phil/sneakyklaus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge release/v0.3.0: Phase 3 - Participant Self-Management

Browse Source
This commit is contained in:
Phil Skentelbery
2025-12-22 21:22:54 -07:00
parent 75378ac769 0941315a70
commit 5660d882d6
16 changed files with 1438 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/app.py
View File

@@ -144,6 +144,9 @@ def register_setup_check(app: Flask) -> None:
"participant.magic_login", "participant.magic_login",
"participant.dashboard", "participant.dashboard",
"participant.logout", "participant.logout",
"participant.profile_edit",
"participant.update_preferences",
"participant.withdraw",
]: ]:
return return

47
src/forms/participant.py
View File

@@ -1,7 +1,7 @@
"""Forms for participant registration and management.""" """Forms for participant registration and management."""
from flask_wtf import FlaskForm from flask_wtf import FlaskForm
from wtforms import BooleanField, EmailField, StringField, TextAreaField from wtforms import BooleanField, EmailField, StringField, SubmitField, TextAreaField
from wtforms.validators import DataRequired, Email, Length from wtforms.validators import DataRequired, Email, Length
@@ -48,3 +48,48 @@ class MagicLinkRequestForm(FlaskForm):
Length(max=255, message="Email must be less than 255 characters"), Length(max=255, message="Email must be less than 255 characters"),
], ],
) )
class ProfileUpdateForm(FlaskForm):
"""Form for updating participant profile."""
name = StringField(
"Name",
validators=[
DataRequired(message="Name is required"),
Length(min=1, max=255, message="Name must be 1-255 characters"),
],
description="Your display name (visible to other participants)",
)
gift_ideas = TextAreaField(
"Gift Ideas",
validators=[
Length(max=10000, message="Gift ideas must be less than 10,000 characters")
],
description="Optional wishlist or gift preferences for your Secret Santa",
render_kw={"rows": 6, "maxlength": 10000},
)
class ReminderPreferenceForm(FlaskForm):
"""Form for updating reminder email preferences."""
reminder_enabled = BooleanField(
"Send me reminder emails before the exchange date",
description="You can change this at any time",
)
class WithdrawForm(FlaskForm):
"""Form for confirming withdrawal from exchange.
Requires explicit confirmation to prevent accidental withdrawals.
"""
confirm = BooleanField(
"I understand this cannot be undone and I will need to re-register to rejoin",
validators=[DataRequired(message="You must confirm to withdraw")],
)
submit = SubmitField("Withdraw from Exchange")

196
src/routes/participant.py
View File

@@ -17,7 +17,13 @@ from flask import (
from src.app import db from src.app import db
from src.decorators.auth import participant_required from src.decorators.auth import participant_required
from src.forms.participant import MagicLinkRequestForm, ParticipantRegistrationForm from src.forms.participant import (
MagicLinkRequestForm,
ParticipantRegistrationForm,
ProfileUpdateForm,
ReminderPreferenceForm,
WithdrawForm,
)
from src.models.exchange import Exchange from src.models.exchange import Exchange
from src.models.magic_token import MagicToken from src.models.magic_token import MagicToken
from src.models.participant import Participant from src.models.participant import Participant
@@ -341,10 +347,198 @@ def dashboard(id: int): # noqa: A002
if not participant: if not participant:
abort(404) abort(404)
# Get list of active participants
from src.utils.participant import (
can_update_profile,
can_withdraw,
get_active_participants,
)
participants = get_active_participants(exchange.id)
can_edit = can_update_profile(participant)
can_leave = can_withdraw(participant)
# Create reminder preference form
reminder_form = ReminderPreferenceForm(
reminder_enabled=participant.reminder_enabled
)
return render_template( return render_template(
"participant/dashboard.html", "participant/dashboard.html",
exchange=exchange, exchange=exchange,
participant=participant, participant=participant,
participants=participants,
participant_count=len(participants),
can_edit_profile=can_edit,
can_withdraw=can_leave,
reminder_form=reminder_form,
)
@participant_bp.route("/participant/profile/edit", methods=["GET", "POST"])
@participant_required
def profile_edit():
"""Edit participant profile (name and gift ideas).
Only allowed before matching occurs.
Returns:
GET: Profile edit form
POST: Redirect to dashboard on success, or re-render form on error
"""
from flask import current_app
# Get participant from session
participant = db.session.query(Participant).filter_by(id=session["user_id"]).first()
if not participant:
abort(404)
# Check if profile editing is allowed
from src.utils.participant import can_update_profile
if not can_update_profile(participant):
flash(
"Your profile is locked after matching. Contact the admin for changes.",
"error",
)
return redirect(url_for("participant.dashboard", id=participant.exchange_id))
# Create form with current values
form = ProfileUpdateForm(obj=participant)
if form.validate_on_submit():
try:
# Update participant
participant.name = form.name.data.strip()
participant.gift_ideas = (
form.gift_ideas.data.strip() if form.gift_ideas.data else None
)
db.session.commit()
flash("Your profile has been updated successfully.", "success")
return redirect(
url_for("participant.dashboard", id=participant.exchange_id)
)
except Exception as e:
db.session.rollback()
current_app.logger.error(f"Failed to update participant profile: {e}")
flash("Failed to update profile. Please try again.", "error")
return render_template(
"participant/profile_edit.html",
form=form,
participant=participant,
exchange=participant.exchange,
)
@participant_bp.route("/participant/preferences", methods=["POST"])
@participant_required
def update_preferences():
"""Update participant reminder email preferences.
Returns:
Redirect to dashboard
"""
from flask import current_app
participant = db.session.query(Participant).filter_by(id=session["user_id"]).first()
if not participant:
abort(404)
form = ReminderPreferenceForm()
if form.validate_on_submit():
try:
participant.reminder_enabled = form.reminder_enabled.data
db.session.commit()
if form.reminder_enabled.data:
flash("Reminder emails enabled.", "success")
else:
flash("Reminder emails disabled.", "success")
except Exception as e:
db.session.rollback()
current_app.logger.error(f"Failed to update preferences: {e}")
flash("Failed to update preferences. Please try again.", "error")
else:
flash("Invalid request.", "error")
return redirect(url_for("participant.dashboard", id=participant.exchange_id))
@participant_bp.route("/participant/withdraw", methods=["GET", "POST"])
@participant_required
def withdraw():
"""Withdraw from exchange (soft delete).
GET: Show confirmation page with warnings
POST: Process withdrawal, log out, redirect to public page
Returns:
GET: Withdrawal confirmation page
POST: Redirect to exchange registration page
"""
from flask import current_app
participant = db.session.query(Participant).filter_by(id=session["user_id"]).first()
if not participant:
abort(404)
exchange = participant.exchange
# Check if withdrawal is allowed
from src.utils.participant import can_withdraw, is_withdrawn
if is_withdrawn(participant):
flash("You have already withdrawn from this exchange.", "info")
return redirect(url_for("participant.register", slug=exchange.slug))
if not can_withdraw(participant):
if exchange.state == "registration_closed":
message = "Registration has closed. Please contact the admin to withdraw."
else:
message = "Withdrawal is no longer available. Please contact the admin."
flash(message, "error")
return redirect(url_for("participant.dashboard", id=exchange.id))
# Create withdrawal confirmation form
form = WithdrawForm()
if form.validate_on_submit():
try:
# Perform withdrawal
from src.services.withdrawal import WithdrawalError, withdraw_participant
withdraw_participant(participant)
# Log out participant
session.clear()
flash(
"You have been withdrawn from the exchange. "
"A confirmation email has been sent.",
"success",
)
return redirect(url_for("participant.register", slug=exchange.slug))
except WithdrawalError as e:
flash(str(e), "error")
return redirect(url_for("participant.dashboard", id=exchange.id))
except Exception as e:
current_app.logger.error(f"Unexpected error during withdrawal: {e}")
flash("An unexpected error occurred. Please try again.", "error")
# GET request: show confirmation page
return render_template(
"participant/withdraw.html",
form=form,
participant=participant,
exchange=exchange,
) )

