def test_get_entry(self):
with self.app.app_context():
user = UsersModel("test", "test")
user.hash_password("test")
user.save_to_db()
book = BooksModel(1, 1, 1, "test")
book.save_to_db()
book2 = BooksModel(2, 1, 1, "test")
book2.save_to_db()
book3 = BooksModel(3, 1, 1, "test")
book3.save_to_db()
entry = LibraryModel(book.isbn, user.id, LibraryType.Bought, State.Pending)
entry.save_to_db()
entry2 = LibraryModel(book2.isbn, user.id, LibraryType.WishList, State.Pending)
entry2.save_to_db()
entry3 = LibraryModel(book3.isbn, user.id, LibraryType.Bought, State.Reading)
entry3.save_to_db()
res = self.client.post("api/login", data={"email": user.email, "password": "******"})
token = json.loads(res.data)["token"]
res = self.client.get(f"api/userLibrary/{user.email}", headers={
"Authorization": 'Basic ' + base64.b64encode((token + ":").encode('ascii')).decode('ascii')
})
self.assertEqual(200, res.status_code)
expectedRes = list(map(lambda e: e.json(), [entry, entry3]))
self.assertEqual(expectedRes, json.loads(res.data)["library"])
def post(self):
data = parse_user()
check_constraints_user(data)
with lock:
user = UsersModel.find_by_username(data["username"])
if user:
return {
"message":
f"An user with same username {data['username']} already exists"
}, 409
user = UsersModel.find_by_email(data["email"])
if user:
return {
"message":
f"An user with same email {data['email']} already exists"
}, 409
password = data.pop("password")
try:
user = UsersModel(**data)
user.hash_password(password)
user.save_to_db()
verify = VerifyModel(user.id)
verify.save_to_db()
verify.send_email(user.email, request.url_root)
except Exception as e:
return {"message": str(e)}, 500
return user.json(), 201
def test_add(self):
with self.app.app_context():
to_add = UsersModel('test', '*****@*****.**')
to_add.hash_password('password')
UsersModel.save_to_db(to_add)
self.assertEqual(
UsersModel.find_by_username('test').username, to_add.username)
def test_library_visibility_modification_other_user(self):
with self.app.app_context():
self.basic_setup()
user2 = UsersModel("test2", "test2")
user2.hash_password("test2")
user2.save_to_db()
library = self.entry = LibraryModel(self.book.isbn, user2.id,
LibraryType.Bought)
library.save_to_db()
res = self.client.delete(
f"api/library/{user2.email}/visibility/{self.book.isbn}",
headers={
"Authorization":
'Basic ' + base64.b64encode(
(self.token + ":").encode('ascii')).decode('ascii')
})
self.assertEqual(401, res.status_code)
# Checks visibility doesn't change
self.assertEqual(
self.entry.visible,
LibraryModel.find_by_id_and_isbn(self.user.id,
self.book.isbn).visible)
def test_get_all_transactions_no_admin(self):
with self.app.app_context():
user = UsersModel("test",
"*****@*****.**",
role=Roles.User)
user.hash_password("test")
user.save_to_db()
res = self.client.post("/api/login",
data={
"email": user.email,
"password": "******"
})
token = json.loads(res.data)["token"]
book = BooksModel(1, 1, 1, "book1")
book.save_to_db()
book2 = BooksModel(2, 2, 13.1, "book2")
book2.save_to_db()
isbns = [book.isbn, book2.isbn]
prices = [book.precio, book2.precio]
quantities = [1, 1]
TransactionsModel.save_transaction(user.id, isbns, prices,
quantities)
res = self.client.get(
"/api/allTransactions",
headers={
"Authorization":
'Basic ' + base64.b64encode(
(token + ":").encode('ascii')).decode('ascii')
})
self.assertEqual(403, res.status_code)
def test_library_visibility_modification_other_user(self):
with self.app.app_context():
self.basic_setup()
user2 = UsersModel("test2", "test2")
user2.hash_password("test2")
user2.save_to_db()
library = self.entry = LibraryModel(self.book.isbn, user2.id,
LibraryType.Bought)
library.save_to_db()
new_data = {
"state": State.Finished.name,
"library_type": LibraryType.WishList.name
}
res = self.client.put(
f"/api/library/{user2.email}/{self.book.isbn}",
data=new_data,
headers={
"Authorization":
'Basic ' + base64.b64encode(
(self.token + ":").encode('ascii')).decode('ascii')
