def test_get_other_user(client: FlaskClient):
user = users.add(User('*****@*****.**', 'poaa'))
user.active = True
other_user = users.add(
User(email='*****@*****.**',
password='******',
first_name='Tibor',
last_name='Mikita',
phone='+421111222333',
street='Kosicka',
zip_code='06601',
city='Humenne',
country=Country.SK,
date_of_birth=datetime.date(1994, 5, 25)))
other_user.active = True
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
r = client.get(f'/api/users/{other_user.id}',
headers={'Authorization': f'Bearer {access_token}'})
payload = r.json
assert r.status_code == status.HTTP_400_BAD_REQUEST
assert payload['message'] == 'You cannot get user profile of other person.'
def test_add_product_rating_second_time(client):
category = categories.add(Category(name='Men'))
product = Product(name='Super Small Product', price=0.99)
categories.add_product(category, product)
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
client.post(f'/api/products/{product.id}/ratings',
data=json.dumps({'rating': 5}),
headers={'Authorization': f'Bearer {access_token}'},
content_type='application/json')
assert product.ratings[0].user == user
r = client.post(f'/api/products/{product.id}/ratings',
data=json.dumps({'rating': 5}),
headers={'Authorization': f'Bearer {access_token}'},
content_type='application/json')
payload = r.json
assert r.status_code == status.HTTP_400_BAD_REQUEST
assert payload['message'] == 'This user already rated this product.'
def test_add_category_missing_name(client):
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
r = client.post(
'/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json'
)
payload = r.json
access_token = payload['access_token']
r = client.post(
'/api/categories/',
data=json.dumps({'foo': 'bar'}),
headers={'Authorization': f'Bearer {access_token}'},
content_type='application/json'
)
payload = r.json
assert r.status_code == status.HTTP_400_BAD_REQUEST
assert payload['message'] == 'Invalid payload.'
def test_update_category_empty_json(client):
category = categories.add(Category(name='Mans'))
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
r = client.post(
'/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json'
)
payload = r.json
access_token = payload['access_token']
assert category.name == 'Mans'
r = client.put(
f'/api/categories/{category.id}',
data=json.dumps({}),
headers={'Authorization': f'Bearer {access_token}'},
content_type='application/json'
)
payload = r.json
assert r.status_code == status.HTTP_400_BAD_REQUEST
assert payload['message'] == 'Invalid payload.'
def test_delete_product_rating(client):
category = categories.add(Category(name='Men'))
product = Product(name='Super Small Product', price=0.99)
categories.add_product(category, product)
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
products.add_rating(product, user, 5)
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
assert len(product.ratings) == 1
r = client.delete(f'/api/products/{product.id}/ratings',
headers={'Authorization': f'Bearer {access_token}'})
payload = r.json
assert r.status_code == status.HTTP_200_OK
assert payload['message'] == 'Rating was successfully deleted.'
assert len(product.ratings) == 0
def test_update_user_profile_not_logged_in(client: FlaskClient):
user = users.add(
User(email='*****@*****.**',
password='******',
first_name='Tibor',
last_name='Mikita',
phone='+421111222333',
street='Kosicka',
zip_code='06601',
city='Humenne',
country=Country.SK,
date_of_birth=datetime.date(1994, 5, 25)))
user.active = True
r = client.patch(f'/api/users/{user.id}',
data=json.dumps({
'city': 'Medzilaborce',
'street': 'Bratislavska',
'zip_code': '99999',
'phone': '+420999999999'
}),
content_type='application/json')
payload = r.json
assert r.status_code == status.HTTP_403_FORBIDDEN
assert payload[
'message'] == 'You do not have permission to perform this action.'
def test_update_not_existing_category(client):
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
r = client.post(
'/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json'
)
payload = r.json
access_token = payload['access_token']
not_existing_category_id = 99
r = client.put(
f'/api/categories/{not_existing_category_id}',
data=json.dumps({
'name': 'Men'
}),
headers={'Authorization': f'Bearer {access_token}'}
)
payload = r.json
assert r.status_code == status.HTTP_404_NOT_FOUND
assert payload['message'] == 'Category not found.'
def test_add_product_rating_not_existing_product(client):
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
not_existing_product_id = 99
r = client.post(f'/api/products/{not_existing_product_id}/ratings',
data=json.dumps({'rating': 5}),
headers={'Authorization': f'Bearer {access_token}'},
content_type='application/json')
payload = r.json
assert r.status_code == status.HTTP_404_NOT_FOUND
assert payload['message'] == 'Product not found.'