50
src/services/email.py
View File

@@ -174,3 +174,53 @@ class EmailService:
""" """
return self.send_email(to=to, subject=subject, html_body=html_body) return self.send_email(to=to, subject=subject, html_body=html_body)
def send_withdrawal_confirmation(self, participant: Any) -> Any:
"""Send withdrawal confirmation email to participant.
Args:
participant: The participant who withdrew
Returns:
Response from email service
"""
exchange = participant.exchange
subject = f"Withdrawal Confirmed - {exchange.name}"
html_body = f"""
<html>
<body>
<h2>Withdrawal Confirmed</h2>
<p>Hello {participant.name},</p>
<p>
This email confirms that you have withdrawn from the
Secret Santa exchange <strong>{exchange.name}</strong>.
</p>
<div style="background-color: #f8f9fa;
border-left: 4px solid #e74c3c;
padding: 15px; margin: 20px 0;">
<p style="margin: 0;"><strong>What happens now:</strong></p>
<ul style="margin: 10px 0;">
<li>You have been removed from the participant list</li>
<li>Your profile information has been archived</li>
<li>
You will not receive further emails about this exchange
</li>
</ul>
</div>
<p>
If you withdrew by mistake, you can re-register using a
different email address while registration is still open.
</p>
<hr style="border: none; border-top: 1px solid #ddd;
margin: 30px 0;">
<p style="font-size: 12px; color: #666;">
This is an automated message from Sneaky Klaus.
</p>
</body>
</html>
"""
return self.send_email(
to=participant.email, subject=subject, html_body=html_body
)

