for td in"td")] for tr in"tbody tr")
"6 rows from _city_id in facetable",
"3 rows from characteristic_id in roadside_attraction_characteristics",
def test_row_links_from_other_tables(app_client, path, expected_text, expected_link):
response = app_client.get(path)
assert response.status == 200
soup = Soup(response.body, "html.parser")
h2 = soup.find("h2")
assert h2.text == "Links from other tables"
li = h2.findNext("ul").find("li")
text = re.sub(r"\s+", " ", li.text.strip())
assert text == expected_text
link = li.find("a")["href"]
assert link == expected_link
def test_row_html_compound_primary_key(app_client):
response = app_client.get("/fixtures/compound_primary_key/a,b")
2018-04-16 20:22:04 +00:00
assert response.status == 200
table = Soup(response.body, "html.parser").find("table")
assert ["pk1", "pk2", "content"] == [
th.string.strip() for th in"thead th")
expected = [
'<td class="col-pk1 type-str">a</td>',
'<td class="col-pk2 type-str">b</td>',
'<td class="col-content type-str">c</td>',
assert expected == [
[str(td) for td in"td")] for tr in"tbody tr")
def test_index_metadata(app_client):
response = app_client.get("/")
2018-04-16 20:22:04 +00:00
assert response.status == 200
soup = Soup(response.body, "html.parser")
assert "Datasette Fixtures" == soup.find("h1").text
assert (
'An example SQLite database demonstrating Datasette. <a href="/login-as-root">Sign in as root user</a>'
== inner_html(soup.find("div", {"class": "metadata-description"}))
def test_database_metadata(app_client):
response = app_client.get("/fixtures")
2018-04-16 20:22:04 +00:00
assert response.status == 200
soup = Soup(response.body, "html.parser")
# Page title should be the default
assert "fixtures" == soup.find("h1").text
# Description should be custom
assert "Test tables description" == inner_html(
soup.find("div", {"class": "metadata-description"})
# The source/license should be inherited
def test_database_metadata_with_custom_sql(app_client):
response = app_client.get("/fixtures?sql=select+*+from+simple_primary_key")
assert response.status == 200
soup = Soup(response.body, "html.parser")
# Page title should be the default
assert "fixtures" == soup.find("h1").text
# Description should be custom
assert "Custom SQL query returning" in soup.find("h3").text
# The source/license should be inherited
def test_database_download_for_immutable():
with make_app_client(is_immutable=True) as client:
assert not client.ds.databases["fixtures"].is_mutable
# Regular page should have a download link
response = client.get("/fixtures")
soup = Soup(response.body, "html.parser")
assert len(soup.findAll("a", {"href": re.compile(r"\.db$")}))
# Check we can actually download it
download_response = client.get("/fixtures.db")
assert 200 == download_response.status
# Check the content-length header exists
assert "content-length" in download_response.headers
content_length = download_response.headers["content-length"]
assert content_length.isdigit()
assert int(content_length) > 100
assert "content-disposition" in download_response.headers
assert (
== 'attachment; filename="fixtures.db"'
assert download_response.headers["transfer-encoding"] == "chunked"
def test_database_download_disallowed_for_mutable(app_client):
response = app_client.get("/fixtures")
soup = Soup(response.body, "html.parser")
assert 0 == len(soup.findAll("a", {"href": re.compile(r"\.db$")}))
assert 403 == app_client.get("/fixtures.db").status
def test_database_download_disallowed_for_memory():
with make_app_client(memory=True) as client:
# Memory page should NOT have a download link
response = client.get("/_memory")
soup = Soup(response.body, "html.parser")
assert 0 == len(soup.findAll("a", {"href": re.compile(r"\.db$")}))
assert 404 == client.get("/_memory.db").status
def test_allow_download_off():
with make_app_client(
is_immutable=True, settings={"allow_download": False}
) as client:
response = client.get("/fixtures")
soup = Soup(response.body, "html.parser")
assert not len(soup.findAll("a", {"href": re.compile(r"\.db$")}))
# Accessing URL directly should 403
response = client.get("/fixtures.db")
assert 403 == response.status
def test_allow_sql_off():
with make_app_client(metadata={"allow_sql": {}}) as client:
response = client.get("/fixtures")
soup = Soup(response.body, "html.parser")
assert not len(soup.findAll("textarea", {"name": "sql"}))
# The table page should no longer show "View and edit SQL"
response = client.get("/fixtures/sortable")
assert b"View and edit SQL" not in response.body
@pytest.mark.parametrize("path", ["/404", "/fixtures/404"])
def test_404(app_client, path):
response = app_client.get(path)
assert 404 == response.status
assert (
f'<link rel="stylesheet" href="/-/static/app.css?{app_client.ds.app_css_hash()}'
in response.text
[("/fixtures/", "/fixtures"), ("/fixtures/simple_view/", "/fixtures/simple_view")],
def test_404_trailing_slash_redirect(app_client, path, expected_redirect):
