from bs4 import BeautifulSoup as Soup from datasette.utils import allowed_pragmas from .fixtures import ( # noqa app_client, app_client_base_url_prefix, app_client_shorter_time_limit, app_client_two_attached_databases, app_client_with_hash, make_app_client, METADATA, ) from .utils import assert_footer_links, inner_html import json import pathlib import pytest import re import urllib.parse def test_homepage(app_client_two_attached_databases): response = app_client_two_attached_databases.get("/") assert response.status == 200 assert "text/html; charset=utf-8" == response.headers["content-type"] soup = Soup(response.body, "html.parser") assert "Datasette Fixtures" == soup.find("h1").text assert ( "An example SQLite database demonstrating Datasette. Sign in as root user" == soup.select(".metadata-description")[0].text.strip() ) # Should be two attached databases assert [ {"href": r"/extra%20database", "text": "extra database"}, {"href": "/fixtures", "text": "fixtures"}, ] == [{"href": a["href"], "text": a.text.strip()} for a in soup.select("h2 a")] # Database should show count text and attached tables h2 = soup.select("h2")[0] assert "extra database" == h2.text.strip() counts_p, links_p = h2.find_all_next("p")[:2] assert ( "2 rows in 1 table, 5 rows in 4 hidden tables, 1 view" == counts_p.text.strip() ) # We should only show visible, not hidden tables here: table_links = [ {"href": a["href"], "text": a.text.strip()} for a in links_p.findAll("a") ] assert [ {"href": r"/extra%20database/searchable", "text": "searchable"}, {"href": r"/extra%20database/searchable_view", "text": "searchable_view"}, ] == table_links def test_http_head(app_client): response = app_client.get("/", method="HEAD") assert response.status == 200 def test_homepage_options(app_client): response = app_client.get("/", method="OPTIONS") assert response.status == 405 assert response.text == "Method not allowed" def test_favicon(app_client): response = app_client.get("/favicon.ico") assert response.status == 200 assert "" == response.text def test_static(app_client): response = app_client.get("/-/static/app2.css") assert response.status == 404 response = app_client.get("/-/static/app.css") assert response.status == 200 assert "text/css" == response.headers["content-type"] def test_static_mounts(): with make_app_client( static_mounts=[("custom-static", str(pathlib.Path(__file__).parent))] ) as client: response = client.get("/custom-static/test_html.py") assert response.status == 200 response = client.get("/custom-static/not_exists.py") assert response.status == 404 response = client.get("/custom-static/../LICENSE") assert response.status == 404 def test_memory_database_page(): with make_app_client(memory=True) as client: response = client.get("/_memory") assert response.status == 200 def test_not_allowed_methods(): with make_app_client(memory=True) as client: for method in ("post", "put", "patch", "delete"): response = client.request(path="/_memory", method=method.upper()) assert response.status == 405 def test_database_page_redirects_with_url_hash(app_client_with_hash): response = app_client_with_hash.get("/fixtures") assert response.status == 302 response = app_client_with_hash.get("/fixtures", follow_redirects=True) assert "fixtures" in response.text def test_database_page(app_client): response = app_client.get("/fixtures") assert ( b"
pk, foreign_key_with_label, foreign_key_with_blank_label, " b"foreign_key_with_no_label, foreign_key_compound_pk1, " b"foreign_key_compound_pk2
" ) in response.body soup = Soup(response.body, "html.parser") queries_ul = soup.find("h2", text="Queries").find_next_sibling("ul") assert queries_ul is not None assert [ ( "/fixtures/%F0%9D%90%9C%F0%9D%90%A2%F0%9D%90%AD%F0%9D%90%A2%F0%9D%90%9E%F0%9D%90%AC", "𝐜𝐢𝐭𝐢𝐞𝐬", ), ("/fixtures/from_async_hook", "from_async_hook"), ("/fixtures/from_hook", "from_hook"), ("/fixtures/magic_parameters", "magic_parameters"), ("/fixtures/neighborhood_search#fragment-goes-here", "Search neighborhoods"), ("/fixtures/pragma_cache_size", "pragma_cache_size"), ] == sorted( [(a["href"], a.text) for a in queries_ul.find_all("a")], key=lambda p: p[0] ) def test_invalid_custom_sql(app_client): response = app_client.get("/fixtures?sql=.schema") assert response.status == 400 assert "Statement must be a SELECT" in response.text