73
src/services/withdrawal.py Normal file
View File

@@ -0,0 +1,73 @@
"""Participant withdrawal service."""
from datetime import UTC, datetime
from flask import current_app
from src.app import db
from src.models.participant import Participant
from src.services.email import EmailService
from src.utils.participant import can_withdraw
class WithdrawalError(Exception):
"""Raised when withdrawal operation fails."""
pass
def withdraw_participant(participant: Participant) -> None:
"""Withdraw a participant from their exchange.
This performs a soft delete by setting withdrawn_at timestamp.
Participant record is retained for audit trail.
Args:
participant: The participant to withdraw
Raises:
WithdrawalError: If withdrawal is not allowed
Side effects:
- Sets participant.withdrawn_at to current UTC time
- Commits database transaction
- Sends withdrawal confirmation email
"""
# Validate withdrawal is allowed
if not can_withdraw(participant):
if participant.withdrawn_at is not None:
raise WithdrawalError("You have already withdrawn from this exchange.")
exchange = participant.exchange
if exchange.state == "registration_closed":
raise WithdrawalError(
"Registration has closed. Please contact the admin to withdraw."
)
elif exchange.state in ["matched", "completed"]:
raise WithdrawalError(
"Matching has already occurred. Please contact the admin."
)
else:
raise WithdrawalError("Withdrawal is not allowed at this time.")
# Perform withdrawal
participant.withdrawn_at = datetime.now(UTC)
try:
db.session.commit()
current_app.logger.info(
f"Participant {participant.id} withdrawn from "
f"exchange {participant.exchange_id}"
)
except Exception as e:
db.session.rollback()
current_app.logger.error(f"Failed to withdraw participant: {e}")
raise WithdrawalError("Failed to process withdrawal. Please try again.") from e
# Send confirmation email
try:
email_service = EmailService()
email_service.send_withdrawal_confirmation(participant)
except Exception as e:
current_app.logger.error(f"Failed to send withdrawal email: {e}")
# Don't raise - withdrawal already committed

50
src/templates/participant/dashboard.html
View File

@@ -37,8 +37,58 @@
<dd>{{ participant.gift_ideas }}</dd> <dd>{{ participant.gift_ideas }}</dd>
{% endif %} {% endif %}
</dl> </dl>
{% if can_edit_profile %}
<a href="{{ url_for('participant.profile_edit') }}">Edit Profile</a>
{% endif %}
</section> </section>
<section>
<h2>Participants ({{ participant_count }})</h2>
{% if participants %}
<ul>
{% for p in participants %}
<li>
{{ p.name }}
{% if p.id == participant.id %}
<span class="badge">You</span>
{% endif %}
</li>
{% endfor %}
</ul>
{% else %}
<p>No other participants yet. Share the registration link!</p>
{% endif %}
</section>
<section>
<h2>Email Reminders</h2>
<form method="POST" action="{{ url_for('participant.update_preferences') }}">
{{ reminder_form.hidden_tag() }}
<div>
{{ reminder_form.reminder_enabled() }}
{{ reminder_form.reminder_enabled.label }}
</div>
{% if reminder_form.reminder_enabled.description %}
<small>{{ reminder_form.reminder_enabled.description }}</small>
{% endif %}
<button type="submit">Update Preferences</button>
</form>
</section>
{% if can_withdraw %}
<section>
<h2>Withdraw from Exchange</h2>
<p>
If you can no longer participate, you can withdraw from this exchange.
This cannot be undone.
</p>
<a href="{{ url_for('participant.withdraw') }}" role="button" class="secondary">
Withdraw from Exchange
</a>
</section>
{% endif %}
<section> <section>
<form method="POST" action="{{ url_for('participant.logout') }}"> <form method="POST" action="{{ url_for('participant.logout') }}">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"> <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">

64
src/templates/participant/profile_edit.html Normal file
View File

@@ -0,0 +1,64 @@
{% extends "layouts/base.html" %}
{% block title %}Edit Profile - {{ exchange.name }}{% endblock %}
{% block content %}
<article>
<header>
<h1>Edit Your Profile</h1>
<p>Update your display name and gift ideas. Your Secret Santa will see this information after matching.</p>
</header>
<form method="POST" action="{{ url_for('participant.profile_edit') }}">
{{ form.hidden_tag() }}
<div>
{{ form.name.label }}
{{ form.name(class="form-control") }}
{% if form.name.errors %}
<ul class="field-errors">
{% for error in form.name.errors %}
<li>{{ error }}</li>
{% endfor %}
</ul>
{% endif %}
<small>{{ form.name.description }}</small>
</div>
<div>
{{ form.gift_ideas.label }}
{{ form.gift_ideas(class="form-control") }}
{% if form.gift_ideas.errors %}
<ul class="field-errors">
{% for error in form.gift_ideas.errors %}
<li>{{ error }}</li>
{% endfor %}
</ul>
{% endif %}
<small>{{ form.gift_ideas.description }}</small>
<small id="gift-ideas-count">
{{ (form.gift_ideas.data or '')|length }} / 10,000 characters
</small>
</div>
<div>
<button type="submit">Save Changes</button>
<a href="{{ url_for('participant.dashboard', id=exchange.id) }}">Cancel</a>
</div>
</form>
</article>
<script>
// Character counter (progressive enhancement)
document.addEventListener('DOMContentLoaded', function() {
const textarea = document.querySelector('textarea[name="gift_ideas"]');
const counter = document.getElementById('gift-ideas-count');
if (textarea && counter) {
textarea.addEventListener('input', function() {
counter.textContent = this.value.length + ' / 10,000 characters';
});
}
});
</script>
{% endblock %}