def test_delete_image_of_product_no_admin_or_worker(client):
category = categories.add(Category(name='Men'))
product = Product(name='Super Small Product', price=0.99)
categories.add_product(category, product)
image = products.add_image(product, url='fake_url.jpg')
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
assert product.id
assert user.role != UserRole.ADMIN and user.role != UserRole.WORKER
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
r = client.delete(f'/api/products/{product.id}/images/{image.id}',
headers={'Authorization': f'Bearer {access_token}'})
payload = r.json
assert r.status_code == status.HTTP_403_FORBIDDEN
assert payload[
'message'] == 'You do not have permission to perform this action.'
def test_delete_category_with_products(client):
category = categories.add(Category(name='Men'))
categories.add_product(category, Product(name='Product 1', price=1.99))
categories.add_product(category, Product(name='Product 2', price=2.99))
categories.add_product(category, Product(name='Product 3', price=3.99))
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
assert category.id
r = client.post(
'/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json'
)
payload = r.json
access_token = payload['access_token']
r = client.delete(f'/api/categories/{category.id}',
headers={'Authorization': f'Bearer {access_token}'})
payload = r.json
assert r.status_code == status.HTTP_400_BAD_REQUEST
assert payload['message'] == 'Category contains products.'
def test_delete_image_of_product(client):
category = categories.add(Category(name='Men'))
product = Product(name='Super Small Product', price=0.99)
categories.add_product(category, product)
image = products.add_image(product, url='fake_url.jpg')
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
assert product.id
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
r = client.delete(f'/api/products/{product.id}/images/{image.id}',
headers={'Authorization': f'Bearer {access_token}'})
payload = r.json
assert r.status_code == status.HTTP_200_OK
assert payload['message'] == 'Image was successfully deleted.'
def test_delete_image_not_existing(client):
category = categories.add(Category(name='Men'))
product = Product(name='Super Small Product', price=0.99)
categories.add_product(category, product)
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
assert product.id
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
not_existing_image_id = 99
r = client.delete(
f'/api/products/{product.id}/images/{not_existing_image_id}',
headers={'Authorization': f'Bearer {access_token}'})
payload = r.json
assert r.status_code == status.HTTP_404_NOT_FOUND
assert payload['message'] == 'Image not found.'
def test_add_product_image_not_admin_or_worker(client):
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
category = categories.add(Category(name='Men'))
product = Product(name='Super Small Product', price=0.99)
categories.add_product(category, product)
assert product.id
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
assert user.role != UserRole.WORKER and user.role != UserRole.ADMIN
with open(testing_image_jpg_path, 'rb') as f:
r = client.post(f'/api/products/{product.id}/images',
data={'file': (f, f.name)},
headers={'Authorization': f'Bearer {access_token}'},
content_type='multipart/form-data')
payload = r.json
assert r.status_code == status.HTTP_403_FORBIDDEN
assert payload[
'message'] == 'You do not have permission to perform this action.'
def test_add_product_image_not_allowed_file_ext(client):
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
category = categories.add(Category(name='Men'))
product = Product(name='Super Small Product', price=0.99)
categories.add_product(category, product)
assert product.id
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
with open(testing_image_png_path, 'rb') as f:
r = client.post(f'/api/products/{product.id}/images',
data={'file': (f, f.name)},
headers={'Authorization': f'Bearer {access_token}'},
content_type='multipart/form-data')
payload = r.json
assert r.status_code == status.HTTP_400_BAD_REQUEST
assert payload['message'] == 'File extension not allowed.'
def test_add_product_image_not_existing_product(client):
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
not_existing_product_id = 99
with open(testing_image_jpg_path, 'rb') as f:
r = client.post(f'/api/products/{not_existing_product_id}/images',
data={'file': (f, f.name)},
headers={'Authorization': f'Bearer {access_token}'},
content_type='multipart/form-data')
payload = r.json
assert r.status_code == status.HTTP_404_NOT_FOUND
assert payload['message'] == 'Product not found.'
def test_add_product_image(client):
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
category = categories.add(Category(name='Men'))
product = Product(name='Super Small Product', price=0.99)
categories.add_product(category, product)
assert product.id
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
with open(testing_image_jpg_path, 'rb') as f:
r = client.post(f'/api/products/{product.id}/images',
data={'file': (f, f.name)},
headers={'Authorization': f'Bearer {access_token}'},
content_type='multipart/form-data')
payload = r.json
assert r.status_code == status.HTTP_201_CREATED
assert payload['message'] == 'Image was successfully uploaded.'
