From 065944a5b13fefa8fbf2834cc13f9a5b01db6112 Mon Sep 17 00:00:00 2001
From: retoor <retoor@molodetz.nl>
Date: Sat, 23 May 2026 05:56:21 +0200
Subject: [PATCH] Update

---
 tests/test_validation.py | 50 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 tests/test_validation.py

diff --git a/tests/test_validation.py b/tests/test_validation.py
new file mode 100644
index 0000000..ed39bfa
--- /dev/null
+++ b/tests/test_validation.py
@@ -0,0 +1,50 @@
+import time
+import requests
+from tests.conftest import BASE_URL
+
+
+def _session():
+    s = requests.Session()
+    name = f"val_{int(time.time() * 1000)}"
+    s.post(f"{BASE_URL}/auth/signup", data={
+        "username": name, "email": f"{name}@t.dev",
+        "password": "secret123", "confirm_password": "secret123",
+    }, allow_redirects=True)
+    return s
+
+
+def test_vote_bad_value_is_handled_not_500(app_server):
+    s = _session()
+    r = s.post(f"{BASE_URL}/votes/post/nonexistent", data={"value": "abc"}, allow_redirects=False)
+    assert r.status_code != 500
+    assert r.status_code in (302, 303, 400)
+
+
+def test_oversized_post_content_rejected(app_server):
+    s = _session()
+    r = s.post(f"{BASE_URL}/posts/create", data={"content": "x" * 2001, "topic": "random"}, allow_redirects=False)
+    assert r.status_code in (302, 303, 400)
+    assert "/posts/" not in (r.headers.get("location") or "")
+
+
+def test_short_post_content_rejected(app_server):
+    s = _session()
+    r = s.post(f"{BASE_URL}/posts/create", data={"content": "short", "topic": "random"}, allow_redirects=False)
+    assert "/posts/" not in (r.headers.get("location") or "")
+
+
+def test_profile_update_overlong_bio_rejected(app_server):
+    s = _session()
+    r = s.post(f"{BASE_URL}/profile/update", data={
+        "bio": "x" * 600, "location": "", "git_link": "", "website": "",
+    }, allow_redirects=False)
+    assert r.status_code in (302, 303, 400)
+
+
+def test_signup_short_username_rerenders_with_message(app_server):
+    r = requests.post(f"{BASE_URL}/auth/signup", data={
+        "username": "ab", "email": "x@y.zz",
+        "password": "secret123", "confirm_password": "secret123",
+    }, allow_redirects=False)
+    assert r.status_code == 400
+    assert "Username must be between 3 and 32 characters" in r.text