47
src/templates/participant/withdraw.html Normal file
View File

@@ -0,0 +1,47 @@
{% extends "layouts/base.html" %}
{% block title %}Withdraw from {{ exchange.name }}{% endblock %}
{% block content %}
<article>
<header>
<h1>Withdraw from Exchange</h1>
</header>
<div role="alert" style="background-color: #fff3cd; border-left: 4px solid #ffc107; padding: 1rem; margin: 1rem 0;">
<h2 style="margin-top: 0;">⚠️ Are you sure?</h2>
<p>Withdrawing from this exchange means:</p>
<ul>
<li>Your registration will be cancelled</li>
<li>You will be removed from the participant list</li>
<li>You cannot undo this action</li>
<li>You will need to re-register with a different email to rejoin</li>
</ul>
</div>
<form method="POST" action="{{ url_for('participant.withdraw') }}">
{{ form.hidden_tag() }}
<div>
<label>
{{ form.confirm() }}
{{ form.confirm.label.text }}
</label>
{% if form.confirm.errors %}
<ul style="color: #dc3545; list-style: none; padding: 0;">
{% for error in form.confirm.errors %}
<li>{{ error }}</li>
{% endfor %}
</ul>
{% endif %}
</div>
<div>
{{ form.submit(class="contrast") }}
<a href="{{ url_for('participant.dashboard', id=exchange.id) }}" role="button" class="secondary">
Cancel
</a>
</div>
</form>
</article>
{% endblock %}

76
src/utils/participant.py Normal file
View File

@@ -0,0 +1,76 @@
"""Participant business logic utilities."""
from typing import TYPE_CHECKING
if TYPE_CHECKING:
from src.models import Participant
def get_active_participants(exchange_id: int) -> list["Participant"]:
"""Get all active (non-withdrawn) participants for an exchange.
Args:
exchange_id: ID of the exchange
Returns:
List of active participants, ordered by name
"""
from src.models.participant import Participant
result: list[Participant] = (
Participant.query.filter(
Participant.exchange_id == exchange_id, Participant.withdrawn_at.is_(None)
)
.order_by(Participant.name)
.all()
)
return result
def is_withdrawn(participant: "Participant") -> bool:
"""Check if participant has withdrawn.
Args:
participant: The participant to check
Returns:
True if withdrawn, False otherwise
"""
return participant.withdrawn_at is not None
def can_update_profile(participant: "Participant") -> bool:
"""Check if participant can update their profile.
Profile updates are allowed until matching occurs.
Args:
participant: The participant to check
Returns:
True if profile updates are allowed, False otherwise
"""
exchange = participant.exchange
allowed_states = ["draft", "registration_open", "registration_closed"]
return exchange.state in allowed_states
def can_withdraw(participant: "Participant") -> bool:
"""Check if participant can withdraw from the exchange.
Withdrawals are only allowed before registration closes.
After that, admin intervention is required.
Args:
participant: The participant to check
Returns:
True if withdrawal is allowed, False otherwise
"""
# Already withdrawn
if participant.withdrawn_at is not None:
return False
exchange = participant.exchange
allowed_states = ["draft", "registration_open"]
return exchange.state in allowed_states

94
tests/conftest.py
View File

@@ -75,3 +75,97 @@ def admin(db):
db.session.add(admin) db.session.add(admin)
db.session.commit() db.session.commit()
return admin return admin
@pytest.fixture
def exchange_factory(db):
"""Factory for creating test exchanges.
Args:
db: Database instance.
Returns:
Function that creates and returns Exchange instances.
"""
from datetime import UTC, datetime, timedelta
from src.models.exchange import Exchange
def _create(state="draft", **kwargs):
exchange = Exchange(
slug=kwargs.get("slug", Exchange.generate_slug()),
name=kwargs.get("name", "Test Exchange"),
budget=kwargs.get("budget", "$25-50"),
max_participants=kwargs.get("max_participants", 50),
registration_close_date=kwargs.get(
"registration_close_date", datetime.now(UTC) + timedelta(days=7)
),
exchange_date=kwargs.get(
"exchange_date", datetime.now(UTC) + timedelta(days=14)
),
timezone=kwargs.get("timezone", "UTC"),
state=state,
)
db.session.add(exchange)
db.session.commit()
return exchange
return _create
@pytest.fixture
def participant_factory(db, exchange_factory):
"""Factory for creating test participants.
Args:
db: Database instance.
exchange_factory: Exchange factory fixture.
Returns:
Function that creates and returns Participant instances.
"""
from src.models.participant import Participant
counter = {"value": 0}
def _create(exchange=None, **kwargs):
if not exchange:
exchange = exchange_factory()
counter["value"] += 1
participant = Participant(
exchange_id=exchange.id,
name=kwargs.get("name", f"Test Participant {counter['value']}"),
email=kwargs.get("email", f"test{counter['value']}@example.com"),
gift_ideas=kwargs.get("gift_ideas", "Test ideas"),
reminder_enabled=kwargs.get("reminder_enabled", True),
withdrawn_at=kwargs.get("withdrawn_at"),
)
db.session.add(participant)
db.session.commit()
return participant
return _create
@pytest.fixture
def auth_participant(client, exchange_factory, participant_factory):
"""Create an authenticated participant session.
Args:
client: Flask test client.
exchange_factory: Exchange factory fixture.
participant_factory: Participant factory fixture.
Returns:
Authenticated participant instance.
"""
exchange = exchange_factory(state="registration_open")
participant = participant_factory(exchange=exchange)
with client.session_transaction() as session:
session["user_id"] = participant.id
session["user_type"] = "participant"
session["exchange_id"] = exchange.id
return participant

