Skip to content

Fix/session secure club auth #341

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 10 commits into
base: master
Choose a base branch
from
Open

Fix/session secure club auth #341

wants to merge 10 commits into from

Conversation

@elof-dev
Copy link

Summary

This pull request secure club booking using session authentication

Changes Made

  • Updated showSummary() and purchasePlaces() to use the club from the session rather than form data, preventing users from booking on behalf of other clubs.
  • Removed the club field from the booking.html form
  • Updated conftest.py to add the session logic
  • Updated test_book_place_with_enough_point, just to change the name of the club in the test (club A, because it's club A in the confest session)
  • Created test_session_secure_club_auth to ensure bookings are made for the logged-in club only.

Testing

1 new test pass successfully with pytest :
Test1 : simulate club A logged in and trying to book places by sending club B in the form
result : booking should be made for club A and not club B

elof-dev added 10 commits October 22, 2025 07:26
@elof-dev
Fix issue #1 : correct showSummary and add Flask testing setup
2ba2fcf 
- Updated showSummary() in server.py to handle email validation and error messages
- Modified index.html to display flash messages correctly
- Created tests/ folder with conftest.py and test_show_summary.py for unit testing
- Added .flaskenv for local environment configuration
- Updated .gitignore to include .venv and exclude tests/ folder
- Updated requirements.txt to add pytest dependency
@elof-dev
Fix issue #2 : correct purchasePlaces() and add unit tests
8135241 
- Updated purchasePlaces() to check if the club has enough points before confirming a booking
- Added a new test file with 2 unit tests to verify point validation logic
@elof-dev
Fix issue #4 : correct purchasePlaces() and add unit tests
825904b 
- Updated purchasePlaces() to check avoid clubs booking more than 12 places per competition
- Added a new test file with 2 unit tests to verify point validation logic
@elof-dev
Fix issue #5 : correct book() and add unit tests
ceb484c 
- Updated book() to avoid clubs booking in past competition
- Added a new test file with 2 unit tests
@elof-dev
Fix issue #6 : correct purchasePlaces() and add unit tests
f4b2644 
- Added missing line in purchasePlaces() to decrease club points after a valid booking
- Created test to verify:
  - club points decrease when booking succeeds
@elof-dev
Fixes #7: update server.py and index.html to display board + tests
75316cd 
- Updated index.html to include a simple grey table listing all clubs and their points
- Modified server.py to pass the clubs data to the index template
- Added test_display_clubs_points.py to verify that:
  - the page loads successfully
  - each club name and its points appear correctly in the HTML
@elof-dev
Fix/invalid bookings (empty, zero, non-numeric or negative values)
48abe0b 
- Updated purchasePlaces() to handle invalid inputs:
  • Added a check for empty input
  • Added a try/except block to catch non-numeric values
  • Added a condition to reject zero or negative values

- Created test_invalid_number_of_places_booking.py:
  • Test 1: valid booking (success)
  • Test 2: zero places (error)
  • Test 3: negative places (error)
  • Test 4: empty input (error)
  • Test 5: non-numeric input (error)
@elof-dev
fix/prevent booking more places than available in competition
ce5f1e8 
- Added validation in purchasePlaces() to prevent users from booking
  more places than the competition has available
- Added test_booking_more_than_available.py to verify:
  • booking above available places shows proper error message
  • competition and club data remain unchanged
@elof-dev
fix/cumulative-booking-limit
07485f6 
- Update server.py to add cumulative validation to purchasePlaces()
- Update existing test file with:
  • cumulative booking rejected (6 + 7)
  • cumulative booking accepted (6 + 5)
@elof-dev
fix/Secure club booking using session authentication
116d864 
- Updated showSummary() and purchasePlaces() to use the club from the session rather than form data, preventing users from booking on behalf of other clubs.
- Removed the club field from the booking.html form
- Updated conftest.py to add the session logic
- Updated test_book_place_with_enough_point, just to change the name of the club in the test (club A, because it's club A in the confest session)
- Created test_session_secure_club_auth to ensure bookings are made for the logged-in club only.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@elof-dev