def test_get_other_user(client: FlaskClient): user = users.add(User('*****@*****.**', 'poaa')) user.active = True other_user = users.add( User(email='*****@*****.**', password='******', first_name='Tibor', last_name='Mikita', phone='+421111222333', street='Kosicka', zip_code='06601', city='Humenne', country=Country.SK, date_of_birth=datetime.date(1994, 5, 25))) other_user.active = True r = client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') payload = r.json access_token = payload['access_token'] r = client.get(f'/api/users/{other_user.id}', headers={'Authorization': f'Bearer {access_token}'}) payload = r.json assert r.status_code == status.HTTP_400_BAD_REQUEST assert payload['message'] == 'You cannot get user profile of other person.'
def test_add_product_rating_second_time(client): category = categories.add(Category(name='Men')) product = Product(name='Super Small Product', price=0.99) categories.add_product(category, product) user = users.add(User(email='*****@*****.**', password='******')) user.active = True r = client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') payload = r.json access_token = payload['access_token'] client.post(f'/api/products/{product.id}/ratings', data=json.dumps({'rating': 5}), headers={'Authorization': f'Bearer {access_token}'}, content_type='application/json') assert product.ratings[0].user == user r = client.post(f'/api/products/{product.id}/ratings', data=json.dumps({'rating': 5}), headers={'Authorization': f'Bearer {access_token}'}, content_type='application/json') payload = r.json assert r.status_code == status.HTTP_400_BAD_REQUEST assert payload['message'] == 'This user already rated this product.'
def test_add_category_missing_name(client): user = users.add(User(email='*****@*****.**', password='******')) user.active = True user.role = UserRole.ADMIN r = client.post( '/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json' ) payload = r.json access_token = payload['access_token'] r = client.post( '/api/categories/', data=json.dumps({'foo': 'bar'}), headers={'Authorization': f'Bearer {access_token}'}, content_type='application/json' ) payload = r.json assert r.status_code == status.HTTP_400_BAD_REQUEST assert payload['message'] == 'Invalid payload.'
def test_update_category_empty_json(client): category = categories.add(Category(name='Mans')) user = users.add(User(email='*****@*****.**', password='******')) user.active = True user.role = UserRole.ADMIN r = client.post( '/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json' ) payload = r.json access_token = payload['access_token'] assert category.name == 'Mans' r = client.put( f'/api/categories/{category.id}', data=json.dumps({}), headers={'Authorization': f'Bearer {access_token}'}, content_type='application/json' ) payload = r.json assert r.status_code == status.HTTP_400_BAD_REQUEST assert payload['message'] == 'Invalid payload.'
def test_delete_product_rating(client): category = categories.add(Category(name='Men')) product = Product(name='Super Small Product', price=0.99) categories.add_product(category, product) user = users.add(User(email='*****@*****.**', password='******')) user.active = True products.add_rating(product, user, 5) r = client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') payload = r.json access_token = payload['access_token'] assert len(product.ratings) == 1 r = client.delete(f'/api/products/{product.id}/ratings', headers={'Authorization': f'Bearer {access_token}'}) payload = r.json assert r.status_code == status.HTTP_200_OK assert payload['message'] == 'Rating was successfully deleted.' assert len(product.ratings) == 0
def test_update_user_profile_not_logged_in(client: FlaskClient): user = users.add( User(email='*****@*****.**', password='******', first_name='Tibor', last_name='Mikita', phone='+421111222333', street='Kosicka', zip_code='06601', city='Humenne', country=Country.SK, date_of_birth=datetime.date(1994, 5, 25))) user.active = True r = client.patch(f'/api/users/{user.id}', data=json.dumps({ 'city': 'Medzilaborce', 'street': 'Bratislavska', 'zip_code': '99999', 'phone': '+420999999999' }), content_type='application/json') payload = r.json assert r.status_code == status.HTTP_403_FORBIDDEN assert payload[ 'message'] == 'You do not have permission to perform this action.'