assert len(product.images) == 1
assert isinstance(product.images[0], ProductImage)
assert product.images[0].url
def test_update_category_no_admin_or_worker(client):
category = categories.add(Category(name='Mans'))
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
assert category.id
assert user.role != UserRole.ADMIN and user.role != UserRole.WORKER
r = client.post(
'/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json'
)
payload = r.json
access_token = payload['access_token']
r = client.put(f'/api/categories/{category.id}',
data=json.dumps({
'name': 'Men'
}),
headers={'Authorization': f'Bearer {access_token}'})
payload = r.json
assert r.status_code == status.HTTP_403_FORBIDDEN
assert payload['message'] == 'You do not have permission to perform this action.'
def test_update_user_profile_invalid_phone_format(client: FlaskClient):
user = users.add(
User(email='*****@*****.**',
password='******',
first_name='Tibor',
last_name='Mikita',
phone='+421111222333',
street='Kosicka',
zip_code='06601',
city='Humenne',
country=Country.SK,
date_of_birth=datetime.date(1994, 5, 25)))
user.active = True
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
r = client.patch(f'/api/users/{user.id}',
data=json.dumps({'phone': '0999999999'}),
content_type='application/json',
headers={'Authorization': f'Bearer {access_token}'})
payload = r.json
assert r.status_code == status.HTTP_400_BAD_REQUEST
assert 'Phone must have format' in payload['message']
def test_add_product(client):
category = categories.add(Category(name='Men'))
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
r = client.post(f'/api/categories/{category.id}/products',
data=json.dumps({
'name': 'New Super Product',
'price': 213.99,
'description': 'blah blah blah'
}),
headers={'Authorization': f'Bearer {access_token}'},
content_type='application/json')
payload = r.json
assert r.status_code == status.HTTP_201_CREATED
assert payload['message'] == 'Product was successfully added.'
def test_delete_category(client):
category = categories.add(Category(name='Men'))
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
assert category.id
r = client.post(
'/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json'
)
payload = r.json
access_token = payload['access_token']
r = client.delete(f'/api/categories/{category.id}',
headers={'Authorization': f'Bearer {access_token}'})
payload = r.json
assert r.status_code == status.HTTP_200_OK
assert payload['message'] == 'Category was successfully deleted.'
assert categories.get(category.id) is None
def test_add_category(client):
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
r = client.post(
'/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json'
)
payload = r.json
access_token = payload['access_token']
r = client.post(
'/api/categories/',
data=json.dumps({
'name': 'Men'
}),
headers={'Authorization': f'Bearer {access_token}'},
content_type='application/json'
)
payload = r.json
assert r.status_code == status.HTTP_201_CREATED
assert payload['message'] == 'Category was successfully added.'
def test_update_product_missing_category_id(client):
category = categories.add(Category(name='Men'))
product = Product(name='Super Small Product', price=0.99)
categories.add_product(category, product)
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
assert product.name == 'Super Small Product'
r = client.put(f'/api/products/{product.id}',
data=json.dumps({
'name': 'Super Big Product',
'price': 0.99
}),
headers={'Authorization': f'Bearer {access_token}'},
content_type='application/json')
payload = r.json
assert r.status_code == status.HTTP_400_BAD_REQUEST
assert payload['message'] == 'Invalid payload.'
def post(self):
data = request.get_json()
if not data:
raise InvalidPayload
email = data.get('email')
password = data.get('password')
if email is None or password is None:
raise InvalidPayload
try:
users.add(User(email, password))
except DuplicateEmailError:
raise Conflict('User with this email already exists.')
