diff --git a/src/app.py b/src/app.py index 0b33386..0cee4f3 100644 --- a/src/app.py +++ b/src/app.py @@ -144,6 +144,9 @@ def register_setup_check(app: Flask) -> None: "participant.magic_login", "participant.dashboard", "participant.logout", + "participant.profile_edit", + "participant.update_preferences", + "participant.withdraw", ]: return diff --git a/src/forms/participant.py b/src/forms/participant.py index 91df24d..c9a7bca 100644 --- a/src/forms/participant.py +++ b/src/forms/participant.py @@ -1,7 +1,7 @@ """Forms for participant registration and management.""" from flask_wtf import FlaskForm -from wtforms import BooleanField, EmailField, StringField, TextAreaField +from wtforms import BooleanField, EmailField, StringField, SubmitField, TextAreaField from wtforms.validators import DataRequired, Email, Length @@ -48,3 +48,48 @@ class MagicLinkRequestForm(FlaskForm): Length(max=255, message="Email must be less than 255 characters"), ], ) + + +class ProfileUpdateForm(FlaskForm): + """Form for updating participant profile.""" + + name = StringField( + "Name", + validators=[ + DataRequired(message="Name is required"), + Length(min=1, max=255, message="Name must be 1-255 characters"), + ], + description="Your display name (visible to other participants)", + ) + + gift_ideas = TextAreaField( + "Gift Ideas", + validators=[ + Length(max=10000, message="Gift ideas must be less than 10,000 characters") + ], + description="Optional wishlist or gift preferences for your Secret Santa", + render_kw={"rows": 6, "maxlength": 10000}, + ) + + +class ReminderPreferenceForm(FlaskForm): + """Form for updating reminder email preferences.""" + + reminder_enabled = BooleanField( + "Send me reminder emails before the exchange date", + description="You can change this at any time", + ) + + +class WithdrawForm(FlaskForm): + """Form for confirming withdrawal from exchange. + + Requires explicit confirmation to prevent accidental withdrawals. + """ + + confirm = BooleanField( + "I understand this cannot be undone and I will need to re-register to rejoin", + validators=[DataRequired(message="You must confirm to withdraw")], + ) + + submit = SubmitField("Withdraw from Exchange") diff --git a/src/routes/participant.py b/src/routes/participant.py index 7fa5d80..e794e46 100644 --- a/src/routes/participant.py +++ b/src/routes/participant.py @@ -17,7 +17,13 @@ from flask import ( from src.app import db from src.decorators.auth import participant_required -from src.forms.participant import MagicLinkRequestForm, ParticipantRegistrationForm +from src.forms.participant import ( + MagicLinkRequestForm, + ParticipantRegistrationForm, + ProfileUpdateForm, + ReminderPreferenceForm, + WithdrawForm, +) from src.models.exchange import Exchange from src.models.magic_token import MagicToken from src.models.participant import Participant @@ -341,10 +347,198 @@ def dashboard(id: int): # noqa: A002 if not participant: abort(404) + # Get list of active participants + from src.utils.participant import ( + can_update_profile, + can_withdraw, + get_active_participants, + ) + + participants = get_active_participants(exchange.id) + can_edit = can_update_profile(participant) + can_leave = can_withdraw(participant) + + # Create reminder preference form + reminder_form = ReminderPreferenceForm( + reminder_enabled=participant.reminder_enabled + ) + return render_template( "participant/dashboard.html", exchange=exchange, participant=participant, + participants=participants, + participant_count=len(participants), + can_edit_profile=can_edit, + can_withdraw=can_leave, + reminder_form=reminder_form, + ) + + +@participant_bp.route("/participant/profile/edit", methods=["GET", "POST"]) +@participant_required +def profile_edit(): + """Edit participant profile (name and gift ideas). + + Only allowed before matching occurs. + + Returns: + GET: Profile edit form + POST: Redirect to dashboard on success, or re-render form on error + """ + from flask import current_app + + # Get participant from session + participant = db.session.query(Participant).filter_by(id=session["user_id"]).first() + if not participant: + abort(404) + + # Check if profile editing is allowed + from src.utils.participant import can_update_profile + + if not can_update_profile(participant): + flash( + "Your profile is locked after matching. Contact the admin for changes.", + "error", + ) + return redirect(url_for("participant.dashboard", id=participant.exchange_id)) + + # Create form with current values + form = ProfileUpdateForm(obj=participant) + + if form.validate_on_submit(): + try: + # Update participant + participant.name = form.name.data.strip() + participant.gift_ideas = ( + form.gift_ideas.data.strip() if form.gift_ideas.data else None + ) + + db.session.commit() + + flash("Your profile has been updated successfully.", "success") + return redirect( + url_for("participant.dashboard", id=participant.exchange_id) + ) + + except Exception as e: + db.session.rollback() + current_app.logger.error(f"Failed to update participant profile: {e}") + flash("Failed to update profile. Please try again.", "error") + + return render_template( + "participant/profile_edit.html", + form=form, + participant=participant, + exchange=participant.exchange, + ) + + +@participant_bp.route("/participant/preferences", methods=["POST"]) +@participant_required +def update_preferences(): + """Update participant reminder email preferences. + + Returns: + Redirect to dashboard + """ + from flask import current_app + + participant = db.session.query(Participant).filter_by(id=session["user_id"]).first() + if not participant: + abort(404) + + form = ReminderPreferenceForm() + + if form.validate_on_submit(): + try: + participant.reminder_enabled = form.reminder_enabled.data + db.session.commit() + + if form.reminder_enabled.data: + flash("Reminder emails enabled.", "success") + else: + flash("Reminder emails disabled.", "success") + + except Exception as e: + db.session.rollback() + current_app.logger.error(f"Failed to update preferences: {e}") + flash("Failed to update preferences. Please try again.", "error") + else: + flash("Invalid request.", "error") + + return redirect(url_for("participant.dashboard", id=participant.exchange_id)) + + +@participant_bp.route("/participant/withdraw", methods=["GET", "POST"]) +@participant_required +def withdraw(): + """Withdraw from exchange (soft delete). + + GET: Show confirmation page with warnings + POST: Process withdrawal, log out, redirect to public page + + Returns: + GET: Withdrawal confirmation page + POST: Redirect to exchange registration page + """ + from flask import current_app + + participant = db.session.query(Participant).filter_by(id=session["user_id"]).first() + if not participant: + abort(404) + + exchange = participant.exchange + + # Check if withdrawal is allowed + from src.utils.participant import can_withdraw, is_withdrawn + + if is_withdrawn(participant): + flash("You have already withdrawn from this exchange.", "info") + return redirect(url_for("participant.register", slug=exchange.slug)) + + if not can_withdraw(participant): + if exchange.state == "registration_closed": + message = "Registration has closed. Please contact the admin to withdraw." + else: + message = "Withdrawal is no longer available. Please contact the admin." + flash(message, "error") + return redirect(url_for("participant.dashboard", id=exchange.id)) + + # Create withdrawal confirmation form + form = WithdrawForm() + + if form.validate_on_submit(): + try: + # Perform withdrawal + from src.services.withdrawal import WithdrawalError, withdraw_participant + + withdraw_participant(participant) + + # Log out participant + session.clear() + + flash( + "You have been withdrawn from the exchange. " + "A confirmation email has been sent.", + "success", + ) + return redirect(url_for("participant.register", slug=exchange.slug)) + + except WithdrawalError as e: + flash(str(e), "error") + return redirect(url_for("participant.dashboard", id=exchange.id)) + + except Exception as e: + current_app.logger.error(f"Unexpected error during withdrawal: {e}") + flash("An unexpected error occurred. Please try again.", "error") + + # GET request: show confirmation page + return render_template( + "participant/withdraw.html", + form=form, + participant=participant, + exchange=exchange, ) diff --git a/src/services/email.py b/src/services/email.py index 539ddcc..febb696 100644 --- a/src/services/email.py +++ b/src/services/email.py @@ -174,3 +174,53 @@ class EmailService: """ return self.send_email(to=to, subject=subject, html_body=html_body) + + def send_withdrawal_confirmation(self, participant: Any) -> Any: + """Send withdrawal confirmation email to participant. + + Args: + participant: The participant who withdrew + + Returns: + Response from email service + """ + exchange = participant.exchange + + subject = f"Withdrawal Confirmed - {exchange.name}" + html_body = f""" + + +

