badblocks/pkmntrade.club
1
1
Fork 0
Code Issues 14 Pull requests Projects 1 Releases Packages Wiki Activity

Fix friend_code max length issues in tests, and fix in_game_name length issues, also update tests to fit more scenarios

Browse source
This commit is contained in:
badblocks 2025-03-27 17:26:07 -07:00
parent 0d4655bf80
commit b9c4d7a61d
10 changed files with 558 additions and 66 deletions
Download patch file Download diff file Expand all files Collapse all files

499
trades/tests.py
View file

@ -18,7 +18,7 @@ from trades.forms import (
TradeOfferAcceptForm,
TradeAcceptanceTransitionForm,
)
from tests.utils.rarity import RARITY_MAPPING
# ------------------------------------------------------------------------
# Model Tests
@ -26,27 +26,29 @@ from trades.forms import (
class TradeOfferModelTest(TestCase):
def setUp(self):
User = get_user_model()
# Create a user and friend code for testing
self.user = User.objects.create_user(
username="testuser", email="test@example.com", password="password"
)
self.friend_code = FriendCode.objects.create(
friend_code="FC-1234", in_game_name="TestInGame", user=self.user
friend_code="1234-5678-9012-3456", in_game_name="TestInGame", user=self.user
)
# Create cards with the same rarity (valid scenario)
self.card1 = Card.objects.create(
name="Card1", cardset="set1", cardnum=1, style="default", rarity_icon="R", rarity_level=1
name="Card1", cardset="set1", cardnum=1, style="default",
rarity_icon=RARITY_MAPPING[1], rarity_level=1
)
self.card2 = Card.objects.create(
name="Card2", cardset="set1", cardnum=2, style="default", rarity_icon="R", rarity_level=1
name="Card2", cardset="set1", cardnum=2, style="default",
rarity_icon=RARITY_MAPPING[1], rarity_level=1
)
# Create a card with a different rarity (to test invalid trade offers)
self.card3 = Card.objects.create(
name="Card3", cardset="set1", cardnum=3, style="default", rarity_icon="SR", rarity_level=2
name="Card3", cardset="set1", cardnum=3, style="default",
rarity_icon=RARITY_MAPPING[8], rarity_level=8
)
# Create a valid trade offer with consistent rarity details.
# Create a valid trade offer with consistent rarity details
self.trade_offer = TradeOffer.objects.create(initiated_by=self.friend_code)
TradeOfferHaveCard.objects.create(
trade_offer=self.trade_offer, card=self.card1, quantity=2
@ -59,7 +61,7 @@ class TradeOfferModelTest(TestCase):
"""Test update_rarity_fields succeeds with cards sharing the same rarity."""
self.trade_offer.update_rarity_fields()
self.assertEqual(self.trade_offer.rarity_level, 1)
self.assertEqual(self.trade_offer.rarity_icon, "R")
self.assertEqual(self.trade_offer.rarity_icon, "🔷")
def test_update_rarity_fields_invalid(self):
"""If a card with a different rarity is added, update_rarity_fields should raise an error."""
@ -84,21 +86,23 @@ class TradeAcceptanceModelTest(TestCase):
username="acceptuser", email="acc@example.com", password="password"
)
self.friend_code = FriendCode.objects.create(
friend_code="FC-5678", in_game_name="AccInGame", user=self.user
friend_code="1111-2222-3333-4444", in_game_name="AccInGame", user=self.user
)
self.other_user = User.objects.create_user(
username="initiator", email="init@example.com", password="password"
)
self.initiator_friend_code = FriendCode.objects.create(
friend_code="FC-0000", in_game_name="InitInGame", user=self.other_user
friend_code="5555-6666-7777-8888", in_game_name="InitInGame", user=self.other_user
)
# Create two cards (with the same rarity)
self.card1 = Card.objects.create(
name="CardA", cardset="setA", cardnum=1, style="default", rarity_icon="R", rarity_level=1
name="CardA", cardset="setA", cardnum=1, style="default",
rarity_icon=RARITY_MAPPING[2], rarity_level=2
)
self.card2 = Card.objects.create(
name="CardB", cardset="setA", cardnum=2, style="default", rarity_icon="R", rarity_level=1
name="CardB", cardset="setA", cardnum=2, style="default",
rarity_icon=RARITY_MAPPING[2], rarity_level=2
)