return {'message': 'Successfully registered.'}, status.HTTP_201_CREATED
def test_get_product_ratings(client):
category = categories.add(Category(name='Men'))
product = Product(name='Super Small Product', price=0.99)
categories.add_product(category, product)
user1 = users.add(User(email='*****@*****.**', password='******'))
user2 = users.add(User(email='*****@*****.**', password='******'))
user3 = users.add(User(email='*****@*****.**', password='******'))
assert user1.id == 1
assert user2.id == 2
assert user3.id == 3
products.add_rating(product, user1, 5)
products.add_rating(product, user2, 4)
products.add_rating(product, user3, 3)
r = client.get(f'/api/products/{product.id}/ratings')
payload = r.json
product_ratings = payload
assert r.status_code == status.HTTP_200_OK
assert len(product_ratings) == 3
sorted_product_ratings = sorted(product_ratings,
key=lambda rating: rating['user']['id'])
assert sorted_product_ratings[0]['user']['id'] == 1
assert sorted_product_ratings[1]['user']['id'] == 2
assert sorted_product_ratings[2]['user']['id'] == 3
assert sorted_product_ratings[0]['user']['email'] == '*****@*****.**'
assert sorted_product_ratings[1]['user']['email'] == '*****@*****.**'
assert sorted_product_ratings[2]['user']['email'] == '*****@*****.**'
assert sorted_product_ratings[0]['product']['id'] == product.id
assert sorted_product_ratings[1]['product']['id'] == product.id
assert sorted_product_ratings[2]['product']['id'] == product.id
assert sorted_product_ratings[0]['rating'] == 5
assert sorted_product_ratings[1]['rating'] == 4
assert sorted_product_ratings[2]['rating'] == 3
def test_update_other_user_profile_not_mine(client: FlaskClient):
user1 = users.add(
User(email='*****@*****.**',
password='******',
first_name='Tibor',
last_name='Mikita',
phone='+421111222333',
street='Kosicka',
zip_code='06601',
city='Humenne',
country=Country.SK,
date_of_birth=datetime.date(1994, 5, 25)))
user1.active = True
user2 = users.add(User('*****@*****.**', 'dsaa'))
user2.active = True
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
r = client.patch(f'/api/users/{user1.id}',
data=json.dumps({
'city': 'Medzilaborce',
'street': 'Bratislavska',
'zip_code': '99999',
'phone': '+420999999999'
}),
content_type='application/json',
headers={'Authorization': f'Bearer {access_token}'})
payload = r.json
assert r.status_code == status.HTTP_400_BAD_REQUEST
assert payload['message'] == 'You cannot edit profile of other person.'
def seed_db():
from project.business import users
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
from project.business import categories
category = categories.add(Category('Men'))
categories.add_product(category, Product(name='Super product',
price=19.99))
categories.add_product(category,
Product(name='Very bad product', price=2.99))
def test_delete_category_not_logged_in(client):
category = categories.add(Category(name='Men'))
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
assert category.id
r = client.delete(f'/api/categories/{category.id}')
payload = r.json
assert r.status_code == status.HTTP_403_FORBIDDEN
assert payload['message'] == 'You do not have permission to perform this action.'
def test_update_user_profile(client: FlaskClient):
user = users.add(
User(email='*****@*****.**',
password='******',
first_name='Tibor',
last_name='Mikita',
phone='+421111222333',
street='Kosicka',
zip_code='06601',
city='Humenne',
country=Country.SK,
date_of_birth=datetime.date(1994, 5, 25)))
user.active = True
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
assert user.city == 'Humenne'
assert user.street == 'Kosicka'
assert user.zip_code == '06601'
assert user.phone == '+421111222333'
r = client.patch(f'/api/users/{user.id}',
data=json.dumps({
'city': 'Medzilaborce',
'street': 'Bratislavska',
'zip_code': '99999',
'phone': '+420999999999'
}),
content_type='application/json',
headers={'Authorization': f'Bearer {access_token}'})
payload = r.json
assert r.status_code == status.HTTP_200_OK
assert payload['message'] == 'Profile successfully modified.'
assert user.city == 'Medzilaborce'
assert user.street == 'Bratislavska'
assert user.zip_code == '99999'
assert user.phone == '+420999999999'
def test_delete_product_not_logged_in(client):
category = categories.add(Category(name='Men'))
product = Product(name='Super Small Product', price=0.99)
categories.add_product(category, product)
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
assert product.id
r = client.delete(f'/api/products/{product.id}')
payload = r.json
assert r.status_code == status.HTTP_403_FORBIDDEN
assert payload[
'message'] == 'You do not have permission to perform this action.'
def test_get_user(client: FlaskClient):
user = users.add(
User(email='*****@*****.**',
password='******',
first_name='Tibor',
last_name='Mikita',
phone='+421111222333',
street='Kosicka',
zip_code='06601',
city='Humenne',
country=Country.SK,
date_of_birth=datetime.date(1994, 5, 25)))
user.active = True
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
r = client.get(f'/api/users/{user.id}',
headers={'Authorization': f'Bearer {access_token}'})
payload = r.json
user_info = payload
assert r.status_code == status.HTTP_200_OK
assert user_info['email'] == '*****@*****.**'
assert user_info['first_name'] == 'Tibor'
assert user_info['last_name'] == 'Mikita'
assert user_info['phone'] == '+421111222333'
assert user_info['street'] == 'Kosicka'
assert user_info['zip_code'] == '06601'
assert user_info['city'] == 'Humenne'
assert user_info['country'] == Country.SK
assert datetime.datetime.strptime(user_info['date_of_birth'],
'%Y-%m-%d').date() == datetime.date(
1994, 5, 25)