Withdrawal Confirmed

+

Hello {participant.name},

+

+ This email confirms that you have withdrawn from the + Secret Santa exchange {exchange.name}. +

+
+

What happens now:

+ +
+

+ If you withdrew by mistake, you can re-register using a + different email address while registration is still open. +

+
+

+ This is an automated message from Sneaky Klaus. +

+ + + """ + + return self.send_email( + to=participant.email, subject=subject, html_body=html_body + ) diff --git a/src/services/withdrawal.py b/src/services/withdrawal.py new file mode 100644 index 0000000..d4f206f --- /dev/null +++ b/src/services/withdrawal.py @@ -0,0 +1,73 @@ +"""Participant withdrawal service.""" + +from datetime import UTC, datetime + +from flask import current_app + +from src.app import db +from src.models.participant import Participant +from src.services.email import EmailService +from src.utils.participant import can_withdraw + + +class WithdrawalError(Exception): + """Raised when withdrawal operation fails.""" + + pass + + +def withdraw_participant(participant: Participant) -> None: + """Withdraw a participant from their exchange. + + This performs a soft delete by setting withdrawn_at timestamp. + Participant record is retained for audit trail. + + Args: + participant: The participant to withdraw + + Raises: + WithdrawalError: If withdrawal is not allowed + + Side effects: + - Sets participant.withdrawn_at to current UTC time + - Commits database transaction + - Sends withdrawal confirmation email + """ + # Validate withdrawal is allowed + if not can_withdraw(participant): + if participant.withdrawn_at is not None: + raise WithdrawalError("You have already withdrawn from this exchange.") + + exchange = participant.exchange + if exchange.state == "registration_closed": + raise WithdrawalError( + "Registration has closed. Please contact the admin to withdraw." + ) + elif exchange.state in ["matched", "completed"]: + raise WithdrawalError( + "Matching has already occurred. Please contact the admin." + ) + else: + raise WithdrawalError("Withdrawal is not allowed at this time.") + + # Perform withdrawal + participant.withdrawn_at = datetime.now(UTC) + + try: + db.session.commit() + current_app.logger.info( + f"Participant {participant.id} withdrawn from " + f"exchange {participant.exchange_id}" + ) + except Exception as e: + db.session.rollback() + current_app.logger.error(f"Failed to withdraw participant: {e}") + raise WithdrawalError("Failed to process withdrawal. Please try again.") from e + + # Send confirmation email + try: + email_service = EmailService() + email_service.send_withdrawal_confirmation(participant) + except Exception as e: + current_app.logger.error(f"Failed to send withdrawal email: {e}") + # Don't raise - withdrawal already committed diff --git a/src/templates/participant/dashboard.html b/src/templates/participant/dashboard.html index 1a4b6e1..b720c79 100644 --- a/src/templates/participant/dashboard.html +++ b/src/templates/participant/dashboard.html @@ -37,8 +37,58 @@
{{ participant.gift_ideas }}
{% endif %} + + {% if can_edit_profile %} + Edit Profile + {% endif %} +
+