# Create a trade offer by the initiator.
@ -198,16 +202,16 @@ class TradeOfferFormTest(TestCase):
username="formuser", email="form@example.com", password="password"
)
self.friend_code = FriendCode.objects.create(
friend_code="FC-FORM", in_game_name="FormUser", user=self.user
friend_code="9999-8888-7777-6666", in_game_name="FormUser", user=self.user
)
# Create two cards with the same rarity details.
self.card1 = Card.objects.create(
name="FormCard1", cardset="formset", cardnum=1, style="default",
rarity_icon="R", rarity_level=1
rarity_icon=RARITY_MAPPING[3], rarity_level=3
)
self.card2 = Card.objects.create(
name="FormCard2", cardset="formset", cardnum=2, style="default",
rarity_icon="R", rarity_level=1
rarity_icon=RARITY_MAPPING[3], rarity_level=3
)
def test_trade_offer_create_form_valid(self):
@ -325,7 +329,7 @@ class TradeViewsTest(TestCase):
username="viewuser", email="view@example.com", password="password"
)
self.friend_code = FriendCode.objects.create(
friend_code="FC-VIEW", in_game_name="ViewUser", user=self.user
friend_code="4444-3333-2222-1111", in_game_name="ViewUser", user=self.user
)
self.user.default_friend_code = self.friend_code
self.user.save(update_fields=["default_friend_code"])
@ -334,11 +338,11 @@ class TradeViewsTest(TestCase):
# Create sample cards.
self.card1 = Card.objects.create(
name="ViewCard1", cardset="setV", cardnum=1, style="default",
rarity_icon="R", rarity_level=1
rarity_icon=RARITY_MAPPING[7], rarity_level=7
)
self.card2 = Card.objects.create(
name="ViewCard2", cardset="setV", cardnum=2, style="default",
rarity_icon="R", rarity_level=1
rarity_icon=RARITY_MAPPING[7], rarity_level=7
)
# Create a trade offer initiated by the logged-in user's friend code.
self.trade_offer = TradeOffer.objects.create(initiated_by=self.friend_code)
@ -460,3 +464,462 @@ class TradeViewsTest(TestCase):
valid_state = allowed_states[0]
response = self.client.post(update_url, {"state": valid_state})
self.assertEqual(response.status_code, 302)
class TradeOfferSecurityTests(TestCase):
def setUp(self):
User = get_user_model()
# Create three users for testing various security scenarios
self.user1 = User.objects.create_user(
username="user1", email="user1@example.com", password="password1"
)
self.user2 = User.objects.create_user(
username="user2", email="user2@example.com", password="password2"
)
self.user3 = User.objects.create_user(
username="user3", email="user3@example.com", password="password3"
)
# Create friend codes for each user with correct format
self.fc1 = FriendCode.objects.create(
friend_code="1111-2222-3333-4444", in_game_name="User1Game", user=self.user1
)
self.fc2 = FriendCode.objects.create(
friend_code="5555-6666-7777-8888", in_game_name="User2Game", user=self.user2
)
self.fc3 = FriendCode.objects.create(
friend_code="9999-0000-1111-2222", in_game_name="User3Game", user=self.user3
)
# Create test cards with proper rarity levels
self.card1 = Card.objects.create(
name="SecCard1", cardset="secset", cardnum=1, style="default",
rarity_icon=RARITY_MAPPING[3], rarity_level=3
)
self.card2 = Card.objects.create(
name="SecCard2", cardset="secset", cardnum=2, style="default",
rarity_icon=RARITY_MAPPING[3], rarity_level=3
)
# Create a trade offer by user1
self.trade_offer = TradeOffer.objects.create(initiated_by=self.fc1)
TradeOfferHaveCard.objects.create(
trade_offer=self.trade_offer, card=self.card1, quantity=1
)
TradeOfferWantCard.objects.create(
trade_offer=self.trade_offer, card=self.card2, quantity=1
)
self.client = Client()
def test_unauthorized_trade_offer_deletion(self):
"""Test that users cannot delete trade offers they don't own."""
self.client.login(username="user2", password="password2")
response = self.client.post(
reverse("trade_offer_delete", kwargs={"pk": self.trade_offer.pk})
)
self.assertEqual(response.status_code, 403)
self.assertTrue(TradeOffer.objects.filter(pk=self.trade_offer.pk).exists())
def test_unauthorized_trade_acceptance_update(self):
"""Test that uninvolved users cannot update trade acceptances."""