135
tests/integration/test_participant_list.py Normal file
View File

@@ -0,0 +1,135 @@
"""Integration tests for participant list functionality."""
from datetime import UTC, datetime
from flask import url_for
def test_participant_list_shows_all_active(
client, auth_participant, participant_factory
):
"""Test participant list shows all active participants."""
# auth_participant fixture creates session and one participant
exchange = auth_participant.exchange
# Create 2 more active participants
participant_factory(exchange=exchange, name="Bob")
participant_factory(exchange=exchange, name="Charlie")
response = client.get(url_for("participant.dashboard", id=exchange.id))
assert response.status_code == 200
assert b"Bob" in response.data
assert b"Charlie" in response.data
assert b"Participants (3)" in response.data
def test_participant_list_excludes_withdrawn(
client, auth_participant, participant_factory
):
"""Test withdrawn participants are not shown."""
exchange = auth_participant.exchange
# Create active and withdrawn participants
participant_factory(exchange=exchange, name="Active")
participant_factory(
exchange=exchange, name="Withdrawn", withdrawn_at=datetime.now(UTC)
)
response = client.get(url_for("participant.dashboard", id=exchange.id))
assert response.status_code == 200
assert b"Active" in response.data
assert b"Withdrawn" not in response.data
# Count should be 2 (auth_participant + Active)
assert b"Participants (2)" in response.data
def test_participant_list_shows_self_badge(client, auth_participant):
"""Test participant list marks current user with badge."""
exchange = auth_participant.exchange
response = client.get(url_for("participant.dashboard", id=exchange.id))
assert response.status_code == 200
# Should show the participant's name
assert auth_participant.name.encode() in response.data
# Should show "You" badge
assert b"You" in response.data
def test_participant_list_ordered_by_name(
client, auth_participant, participant_factory
):
"""Test participants are shown in alphabetical order."""
exchange = auth_participant.exchange
# Create participants with names that should be sorted
participant_factory(exchange=exchange, name="Zoe")
participant_factory(exchange=exchange, name="Alice")
participant_factory(exchange=exchange, name="Bob")
response = client.get(url_for("participant.dashboard", id=exchange.id))
assert response.status_code == 200
# Check order by finding positions in response
data = response.data.decode()
alice_pos = data.find("Alice")
bob_pos = data.find("Bob")
zoe_pos = data.find("Zoe")
# All should be present
assert alice_pos > 0
assert bob_pos > 0
assert zoe_pos > 0
# Should be in alphabetical order
assert alice_pos < bob_pos < zoe_pos
def test_participant_list_empty_state(client, exchange_factory, participant_factory):
"""Test message shown when only one participant."""
exchange = exchange_factory(state="registration_open")
participant = participant_factory(exchange=exchange)
# Create session for the only participant
with client.session_transaction() as session:
session["user_id"] = participant.id
session["user_type"] = "participant"
session["exchange_id"] = exchange.id
response = client.get(url_for("participant.dashboard", id=exchange.id))
assert response.status_code == 200
assert b"Participants (1)" in response.data
# Should show participant's own name
assert participant.name.encode() in response.data
def test_participant_list_requires_auth(client, exchange_factory):
"""Test participant list requires authentication."""
exchange = exchange_factory()
response = client.get(
url_for("participant.dashboard", id=exchange.id), follow_redirects=False
)
# Should redirect to login (or show error)
assert response.status_code in [302, 403]
def test_participant_list_different_exchange(
client, auth_participant, exchange_factory, participant_factory
):
"""Test participants filtered by exchange."""
exchange1 = auth_participant.exchange
exchange2 = exchange_factory(state="registration_open")
# Create participant in different exchange
participant_factory(exchange=exchange2, name="Other Exchange")
response = client.get(url_for("participant.dashboard", id=exchange1.id))
assert response.status_code == 200
# Should not show participant from other exchange
assert b"Other Exchange" not in response.data