response = app_client.get(path)
assert 302 == response.status
assert expected_redirect == response.headers["Location"]
def test_404_content_type(app_client):
response = app_client.get("/404")
assert 404 == response.status
assert "text/html; charset=utf-8" == response.headers["content-type"]
def test_canned_query_default_title(app_client):
response = app_client.get("/fixtures/magic_parameters")
assert response.status == 200
soup = Soup(response.body, "html.parser")
assert "fixtures: magic_parameters" == soup.find("h1").text
def test_canned_query_with_custom_metadata(app_client):
response = app_client.get("/fixtures/neighborhood_search?text=town")
assert response.status == 200
soup = Soup(response.body, "html.parser")
assert "Search neighborhoods" == soup.find("h1").text
assert (
<div class="metadata-description">
simple like search
== soup.find("div", {"class": "metadata-description"}).prettify().strip()
def test_urlify_custom_queries(app_client):
path = "/fixtures?" + urllib.parse.urlencode(
{"sql": "select ('' || 'simonw') as user_url;"}
response = app_client.get(path)
assert response.status == 200
soup = Soup(response.body, "html.parser")
assert (
"""<td class="col-user_url">
<a href="">
== soup.find("td", {"class": "col-user_url"}).prettify().strip()
def test_show_hide_sql_query(app_client):
path = "/fixtures?" + urllib.parse.urlencode(
{"sql": "select ('' || 'simonw') as user_url;"}
response = app_client.get(path)
soup = Soup(response.body, "html.parser")
span =".show-hide-sql")[0]
assert span.find("a")["href"].endswith("&_hide_sql=1")
assert "(hide)" == span.getText()
assert soup.find("textarea") is not None
# Now follow the link to hide it
response = app_client.get(span.find("a")["href"])
soup = Soup(response.body, "html.parser")
span =".show-hide-sql")[0]
assert not span.find("a")["href"].endswith("&_hide_sql=1")
assert "(show)" == span.getText()
assert soup.find("textarea") is None
# The SQL should still be there in a hidden form field
hiddens = soup.find("form").select("input[type=hidden]")
assert [
("sql", "select ('' || 'simonw') as user_url;"),
("_hide_sql", "1"),
] == [(hidden["name"], hidden["value"]) for hidden in hiddens]
def test_canned_query_with_hide_has_no_hidden_sql(app_client):
# For a canned query the show/hide should NOT have a hidden SQL field
response = app_client.get("/fixtures/pragma_cache_size?_hide_sql=1")
soup = Soup(response.body, "html.parser")
hiddens = soup.find("form").select("input[type=hidden]")
assert [
("_hide_sql", "1"),
] == [(hidden["name"], hidden["value"]) for hidden in hiddens]
(False, "", None, "/_memory/one?_hide_sql=1", "hide"),
(False, "?_hide_sql=1", "_hide_sql", "/_memory/one", "show"),
(True, "", None, "/_memory/one?_show_sql=1", "show"),
(True, "?_show_sql=1", "_show_sql", "/_memory/one", "hide"),
def test_canned_query_show_hide_metadata_option(
with make_app_client(
"databases": {
"_memory": {
"queries": {
"one": {
"sql": "select 1 + 1",
"hide_sql": hide_sql,
) as client:
expected_show_hide_fragment = '(<a href="{}">{}</a>)'.format(
expected_show_hide_link, expected_show_hide_text
response = client.get("/_memory/one" + querystring)
html = response.text
show_hide_fragment = html.split('<span class="show-hide-sql">')[1].split(
assert show_hide_fragment == expected_show_hide_fragment
if expected_hidden:
assert (
'<input type="hidden" name="{}" value="1">'.format(expected_hidden)
in html
assert '<input type="hidden" ' not in html
def test_binary_data_display_in_query(app_client):
response = app_client.get("/fixtures?sql=select+*+from+binary_data")
assert response.status == 200
table = Soup(response.body, "html.parser").find("table")
expected_tds = [
'<td class="col-data"><a class="blob-download" href="/fixtures.blob?sql=select+*+from+binary_data&amp;_blob_column=data&amp;_blob_hash=f3088978da8f9aea479ffc7f631370b968d2e855eeb172bea7f6c7a04262bb6d">&lt;Binary:\xa07\xa0bytes&gt;</a></td>'
'<td class="col-data"><a class="blob-download" href="/fixtures.blob?sql=select+*+from+binary_data&amp;_blob_column=data&amp;_blob_hash=b835b0483cedb86130b9a2c280880bf5fadc5318ddf8c18d0df5204d40df1724">&lt;Binary:\xa07\xa0bytes&gt;</a></td>'
['<td class="col-data">\xa0</td>'],
assert expected_tds == [
[str(td) for td in"td")] for tr in"tbody tr")
("/fixtures/binary_data/1.blob?_blob_column=data", "binary_data-1-data.blob"),
def test_blob_download(app_client, path, expected_filename):
response = app_client.get(path)
assert response.status == 200
assert response.body == b"\x15\x1c\x02\xc7\xad\x05\xfe"
assert response.headers["x-content-type-options"] == "nosniff"
assert (
== f'attachment; filename="{expected_filename}"'
assert response.headers["content-type"] == "application/binary"
("/fixtures/binary_data/1.blob", "?_blob_column= is required"),
("/fixtures/binary_data/1.blob?_blob_column=foo", "foo is not a valid column"),