def test_update_not_existing_category(client): user = users.add(User(email='*****@*****.**', password='******')) user.active = True user.role = UserRole.ADMIN r = client.post( '/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json' ) payload = r.json access_token = payload['access_token'] not_existing_category_id = 99 r = client.put( f'/api/categories/{not_existing_category_id}', data=json.dumps({ 'name': 'Men' }), headers={'Authorization': f'Bearer {access_token}'} ) payload = r.json assert r.status_code == status.HTTP_404_NOT_FOUND assert payload['message'] == 'Category not found.'
def test_add_product_rating_not_existing_product(client): user = users.add(User(email='*****@*****.**', password='******')) user.active = True r = client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') payload = r.json access_token = payload['access_token'] not_existing_product_id = 99 r = client.post(f'/api/products/{not_existing_product_id}/ratings', data=json.dumps({'rating': 5}), headers={'Authorization': f'Bearer {access_token}'}, content_type='application/json') payload = r.json assert r.status_code == status.HTTP_404_NOT_FOUND assert payload['message'] == 'Product not found.'
def test_delete_image_of_product_no_admin_or_worker(client): category = categories.add(Category(name='Men')) product = Product(name='Super Small Product', price=0.99) categories.add_product(category, product) image = products.add_image(product, url='fake_url.jpg') user = users.add(User(email='*****@*****.**', password='******')) user.active = True assert product.id assert user.role != UserRole.ADMIN and user.role != UserRole.WORKER r = client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') payload = r.json access_token = payload['access_token'] r = client.delete(f'/api/products/{product.id}/images/{image.id}', headers={'Authorization': f'Bearer {access_token}'}) payload = r.json assert r.status_code == status.HTTP_403_FORBIDDEN assert payload[ 'message'] == 'You do not have permission to perform this action.'
def test_delete_category_with_products(client): category = categories.add(Category(name='Men')) categories.add_product(category, Product(name='Product 1', price=1.99)) categories.add_product(category, Product(name='Product 2', price=2.99)) categories.add_product(category, Product(name='Product 3', price=3.99)) user = users.add(User(email='*****@*****.**', password='******')) user.active = True user.role = UserRole.ADMIN assert category.id r = client.post( '/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json' ) payload = r.json access_token = payload['access_token'] r = client.delete(f'/api/categories/{category.id}', headers={'Authorization': f'Bearer {access_token}'}) payload = r.json assert r.status_code == status.HTTP_400_BAD_REQUEST assert payload['message'] == 'Category contains products.'
def test_delete_image_of_product(client): category = categories.add(Category(name='Men')) product = Product(name='Super Small Product', price=0.99) categories.add_product(category, product) image = products.add_image(product, url='fake_url.jpg') user = users.add(User(email='*****@*****.**', password='******')) user.active = True user.role = UserRole.ADMIN assert product.id r = client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') payload = r.json access_token = payload['access_token'] r = client.delete(f'/api/products/{product.id}/images/{image.id}', headers={'Authorization': f'Bearer {access_token}'}) payload = r.json assert r.status_code == status.HTTP_200_OK assert payload['message'] == 'Image was successfully deleted.'
def test_delete_image_not_existing(client): category = categories.add(Category(name='Men')) product = Product(name='Super Small Product', price=0.99) categories.add_product(category, product) user = users.add(User(email='*****@*****.**', password='******')) user.active = True user.role = UserRole.ADMIN assert product.id r = client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') payload = r.json access_token = payload['access_token'] not_existing_image_id = 99 r = client.delete( f'/api/products/{product.id}/images/{not_existing_image_id}', headers={'Authorization': f'Bearer {access_token}'}) payload = r.json assert r.status_code == status.HTTP_404_NOT_FOUND assert payload['message'] == 'Image not found.'
def test_add_product_image_not_admin_or_worker(client): user = users.add(User(email='*****@*****.**', password='******')) user.active = True category = categories.add(Category(name='Men')) product = Product(name='Super Small Product', price=0.99) categories.add_product(category, product) assert product.id r = client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') payload = r.json access_token = payload['access_token'] assert user.role != UserRole.WORKER and user.role != UserRole.ADMIN with open(testing_image_jpg_path, 'rb') as f: r = client.post(f'/api/products/{product.id}/images', data={'file': (f, f.name)}, headers={'Authorization': f'Bearer {access_token}'}, content_type='multipart/form-data') payload = r.json assert r.status_code == status.HTTP_403_FORBIDDEN assert payload[ 'message'] == 'You do not have permission to perform this action.'
