Docker/mealie
Docker/mealie
1
0
Fork 0
mirror of https://github.com/mealie-recipes/mealie.git synced 2025-08-03 04:25:24 +02:00
Code Issues Releases Activity

fix: Invalidate Expired Shared Links (#5065)

Browse source
This commit is contained in:
Michael Genson 2025-02-25 07:01:32 -06:00 committed by GitHub
parent a2c6b3f69b
commit df8dd3fe4a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 128 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

50
tests/integration_tests/user_recipe_tests/test_recipe_share_tokens.py
View file

@ -1,4 +1,5 @@
from collections.abc import Generator
from datetime import UTC, datetime, timedelta
import pytest
import sqlalchemy
@ -119,3 +120,52 @@ def test_share_recipe_from_different_group(api_client: TestClient, unique_user:
response = api_client.post(api_routes.shared_recipes, json={"recipeId": str(recipe.id)}, headers=g2_user.token)
assert response.status_code == 404
def test_share_recipe_from_different_household(
api_client: TestClient, unique_user: TestUser, h2_user: TestUser, slug: str
):
database = unique_user.repos
recipe = database.recipes.get_one(slug)
assert recipe
response = api_client.post(api_routes.shared_recipes, json={"recipeId": str(recipe.id)}, headers=h2_user.token)
assert response.status_code == 201
def test_get_recipe_from_token(api_client: TestClient, unique_user: TestUser, slug: str):
database = unique_user.repos
recipe = database.recipes.get_one(slug)
assert recipe
token = database.recipe_share_tokens.create(
RecipeShareTokenSave(recipe_id=recipe.id, group_id=unique_user.group_id)
)
response = api_client.get(api_routes.recipes_shared_token_id(token.id))
assert response.status_code == 200
response_data = response.json()
assert response_data["id"] == str(recipe.id)
def test_get_recipe_from_expired_token_deletes_token_and_returns_404(
api_client: TestClient, unique_user: TestUser, slug: str
):
database = unique_user.repos
recipe = database.recipes.get_one(slug)
assert recipe
token = database.recipe_share_tokens.create(
RecipeShareTokenSave(
recipe_id=recipe.id, group_id=unique_user.group_id, expiresAt=datetime.now(UTC) - timedelta(minutes=1)
)
)
fetch_token = database.recipe_share_tokens.get_one(token.id)
assert fetch_token
response = api_client.get(api_routes.recipes_shared_token_id(token.id), headers=unique_user.token)
assert response.status_code == 404
fetch_token = database.recipe_share_tokens.get_one(token.id)
assert fetch_token is None