Skip to content
This repository has been archived by the owner on Feb 8, 2018. It is now read-only.

Commit

Permalink
Disallow claiming packages already claimed
Browse files Browse the repository at this point in the history
  • Loading branch information
chadwhitacre committed Jun 14, 2017
1 parent 57d76a9 commit ea4904c
Show file tree
Hide file tree
Showing 4 changed files with 44 additions and 11 deletions.
12 changes: 12 additions & 0 deletions gratipay/testing/harness.py
Original file line number Diff line number Diff line change
Expand Up @@ -427,7 +427,19 @@ def get_tip(self, tipper, tippee):
def add_and_verify_email(self, participant, *emails):
"""Given a participant and some email addresses, add and verify them.
"""
if participant.__class__ is not Participant:
participant = P(participant)
for email in emails:
participant.start_email_verification(email)
nonce = participant.get_email(email).nonce
participant.finish_email_verification(email, nonce)


def claim_package(self, participant, package):
"""Given a participant and a package, claim the package for the participant.
"""
if participant.__class__ is not Participant:
participant = P(participant)
if package.__class__ is not Package:
package = Package.from_names(NPM, package)
package.get_or_create_linked_team(self.db, participant)
22 changes: 21 additions & 1 deletion tests/py/test_email.py
Original file line number Diff line number Diff line change
Expand Up @@ -295,7 +295,7 @@ def test_package_verification_fails_if_email_not_listed(self):
assert response.code == 400
assert self.db.all('select package_id from claims order by package_id') == []

def test_package_verification_fails_package_id_is_garbage(self):
def test_package_verification_fails_if_package_id_is_garbage(self):
response = self.hit_email_spt( 'start-verification'
, '[email protected]'
, package_ids=['cheese monkey']
Expand All @@ -304,6 +304,26 @@ def test_package_verification_fails_package_id_is_garbage(self):
assert response.code == 400
assert self.db.all('select package_id from claims order by package_id') == []

def test_package_reverification_succeeds_if_package_is_already_claimed_by_self(self):
foo = self.make_package()
self.claim_package('alice', foo)
response = self.hit_email_spt( 'start-verification'
, '[email protected]'
, package_ids=[foo.id]
)
assert response.code == 200

def test_package_verification_fails_if_package_is_already_claimed_by_other(self):
self.make_participant('bob', claimed_time='now', email_address='[email protected]')
foo = self.make_package(emails=['[email protected]', '[email protected]'])
self.claim_package('bob', foo)
response = self.hit_email_spt( 'start-verification'
, '[email protected]'
, package_ids=[foo.id]
, should_fail=True
)
assert response.code == 400


class TestFunctions(Alice):

Expand Down
18 changes: 8 additions & 10 deletions tests/ttw/test_package_claiming.py
Original file line number Diff line number Diff line change
Expand Up @@ -181,20 +181,18 @@ def test_auth_without_claimable_packages_gets_disabled_apply_button(self):
assert button['disabled'] == 'true'

def test_auth_with_claimable_packages_gets_apply_button(self):
alice = self.make_participant('alice', claimed_time='now',
email_address='[email protected]')
self.add_and_verify_email(alice, '[email protected]')
self.make_participant('alice', claimed_time='now', email_address='[email protected]')
self.add_and_verify_email('alice', '[email protected]')
self.visit_as('alice')
button = self.css('.important-button button')
assert button.text == 'Apply to accept payments'
assert button['disabled'] is None

def test_differentiates_claimed_packages(self):
bob = self.make_participant('bob', claimed_time='now', email_address='[email protected]')
alice = self.make_participant('alice', claimed_time='now',
email_address='[email protected]')
Package.from_names(NPM, 'foo').get_or_create_linked_team(self.db, alice)
Package.from_names(NPM, 'bar').get_or_create_linked_team(self.db, bob)
self.make_participant('bob', claimed_time='now', email_address='[email protected]')
self.make_participant('alice', claimed_time='now', email_address='[email protected]')
self.claim_package('alice', 'foo')
self.claim_package('bob', 'bar')
self.visit_as('alice')
assert self.css('.i1').has_class('disabled')
assert self.css('.i1 .owner a').text == '~bob'
Expand Down Expand Up @@ -227,8 +225,8 @@ def test_sends_one_mail_for_multiple_packages(self):

def test_doesnt_send_for_unclaimable_packages(self):
self.make_participant('alice', claimed_time='now', email_address='[email protected]')
cat = self.make_participant('cat', claimed_time='now', email_address='[email protected]')
Package.from_names(NPM, 'baz').get_or_create_linked_team(self.db, cat)
self.make_participant('cat', claimed_time='now', email_address='[email protected]')
self.claim_package('cat', 'baz')
self.visit_as('alice')
self.css('.important-button button').click()
assert len(self.css('table.listing td.item')) == 3
Expand Down
3 changes: 3 additions & 0 deletions www/~/%username/emails/modify.json.spt
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,9 @@ if action in ('add-email', 'resend', 'start-verification'):
try:
package = Package.from_id(package_id)
assert address in package.emails
team = package.team
owner = team.owner if team else None
assert owner == user.participant.username if owner else True
except:
raise Response(400)
packages.append(package)
Expand Down

0 comments on commit ea4904c

Please sign in to comment.