125
tests/integration/test_profile_update.py Normal file
View File

@@ -0,0 +1,125 @@
"""Integration tests for profile update functionality."""
from flask import url_for
def test_profile_update_get_shows_form(client, auth_participant):
"""GET shows edit form with current values."""
response = client.get(url_for("participant.profile_edit"))
assert response.status_code == 200
assert auth_participant.name.encode() in response.data
assert b"Edit Your Profile" in response.data
def test_profile_update_post_success(client, auth_participant, db):
"""POST updates profile successfully."""
response = client.post(
url_for("participant.profile_edit"),
data={"name": "Updated Name", "gift_ideas": "Updated ideas"},
follow_redirects=True,
)
assert response.status_code == 200
assert b"profile has been updated" in response.data
# Verify database
db.session.refresh(auth_participant)
assert auth_participant.name == "Updated Name"
assert auth_participant.gift_ideas == "Updated ideas"
def test_profile_update_name_change(client, auth_participant, db):
"""Name updates in database."""
original_name = auth_participant.name
client.post(
url_for("participant.profile_edit"),
data={"name": "New Name", "gift_ideas": ""},
follow_redirects=True,
)
db.session.refresh(auth_participant)
assert auth_participant.name == "New Name"
assert auth_participant.name != original_name
def test_profile_update_locked_after_matching(
client, exchange_factory, participant_factory
):
"""Profile edit blocked after matching."""
exchange = exchange_factory(state="matched")
participant = participant_factory(exchange=exchange)
with client.session_transaction() as session:
session["user_id"] = participant.id
session["user_type"] = "participant"
session["exchange_id"] = exchange.id
response = client.get(url_for("participant.profile_edit"), follow_redirects=True)
assert b"profile is locked" in response.data
def test_profile_update_form_validation_empty_name(client, auth_participant):
"""Empty name shows validation error."""
# auth_participant fixture sets up the session
_ = auth_participant # Mark as used
response = client.post(
url_for("participant.profile_edit"), data={"name": "", "gift_ideas": "Test"}
)
assert response.status_code == 200
assert (
b"Name is required" in response.data
or b"This field is required" in response.data
)
def test_profile_update_requires_auth(client):
"""Profile edit requires authentication."""
response = client.get(url_for("participant.profile_edit"), follow_redirects=False)
assert response.status_code == 403
def test_profile_update_strips_whitespace(client, auth_participant, db):
"""Whitespace is stripped from name and gift ideas."""
client.post(
url_for("participant.profile_edit"),
data={"name": " Spaces ", "gift_ideas": " Gift "},
follow_redirects=True,
)
db.session.refresh(auth_participant)
assert auth_participant.name == "Spaces"
assert auth_participant.gift_ideas == "Gift"
def test_dashboard_shows_edit_link_when_allowed(client, auth_participant):
"""Dashboard shows edit profile link when editing is allowed."""
response = client.get(
url_for("participant.dashboard", id=auth_participant.exchange_id)
)
assert response.status_code == 200
assert b"Edit Profile" in response.data
def test_dashboard_hides_edit_link_after_matching(
client, exchange_factory, participant_factory
):
"""Dashboard hides edit profile link after matching."""
exchange = exchange_factory(state="matched")
participant = participant_factory(exchange=exchange)
with client.session_transaction() as session:
session["user_id"] = participant.id
session["user_type"] = "participant"
session["exchange_id"] = exchange.id
response = client.get(url_for("participant.dashboard", id=exchange.id))
assert response.status_code == 200
# Edit link should not be present
assert b"Edit Profile" not in response.data

83
tests/integration/test_reminder_preferences.py Normal file
View File

@@ -0,0 +1,83 @@
"""Integration tests for reminder preferences."""
from flask import url_for
def get_csrf_token(client, url):
"""Extract CSRF token from a page.
Args:
client: Flask test client.
url: URL to fetch the CSRF token from.
Returns:
CSRF token string.
"""
response = client.get(url)
# Extract CSRF token from the form
data = response.data.decode()
start = data.find('name="csrf_token" value="') + len('name="csrf_token" value="')
end = data.find('"', start)
return data[start:end]
def test_dashboard_shows_reminder_preference_form(client, auth_participant):
"""Test that dashboard shows reminder preference form."""
response = client.get(
url_for("participant.dashboard", id=auth_participant.exchange_id)
)
assert response.status_code == 200
assert b"Email Reminders" in response.data or b"Send me reminders" in response.data
def test_update_preferences_enable(client, auth_participant, db):
"""Enable reminder emails."""
auth_participant.reminder_enabled = False
db.session.commit()
csrf_token = get_csrf_token(
client, url_for("participant.dashboard", id=auth_participant.exchange_id)
)
response = client.post(
url_for("participant.update_preferences"),
data={"reminder_enabled": True, "csrf_token": csrf_token},
follow_redirects=True,
)
assert response.status_code == 200
assert b"Reminder emails enabled" in response.data
db.session.refresh(auth_participant)
assert auth_participant.reminder_enabled is True
def test_update_preferences_disable(client, auth_participant, db):
"""Disable reminder emails."""
auth_participant.reminder_enabled = True
db.session.commit()
csrf_token = get_csrf_token(
client, url_for("participant.dashboard", id=auth_participant.exchange_id)
)
response = client.post(
url_for("participant.update_preferences"),
data={"csrf_token": csrf_token},
follow_redirects=True,
)
assert response.status_code == 200
assert b"Reminder emails disabled" in response.data
db.session.refresh(auth_participant)
assert auth_participant.reminder_enabled is False
def test_update_preferences_requires_login(client):
"""Test that update_preferences requires login."""
response = client.post(url_for("participant.update_preferences"))
# Should redirect to login or show error
assert response.status_code in [302, 401, 403]