})
self.assertEqual(401, res.status_code)
self.assertEqual(
self.entry.state,
LibraryModel.find_by_id_and_isbn(self.user.id,
self.book.isbn).state)
self.assertEqual(
self.entry.library_type,
LibraryModel.find_by_id_and_isbn(self.user.id,
self.book.isbn).library_type)
def test_delete_user(self):
with self.app.app_context():
user = UsersModel("test4", "*****@*****.**")
user.hash_password("test4")
user.save_to_db()
res = self.client.post("/api/login", data={"email": "*****@*****.**", "password": "******"})
self.assertEqual(200, res.status_code)
token = json.loads(res.data)["token"]
res = self.client.delete("/api/user/[email protected]", headers={
"Authorization": 'Basic ' + base64.b64encode((token + ":").encode('ascii')).decode('ascii')
})
# veiem que s'esborra correctament
self.assertEqual(200, res.status_code)
res = self.client.get("/api/users")
self.assertEqual(200, res.status_code)
self.assertEqual(None, json.loads(res.data)["users"])
# tornem a crear un usuari amb les mateixes dades i ens deixa
user = UsersModel("test4", "*****@*****.**")
user.hash_password("test4")
user.save_to_db()
res = self.client.post("/api/login", data={"email": "*****@*****.**", "password": "******"})
self.assertEqual(200, res.status_code)
def test_post_entry_without_login(self):
with self.app.app_context():
user = UsersModel("test", "test")
user.hash_password("test2")
user.save_to_db()
res = self.client.post(f"api/library/{user.email}")
self.assertEqual(401, res.status_code)
def test_modify_without_login(self):
with self.app.app_context():
user = UsersModel("test", "*****@*****.**")
user.hash_password("test")
user.save_to_db()
data_new = {'username': '******', 'password': '******'}
res = self.client.put(f"/api/user/{user.email}", data=data_new)
self.assertEqual(401, res.status_code)
def test_add_same_email(self):
with self.app.app_context():
to_add = UsersModel('test', '*****@*****.**')
to_add.hash_password('password')
UsersModel.save_to_db(to_add)
to_add = UsersModel('test_not_same', '*****@*****.**')
to_add.hash_password('password')
with self.assertRaises(Exception):
UsersModel.save_to_db(to_add)
def test_delete_but_keep(self):
with self.app.app_context():
to_add = UsersModel('test', '*****@*****.**')
to_add.hash_password('password')
UsersModel.save_to_db(to_add)
UsersModel.delete_from_db(UsersModel.find_by_username('test'))
keeps = len(
UsersModel.query.filter_by(username='******', state=False).all())
self.assertNotEqual(keeps, 0)
def test_put_recovery_not_requested(self):
with self.app.app_context():
user = UsersModel("test", "test")
user.hash_password("test")
user.save_to_db()
new_password = "******"
res = self.client.put(f"/api/recovery/notImportant",
data={"new_password": new_password})
self.assertEqual(403, res.status_code)
def test_get_invalid_validation(self):
with self.app.app_context():
user = UsersModel("test2", "test2")
user.hash_password("test2")
user.save_to_db()
res = self.client.get(f"/api/recovery/fails")
self.assertEqual(404, res.status_code)
self.assertEqual("Password Recovery with ['key':fails] is invalid",
json.loads(res.data)["message"])
def test_get_users(self):
with self.app.app_context():
user = UsersModel("test5", "*****@*****.**")
user.hash_password("test5")
user.save_to_db()
res = self.client.get("/api/users")
self.assertEqual(200, res.status_code)
list_users = list(map(lambda u: u.json(), UsersModel.query.all()))
self.assertEqual(list_users, json.loads(res.data)["users"])
def test_post_recovery(self):
with self.app.app_context(), mail.record_messages() as outbox:
user = UsersModel("test", "*****@*****.**")
user.hash_password("test")
user.save_to_db()
res = self.client.post(f"/api/recovery",
data={"email": user.email})
self.assertEqual(201, res.status_code)
self.assertEqual(1, len(outbox))
self.assertEqual(user.json(), json.loads(res.data)["user"])
def test_get_user(self):
with self.app.app_context():
user = UsersModel("test", "*****@*****.**")