def test_add_product_image_not_allowed_file_ext(client): user = users.add(User(email='*****@*****.**', password='******')) user.active = True user.role = UserRole.ADMIN category = categories.add(Category(name='Men')) product = Product(name='Super Small Product', price=0.99) categories.add_product(category, product) assert product.id r = client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') payload = r.json access_token = payload['access_token'] with open(testing_image_png_path, 'rb') as f: r = client.post(f'/api/products/{product.id}/images', data={'file': (f, f.name)}, headers={'Authorization': f'Bearer {access_token}'}, content_type='multipart/form-data') payload = r.json assert r.status_code == status.HTTP_400_BAD_REQUEST assert payload['message'] == 'File extension not allowed.'
def test_add_product_image_not_existing_product(client): user = users.add(User(email='*****@*****.**', password='******')) user.active = True user.role = UserRole.ADMIN r = client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') payload = r.json access_token = payload['access_token'] not_existing_product_id = 99 with open(testing_image_jpg_path, 'rb') as f: r = client.post(f'/api/products/{not_existing_product_id}/images', data={'file': (f, f.name)}, headers={'Authorization': f'Bearer {access_token}'}, content_type='multipart/form-data') payload = r.json assert r.status_code == status.HTTP_404_NOT_FOUND assert payload['message'] == 'Product not found.'
def test_add_product_image(client): user = users.add(User(email='*****@*****.**', password='******')) user.active = True user.role = UserRole.ADMIN category = categories.add(Category(name='Men')) product = Product(name='Super Small Product', price=0.99) categories.add_product(category, product) assert product.id r = client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') payload = r.json access_token = payload['access_token'] with open(testing_image_jpg_path, 'rb') as f: r = client.post(f'/api/products/{product.id}/images', data={'file': (f, f.name)}, headers={'Authorization': f'Bearer {access_token}'}, content_type='multipart/form-data') payload = r.json assert r.status_code == status.HTTP_201_CREATED assert payload['message'] == 'Image was successfully uploaded.' assert len(product.images) == 1 assert isinstance(product.images[0], ProductImage) assert product.images[0].url
def test_update_category_no_admin_or_worker(client): category = categories.add(Category(name='Mans')) user = users.add(User(email='*****@*****.**', password='******')) user.active = True assert category.id assert user.role != UserRole.ADMIN and user.role != UserRole.WORKER r = client.post( '/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json' ) payload = r.json access_token = payload['access_token'] r = client.put(f'/api/categories/{category.id}', data=json.dumps({ 'name': 'Men' }), headers={'Authorization': f'Bearer {access_token}'}) payload = r.json assert r.status_code == status.HTTP_403_FORBIDDEN assert payload['message'] == 'You do not have permission to perform this action.'
def test_update_user_profile_invalid_phone_format(client: FlaskClient): user = users.add( User(email='*****@*****.**', password='******', first_name='Tibor', last_name='Mikita', phone='+421111222333', street='Kosicka', zip_code='06601', city='Humenne', country=Country.SK, date_of_birth=datetime.date(1994, 5, 25))) user.active = True r = client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') payload = r.json access_token = payload['access_token'] r = client.patch(f'/api/users/{user.id}', data=json.dumps({'phone': '0999999999'}), content_type='application/json', headers={'Authorization': f'Bearer {access_token}'}) payload = r.json assert r.status_code == status.HTTP_400_BAD_REQUEST assert 'Phone must have format' in payload['message']
def test_add_product(client): category = categories.add(Category(name='Men')) user = users.add(User(email='*****@*****.**', password='******')) user.active = True user.role = UserRole.ADMIN r = client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') payload = r.json access_token = payload['access_token'] r = client.post(f'/api/categories/{category.id}/products', data=json.dumps({ 'name': 'New Super Product', 'price': 213.99, 'description': 'blah blah blah' }), headers={'Authorization': f'Bearer {access_token}'}, content_type='application/json') payload = r.json assert r.status_code == status.HTTP_201_CREATED assert payload['message'] == 'Product was successfully added.'