172
tests/integration/test_withdrawal.py Normal file
View File

@@ -0,0 +1,172 @@
"""Integration tests for withdrawal functionality."""
from datetime import datetime
from flask import url_for
from src.models.participant import Participant
def get_csrf_token(client, url):
"""Extract CSRF token from a page.
Args:
client: Flask test client.
url: URL to fetch the CSRF token from.
Returns:
CSRF token string.
"""
response = client.get(url)
# Extract CSRF token from the form
data = response.data.decode()
start = data.find('name="csrf_token" value="') + len('name="csrf_token" value="')
end = data.find('"', start)
return data[start:end]
def test_withdrawal_get_shows_confirmation_page(client, auth_participant): # noqa: ARG001
"""Test GET shows withdrawal confirmation page."""
response = client.get(url_for("participant.withdraw"))
assert response.status_code == 200
assert b"Withdraw from Exchange" in response.data
assert b"Are you sure" in response.data or b"cannot be undone" in response.data
def test_withdrawal_post_success(client, auth_participant, db):
"""Test successful withdrawal flow."""
participant_id = auth_participant.id
csrf_token = get_csrf_token(client, url_for("participant.withdraw"))
response = client.post(
url_for("participant.withdraw"),
data={"confirm": True, "csrf_token": csrf_token},
follow_redirects=True,
)
assert response.status_code == 200
assert b"withdrawn from the exchange" in response.data
# Verify database
participant = db.session.query(Participant).filter_by(id=participant_id).first()
assert participant.withdrawn_at is not None
# Verify session cleared
with client.session_transaction() as session:
assert "user_id" not in session
def test_withdrawal_requires_confirmation(client, auth_participant): # noqa: ARG001
"""Test withdrawal requires checkbox confirmation."""
csrf_token = get_csrf_token(client, url_for("participant.withdraw"))
response = client.post(
url_for("participant.withdraw"),
data={"csrf_token": csrf_token},
follow_redirects=False,
)
# Should re-render form with validation error
assert response.status_code == 200
assert b"confirm" in response.data.lower()
def test_withdrawal_blocked_after_registration_closes(
client, exchange_factory, participant_factory
):
"""Test withdrawal blocked after registration closes."""
exchange = exchange_factory(state="registration_closed")
participant = participant_factory(exchange=exchange)
with client.session_transaction() as session:
session["user_id"] = participant.id
session["user_type"] = "participant"
session["exchange_id"] = exchange.id
response = client.get(url_for("participant.withdraw"), follow_redirects=True)
assert (
b"Registration has closed" in response.data
or b"Contact the admin" in response.data
)
def test_withdrawal_blocked_after_matching(
client, exchange_factory, participant_factory
):
"""Test withdrawal blocked after matching occurs."""
exchange = exchange_factory(state="matched")
participant = participant_factory(exchange=exchange)
with client.session_transaction() as session:
session["user_id"] = participant.id
session["user_type"] = "participant"
session["exchange_id"] = exchange.id
response = client.get(url_for("participant.withdraw"), follow_redirects=True)
assert (
b"Withdrawal is no longer available" in response.data
or b"Contact the admin" in response.data
)
def test_withdrawal_requires_login(client):
"""Test that withdrawal requires login."""
response = client.get(url_for("participant.withdraw"))
# Should redirect or show error
assert response.status_code in [302, 401, 403]
def test_dashboard_shows_withdraw_link_when_allowed(client, auth_participant):
"""Dashboard shows withdraw link when withdrawal is allowed."""
response = client.get(
url_for("participant.dashboard", id=auth_participant.exchange_id)
)
assert response.status_code == 200
assert b"Withdraw" in response.data
def test_dashboard_hides_withdraw_link_after_close(
client, exchange_factory, participant_factory
):
"""Dashboard hides withdraw link after registration closes."""
exchange = exchange_factory(state="registration_closed")
participant = participant_factory(exchange=exchange)
with client.session_transaction() as session:
session["user_id"] = participant.id
session["user_type"] = "participant"
session["exchange_id"] = exchange.id
response = client.get(url_for("participant.dashboard", id=exchange.id))
assert response.status_code == 200
# Withdraw link should not be present
assert b"Withdraw from Exchange" not in response.data
def test_already_withdrawn_redirects_to_register(
client,
exchange_factory,
participant_factory,
db, # noqa: ARG001
):
"""Test that already withdrawn participants are redirected to register page."""
exchange = exchange_factory(state="registration_open")
participant = participant_factory(exchange=exchange, withdrawn_at=datetime.utcnow())
with client.session_transaction() as session:
session["user_id"] = participant.id
session["user_type"] = "participant"
session["exchange_id"] = exchange.id
response = client.get(url_for("participant.withdraw"), follow_redirects=True)
assert b"already withdrawn" in response.data
# Should be on registration page
assert exchange.name.encode() in response.data