Participants ({{ participant_count }})

+ {% if participants %} + + {% else %} +

No other participants yet. Share the registration link!

+ {% endif %} +
+ +
+

Email Reminders

+
+ {{ reminder_form.hidden_tag() }} +
+ {{ reminder_form.reminder_enabled() }} + {{ reminder_form.reminder_enabled.label }} +
+ {% if reminder_form.reminder_enabled.description %} + {{ reminder_form.reminder_enabled.description }} + {% endif %} + +
+
+ + {% if can_withdraw %} +
+

Withdraw from Exchange

+

+ If you can no longer participate, you can withdraw from this exchange. + This cannot be undone. +

+ + Withdraw from Exchange + +
+ {% endif %} +
diff --git a/src/templates/participant/profile_edit.html b/src/templates/participant/profile_edit.html new file mode 100644 index 0000000..41f91e4 --- /dev/null +++ b/src/templates/participant/profile_edit.html @@ -0,0 +1,64 @@ +{% extends "layouts/base.html" %} + +{% block title %}Edit Profile - {{ exchange.name }}{% endblock %} + +{% block content %} +
+
+

Edit Your Profile

+

Update your display name and gift ideas. Your Secret Santa will see this information after matching.

+
+ + + {{ form.hidden_tag() }} + +
+ {{ form.name.label }} + {{ form.name(class="form-control") }} + {% if form.name.errors %} +
    + {% for error in form.name.errors %} +
  • {{ error }}
    • + {% endfor %} +
+ {% endif %} + {{ form.name.description }} +
+ +
+ {{ form.gift_ideas.label }} + {{ form.gift_ideas(class="form-control") }} + {% if form.gift_ideas.errors %} +
    + {% for error in form.gift_ideas.errors %} +
  • {{ error }}
    • + {% endfor %} +
+ {% endif %} + {{ form.gift_ideas.description }} + + {{ (form.gift_ideas.data or '')|length }} / 10,000 characters + +
+ +
+ + Cancel +
+ +
+ + +{% endblock %} diff --git a/src/templates/participant/withdraw.html b/src/templates/participant/withdraw.html new file mode 100644 index 0000000..e90a981 --- /dev/null +++ b/src/templates/participant/withdraw.html @@ -0,0 +1,47 @@ +{% extends "layouts/base.html" %} + +{% block title %}Withdraw from {{ exchange.name }}{% endblock %} + +{% block content %} +
+
+

Withdraw from Exchange

+
+ +
+

⚠️ Are you sure?

+

Withdrawing from this exchange means:

+
    +
  • Your registration will be cancelled
    • +
  • You will be removed from the participant list
    • +
  • You cannot undo this action
    • +
  • You will need to re-register with a different email to rejoin
    • +
+
+ +
+ {{ form.hidden_tag() }} + +
+ + {% if form.confirm.errors %} +
    + {% for error in form.confirm.errors %} +
  • {{ error }}
    • + {% endfor %} +
+ {% endif %} +
+ +
+ {{ form.submit(class="contrast") }} + + Cancel + +
+
+
+{% endblock %} diff --git a/src/utils/participant.py b/src/utils/participant.py new file mode 100644 index 0000000..58355cb --- /dev/null +++ b/src/utils/participant.py @@ -0,0 +1,76 @@ +"""Participant business logic utilities.""" + +from typing import TYPE_CHECKING + +if TYPE_CHECKING: + from src.models import Participant + + +def get_active_participants(exchange_id: int) -> list["Participant"]: + """Get all active (non-withdrawn) participants for an exchange. + + Args: + exchange_id: ID of the exchange + + Returns: + List of active participants, ordered by name + """ + from src.models.participant import Participant + + result: list[Participant] = ( + Participant.query.filter( + Participant.exchange_id == exchange_id, Participant.withdrawn_at.is_(None) + ) + .order_by(Participant.name) + .all() + ) + return result + + +def is_withdrawn(participant: "Participant") -> bool: + """Check if participant has withdrawn. + + Args: + participant: The participant to check + + Returns: + True if withdrawn, False otherwise + """ + return participant.withdrawn_at is not None + + +def can_update_profile(participant: "Participant") -> bool: + """Check if participant can update their profile. + + Profile updates are allowed until matching occurs. + + Args: + participant: The participant to check + + Returns: + True if profile updates are allowed, False otherwise + """ + exchange = participant.exchange + allowed_states = ["draft", "registration_open", "registration_closed"] + return exchange.state in allowed_states + + +def can_withdraw(participant: "Participant") -> bool: + """Check if participant can withdraw from the exchange. + + Withdrawals are only allowed before registration closes. + After that, admin intervention is required. + + Args: + participant: The participant to check + + Returns: + True if withdrawal is allowed, False otherwise + """ + # Already withdrawn + if participant.withdrawn_at is not None: + return False + + exchange = participant.exchange + allowed_states = ["draft", "registration_open"] + return exchange.state in allowed_states diff --git a/tests/conftest.py b/tests/conftest.py index e066452..bc0fb8b 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -75,3 +75,97 @@ def admin(db): db.session.add(admin) db.session.commit() return admin + + +@pytest.fixture +def exchange_factory(db): + """Factory for creating test exchanges. + + Args: + db: Database instance. + + Returns: + Function that creates and returns Exchange instances. + """ + from datetime import UTC, datetime, timedelta + + from src.models.exchange import Exchange + + def _create(state="draft", **kwargs): + exchange = Exchange( + slug=kwargs.get("slug", Exchange.generate_slug()), + name=kwargs.get("name", "Test Exchange"), + budget=kwargs.get("budget", "$25-50"), + max_participants=kwargs.get("max_participants", 50), + registration_close_date=kwargs.get( + "registration_close_date", datetime.now(UTC) + timedelta(days=7) + ), + exchange_date=kwargs.get( + "exchange_date", datetime.now(UTC) + timedelta(days=14) + ), + timezone=kwargs.get("timezone", "UTC"), + state=state, + ) + db.session.add(exchange) + db.session.commit() + return exchange + + return _create + + +@pytest.fixture +def participant_factory(db, exchange_factory): + """Factory for creating test participants. + + Args: + db: Database instance. + exchange_factory: Exchange factory fixture. + + Returns: + Function that creates and returns Participant instances. + """ + from src.models.participant import Participant + + counter = {"value": 0} + + def _create(exchange=None, **kwargs): + if not exchange: + exchange = exchange_factory() + + counter["value"] += 1 + participant = Participant( + exchange_id=exchange.id, + name=kwargs.get("name", f"Test Participant {counter['value']}"), + email=kwargs.get("email", f"test{counter['value']}@example.com"), + gift_ideas=kwargs.get("gift_ideas", "Test ideas"), + reminder_enabled=kwargs.get("reminder_enabled", True), + withdrawn_at=kwargs.get("withdrawn_at"), + ) + db.session.add(participant) + db.session.commit() + return participant + + return _create + + +@pytest.fixture +def auth_participant(client, exchange_factory, participant_factory): + """Create an authenticated participant session. + + Args: + client: Flask test client. + exchange_factory: Exchange factory fixture. + participant_factory: Participant factory fixture. + + Returns: + Authenticated participant instance. + """ + exchange = exchange_factory(state="registration_open") + participant = participant_factory(exchange=exchange) + + with client.session_transaction() as session: + session["user_id"] = participant.id + session["user_type"] = "participant" + session["exchange_id"] = exchange.id + + return participant diff --git a/tests/integration/test_participant_list.py b/tests/integration/test_participant_list.py new file mode 100644 index 0000000..f967f5d --- /dev/null +++ b/tests/integration/test_participant_list.py @@ -0,0 +1,135 @@ +"""Integration tests for participant list functionality.""" + +from datetime import UTC, datetime + +from flask import url_for + + +def test_participant_list_shows_all_active( + client, auth_participant, participant_factory +): + """Test participant list shows all active participants.""" + # auth_participant fixture creates session and one participant + exchange = auth_participant.exchange + + # Create 2 more active participants + participant_factory(exchange=exchange, name="Bob") + participant_factory(exchange=exchange, name="Charlie") + + response = client.get(url_for("participant.dashboard", id=exchange.id)) + + assert response.status_code == 200 + assert b"Bob" in response.data + assert b"Charlie" in response.data + assert b"Participants (3)" in response.data + + +def test_participant_list_excludes_withdrawn( + client, auth_participant, participant_factory +): + """Test withdrawn participants are not shown.""" + exchange = auth_participant.exchange + + # Create active and withdrawn participants + participant_factory(exchange=exchange, name="Active") + participant_factory( + exchange=exchange, name="Withdrawn", withdrawn_at=datetime.now(UTC) + ) + + response = client.get(url_for("participant.dashboard", id=exchange.id)) + + assert response.status_code == 200 + assert b"Active" in response.data + assert b"Withdrawn" not in response.data + # Count should be 2 (auth_participant + Active) + assert b"Participants (2)" in response.data + + +def test_participant_list_shows_self_badge(client, auth_participant): + """Test participant list marks current user with badge.""" + exchange = auth_participant.exchange + + response = client.get(url_for("participant.dashboard", id=exchange.id)) + + assert response.status_code == 200 + # Should show the participant's name + assert auth_participant.name.encode() in response.data + # Should show "You" badge + assert b"You" in response.data + + +def test_participant_list_ordered_by_name( + client, auth_participant, participant_factory +): + """Test participants are shown in alphabetical order.""" + exchange = auth_participant.exchange + + # Create participants with names that should be sorted + participant_factory(exchange=exchange, name="Zoe") + participant_factory(exchange=exchange, name="Alice") + participant_factory(exchange=exchange, name="Bob") + + response = client.get(url_for("participant.dashboard", id=exchange.id)) + + assert response.status_code == 200 + # Check order by finding positions in response + data = response.data.decode() + alice_pos = data.find("Alice") + bob_pos = data.find("Bob") + zoe_pos = data.find("Zoe") + + # All should be present + assert alice_pos > 0 + assert bob_pos > 0 + assert zoe_pos > 0 + + # Should be in alphabetical order + assert alice_pos < bob_pos < zoe_pos + + +def test_participant_list_empty_state(client, exchange_factory, participant_factory): + """Test message shown when only one participant.""" + exchange = exchange_factory(state="registration_open") + participant = participant_factory(exchange=exchange) + + # Create session for the only participant + with client.session_transaction() as session: + session["user_id"] = participant.id + session["user_type"] = "participant" + session["exchange_id"] = exchange.id + + response = client.get(url_for("participant.dashboard", id=exchange.id)) + + assert response.status_code == 200 + assert b"Participants (1)" in response.data + # Should show participant's own name + assert participant.name.encode() in response.data + + +def test_participant_list_requires_auth(client, exchange_factory): + """Test participant list requires authentication.""" + exchange = exchange_factory() + + response = client.get( + url_for("participant.dashboard", id=exchange.id), follow_redirects=False + ) + + # Should redirect to login (or show error) + assert response.status_code in [302, 403] + + +def test_participant_list_different_exchange( + client, auth_participant, exchange_factory, participant_factory +): + """Test participants filtered by exchange.""" + exchange1 = auth_participant.exchange + exchange2 = exchange_factory(state="registration_open") + + # Create participant in different exchange + participant_factory(exchange=exchange2, name="Other Exchange") + + response = client.get(url_for("participant.dashboard", id=exchange1.id)) + + assert response.status_code == 200 + # Should not show participant from other exchange + assert b"Other Exchange" not in response.data diff --git a/tests/integration/test_profile_update.py b/tests/integration/test_profile_update.py new file mode 100644 index 0000000..9014d4c --- /dev/null +++ b/tests/integration/test_profile_update.py @@ -0,0 +1,125 @@ +"""Integration tests for profile update functionality.""" + +from flask import url_for + + +def test_profile_update_get_shows_form(client, auth_participant): + """GET shows edit form with current values.""" + response = client.get(url_for("participant.profile_edit")) + + assert response.status_code == 200 + assert auth_participant.name.encode() in response.data + assert b"Edit Your Profile" in response.data + + +def test_profile_update_post_success(client, auth_participant, db): + """POST updates profile successfully.""" + response = client.post( + url_for("participant.profile_edit"), + data={"name": "Updated Name", "gift_ideas": "Updated ideas"}, + follow_redirects=True, + ) + + assert response.status_code == 200 + assert b"profile has been updated" in response.data + + # Verify database + db.session.refresh(auth_participant) + assert auth_participant.name == "Updated Name" + assert auth_participant.gift_ideas == "Updated ideas" + + +def test_profile_update_name_change(client, auth_participant, db): + """Name updates in database.""" + original_name = auth_participant.name + + client.post( + url_for("participant.profile_edit"), + data={"name": "New Name", "gift_ideas": ""}, + follow_redirects=True, + ) + + db.session.refresh(auth_participant) + assert auth_participant.name == "New Name" + assert auth_participant.name != original_name + + +def test_profile_update_locked_after_matching( + client, exchange_factory, participant_factory +): + """Profile edit blocked after matching.""" + exchange = exchange_factory(state="matched") + participant = participant_factory(exchange=exchange) + + with client.session_transaction() as session: + session["user_id"] = participant.id + session["user_type"] = "participant" + session["exchange_id"] = exchange.id + + response = client.get(url_for("participant.profile_edit"), follow_redirects=True) + + assert b"profile is locked" in response.data + + +def test_profile_update_form_validation_empty_name(client, auth_participant): + """Empty name shows validation error.""" + # auth_participant fixture sets up the session + _ = auth_participant # Mark as used + response = client.post( + url_for("participant.profile_edit"), data={"name": "", "gift_ideas": "Test"} + ) + + assert response.status_code == 200 + assert ( + b"Name is required" in response.data + or b"This field is required" in response.data + ) + + +def test_profile_update_requires_auth(client): + """Profile edit requires authentication.""" + response = client.get(url_for("participant.profile_edit"), follow_redirects=False) + + assert response.status_code == 403 + + +def test_profile_update_strips_whitespace(client, auth_participant, db): + """Whitespace is stripped from name and gift ideas.""" + client.post( + url_for("participant.profile_edit"), + data={"name": " Spaces ", "gift_ideas": " Gift "}, + follow_redirects=True, + ) + + db.session.refresh(auth_participant) + assert auth_participant.name == "Spaces" + assert auth_participant.gift_ideas == "Gift" + + +def test_dashboard_shows_edit_link_when_allowed(client, auth_participant): + """Dashboard shows edit profile link when editing is allowed.""" + response = client.get( + url_for("participant.dashboard", id=auth_participant.exchange_id) + ) + + assert response.status_code == 200 + assert b"Edit Profile" in response.data + + +def test_dashboard_hides_edit_link_after_matching( + client, exchange_factory, participant_factory +): + """Dashboard hides edit profile link after matching.""" + exchange = exchange_factory(state="matched") + participant = participant_factory(exchange=exchange) + + with client.session_transaction() as session: + session["user_id"] = participant.id + session["user_type"] = "participant" + session["exchange_id"] = exchange.id + + response = client.get(url_for("participant.dashboard", id=exchange.id)) + + assert response.status_code == 200 + # Edit link should not be present + assert b"Edit Profile" not in response.data diff --git a/tests/integration/test_reminder_preferences.py b/tests/integration/test_reminder_preferences.py new file mode 100644 index 0000000..0531d72 --- /dev/null +++ b/tests/integration/test_reminder_preferences.py @@ -0,0 +1,83 @@ +"""Integration tests for reminder preferences.""" + +from flask import url_for + + +def get_csrf_token(client, url): + """Extract CSRF token from a page. + + Args: + client: Flask test client. + url: URL to fetch the CSRF token from. + + Returns: + CSRF token string. + """ + response = client.get(url) + # Extract CSRF token from the form + data = response.data.decode() + start = data.find('name="csrf_token" value="') + len('name="csrf_token" value="') + end = data.find('"', start) + return data[start:end] + + +def test_dashboard_shows_reminder_preference_form(client, auth_participant): + """Test that dashboard shows reminder preference form.""" + response = client.get( + url_for("participant.dashboard", id=auth_participant.exchange_id) + ) + + assert response.status_code == 200 + assert b"Email Reminders" in response.data or b"Send me reminders" in response.data + + +def test_update_preferences_enable(client, auth_participant, db): + """Enable reminder emails.""" + auth_participant.reminder_enabled = False + db.session.commit() + + csrf_token = get_csrf_token( + client, url_for("participant.dashboard", id=auth_participant.exchange_id) + ) + + response = client.post( + url_for("participant.update_preferences"), + data={"reminder_enabled": True, "csrf_token": csrf_token}, + follow_redirects=True, + ) + + assert response.status_code == 200 + assert b"Reminder emails enabled" in response.data + + db.session.refresh(auth_participant) + assert auth_participant.reminder_enabled is True + + +def test_update_preferences_disable(client, auth_participant, db): + """Disable reminder emails.""" + auth_participant.reminder_enabled = True + db.session.commit() + + csrf_token = get_csrf_token( + client, url_for("participant.dashboard", id=auth_participant.exchange_id) + ) + + response = client.post( + url_for("participant.update_preferences"), + data={"csrf_token": csrf_token}, + follow_redirects=True, + ) + + assert response.status_code == 200 + assert b"Reminder emails disabled" in response.data + + db.session.refresh(auth_participant) + assert auth_participant.reminder_enabled is False + + +def test_update_preferences_requires_login(client): + """Test that update_preferences requires login.""" + response = client.post(url_for("participant.update_preferences")) + + # Should redirect to login or show error + assert response.status_code in [302, 401, 403] diff --git a/tests/integration/test_withdrawal.py b/tests/integration/test_withdrawal.py new file mode 100644 index 0000000..02ada9b --- /dev/null +++ b/tests/integration/test_withdrawal.py @@ -0,0 +1,172 @@ +"""Integration tests for withdrawal functionality.""" + +from datetime import datetime + +from flask import url_for + +from src.models.participant import Participant + + +def get_csrf_token(client, url): + """Extract CSRF token from a page. + + Args: + client: Flask test client. + url: URL to fetch the CSRF token from. + + Returns: + CSRF token string. + """ + response = client.get(url) + # Extract CSRF token from the form + data = response.data.decode() + start = data.find('name="csrf_token" value="') + len('name="csrf_token" value="') + end = data.find('"', start) + return data[start:end] + + +def test_withdrawal_get_shows_confirmation_page(client, auth_participant): # noqa: ARG001 + """Test GET shows withdrawal confirmation page.""" + response = client.get(url_for("participant.withdraw")) + + assert response.status_code == 200 + assert b"Withdraw from Exchange" in response.data + assert b"Are you sure" in response.data or b"cannot be undone" in response.data + + +def test_withdrawal_post_success(client, auth_participant, db): + """Test successful withdrawal flow.""" + participant_id = auth_participant.id + + csrf_token = get_csrf_token(client, url_for("participant.withdraw")) + + response = client.post( + url_for("participant.withdraw"), + data={"confirm": True, "csrf_token": csrf_token}, + follow_redirects=True, + ) + + assert response.status_code == 200 + assert b"withdrawn from the exchange" in response.data + + # Verify