"Link has expired - the requested binary content has changed or could not be found.",
def test_blob_download_invalid_messages(app_client, path, expected_message):
response = app_client.get(path)
assert response.status == 400
assert expected_message in response.text
2019-05-03 20:40:24 +00:00
def test_metadata_json_html(app_client):
response = app_client.get("/-/metadata")
2019-05-03 20:40:24 +00:00
assert response.status == 200
pre = Soup(response.body, "html.parser").find("pre")
assert METADATA == json.loads(pre.text)
2019-11-23 06:07:01 +00:00
def test_zero_results(app_client, path):
response = app_client.get(path)
soup = Soup(response.text, "html.parser")
assert 0 == len("table"))
assert 1 == len(""))
def test_query_error(app_client):
response = app_client.get("/fixtures?sql=select+*+from+notatable")
html = response.text
assert '<p class="message-error">no such table: notatable</p>' in html
assert (
'<textarea id="sql-editor" name="sql">select * from notatable</textarea>'
in html
assert "0 results" not in html
def test_config_template_debug_on():
with make_app_client(settings={"template_debug": True}) as client:
response = client.get("/fixtures/facetable?_context=1")
assert response.status == 200
assert response.text.startswith("<pre>{")
def test_config_template_debug_off(app_client):
response = app_client.get("/fixtures/facetable?_context=1")
assert response.status == 200
assert not response.text.startswith("<pre>{")
def test_debug_context_includes_extra_template_vars():
with make_app_client(settings={"template_debug": True}) as client:
response = client.get("/fixtures/facetable?_context=1")
# scope_path is added by PLUGIN1
assert "scope_path" in response.text
@pytest.mark.parametrize("use_prefix", (True, False))
def test_base_url_config(app_client_base_url_prefix, path, use_prefix):
2020-10-24 19:03:24 +00:00
client = app_client_base_url_prefix
path_to_get = path
if use_prefix:
path_to_get = "/prefix/" + path.lstrip("/")
response = client.get(path_to_get)
2020-10-24 19:03:24 +00:00
soup = Soup(response.body, "html.parser")
for el in soup.findAll(["a", "link", "script"]):
if "href" in el.attrs:
href = el["href"]
elif "src" in el.attrs:
href = el["src"]
continue # Could be a <script>...</script>
if (
not href.startswith("#")
and href
not in {
"/login-as-root", # Only used for the demo
2020-10-24 19:03:24 +00:00
and not href.startswith("")
2020-10-24 19:03:24 +00:00
# If this has been made absolute it may start http://localhost/
if href.startswith("http://localhost/"):
href = href[len("http://localost/") :]
assert href.startswith("/prefix/"), json.dumps(
"path": path,
"path_to_get": path_to_get,
"href_or_src": href,
"element_parent": str(el.parent),
2020-10-31 20:35:47 +00:00
def test_base_url_affects_metadata_extra_css_urls(app_client_base_url_prefix):
html = app_client_base_url_prefix.get("/").text
assert '<link rel="stylesheet" href="/prefix/static/extra-css-urls.css">' in html
("/fixtures/pragma_cache_size", None),
("/fixtures/magic_parameters", None),
def test_edit_sql_link_on_canned_queries(app_client, path, expected):
response = app_client.get(path)
expected_link = f'<a href="{expected}" class="canned-query-edit-sql">Edit SQL</a>'
if expected:
assert expected_link in response.text
assert "Edit SQL" not in response.text
@pytest.mark.parametrize("permission_allowed", [True, False])
def test_edit_sql_link_not_shown_if_user_lacks_permission(permission_allowed):
with make_app_client(
"allow_sql": None if permission_allowed else {"id": "not-you"},
"databases": {"fixtures": {"queries": {"simple": "select 1 + 1"}}},
) as client:
response = client.get("/fixtures/simple")
if permission_allowed:
assert "Edit SQL" in response.text
assert "Edit SQL" not in response.text
(None, None, None),
("test", None, ["/-/permissions"]),
("root", ["/-/permissions", "/-/allow-debug", "/-/metadata"], None),
def test_navigation_menu_links(
app_client, actor_id, should_have_links, should_not_have_links
cookies = {}
if actor_id:
cookies = {"ds_actor": app_client.actor_cookie({"id": actor_id})}
html = app_client.get("/", cookies=cookies).text
soup = Soup(html, "html.parser")
details = soup.find("nav").find("details")
if not actor_id:
# Should not show a menu
assert details is None
# They are logged in: should show a menu
assert details is not None
# And a rogout form
assert details.find("form") is not None
if should_have_links:
for link in should_have_links:
assert (
details.find("a", {"href": link}) is not None
), f"{link} expected but missing from nav menu"
if should_not_have_links:
for link in should_not_have_links:
assert (
details.find("a", {"href": link}) is None
), f"{link} found but should not have been in nav menu"
def test_trace_correctly_escaped(app_client):
response = app_client.get("/fixtures?sql=select+'<h1>Hello'&_trace=1")
assert "select '<h1>Hello" not in response.text
assert "select &#39;&lt;h1&gt;Hello" in response.text