datecalc/test_app.py

import os
import pytest
from app import app as flask_app

@pytest.fixture
def client():
    flask_app.config['TESTING'] = True
    with flask_app.test_client() as client:
        yield client

def test_homepage(client):
    resp = client.get('/')
    assert resp.status_code == 200
    assert b'Elpatrons Datumsrechner' in resp.data

def test_tage_berechnung(client):
    resp = client.post('/', data={
        'action': 'tage',
        'start1': '2024-01-01',
        'end1': '2024-01-10'
    })
    assert resp.status_code == 200
    assert b'Anzahl der Tage' in resp.data
    assert b'9' in resp.data

def test_xss_protection(client):
    # Versuche ein Skript einzuschleusen
    xss = '<script>alert(1)</script>'
    resp = client.post('/', data={
        'action': 'tage',
        'start1': xss,
        'end1': '2024-01-10'
    })
    assert resp.status_code == 200
    # Das Skript darf nicht im HTML erscheinen (sollte escaped sein)
    assert b'<script>alert(1)</script>' not in resp.data
    assert b'&lt;script&gt;alert(1)&lt;/script&gt;' in resp.data

def test_stats_login_required(client):
    resp = client.get('/stats')
    assert resp.status_code == 200
    assert b'Dashboard Login' in resp.data