user.hash_password("test")
user.save_to_db()
res = self.client.get("/api/user/[email protected]")
self.assertEqual(200, res.status_code)
self.assertEqual(user.json(), json.loads(res.data)["user"])
res = self.client.get("/api/user/doesntexist")
self.assertEqual(404, res.status_code)
def test_get_validation(self):
with self.app.app_context():
user = UsersModel("test", "test")
user.hash_password("test")
user.save_to_db()
recovery = PasswordRecoveryModel(user.id)
recovery.save_to_db()
res = self.client.get(f"/api/recovery/{recovery.key}")
self.assertEqual(200, res.status_code)
self.assertEqual(recovery.json(), json.loads(res.data)["recovery"])
def test_get_entry_invalid_parameter(self):
with self.app.app_context():
user = UsersModel("test", "test")
user.hash_password("test4")
user.save_to_db()
res = self.client.post("api/login", data={"email": user.email, "password": "******"})
token = json.loads(res.data)["token"]
res = self.client.get(f"api/userLibrary/{user.email}", data={"library_type": "Potato"}, headers={
"Authorization": 'Basic ' + base64.b64encode((token + ":").encode('ascii')).decode('ascii')
})
self.assertEqual(409, res.status_code)
def test_put_recovery_expired(self):
with self.app.app_context():
user = UsersModel("test", "test")
user.hash_password("test")
user.save_to_db()
recovery = PasswordRecoveryModel(user.id)
recovery.time -= 2 * PasswordRecoveryModel.VALID_UNTIL
recovery.save_to_db()
new_password = "******"
res = self.client.put(f"/api/recovery/{recovery.key}",
data={"new_password": new_password})
self.assertEqual(403, res.status_code)
def test_put_recovery(self):
with self.app.app_context():
user = UsersModel("test", "test")
user.hash_password("test")
user.save_to_db()
recovery = PasswordRecoveryModel(user.id)
recovery.save_to_db()
new_password = "******"
res = self.client.put(f"/api/recovery/{recovery.key}",
data={"new_password": new_password})
self.assertEqual(200, res.status_code)
self.assertEqual(user.json(), json.loads(res.data)["user"])
self.assertTrue(user.check_password(new_password))
def test_get_transactions_without_login(self):
with self.app.app_context():
user = UsersModel('test', '*****@*****.**')
user.hash_password('test')
UsersModel.save_to_db(user)
book = BooksModel(1, 1, 1.0, "titulo")
book.save_to_db()
# no login
dataTransaction = {}
res = self.client.post("/api/transaction", data=dataTransaction)
self.assertEqual(401, res.status_code)
def test_login_user(self):
with self.app.app_context():
user = UsersModel("test3", "*****@*****.**")
user.hash_password("test3")
user.save_to_db()
res = self.client.post("/api/login",
data={
"email": "*****@*****.**",
"password": "******"
})
self.assertEqual(200, res.status_code)
self.assertEqual(
user,
UsersModel.verify_auth_token(json.loads(res.data)["token"]))
def test_recovery_mail(self):
with self.app.app_context(), mail.record_messages() as outbox:
user = UsersModel("test", "*****@*****.**")
user.hash_password("test")
user.save_to_db()
recovery = PasswordRecoveryModel(user.id)
recovery.save_to_db()
root = "http://test.com/"
recovery.send_email(user.email, root)
self.assertEqual(1, len(outbox))
self.assertEqual("Password recovery", outbox[0].subject)
self.assertEqual(user.email, outbox[0].recipients[0])
self.assertTrue(
f"http://test.com/reset?key={recovery.key}" in outbox[0].body)
def test_modify_email_already_used(self):
with self.app.app_context():
self.basic_setup()
user2 = UsersModel("patata", "*****@*****.**")
user2.hash_password("patata")
user2.save_to_db()
data_new = {'email': user2.email, 'password': '******'}
res = self.client.put(
f"/api/user/{self.user.email}",
data=data_new,
headers={
"Authorization":
'Basic ' + base64.b64encode(
(self.token + ":").encode('ascii')).decode('ascii')
})
self.assertEqual(409, res.status_code)
def test_post_entry_invalid_parameter(self):
with self.app.app_context():
user = UsersModel("test", "test")
user.hash_password("test")
user.save_to_db()