def test_disallowed_custom_sql_pragma(app_client): response = app_client.get( "/fixtures?sql=SELECT+*+FROM+pragma_not_on_allow_list('idx52')" ) assert response.status == 400 pragmas = ", ".join("pragma_{}()".format(pragma) for pragma in allowed_pragmas) assert ( "Statement contained a disallowed PRAGMA. Allowed pragma functions are {}".format( pragmas ) in response.text ) def test_sql_time_limit(app_client_shorter_time_limit): response = app_client_shorter_time_limit.get("/fixtures?sql=select+sleep(0.5)") assert 400 == response.status expected_html_fragment = """ sql_time_limit_ms """.strip() assert expected_html_fragment in response.text def test_row_redirects_with_url_hash(app_client_with_hash): response = app_client_with_hash.get("/fixtures/simple_primary_key/1") assert response.status == 302 assert response.headers["Location"].endswith("/1") response = app_client_with_hash.get( "/fixtures/simple_primary_key/1", follow_redirects=True ) assert response.status == 200 def test_row_strange_table_name_with_url_hash(app_client_with_hash): response = app_client_with_hash.get("/fixtures/table%2Fwith%2Fslashes.csv/3") assert response.status == 302 assert response.headers["Location"].endswith("/table%2Fwith%2Fslashes.csv/3") response = app_client_with_hash.get( "/fixtures/table%2Fwith%2Fslashes.csv/3", follow_redirects=True ) assert response.status == 200 def test_row_page_does_not_truncate(): with make_app_client(settings={"truncate_cells_html": 5}) as client: response = client.get("/fixtures/facetable/1") assert response.status == 200 table = Soup(response.body, "html.parser").find("table") assert table["class"] == ["rows-and-columns"] assert ["Mission"] == [ td.string for td in table.findAll("td", {"class": "col-neighborhood-b352a7"}) ] @pytest.mark.parametrize( "path,expected_classes", [ ("/", ["index"]), ("/fixtures", ["db", "db-fixtures"]), ("/fixtures?sql=select+1", ["query", "db-fixtures"]), ( "/fixtures/simple_primary_key", ["table", "db-fixtures", "table-simple_primary_key"], ), ( "/fixtures/neighborhood_search", ["query", "db-fixtures", "query-neighborhood_search"], ), ( "/fixtures/table%2Fwith%2Fslashes.csv", ["table", "db-fixtures", "table-tablewithslashescsv-fa7563"], ), ( "/fixtures/simple_primary_key/1", ["row", "db-fixtures", "table-simple_primary_key"], ), ], ) def test_css_classes_on_body(app_client, path, expected_classes): response = app_client.get(path) assert response.status == 200 classes = re.search(r'', response.text).group(1).split() assert classes == expected_classes @pytest.mark.parametrize( "path,expected_considered", [ ("/", "*index.html"), ("/fixtures", "database-fixtures.html, *database.html"), ( "/fixtures/simple_primary_key", "table-fixtures-simple_primary_key.html, *table.html", ), ( "/fixtures/table%2Fwith%2Fslashes.csv", "table-fixtures-tablewithslashescsv-fa7563.html, *table.html", ), ( "/fixtures/simple_primary_key/1", "row-fixtures-simple_primary_key.html, *row.html", ), ], ) def test_templates_considered(app_client, path, expected_considered): response = app_client.get(path) assert response.status == 200 assert f"" in response.text def test_row_json_export_link(app_client): response = app_client.get("/fixtures/simple_primary_key/1") assert response.status == 200 assert 'json' in response.text def test_query_json_csv_export_links(app_client): response = app_client.get("/fixtures?sql=select+1") assert response.status == 200 assert 'json' in response.text assert 'CSV' in response.text def test_row_html_simple_primary_key(app_client): response = app_client.get("/fixtures/simple_primary_key/1") assert response.status == 200 table = Soup(response.body, "html.parser").find("table") assert ["id", "content"] == [th.string.strip() for th in table.select("thead th")] assert [ [ '{") def test_config_template_debug_off(app_client): response = app_client.get("/fixtures/facetable?_context=1") assert response.status == 200 assert not response.text.startswith("{") def test_debug_context_includes_extra_template_vars(): # https://github.com/simonw/datasette/issues/693 with make_app_client(settings={"template_debug": True}) as client: response = client.get("/fixtures/facetable?