def test_edit_user_change_pass_no_match(client):
create_user(username="******", role=2)
header = get_access_token_header(username="******")
data = {"password": "******", "confirm_password": "******"}
resp = client.put("auth/users/tester/", headers=header, json=data)
assert resp.status == BADPARAMETER and resp.get_json(
)['msg'] == PASSWORD_MISSMATCH
def test_edit_user_admins_edit_administrator(client):
create_user()
create_user(username="******", role=2, no_role=True)
header = get_access_token_header(username="******")
resp = client.put("auth/users/admin/", headers=header, json=dict())
assert resp.status == FORBIDDEN and resp.get_json(
)['msg'] == INSUFFICIENT_CREDENTIALS
def test_edit_user_no_role(client):
header = get_access_token_header()
create_user(username="******", role=2, no_role=True)
resp = client.put("auth/users/tester/",
headers=header,
json={"role": "NoMatch"})
assert resp.status == BADPARAMETER and resp.get_json(
)['msg'] == ROLE_MISSMATCH
def test_edit_user_reporter_change_role(client):
create_user()
create_user(username="******", role=3, no_role=True)
header = get_access_token_header(username="******")
resp = client.put("auth/users/tester/",
headers=header,
json={"role": "Administrator"})
assert resp.status == FORBIDDEN and resp.get_json()['msg'] == ADMINS_ONLY
def test_edit_user_change_role(client):
header = get_access_token_header()
create_user(username="******", role=2, no_role=True)
resp = client.put("auth/users/tester/",
headers=header,
json={"role": "Reporter"})
header = get_access_token_header(username="******")
result = client.get("auth/users/me/", headers=header)
assert resp.status == INSERTED and result.get_json()['role'] == "Reporter"
def test_edit_user_admin_change_their_role(client):
create_user()
create_user(username="******", role=2, no_role=True)
header = get_access_token_header(username="******")
resp = client.put("auth/users/tester/",
headers=header,
json={"role": "Reporter"})
assert resp.status == FORBIDDEN and resp.get_json(
)['msg'] == SOMEONE_ELSE_DO_IT
def test_edit_user_change_pass(client):
create_user(username="******", password="******", role=2)
header = get_access_token_header(username="******")
data = {
"password": "******",
"confirm_password": "******",
"current_password": "******"
}
resp = client.put("auth/users/tester/", headers=header, json=data)
assert resp.status == INSERTED
def test_edit_user_change_pass_new_and_current_same(client):
create_user(username="******", password="******", role=2)
header = get_access_token_header(username="******")
data = {
"password": "******",
"confirm_password": "******",
"current_password": "******"
}
resp = client.put("auth/users/tester/", headers=header, json=data)
assert resp.status == BADPARAMETER and resp.get_json(
)['msg'] == SAME_OLD_NEW_PASSWORD
def test_edit_user_change_pass_force_password(client):
create_user(username="******",
password="******",
password_change=True,
role=2)
header = get_access_token_header(username="******")
data = {
"password": "******",
"confirm_password": "******",
"current_password": "******"
}
resp = client.put("auth/users/tester/", headers=header, json=data)
result = client.get("auth/users/me/", headers=header)
assert resp.status == INSERTED and result.get_json(
)['force_password_change'] == False
def test_edit_user_change_lastname(client):
header = get_access_token_header()
data = {"last_name": "admin"}
resp = client.put("auth/users/admin/", headers=header, json=data)
assert resp.status == INSERTED
def test_edit_user_reporter_edit_someone_else(client):
create_user()
create_user(username="******", role=3, no_role=True)
header = get_access_token_header(username="******")
resp = client.put("auth/users/admin/", headers=header, json=dict())
assert resp.status == FORBIDDEN and resp.get_json()['msg'] == ADMINS_ONLY
def test_edit_user_no_user(client):
header = get_access_token_header()
resp = client.put("auth/users/tester/", headers=header, json=dict())
assert resp.status == BADPARAMETER and resp.get_json(
)['msg'] == NO_USER_FOUND