def test_delete_category(client): category = categories.add(Category(name='Men')) user = users.add(User(email='*****@*****.**', password='******')) user.active = True user.role = UserRole.ADMIN assert category.id r = client.post( '/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json' ) payload = r.json access_token = payload['access_token'] r = client.delete(f'/api/categories/{category.id}', headers={'Authorization': f'Bearer {access_token}'}) payload = r.json assert r.status_code == status.HTTP_200_OK assert payload['message'] == 'Category was successfully deleted.' assert categories.get(category.id) is None
def test_add_category(client): user = users.add(User(email='*****@*****.**', password='******')) user.active = True user.role = UserRole.ADMIN r = client.post( '/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json' ) payload = r.json access_token = payload['access_token'] r = client.post( '/api/categories/', data=json.dumps({ 'name': 'Men' }), headers={'Authorization': f'Bearer {access_token}'}, content_type='application/json' ) payload = r.json assert r.status_code == status.HTTP_201_CREATED assert payload['message'] == 'Category was successfully added.'
def test_update_product_missing_category_id(client): category = categories.add(Category(name='Men')) product = Product(name='Super Small Product', price=0.99) categories.add_product(category, product) user = users.add(User(email='*****@*****.**', password='******')) user.active = True user.role = UserRole.ADMIN r = client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') payload = r.json access_token = payload['access_token'] assert product.name == 'Super Small Product' r = client.put(f'/api/products/{product.id}', data=json.dumps({ 'name': 'Super Big Product', 'price': 0.99 }), headers={'Authorization': f'Bearer {access_token}'}, content_type='application/json') payload = r.json assert r.status_code == status.HTTP_400_BAD_REQUEST assert payload['message'] == 'Invalid payload.'
def post(self): data = request.get_json() if not data: raise InvalidPayload email = data.get('email') password = data.get('password') if email is None or password is None: raise InvalidPayload try: users.add(User(email, password)) except DuplicateEmailError: raise Conflict('User with this email already exists.') return {'message': 'Successfully registered.'}, status.HTTP_201_CREATED
def test_get_product_ratings(client): category = categories.add(Category(name='Men')) product = Product(name='Super Small Product', price=0.99) categories.add_product(category, product) user1 = users.add(User(email='*****@*****.**', password='******')) user2 = users.add(User(email='*****@*****.**', password='******')) user3 = users.add(User(email='*****@*****.**', password='******')) assert user1.id == 1 assert user2.id == 2 assert user3.id == 3 products.add_rating(product, user1, 5) products.add_rating(product, user2, 4) products.add_rating(product, user3, 3) r = client.get(f'/api/products/{product.id}/ratings') payload = r.json product_ratings = payload assert r.status_code == status.HTTP_200_OK assert len(product_ratings) == 3 sorted_product_ratings = sorted(product_ratings, key=lambda rating: rating['user']['id']) assert sorted_product_ratings[0]['user']['id'] == 1 assert sorted_product_ratings[1]['user']['id'] == 2 assert sorted_product_ratings[2]['user']['id'] == 3 assert sorted_product_ratings[0]['user']['email'] == '*****@*****.**' assert sorted_product_ratings[1]['user']['email'] == '*****@*****.**' assert sorted_product_ratings[2]['user']['email'] == '*****@*****.**' assert sorted_product_ratings[0]['product']['id'] == product.id assert sorted_product_ratings[1]['product']['id'] == product.id assert sorted_product_ratings[2]['product']['id'] == product.id assert sorted_product_ratings[0]['rating'] == 5 assert sorted_product_ratings[1]['rating'] == 4 assert sorted_product_ratings[2]['rating'] == 3
def test_update_other_user_profile_not_mine(client: FlaskClient): user1 = users.add( User(email='*****@*****.**', password='******', first_name='Tibor', last_name='Mikita', phone='+421111222333', street='Kosicka', zip_code='06601', city='Humenne', country=Country.SK, date_of_birth=datetime.date(1994, 5, 25))) user1.active = True user2 = users.add(User('*****@*****.**', 'dsaa')) user2.active = True r = client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') payload = r.json access_token = payload['access_token'] r = client.patch(f'/api/users/{user1.id}', data=json.dumps({ 'city': 'Medzilaborce', 'street': 'Bratislavska', 'zip_code': '99999', 'phone': '+420999999999' }), content_type='application/json', headers={'Authorization': f'Bearer {access_token}'}) payload = r.json assert r.status_code == status.HTTP_400_BAD_REQUEST assert payload['message'] == 'You cannot edit profile of other person.'