res = self.client.post("api/login", data={"email": user.email, "password": "******"})
token = json.loads(res.data)["token"]
parameters = {
'isbn': 40,
'email': user.email
}
res = self.client.post("api/library", data=parameters, headers={
"Authorization": 'Basic ' + base64.b64encode((token + ":").encode('ascii')).decode('ascii')
})
self.assertEqual(404, res.status_code)
def test_model_update_several_score(self):
with self.app.app_context():
self.basic_setup()
user2 = UsersModel("test2", "test2")
user2.hash_password("test2")
user2.save_to_db()
review = ReviewsModel(self.book.isbn, self.user.id, 2)
review.save_to_db()
review2 = ReviewsModel(self.book.isbn, user2.id, 4)
review2.save_to_db()
data = {"score": 3}
review.update_from_db(data)
self.assertEqual(data["score"], review.score)
self.assertEqual((data["score"] + review2.score)/2, ScoresModel.find_by_isbn(self.book.isbn).score)
def test_post_entry(self):
with self.app.app_context():
user = UsersModel("test", "test")
user.hash_password("test")
user.save_to_db()
book = BooksModel(1, 1, 1, "test")
book.save_to_db()
res = self.client.post("api/login", data={"email": user.email, "password": "******"})
token = json.loads(res.data)["token"]
parameters = {
'isbn': book.isbn,
}
res = self.client.post(f"api/library/{user.email}", data=parameters, headers={
"Authorization": 'Basic ' + base64.b64encode((token + ":").encode('ascii')).decode('ascii')
})
self.assertEqual(201, res.status_code)
self.assertEqual(LibraryModel.find_by_id_and_isbn(user.id, 1).json(), json.loads(res.data))
class UnitTestOfUS(BaseTest):
def basic_setup(self):
password = "******"
self.admin = UsersModel("admin", "admin", Roles.Admin)
self.admin.hash_password(password)
self.admin.save_to_db()
self.user = UsersModel("test", "test")
self.user.hash_password("test")
self.user.save_to_db()
self.book = BooksModel(2, 2, 2, "test")
self.book.save_to_db()
res = self.client.post("/api/login",
data={
"email": self.admin.email,
"password": password
})
self.token = json.loads(res.data)["token"]
def test_delete_review_admin(self):
with self.app.app_context():
self.basic_setup()
review = ReviewsModel(self.book.isbn, self.user.id, 2, "test")
review.save_to_db()
res = self.client.delete(
f"api/review/{self.user.id}/{self.book.isbn}",
headers={
"Authorization":
'Basic ' + base64.b64encode(
(self.token + ":").encode('ascii')).decode('ascii')
})
self.assertEqual(200, res.status_code)
self.assertEqual(
None,
ReviewsModel.find_by_isbn_user_id(self.book.isbn,
self.user.id))
def test_delete_user(self):
with self.app.app_context():
user = UsersModel("test4", "*****@*****.**")
user.hash_password("test4")
user.save_to_db()
res = self.client.post("/api/login",
data={
"email": "*****@*****.**",
"password": "******"
})
self.assertEqual(200, res.status_code)
token = json.loads(res.data)["token"]
res = self.client.delete(
"/api/user/[email protected]",
headers={
"Authorization":
'Basic ' + base64.b64encode(
(token + ":").encode('ascii')).decode('ascii')
})
self.assertEqual(200, res.status_code)
def test_get_transactions_other_user(self):
with self.app.app_context():
self.basic_setup()
book2 = BooksModel(2, 2, 13.1, "book2")
book2.save_to_db()
isbns = [self.book.isbn, book2.isbn]
prices = [self.book.precio, book2.precio]
quantities = [1, 1]
dataTransaction = {
"isbns": isbns,
'prices': prices,
'quantities': quantities,
"email": self.user.email,
}
res = self.client.post(
"/api/transaction",
data=dataTransaction,
headers={
"Authorization":
'Basic ' + base64.b64encode(
(self.token + ":").encode('ascii')).decode('ascii')
})
self.assertEqual(201, res.status_code)
user2 = UsersModel('test2', '*****@*****.**')
user2.hash_password('test2')
UsersModel.save_to_db(user2)
res = self.client.get(
'/api/transactions/' + user2.email,
headers={ # user tries to get user2 transactions
"Authorization":
'Basic ' + base64.b64encode(
(self.token + ":").encode('ascii')).decode('ascii')
})
self.assertEqual(401, res.status_code)