# Create an acceptance between user2 and user1's offer
acceptance = TradeAcceptance.objects.create(
trade_offer=self.trade_offer,
accepted_by=self.fc2,
requested_card=self.card1,
offered_card=self.card2,
state=TradeAcceptance.AcceptanceState.ACCEPTED,
)
# Try to update the acceptance as user3 (uninvolved)
self.client.login(username="user3", password="password3")
response = self.client.post(
reverse("trade_acceptance_update", kwargs={"pk": acceptance.pk}),
{"state": TradeAcceptance.AcceptanceState.SENT}
)
self.assertEqual(response.status_code, 403)
def test_cross_user_friend_code_manipulation(self):
"""Test that users cannot use other users' friend codes."""
self.client.login(username="user2", password="password2")
# Try to create a trade offer using user1's friend code
response = self.client.get(
reverse("trade_offer_create"),
{
"initiated_by": self.fc1.pk, # User1's friend code
"have_cards": [f"{self.card1.pk}:1"],
"want_cards": [f"{self.card2.pk}:1"],
}
)
self.assertEqual(response.status_code, 200) # Form should fail validation
self.assertFalse(
TradeOffer.objects.filter(initiated_by=self.fc1).count() > 1
)
def test_authenticated_only_views(self):
"""Test that authenticated-only views are properly protected."""
# Test without login
urls_to_test = [
reverse("trade_offer_create"),
reverse("trade_offer_my_list"),
reverse("trade_acceptance_create", kwargs={"offer_pk": self.trade_offer.pk}),
]
# First ensure we're logged out
self.client.logout()
for url in urls_to_test:
response = self.client.get(url)
self.assertRedirects(
response,
f"/accounts/login/?next={url}",
msg_prefix=f"URL {url} should require authentication"
)
class TradeOfferEdgeCasesTest(TestCase):
def setUp(self):
User = get_user_model()
self.user = User.objects.create_user(
username="edgeuser", email="edge@example.com", password="password"
)
self.friend_code = FriendCode.objects.create(
friend_code="3333-4444-5555-6666", in_game_name="EdgeUser", user=self.user
)
# Create test cards with different rarities using proper levels and icons
self.common_card = Card.objects.create(
name="CommonCard", cardset="edgeset", cardnum=1, style="default",
rarity_icon=RARITY_MAPPING[1], rarity_level=1
)
self.rare_card = Card.objects.create(
name="RareCard", cardset="edgeset", cardnum=2, style="default",
rarity_icon=RARITY_MAPPING[5], rarity_level=5
)
self.crown_card = Card.objects.create(
name="CrownCard", cardset="edgeset", cardnum=3, style="default",
rarity_icon=RARITY_MAPPING[8], rarity_level=8
)
self.client = Client()
self.client.login(username="edgeuser", password="password")
def test_zero_quantity_trade_offer(self):
"""Test that trade offers with zero quantity are handled properly."""
response = self.client.get(
reverse("trade_offer_create"),
{
"initiated_by": self.friend_code.pk,
"have_cards": [f"{self.common_card.pk}:0"],
"want_cards": [f"{self.common_card.pk}:1"],
}
)
self.assertEqual(response.status_code, 200)
self.assertFalse(
TradeOffer.objects.filter(initiated_by=self.friend_code).exists()
)
def test_negative_quantity_trade_offer(self):
"""Test that trade offers with negative quantity are handled properly."""
response = self.client.get(
reverse("trade_offer_create"),
{
"initiated_by": self.friend_code.pk,
"have_cards": [f"{self.common_card.pk}:-1"],
"want_cards": [f"{self.common_card.pk}:1"],
}
)
self.assertEqual(response.status_code, 200)
self.assertFalse(
TradeOffer.objects.filter(initiated_by=self.friend_code).exists()
)
def test_mixed_rarity_trade_offer(self):
"""Test that trade offers with mixed rarity cards are rejected."""
response = self.client.get(
reverse("trade_offer_create"),
{
"initiated_by": self.friend_code.pk,
"have_cards": [f"{self.common_card.pk}:1"],
"want_cards": [f"{self.crown_card.pk}:1"],
}
)
self.assertEqual(response.status_code, 200)
self.assertFalse(
TradeOffer.objects.filter(initiated_by=self.friend_code).exists()
)
def test_duplicate_card_entries(self):
"""Test handling of duplicate card entries in trade offers."""
