From 1d9ee4b03e5a9cba0cfaf4c2e56103a7a3dba50b Mon Sep 17 00:00:00 2001
From: Mikko Heikkinen <hawk@biomi.org>
Date: Thu, 25 Jul 2024 15:43:45 +0300
Subject: [PATCH] Handle accessing nonexistent challenge, add tests

---
 README.md                          |  1 -
 app/helpers/common_helpers.py      |  5 ++++-
 tests-playwright/test_anon_user.py | 15 ++++++++++++---
 tests-playwright/test_login.py     | 19 ++++++++++---------
 4 files changed, 26 insertions(+), 14 deletions(-)

diff --git a/README.md b/README.md
index 5e7c577..94979fd 100644
--- a/README.md
+++ b/README.md
@@ -95,7 +95,6 @@ Note that in order to create MariaDB database on Rahti, PHPMyAdmin data dump doe
 - Test:
     - Automated testing with Playwright
         - Admin editing challenges
-        - Logout
     - Giving malicious login token
     - Giving incorrect numeric challenge & participation id's -> redirect with flash
 - For 2025:
diff --git a/app/helpers/common_helpers.py b/app/helpers/common_helpers.py
index 97fc4d4..8361e8f 100644
--- a/app/helpers/common_helpers.py
+++ b/app/helpers/common_helpers.py
@@ -204,7 +204,10 @@ def get_challenge(challenge_id):
     with common_db.connection() as conn:
         query = "SELECT * FROM challenges WHERE challenge_id = %s"
         data = common_db.select(conn, query, params)
-    return data[0]
+
+    if data:
+        return data[0]
+    return {}
 
 
 def get_all_participations(challenge_id):
diff --git a/tests-playwright/test_anon_user.py b/tests-playwright/test_anon_user.py
index bcd89c8..d8c2554 100644
--- a/tests-playwright/test_anon_user.py
+++ b/tests-playwright/test_anon_user.py
@@ -1,12 +1,12 @@
 from playwright.sync_api import sync_playwright
 
 
-def test_anon_user(browser):
+# Access pages that are publicly available
+def test_anon_public_pages(browser):
     page = browser.new_page()
 
     front_page_text = "Havaitsetko 100 lajia"
 
-    # Access pages that are publicly available
     # Access front page
     page.goto("http://web:8081")
     assert "Kirjaudu sisään" in page.content()
@@ -16,7 +16,16 @@ def test_anon_user(browser):
     assert "Playwright-paikka" in page.content()
     assert "Osallistujat ovat havainneet yhteensä" in page.content()
 
-    # Access pages that require login
+    # Access a challenge that doesn't exist, which should redirect to front page
+    page.goto("http://web:8081/haaste/99")
+    assert front_page_text in page.content()
+
+# Access pages that require login
+def test_anon_restricted_pages(browser):
+    page = browser.new_page()
+
+    front_page_text = "Havaitsetko 100 lajia"
+
     # Access own participations page, which should redirect to front page
     page.goto("http://web:8081/oma")
     assert "Kirjaudu ensin sisään" in page.content()
diff --git a/tests-playwright/test_login.py b/tests-playwright/test_login.py
index 760b1a1..3d9e226 100644
--- a/tests-playwright/test_login.py
+++ b/tests-playwright/test_login.py
@@ -13,6 +13,7 @@ def extract_token(url):
     return token
 
 
+# Login ans save login state
 def test_login_and_save_state(browser):
     context = browser.new_context()
     page = context.new_page()
@@ -72,6 +73,7 @@ def test_login_and_save_state(browser):
     page.close()
 
 
+# Access pages as logged in user
 def test_own_data(browser):
     context = browser.new_context(storage_state='state.json')
     page = context.new_page()
@@ -89,19 +91,18 @@ def test_own_data(browser):
     assert "<h1>Omat osallistumiset</h1>" in page.content()
     assert "Teppo Playwright" in page.content()
 
+    # Access challenge this person hasn't participated in 
+    page.goto("http://web:8081/haaste/5")
+    assert "Et ole osallistunut tähän haasteeseen" in page.content()
 
+
+# Set up and edit new participation
 def test_add_edit_participation(browser):
     context = browser.new_context(storage_state='state.json')
     page = context.new_page()
 
-    # ----------------------------------------------
-    # Access challenge this person hasn't participated in 
-    page.goto("http://web:8081/haaste/5")
-    assert "Et ole osallistunut tähän haasteeseen" in page.content()
-
-    # ----------------------------------------------
-    # Set up own participation
     # Access participation adding page
+    page.goto("http://web:8081/haaste/5")
     page.click("#add_participation")
     assert "Osallistuminen: Sienihaaste" in page.content()
 
@@ -161,14 +162,13 @@ def test_add_edit_participation(browser):
     assert "Et ole osallistunut tähän haasteeseen" in page.content()
 
 
+# Access content with no rights to access
 def test_access_forbidden(browser):
     context = browser.new_context(storage_state='state.json')
     page = context.new_page()
 
     front_page_text = "Havaitsetko 100 lajia"
 
-    # ----------------------------------------------
-    # Access content with no rights to access
     # Access a participation page by someone else, which should redirect to front page
     page.goto("http://web:8081/osallistuminen/5/35")
     page.wait_for_selector('#body_home')
@@ -190,6 +190,7 @@ def test_access_forbidden(browser):
     assert front_page_text in page.content() 
 
 
+# Logout and tear down state
 def test_teardown(browser):
     state_file = 'state.json'
     context = browser.new_context(storage_state='state.json')