158
tests/unit/test_participant_utils.py Normal file
View File

@@ -0,0 +1,158 @@
"""Unit tests for participant utility functions."""
from datetime import UTC, datetime
from src.utils.participant import (
can_update_profile,
can_withdraw,
get_active_participants,
is_withdrawn,
)
def test_get_active_participants_excludes_withdrawn(
exchange_factory, participant_factory
):
"""Test that get_active_participants excludes withdrawn participants."""
exchange = exchange_factory()
# Create 2 active, 1 withdrawn
active1 = participant_factory(exchange=exchange, name="Alice")
active2 = participant_factory(exchange=exchange, name="Bob")
withdrawn = participant_factory(
exchange=exchange, name="Charlie", withdrawn_at=datetime.now(UTC)
)
participants = get_active_participants(exchange.id)
assert len(participants) == 2
assert active1 in participants
assert active2 in participants
assert withdrawn not in participants
def test_get_active_participants_ordered_by_name(exchange_factory, participant_factory):
"""Test that participants are ordered alphabetically."""
exchange = exchange_factory()
participant_factory(exchange=exchange, name="Zoe")
participant_factory(exchange=exchange, name="Alice")
participant_factory(exchange=exchange, name="Bob")
participants = get_active_participants(exchange.id)
assert len(participants) == 3
assert participants[0].name == "Alice"
assert participants[1].name == "Bob"
assert participants[2].name == "Zoe"
def test_get_active_participants_empty_when_all_withdrawn(
exchange_factory, participant_factory
):
"""Test that empty list returned when all participants withdrawn."""
exchange = exchange_factory()
participant_factory(exchange=exchange, withdrawn_at=datetime.now(UTC))
participant_factory(exchange=exchange, withdrawn_at=datetime.now(UTC))
participants = get_active_participants(exchange.id)
assert len(participants) == 0
def test_get_active_participants_different_exchanges(
exchange_factory, participant_factory
):
"""Test that participants are filtered by exchange_id."""
exchange1 = exchange_factory()
exchange2 = exchange_factory()
participant_factory(exchange=exchange1, name="Alice")
participant_factory(exchange=exchange2, name="Bob")
participants = get_active_participants(exchange1.id)
assert len(participants) == 1
assert participants[0].name == "Alice"
def test_is_withdrawn_true(participant_factory):
"""Test is_withdrawn returns True for withdrawn participant."""
participant = participant_factory(withdrawn_at=datetime.now(UTC))
assert is_withdrawn(participant) is True
def test_is_withdrawn_false(participant_factory):
"""Test is_withdrawn returns False for active participant."""
participant = participant_factory()
assert is_withdrawn(participant) is False
def test_can_update_profile_draft_state(participant_factory, exchange_factory):
"""Profile updates allowed in draft state."""
exchange = exchange_factory(state="draft")
participant = participant_factory(exchange=exchange)
assert can_update_profile(participant) is True
def test_can_update_profile_registration_open(participant_factory, exchange_factory):
"""Profile updates allowed when registration open."""
exchange = exchange_factory(state="registration_open")
participant = participant_factory(exchange=exchange)
assert can_update_profile(participant) is True
def test_can_update_profile_registration_closed(participant_factory, exchange_factory):
"""Profile updates allowed when registration closed."""
exchange = exchange_factory(state="registration_closed")
participant = participant_factory(exchange=exchange)
assert can_update_profile(participant) is True
def test_can_update_profile_matched_state(participant_factory, exchange_factory):
"""Profile updates blocked after matching."""
exchange = exchange_factory(state="matched")
participant = participant_factory(exchange=exchange)
assert can_update_profile(participant) is False
def test_can_update_profile_completed_state(participant_factory, exchange_factory):
"""Profile updates blocked when completed."""
exchange = exchange_factory(state="completed")
participant = participant_factory(exchange=exchange)
assert can_update_profile(participant) is False
def test_can_withdraw_draft_state(participant_factory, exchange_factory):
"""Withdrawal allowed in draft state."""
exchange = exchange_factory(state="draft")
participant = participant_factory(exchange=exchange)
assert can_withdraw(participant) is True
def test_can_withdraw_registration_open(participant_factory, exchange_factory):
"""Withdrawal allowed when registration open."""
exchange = exchange_factory(state="registration_open")
participant = participant_factory(exchange=exchange)
assert can_withdraw(participant) is True
def test_can_withdraw_registration_closed(participant_factory, exchange_factory):
"""Withdrawal blocked when registration closed."""
exchange = exchange_factory(state="registration_closed")
participant = participant_factory(exchange=exchange)
assert can_withdraw(participant) is False
def test_can_withdraw_matched_state(participant_factory, exchange_factory):
"""Withdrawal blocked after matching."""
exchange = exchange_factory(state="matched")
participant = participant_factory(exchange=exchange)
assert can_withdraw(participant) is False
def test_can_withdraw_already_withdrawn(participant_factory):
"""Withdrawal blocked if already withdrawn."""
participant = participant_factory(withdrawn_at=datetime.now(UTC))
assert can_withdraw(participant) is False

67
tests/unit/test_withdrawal_service.py Normal file
View File

@@ -0,0 +1,67 @@
"""Unit tests for withdrawal service."""
from datetime import datetime
from unittest.mock import patch
import pytest
from src.services.withdrawal import WithdrawalError, withdraw_participant
def test_withdraw_participant_success(participant_factory, db, app): # noqa: ARG001
"""Test successful withdrawal."""
with app.app_context():
participant = participant_factory()
with patch("src.services.withdrawal.EmailService") as mock_email_service:
withdraw_participant(participant)
assert participant.withdrawn_at is not None
mock_email_service.return_value.send_withdrawal_confirmation.assert_called_once()
def test_withdraw_participant_already_withdrawn(participant_factory, app):
"""Test error when already withdrawn."""
with app.app_context():
participant = participant_factory(withdrawn_at=datetime.utcnow())
with pytest.raises(WithdrawalError, match="already withdrawn"):
withdraw_participant(participant)
def test_withdraw_participant_registration_closed(
exchange_factory, participant_factory, app
):
"""Test error when registration is closed."""
with app.app_context():
exchange = exchange_factory(state="registration_closed")
participant = participant_factory(exchange=exchange)
with pytest.raises(WithdrawalError, match="Registration has closed"):
withdraw_participant(participant)
def test_withdraw_participant_after_matching(
exchange_factory, participant_factory, app
):
"""Test error when matching has occurred."""
with app.app_context():
exchange = exchange_factory(state="matched")
participant = participant_factory(exchange=exchange)
with pytest.raises(WithdrawalError, match="Matching has already occurred"):
withdraw_participant(participant)
def test_withdraw_participant_sets_timestamp(participant_factory, db, app): # noqa: ARG001
"""Test that withdrawal sets timestamp correctly."""
with app.app_context():
participant = participant_factory()
with patch("src.services.withdrawal.EmailService"):
before = datetime.utcnow()
withdraw_participant(participant)
after = datetime.utcnow()
assert participant.withdrawn_at is not None
assert before <= participant.withdrawn_at <= after