response = self.client.get(
reverse("trade_offer_create"),
{
"initiated_by": self.friend_code.pk,
"have_cards": [
f"{self.common_card.pk}:1",
f"{self.common_card.pk}:1"
],
"want_cards": [f"{self.common_card.pk}:1"],
}
)
self.assertEqual(response.status_code, 200)
self.assertFalse(
TradeOffer.objects.filter(initiated_by=self.friend_code).exists()
)
class TradeSearchTests(TestCase):
def setUp(self):
User = get_user_model()
self.user = User.objects.create_user(
username="searchuser", email="search@example.com", password="password"
)
self.friend_code = FriendCode.objects.create(
friend_code="7777-8888-9999-0000", in_game_name="SearchUser", user=self.user
)
# Create test cards with proper rarity levels
self.card1 = Card.objects.create(
name="SearchCard1", cardset="sc1", cardnum=1, style="default",
rarity_icon=RARITY_MAPPING[4], rarity_level=4
)
self.card2 = Card.objects.create(
name="SearchCard2", cardset="sc1", cardnum=2, style="default",
rarity_icon=RARITY_MAPPING[4], rarity_level=4
)
self.card3 = Card.objects.create(
name="SearchCard3", cardset="sc1", cardnum=3, style="default",
rarity_icon=RARITY_MAPPING[4], rarity_level=4
)
# Create some trade offers
self.trade_offer1 = TradeOffer.objects.create(initiated_by=self.friend_code)
TradeOfferHaveCard.objects.create(
trade_offer=self.trade_offer1, card=self.card1, quantity=2
)
TradeOfferWantCard.objects.create(
trade_offer=self.trade_offer1, card=self.card2, quantity=1
)
self.trade_offer2 = TradeOffer.objects.create(initiated_by=self.friend_code)
TradeOfferHaveCard.objects.create(
trade_offer=self.trade_offer2, card=self.card2, quantity=1
)
TradeOfferWantCard.objects.create(
trade_offer=self.trade_offer2, card=self.card3, quantity=1
)
self.client = Client()
def test_search_by_have_cards(self):
"""Test searching for trade offers by cards the user has doesn't show offers initiated by the user."""
response = self.client.post(
reverse("trade_offer_search"),
{
"have_cards": [f"{self.card2.pk}:1"],
}
)
self.assertEqual(response.status_code, 200)
self.assertNotContains(response, self.trade_offer1.initiated_by.in_game_name)
self.assertNotContains(response, self.trade_offer2.initiated_by.in_game_name)
def test_search_by_want_cards(self):
"""Test searching for trade offers by cards the user wants doesn't show offers initiated by the user."""
response = self.client.post(
reverse("trade_offer_search"),
{
"want_cards": [f"{self.card1.pk}:1"],
}
)
self.assertEqual(response.status_code, 200)
self.assertNotContains(response, self.trade_offer1.initiated_by.in_game_name)
self.assertNotContains(response, self.trade_offer2.initiated_by.in_game_name)
def test_search_with_invalid_card_id(self):
"""Test search behavior with invalid card IDs."""
response = self.client.post(
reverse("trade_offer_search"),
{
"have_cards": ["999999:1"], # Non-existent card ID
}
)
self.assertEqual(response.status_code, 200)
self.assertNotContains(response, self.trade_offer1.initiated_by.in_game_name)
self.assertNotContains(response, self.trade_offer2.initiated_by.in_game_name)
def test_search_closed_trades(self):
"""Test that closed trades don't appear in search results."""
self.trade_offer1.is_closed = True
self.trade_offer1.save()
response = self.client.post(
reverse("trade_offer_search"),
{
"have_cards": [f"{self.card2.pk}:1"],
}
)
self.assertEqual(response.status_code, 200)
self.assertNotContains(response, self.trade_offer1.initiated_by.in_game_name)
class TradeAcceptanceComplexTests(TestCase):
def setUp(self):
User = get_user_model()
self.initiator = User.objects.create_user(
username="initiator", email="init@example.com", password="password"
)
self.acceptor = User.objects.create_user(
username="acceptor", email="accept@example.com", password="password"
)
self.initiator_fc = FriendCode.objects.create(
friend_code="1234-5678-9012-3456", in_game_name="InitUser", user=self.initiator
)
self.acceptor_fc = FriendCode.objects.create(
friend_code="6543-2109-8765-4321", in_game_name="AcceptUser", user=self.acceptor
)
# Create test cards with proper rarity levels
self.card1 = Card.objects.create(
name="ComplexCard1", cardset="cx1", cardnum=1, style="default",
rarity_icon=RARITY_MAPPING[6], rarity_level=6
)
self.card2 = Card.objects.create(
name="ComplexCard2", cardset="cx1", cardnum=2, style="default",
rarity_icon=RARITY_MAPPING[6], rarity_level=6
)
self.card3 = Card.objects.create(
name="ComplexCard3", cardset="cx1", cardnum=3, style="default",
rarity_icon=RARITY_MAPPING[6], rarity_level=6
)
self.card4 = Card.objects.create(
name="ComplexCard4", cardset="cx1", cardnum=4, style="default",
rarity_icon=RARITY_MAPPING[6], rarity_level=6
)
# Create a trade offer with multiple quantities
self.trade_offer = TradeOffer.objects.create(initiated_by=self.initiator_fc)
TradeOfferHaveCard.objects.create(
trade_offer=self.trade_offer, card=self.card1, quantity=3
)
TradeOfferHaveCard.objects.create(
trade_offer=self.trade_offer, card=self.card3, quantity=1
)
TradeOfferWantCard.objects.create(
trade_offer=self.trade_offer, card=self.card2, quantity=3
)
TradeOfferWantCard.objects.create(
trade_offer=self.trade_offer, card=self.card4, quantity=1
)
self.client = Client()
def test_multiple_acceptances_quantity_limit(self):
"""Test that multiple acceptances cannot exceed the offer's quantity limit."""