_context=1") # scope_path is added by PLUGIN1 assert "scope_path" in response.text @pytest.mark.parametrize( "path", [ "/", "/fixtures", "/fixtures/compound_three_primary_keys", "/fixtures/compound_three_primary_keys/a,a,a", "/fixtures/paginated_view", "/fixtures/facetable", "/fixtures/facetable?_facet=state", "/fixtures?sql=select+1", ], ) @pytest.mark.parametrize("use_prefix", (True, False)) def test_base_url_config(app_client_base_url_prefix, path, use_prefix): client = app_client_base_url_prefix path_to_get = path if use_prefix: path_to_get = "/prefix/" + path.lstrip("/") response = client.get(path_to_get) soup = Soup(response.body, "html.parser") for el in soup.findAll(["a", "link", "script"]): if "href" in el.attrs: href = el["href"] elif "src" in el.attrs: href = el["src"] else: continue # Could be a if ( not href.startswith("#") and href not in { "https://datasette.io/", "https://github.com/simonw/datasette", "https://github.com/simonw/datasette/blob/main/LICENSE", "https://github.com/simonw/datasette/blob/main/tests/fixtures.py", "/login-as-root", # Only used for the latest.datasette.io demo } and not href.startswith("https://plugin-example.datasette.io/") ): # If this has been made absolute it may start http://localhost/ if href.startswith("http://localhost/"): href = href[len("http://localost/") :] assert href.startswith("/prefix/"), json.dumps( { "path": path, "path_to_get": path_to_get, "href_or_src": href, "element_parent": str(el.parent), }, indent=4, default=repr, ) def test_base_url_affects_metadata_extra_css_urls(app_client_base_url_prefix): html = app_client_base_url_prefix.get("/").text assert '' in html @pytest.mark.parametrize( "path,expected", [ ( "/fixtures/neighborhood_search", "/fixtures?sql=%0Aselect+_neighborhood%2C+facet_cities.name%2C+state%0Afrom+facetable%0A++++join+facet_cities%0A++++++++on+facetable._city_id+%3D+facet_cities.id%0Awhere+_neighborhood+like+%27%25%27+%7C%7C+%3Atext+%7C%7C+%27%25%27%0Aorder+by+_neighborhood%3B%0A&text=", ), ( "/fixtures/neighborhood_search?text=ber", "/fixtures?sql=%0Aselect+_neighborhood%2C+facet_cities.name%2C+state%0Afrom+facetable%0A++++join+facet_cities%0A++++++++on+facetable._city_id+%3D+facet_cities.id%0Awhere+_neighborhood+like+%27%25%27+%7C%7C+%3Atext+%7C%7C+%27%25%27%0Aorder+by+_neighborhood%3B%0A&text=ber", ), ("/fixtures/pragma_cache_size", None), ( "/fixtures/𝐜𝐢𝐭𝐢𝐞𝐬", "/fixtures?sql=select+id%2C+name+from+facet_cities+order+by+id+limit+1%3B", ), ("/fixtures/magic_parameters", None), ], ) def test_edit_sql_link_on_canned_queries(app_client, path, expected): response = app_client.get(path) expected_link = f'Edit SQL' if expected: assert expected_link in response.text else: assert "Edit SQL" not in response.text @pytest.mark.parametrize("permission_allowed", [True, False]) def test_edit_sql_link_not_shown_if_user_lacks_permission(permission_allowed): with make_app_client( metadata={ "allow_sql": None if permission_allowed else {"id": "not-you"}, "databases": {"fixtures": {"queries": {"simple": "select 1 + 1"}}}, } ) as client: response = client.get("/fixtures/simple") if permission_allowed: assert "Edit SQL" in response.text else: assert "Edit SQL" not in response.text @pytest.mark.parametrize( "actor_id,should_have_links,should_not_have_links", [ (None, None, None), ("test", None, ["/-/permissions"]), ("root", ["/-/permissions", "/-/allow-debug", "/-/metadata"], None), ], ) def test_navigation_menu_links( app_client, actor_id, should_have_links, should_not_have_links ): cookies = {} if actor_id: cookies = {"ds_actor": app_client.actor_cookie({"id": actor_id})} html = app_client.get("/", cookies=cookies).text soup = Soup(html, "html.parser") details = soup.find("nav").find("details") if not actor_id: # Should not show a menu assert details is None return # They are logged in: should show a menu assert details is not None # And a rogout form assert details.find("form") is not None if should_have_links: for link in should_have_links: assert ( details.find("a", {"href": link}) is not None ), f"{link} expected but missing from nav menu" if should_not_have_links: for link in should_not_have_links: assert ( details.find("a", {"href": link}) is None ), f"{link} found but should not have been in nav menu" def test_trace_correctly_escaped(app_client): response = app_client.get("/fixtures?sql=select+'Hello'&_trace=1") assert "select '
Hello" not in response.text assert "select '<h1>Hello" in response.text