def seed_db(): from project.business import users user = users.add(User(email='*****@*****.**', password='******')) user.active = True user.role = UserRole.ADMIN from project.business import categories category = categories.add(Category('Men')) categories.add_product(category, Product(name='Super product', price=19.99)) categories.add_product(category, Product(name='Very bad product', price=2.99))
def test_delete_category_not_logged_in(client): category = categories.add(Category(name='Men')) user = users.add(User(email='*****@*****.**', password='******')) user.active = True user.role = UserRole.ADMIN assert category.id r = client.delete(f'/api/categories/{category.id}') payload = r.json assert r.status_code == status.HTTP_403_FORBIDDEN assert payload['message'] == 'You do not have permission to perform this action.'
def test_update_user_profile(client: FlaskClient): user = users.add( User(email='*****@*****.**', password='******', first_name='Tibor', last_name='Mikita', phone='+421111222333', street='Kosicka', zip_code='06601', city='Humenne', country=Country.SK, date_of_birth=datetime.date(1994, 5, 25))) user.active = True r = client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') payload = r.json access_token = payload['access_token'] assert user.city == 'Humenne' assert user.street == 'Kosicka' assert user.zip_code == '06601' assert user.phone == '+421111222333' r = client.patch(f'/api/users/{user.id}', data=json.dumps({ 'city': 'Medzilaborce', 'street': 'Bratislavska', 'zip_code': '99999', 'phone': '+420999999999' }), content_type='application/json', headers={'Authorization': f'Bearer {access_token}'}) payload = r.json assert r.status_code == status.HTTP_200_OK assert payload['message'] == 'Profile successfully modified.' assert user.city == 'Medzilaborce' assert user.street == 'Bratislavska' assert user.zip_code == '99999' assert user.phone == '+420999999999'
def test_delete_product_not_logged_in(client): category = categories.add(Category(name='Men')) product = Product(name='Super Small Product', price=0.99) categories.add_product(category, product) user = users.add(User(email='*****@*****.**', password='******')) user.active = True user.role = UserRole.ADMIN assert product.id r = client.delete(f'/api/products/{product.id}') payload = r.json assert r.status_code == status.HTTP_403_FORBIDDEN assert payload[ 'message'] == 'You do not have permission to perform this action.'
def test_get_user(client: FlaskClient): user = users.add( User(email='*****@*****.**', password='******', first_name='Tibor', last_name='Mikita', phone='+421111222333', street='Kosicka', zip_code='06601', city='Humenne', country=Country.SK, date_of_birth=datetime.date(1994, 5, 25))) user.active = True r = client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') payload = r.json access_token = payload['access_token'] r = client.get(f'/api/users/{user.id}', headers={'Authorization': f'Bearer {access_token}'}) payload = r.json user_info = payload assert r.status_code == status.HTTP_200_OK assert user_info['email'] == '*****@*****.**' assert user_info['first_name'] == 'Tibor' assert user_info['last_name'] == 'Mikita' assert user_info['phone'] == '+421111222333' assert user_info['street'] == 'Kosicka' assert user_info['zip_code'] == '06601' assert user_info['city'] == 'Humenne' assert user_info['country'] == Country.SK assert datetime.datetime.strptime(user_info['date_of_birth'], '%Y-%m-%d').date() == datetime.date( 1994, 5, 25)