self.client.login(username="acceptor", password="password")
# Create first acceptance
response1 = self.client.post(
reverse("trade_acceptance_create", kwargs={"offer_pk": self.trade_offer.pk}),
{
"accepted_by": self.acceptor_fc.pk,
"requested_card": self.card1.pk,
"offered_card": self.card2.pk,
}
)
self.assertEqual(response1.status_code, 302) # Successful creation
# Create second acceptance
response2 = self.client.post(
reverse("trade_acceptance_create", kwargs={"offer_pk": self.trade_offer.pk}),
{
"accepted_by": self.acceptor_fc.pk,
"requested_card": self.card1.pk,
"offered_card": self.card2.pk,
}
)
self.assertEqual(response2.status_code, 302) # Successful creation
# Try to create a fourth acceptance (should fail as only 3 are allowed)
response3 = self.client.post(
reverse("trade_acceptance_create", kwargs={"offer_pk": self.trade_offer.pk}),
{
"accepted_by": self.acceptor_fc.pk,
"requested_card": self.card1.pk,
"offered_card": self.card2.pk,
}
)
self.assertEqual(response3.status_code, 302) # Successful creation
response4 = self.client.post(
reverse("trade_acceptance_create", kwargs={"offer_pk": self.trade_offer.pk}),
{
"accepted_by": self.acceptor_fc.pk,
"requested_card": self.card1.pk,
"offered_card": self.card2.pk,
}
)
self.assertEqual(response4.status_code, 200) # Should fail
self.assertEqual(
self.trade_offer.acceptances.count(), 3,
"Should not allow more acceptances than the quantity limit"
)
def test_complex_state_transitions(self):
"""Test complex state transition scenarios."""
self.client.login(username="acceptor", password="password")
# Create an acceptance
acceptance = TradeAcceptance.objects.create(
trade_offer=self.trade_offer,
accepted_by=self.acceptor_fc,
requested_card=self.card1,
offered_card=self.card2,
state=TradeAcceptance.AcceptanceState.ACCEPTED,
)
# Test invalid state transition sequence
invalid_transitions = [
TradeAcceptance.AcceptanceState.THANKED_BY_ACCEPTOR, # Can't thank before sending
TradeAcceptance.AcceptanceState.RECEIVED, # Can't receive before sending
TradeAcceptance.AcceptanceState.THANKED_BY_BOTH, # Can't thank by both directly
]
for invalid_state in invalid_transitions:
response = self.client.post(
reverse("trade_acceptance_update", kwargs={"pk": acceptance.pk}),
{"state": invalid_state}
)
self.assertEqual(response.status_code, 200) # Should stay on form
acceptance.refresh_from_db()
self.assertEqual(
acceptance.state,
TradeAcceptance.AcceptanceState.ACCEPTED,
f"Invalid transition to {invalid_state} should not be allowed"
)
# Test valid state transition sequence
valid_transitions = [
(self.initiator, TradeAcceptance.AcceptanceState.SENT),
(self.acceptor, TradeAcceptance.AcceptanceState.RECEIVED),
(self.initiator, TradeAcceptance.AcceptanceState.THANKED_BY_INITIATOR),
(self.acceptor, TradeAcceptance.AcceptanceState.THANKED_BY_BOTH),
]
for user, state in valid_transitions:
self.client.login(username=user.username, password="password")
response = self.client.post(
reverse("trade_acceptance_update", kwargs={"pk": acceptance.pk}),
{"state": state}
)
self.assertEqual(response.status_code, 302) # Should redirect on success
acceptance.refresh_from_db()
self.assertEqual(
acceptance.state,
state,
f"Valid transition to {state} should be allowed"
)