def test_change_user_pw(testing_db):
NEW_PASSWORD = '******'
# first, verify that both user and admin logins work
response = hug.test.post(main, "/login", body=get_user_login_body())
assert response.status == hug.HTTP_200
response = hug.test.get(main,
"/admin/config.js",
headers=get_admin_login())
assert response.status == hug.HTTP_200
# now, let's change the password
hug.test.cli('change_user_pw',
module='main',
username=USER,
password=NEW_PASSWORD,
for_real=True)
# check that the old login does not work anymore
response = hug.test.post(main, "/login", body=get_user_login_body())
assert response.status == hug.HTTP_400
# and the new one does
response = hug.test.post(main,
"/login",
body=get_user_login_body(password=NEW_PASSWORD))
assert response.status == hug.HTTP_200
# and the existing user wasn't changed
response = hug.test.get(main,
"/admin/config.js",
headers=get_admin_login())
assert response.status == hug.HTTP_200
def test_change_user_pw(testing_db):
NEW_PASSWORD = '******'
# first, verify that both users' logins work
response = hug.test.get(main,
"/api/booked",
headers=get_user_login(),
start_date="2020-03-26",
end_date="2020-03-26")
assert response.status == hug.HTTP_200
response = hug.test.get(main,
"/admin/config.js",
headers=get_admin_login())
assert response.status == hug.HTTP_200
# now, let's change the password
hug.test.cli('change_user_pw',
module='main',
username=USER,
password=NEW_PASSWORD,
for_real=True)
# check that the old login does not work anymore
response = hug.test.get(main,
"/api/booked",
headers=get_user_login(),
start_date="2020-03-26",
end_date="2020-03-26")
assert response.status == hug.HTTP_401
# and the new one does
response = hug.test.get(
main,
"/api/booked",
headers={"Authorization": get_basic_auth(USER, NEW_PASSWORD)},
start_date="2020-03-26",
end_date="2020-03-26")
assert response.status == hug.HTTP_200
# and the existing user wasn't changed
response = hug.test.get(main,
"/admin/config.js",
headers=get_admin_login())
assert response.status == hug.HTTP_200
def test_create_user(testing_db):
username = "******"
password = "******"
response = hug.test.get(main,
"/config.js",
headers=get_auth_header(username, password))
assert response.status == hug.HTTP_401
response = hug.test.put(main,
"/admin_api/user",
headers=get_admin_login(),
body=get_create_user(username, password))
assert response.status == hug.HTTP_200
response = hug.test.get(main,
"/config.js",
headers=get_auth_header(username, password))
assert response.status == hug.HTTP_200
response = hug.test.get(main,
"/admin_api/user",
headers=get_auth_header(username, password))
assert response.status == hug.HTTP_401
def test_create_user_already_exists(testing_db):
response = hug.test.put(main,
"/admin_api/user",
headers=get_admin_login(),
body=get_create_user(USER, USER + "1"))
assert response.status == hug.HTTP_409
def test_create_user_password_no_match(testing_db):
response = hug.test.put(main,
"/admin_api/user",
headers=get_admin_login(),
body=get_create_user_pw_mismatch(username="******"))
assert response.status == hug.HTTP_400
def test_admin_is_authorized(testing_db):
response = hug.test.get(main, "/admin_api/user", headers=get_admin_login())
assert response.status == hug.HTTP_200