database + participant = db.session.query(Participant).filter_by(id=participant_id).first() + assert participant.withdrawn_at is not None + + # Verify session cleared + with client.session_transaction() as session: + assert "user_id" not in session + + +def test_withdrawal_requires_confirmation(client, auth_participant): # noqa: ARG001 + """Test withdrawal requires checkbox confirmation.""" + csrf_token = get_csrf_token(client, url_for("participant.withdraw")) + + response = client.post( + url_for("participant.withdraw"), + data={"csrf_token": csrf_token}, + follow_redirects=False, + ) + + # Should re-render form with validation error + assert response.status_code == 200 + assert b"confirm" in response.data.lower() + + +def test_withdrawal_blocked_after_registration_closes( + client, exchange_factory, participant_factory +): + """Test withdrawal blocked after registration closes.""" + exchange = exchange_factory(state="registration_closed") + participant = participant_factory(exchange=exchange) + + with client.session_transaction() as session: + session["user_id"] = participant.id + session["user_type"] = "participant" + session["exchange_id"] = exchange.id + + response = client.get(url_for("participant.withdraw"), follow_redirects=True) + + assert ( + b"Registration has closed" in response.data + or b"Contact the admin" in response.data + ) + + +def test_withdrawal_blocked_after_matching( + client, exchange_factory, participant_factory +): + """Test withdrawal blocked after matching occurs.""" + exchange = exchange_factory(state="matched") + participant = participant_factory(exchange=exchange) + + with client.session_transaction() as session: + session["user_id"] = participant.id + session["user_type"] = "participant" + session["exchange_id"] = exchange.id + + response = client.get(url_for("participant.withdraw"), follow_redirects=True) + + assert ( + b"Withdrawal is no longer available" in response.data + or b"Contact the admin" in response.data + ) + + +def test_withdrawal_requires_login(client): + """Test that withdrawal requires login.""" + response = client.get(url_for("participant.withdraw")) + + # Should redirect or show error + assert response.status_code in [302, 401, 403] + + +def test_dashboard_shows_withdraw_link_when_allowed(client, auth_participant): + """Dashboard shows withdraw link when withdrawal is allowed.""" + response = client.get( + url_for("participant.dashboard", id=auth_participant.exchange_id) + ) + + assert response.status_code == 200 + assert b"Withdraw" in response.data + + +def test_dashboard_hides_withdraw_link_after_close( + client, exchange_factory, participant_factory +): + """Dashboard hides withdraw link after registration closes.""" + exchange = exchange_factory(state="registration_closed") + participant = participant_factory(exchange=exchange) + + with client.session_transaction() as session: + session["user_id"] = participant.id + session["user_type"] = "participant" + session["exchange_id"] = exchange.id + + response = client.get(url_for("participant.dashboard", id=exchange.id)) + + assert response.status_code == 200 + # Withdraw link should not be present + assert b"Withdraw from Exchange" not in response.data + + +def test_already_withdrawn_redirects_to_register( + client, + exchange_factory, + participant_factory, + db, # noqa: ARG001 +): + """Test that already withdrawn participants are redirected to register page.""" + exchange = exchange_factory(state="registration_open") + participant = participant_factory(exchange=exchange, withdrawn_at=datetime.utcnow()) + + with client.session_transaction() as session: + session["user_id"] = participant.id + session["user_type"] = "participant" + session["exchange_id"] = exchange.id + + response = client.get(url_for("participant.withdraw"), follow_redirects=True) + + assert b"already withdrawn" in response.data + # Should be on registration page + assert exchange.name.encode() in response.data diff --git a/tests/unit/test_participant_utils.py b/tests/unit/test_participant_utils.py new file mode 100644 index 0000000..8e72aac --- /dev/null +++ b/tests/unit/test_participant_utils.py @@ -0,0 +1,158 @@ +"""Unit tests for participant utility functions.""" + +from datetime import UTC, datetime + +from src.utils.participant import ( + can_update_profile, + can_withdraw, + get_active_participants, + is_withdrawn, +) + + +def test_get_active_participants_excludes_withdrawn( + exchange_factory, participant_factory +): + """Test that get_active_participants excludes withdrawn participants.""" + exchange = exchange_factory() + + # Create 2 active, 1 withdrawn + active1 = participant_factory(exchange=exchange, name="Alice") + active2 = participant_factory(exchange=exchange, name="Bob") + withdrawn = participant_factory( + exchange=exchange, name="Charlie", withdrawn_at=datetime.now(UTC) + ) + + participants = get_active_participants(exchange.id) + + assert len(participants) == 2 + assert active1 in participants + assert active2 in participants + assert withdrawn not in participants + + +def test_get_active_participants_ordered_by_name(exchange_factory, participant_factory): + """Test that participants are ordered alphabetically.""" + exchange = exchange_factory() + + participant_factory(exchange=exchange, name="Zoe") + participant_factory(exchange=exchange, name="Alice") + participant_factory(exchange=exchange, name="Bob") + + participants = get_active_participants(exchange.id) + + assert len(participants) == 3 + assert participants[0].name == "Alice" + assert participants[1].name == "Bob" + assert participants[2].name == "Zoe" + + +def test_get_active_participants_empty_when_all_withdrawn( + exchange_factory, participant_factory +): + """Test that empty list returned when all participants withdrawn.""" + exchange = exchange_factory() + + participant_factory(exchange=exchange, withdrawn_at=datetime.now(UTC)) + participant_factory(exchange=exchange, withdrawn_at=datetime.now(UTC)) + + participants = get_active_participants(exchange.id) + + assert len(participants) == 0 + + +def test_get_active_participants_different_exchanges( + exchange_factory, participant_factory +): + """Test that participants are filtered by exchange_id.""" + exchange1 = exchange_factory() + exchange2 = exchange_factory() + + participant_factory(exchange=exchange1, name="Alice") + participant_factory(exchange=exchange2, name="Bob") + + participants = get_active_participants(exchange1.id) + + assert len(participants) == 1 + assert participants[0].name == "Alice" + + +def test_is_withdrawn_true(participant_factory): + """Test is_withdrawn returns True for withdrawn participant.""" + participant = participant_factory(withdrawn_at=datetime.now(UTC)) + assert is_withdrawn(participant) is True + + +def test_is_withdrawn_false(participant_factory): + """Test is_withdrawn returns False for active participant.""" + participant = participant_factory() + assert is_withdrawn(participant) is False + + +def test_can_update_profile_draft_state(participant_factory, exchange_factory): + """Profile updates allowed in draft state.""" + exchange = exchange_factory(state="draft") + participant = participant_factory(exchange=exchange) + assert can_update_profile(participant) is True + + +def test_can_update_profile_registration_open(participant_factory, exchange_factory): + """Profile updates allowed when registration open.""" + exchange = exchange_factory(state="registration_open") + participant = participant_factory(exchange=exchange) + assert can_update_profile(participant) is True + + +def test_can_update_profile_registration_closed(participant_factory, exchange_factory): + """Profile updates allowed when registration closed.""" + exchange = exchange_factory(state="registration_closed") + participant = participant_factory(exchange=exchange) + assert can_update_profile(participant) is True + + +def test_can_update_profile_matched_state(participant_factory, exchange_factory): + """Profile updates blocked after matching.""" + exchange = exchange_factory(state="matched") + participant = participant_factory(exchange=exchange) + assert can_update_profile(participant) is False + + +def test_can_update_profile_completed_state(participant_factory, exchange_factory): + """Profile updates blocked when completed.""" + exchange = exchange_factory(state="completed") + participant = participant_factory(exchange=exchange) + assert can_update_profile(participant) is False + + +def test_can_withdraw_draft_state(participant_factory, exchange_factory): + """Withdrawal allowed in draft state.""" + exchange = exchange_factory(state="draft") + participant = participant_factory(exchange=exchange) + assert can_withdraw(participant) is True + + +def test_can_withdraw_registration_open(participant_factory, exchange_factory): + """Withdrawal allowed when registration open.""" + exchange = exchange_factory(state="registration_open") + participant = participant_factory(exchange=exchange) + assert can_withdraw(participant) is True + + +def test_can_withdraw_registration_closed(participant_factory, exchange_factory): + """Withdrawal blocked when registration closed.""" + exchange = exchange_factory(state="registration_closed") + participant = participant_factory(exchange=exchange) + assert can_withdraw(participant) is False + + +def test_can_withdraw_matched_state(participant_factory, exchange_factory): + """Withdrawal blocked after matching.""" + exchange = exchange_factory(state="matched") + participant = participant_factory(exchange=exchange) + assert can_withdraw(participant) is False + + +def test_can_withdraw_already_withdrawn(participant_factory): + """Withdrawal blocked if already withdrawn.""" + participant = participant_factory(withdrawn_at=datetime.now(UTC)) + assert can_withdraw(participant) is False diff --git a/tests/unit/test_withdrawal_service.py b/tests/unit/test_withdrawal_service.py new file mode 100644 index 0000000..d049530 --- /dev/null +++ b/tests/unit/test_withdrawal_service.py @@ -0,0 +1,67 @@ +"""Unit tests for withdrawal service.""" + +from datetime import datetime +from unittest.mock import patch + +import pytest + +from src.services.withdrawal import WithdrawalError, withdraw_participant + + +def test_withdraw_participant_success(participant_factory, db, app): # noqa: ARG001 + """Test successful withdrawal.""" + with app.app_context(): + participant = participant_factory() + + with patch("src.services.withdrawal.EmailService") as mock_email_service: + withdraw_participant(participant) + + assert participant.withdrawn_at is not None + mock_email_service.return_value.send_withdrawal_confirmation.assert_called_once() + + +def test_withdraw_participant_already_withdrawn(participant_factory, app): + """Test error when already withdrawn.""" + with app.app_context(): + participant = participant_factory(withdrawn_at=datetime.utcnow()) + + with pytest.raises(WithdrawalError, match="already withdrawn"): + withdraw_participant(participant) + + +def test_withdraw_participant_registration_closed( + exchange_factory, participant_factory, app +): + """Test error when registration is closed.""" + with app.app_context(): + exchange = exchange_factory(state="registration_closed") + participant = participant_factory(exchange=exchange) + + with pytest.raises(WithdrawalError, match="Registration has closed"): + withdraw_participant(participant) + + +def test_withdraw_participant_after_matching( + exchange_factory, participant_factory, app +): + """Test error when matching has occurred.""" + with app.app_context(): + exchange = exchange_factory(state="matched") + participant = participant_factory(exchange=exchange) + + with pytest.raises(WithdrawalError, match="Matching has already occurred"): + withdraw_participant(participant) + + +def test_withdraw_participant_sets_timestamp(participant_factory, db, app): # noqa: ARG001 + """Test that withdrawal sets timestamp correctly.""" + with app.app_context(): + participant = participant_factory() + + with patch("src.services.withdrawal.EmailService"): + before = datetime.utcnow() + withdraw_participant(participant) + after = datetime.utcnow() + + assert participant.withdrawn_at is not None + assert before <= participant.withdrawn_at <= after