From 965b47a01ea2dcf8fdc36bed90f727268b8bbe93 Mon Sep 17 00:00:00 2001 From: Chad Whitacre Date: Wed, 7 Jun 2017 09:34:12 -0400 Subject: [PATCH] Disallow claiming packages already claimed --- gratipay/testing/harness.py | 12 ++++++++++++ tests/py/test_email.py | 22 +++++++++++++++++++++- tests/ttw/test_package_claiming.py | 18 ++++++++---------- www/~/%username/emails/modify.json.spt | 3 +++ 4 files changed, 44 insertions(+), 11 deletions(-) diff --git a/gratipay/testing/harness.py b/gratipay/testing/harness.py index abb26e154a..bed8d6f2ea 100644 --- a/gratipay/testing/harness.py +++ b/gratipay/testing/harness.py @@ -426,7 +426,19 @@ def get_tip(self, tipper, tippee): def add_and_verify_email(self, participant, *emails): """Given a participant and some email addresses, add and verify them. """ + if participant.__class__ is not Participant: + participant = P(participant) for email in emails: participant.start_email_verification(email) nonce = participant.get_email(email).nonce participant.finish_email_verification(email, nonce) + + + def claim_package(self, participant, package): + """Given a participant and a package, claim the package for the participant. + """ + if participant.__class__ is not Participant: + participant = P(participant) + if package.__class__ is not Package: + package = Package.from_names(NPM, package) + package.get_or_create_linked_team(self.db, participant) diff --git a/tests/py/test_email.py b/tests/py/test_email.py index 423217e646..51b8aa6e24 100644 --- a/tests/py/test_email.py +++ b/tests/py/test_email.py @@ -295,7 +295,7 @@ def test_package_verification_fails_if_email_not_listed(self): assert response.code == 400 assert self.db.all('select package_id from claims order by package_id') == [] - def test_package_verification_fails_package_id_is_garbage(self): + def test_package_verification_fails_if_package_id_is_garbage(self): response = self.hit_email_spt( 'start-verification' , 'bob@gratipay.com' , package_ids=['cheese monkey'] @@ -304,6 +304,26 @@ def test_package_verification_fails_package_id_is_garbage(self): assert response.code == 400 assert self.db.all('select package_id from claims order by package_id') == [] + def test_package_reverification_succeeds_if_package_is_already_claimed_by_self(self): + foo = self.make_package() + self.claim_package('alice', foo) + response = self.hit_email_spt( 'start-verification' + , 'alice@example.com' + , package_ids=[foo.id] + ) + assert response.code == 200 + + def test_package_verification_fails_if_package_is_already_claimed_by_other(self): + self.make_participant('bob', claimed_time='now', email_address='bob@example.com') + foo = self.make_package(emails=['alice@example.com', 'bob@example.com']) + self.claim_package('bob', foo) + response = self.hit_email_spt( 'start-verification' + , 'alice@example.com' + , package_ids=[foo.id] + , should_fail=True + ) + assert response.code == 400 + class TestFunctions(Alice): diff --git a/tests/ttw/test_package_claiming.py b/tests/ttw/test_package_claiming.py index 002d0700fd..eb679d28ea 100644 --- a/tests/ttw/test_package_claiming.py +++ b/tests/ttw/test_package_claiming.py @@ -181,20 +181,18 @@ def test_auth_without_claimable_packages_gets_disabled_apply_button(self): assert button['disabled'] == 'true' def test_auth_with_claimable_packages_gets_apply_button(self): - alice = self.make_participant('alice', claimed_time='now', - email_address='alice@example.com') - self.add_and_verify_email(alice, 'bob@example.com') + self.make_participant('alice', claimed_time='now', email_address='alice@example.com') + self.add_and_verify_email('alice', 'bob@example.com') self.visit_as('alice') button = self.css('.important-button button') assert button.text == 'Apply to accept payments' assert button['disabled'] is None def test_differentiates_claimed_packages(self): - bob = self.make_participant('bob', claimed_time='now', email_address='bob@example.com') - alice = self.make_participant('alice', claimed_time='now', - email_address='alice@example.com') - Package.from_names(NPM, 'foo').get_or_create_linked_team(self.db, alice) - Package.from_names(NPM, 'bar').get_or_create_linked_team(self.db, bob) + self.make_participant('bob', claimed_time='now', email_address='bob@example.com') + self.make_participant('alice', claimed_time='now', email_address='alice@example.com') + self.claim_package('alice', 'foo') + self.claim_package('bob', 'bar') self.visit_as('alice') assert self.css('.i1').has_class('disabled') assert self.css('.i1 .owner a').text == '~bob' @@ -227,8 +225,8 @@ def test_sends_one_mail_for_multiple_packages(self): def test_doesnt_send_for_unclaimable_packages(self): self.make_participant('alice', claimed_time='now', email_address='alice@example.com') - cat = self.make_participant('cat', claimed_time='now', email_address='cat@example.com') - Package.from_names(NPM, 'baz').get_or_create_linked_team(self.db, cat) + self.make_participant('cat', claimed_time='now', email_address='cat@example.com') + self.claim_package('cat', 'baz') self.visit_as('alice') self.css('.important-button button').click() assert len(self.css('table.listing td.item')) == 3 diff --git a/www/~/%username/emails/modify.json.spt b/www/~/%username/emails/modify.json.spt index b029c236b7..dff3c86915 100644 --- a/www/~/%username/emails/modify.json.spt +++ b/www/~/%username/emails/modify.json.spt @@ -37,6 +37,9 @@ if action in ('add-email', 'resend', 'start-verification'): try: package = Package.from_id(package_id) assert address in package.emails + team = package.team + owner = team.owner if team else None + assert owner == user.participant.username if owner else True except: raise Response(400) packages.append(package)