def test_get_user_admin(self):
admin_user = th.get_user_details('admin')
access_token = flask_jwt_extended.create_access_token(identity=admin_user)
username = '******'
response = self.client.open(
f'/api/v1/user/{username}',
method='GET',
content_type='application/json',
headers = {'Authorization': 'Bearer ' + access_token}
)
self.assertStatus(response, 200)
data = response.json
self.assertEqual(data['first_name'], 'Administrator')
self.assertEqual(data['last_name'], 'SuperUser')
self.assertEqual(data['username'], 'admin')
self.assertEqual(data['email'], '*****@*****.**')
self.assertEqual(data['role'], 'admin')
self.assertEqual(data['enabled'], True)
self.assertNotIn('password', data)
username = '******'
response = self.client.open(
f'/api/v1/user/{username}',
method='GET',
content_type='application/json',
headers = {'Authorization': 'Bearer ' + access_token}
)
self.assertStatus(response, 200)
data = response.json
self.assertEqual(data['first_name'], 'user_first_name')
self.assertEqual(data['last_name'], 'user_last_name')
self.assertEqual(data['username'], 'user')
self.assertEqual(data['email'], '*****@*****.**')
self.assertEqual(data['role'], 'user')
self.assertEqual(data['enabled'], True)
self.assertNotIn('password', data)
username = '******'
response = self.client.open(
f'/api/v1/user/{username}',
method='GET',
content_type='application/json',
headers = {'Authorization': 'Bearer ' + access_token}
)
self.assertStatus(response, 200)
data = response.json
self.assertEqual(data['first_name'], 'manager_first_name')
self.assertEqual(data['last_name'], 'manager_last_name')
self.assertEqual(data['username'], 'manager')
self.assertEqual(data['email'], '*****@*****.**')
self.assertEqual(data['role'], 'manager')
self.assertEqual(data['enabled'], True)
self.assertNotIn('password', data)
def test_update_user_manager(self):
admin_user = th.get_user_details('manager')
access_token = flask_jwt_extended.create_access_token(identity=admin_user)
new_user_details = {
'first_name': 'modified',
'last_name': 'modififed',
'email': '*****@*****.**'
}
username = '******'
response = self.client.open(
f'/api/v1/user/{username}',
method='PUT',
content_type='application/json',
headers = {'Authorization': 'Bearer ' + access_token},
data=json.dumps(new_user_details)
)
self.assertStatus(response, 403)
username = '******'
response = self.client.open(
f'/api/v1/user/{username}',
method='PUT',
content_type='application/json',
headers = {'Authorization': 'Bearer ' + access_token},
data=json.dumps(new_user_details)
)
self.assertStatus(response, 200)
data = UserDetails.get(username).to_dict()
self.assertEqual(data['first_name'], 'modified')
self.assertEqual(data['last_name'], 'modififed')
self.assertEqual(data['username'], 'user')
self.assertEqual(data['email'], '*****@*****.**')
self.assertEqual(data['enabled'], True)
new_user_details = {
'first_name': 'modified',
'last_name': 'modififed',
'email': '*****@*****.**'
}
username = '******'
response = self.client.open(
f'/api/v1/user/{username}',
method='PUT',
content_type='application/json',
headers = {'Authorization': 'Bearer ' + access_token},
data=json.dumps(new_user_details)
)
self.assertStatus(response, 200)
data = UserDetails.get(username).to_dict()
self.assertEqual(data['first_name'], 'modified')
self.assertEqual(data['last_name'], 'modififed')
self.assertEqual(data['username'], 'manager')
self.assertEqual(data['email'], '*****@*****.**')
self.assertEqual(data['enabled'], True)
def test_enable_disable_user(self):
admin_user = th.get_user_details('user')
access_token = flask_jwt_extended.create_access_token(identity=admin_user)
username = '******'
response = self.client.open(
f'/api/v1/user/{username}/enable',
method='POST',
content_type='application/json',
headers = {'Authorization': 'Bearer ' + access_token}
)
self.assertStatus(response, 403)
response = self.client.open(
f'/api/v1/user/{username}/disable',
method='POST',
content_type='application/json',
headers = {'Authorization': 'Bearer ' + access_token}
)
self.assertStatus(response, 403)
username = '******'
response = self.client.open(
f'/api/v1/user/{username}/enable',
method='POST',
content_type='application/json',
headers = {'Authorization': 'Bearer ' + access_token}
)
self.assertStatus(response, 403)
response = self.client.open(
f'/api/v1/user/{username}/disable',
method='POST',
content_type='application/json',
headers = {'Authorization': 'Bearer ' + access_token}
)
self.assertStatus(response, 403)
username = '******'
response = self.client.open(
f'/api/v1/user/{username}/enable',
method='POST',
content_type='application/json',
headers = {'Authorization': 'Bearer ' + access_token}
)
self.assertStatus(response, 403)
response = self.client.open(
f'/api/v1/user/{username}/disable',
method='POST',
content_type='application/json',
headers = {'Authorization': 'Bearer ' + access_token}
)
self.assertStatus(response, 403)
def test_get_user_not_found(self):
user = th.get_user_details('admin')
access_token = flask_jwt_extended.create_access_token(identity=user)
username = '******'
response = self.client.open(
f'/api/v1/user/{username}',
method='GET',
content_type='application/json',
headers = {'Authorization': 'Bearer ' + access_token}
)
self.assertStatus(response, 404)
def test_delete_user_admin_by_user(self):
user = th.get_user_details('user')
access_token = flask_jwt_extended.create_access_token(identity=user)
self.assertEqual(len(UserDetails.get_all()), 3)
username = '******'
response = self.client.open(
f'/api/v1/user/{username}',
method='DELETE',
content_type='application/json',
headers = {'Authorization': 'Bearer ' + access_token}
)
self.assertStatus(response, 403)
self.assertEqual(len(UserDetails.get_all()), 3)
def test_get_all_users_manager(self):
user = th.get_user_details('manager')
access_token = flask_jwt_extended.create_access_token(identity=user)
response = self.client.open(
'/api/v1/user',
method='GET',
content_type='application/json',
headers = {'Authorization': 'Bearer ' + access_token}
)
self.assertStatus(response, 200)
data = response.json['data']
self.assertEqual(len(UserDetails.get_all()), 3)
self.assertEqual(len(data), 1)
self.assertEqual(data[0]['first_name'], 'user_first_name')
self.assertEqual(data[0]['last_name'], 'user_last_name')
self.assertEqual(data[0]['username'], 'user')
self.assertEqual(data[0]['email'], '*****@*****.**')
self.assertEqual(data[0]['role'], 'user')
self.assertEqual(data[0]['enabled'], True)
self.assertNotIn('password', data[0])
