def test_delete_metabase_user(test_client, test_db):
with mock.patch('app.users.views.metabase', autospeck=True) as metabase_mock:
access_token = test_helpers.get_access_token(test_client)
headers = {'Content-Type': 'application/json', 'Authorization': f"Bearer {access_token}"}
new_user = {
'email': test_helpers.fake.email(),
'username': test_helpers.fake.user_name(),
'role_id': 2,
'name': test_helpers.fake.name(),
'location': test_helpers.fake.address()
}
metabase_mock.insert_user.return_value = 1
resp = test_client.post(
'/users/',
data=json.dumps(new_user),
headers=headers
)
assert resp.status_code == 200
user_id = resp.json['id']
resp = test_client.delete(
f'/users/{user_id}',
headers=headers
)
assert resp.status_code == 200
metabase_mock.deactivate_user.assert_called_once_with(1)
def test_change_email_jwt(test_client, test_db):
"""Regression test for EPS-306
Scenario: Client generates a JWT via login
Client submits a valid request to change their account email
Expected: JWT remains valid
"""
access_token = test_helpers.get_access_token(test_client)
headers = {
'Content-Type': 'application/json',
'Authorization': f"Bearer {access_token}"
}
response = test_client.get('/users/1', headers=headers)
assert response.status_code == 200
# Update account with new email
user = response.json
user['email'] = '*****@*****.**'
response = test_client.put('/users/1', json=user, headers=headers)
assert response.status_code == 200
# JWT remains valid
response = test_client.get('/users/1', headers=headers)
assert response.status_code == 200
def test_no_rescan_on_case_definition_add_survey(test_client, test_db):
with mock.patch('app.surveys.views.models.helpers.metabase_rescan',
autospec=True) as rescan_mock:
case_definition = {
"name": "test_name",
"key": "TCD1",
"description": "test_desc",
"surveys": [],
"documents": []
}
survey = {'name': 'test survey', 'structure': {}}
access_token = test_helpers.get_access_token(test_client)
headers = {
'Content-Type': 'application/json',
'Authorization': f"Bearer {access_token}"
}
resp = test_client.post("/surveys/",
data=json.dumps(survey),
headers=headers)
assert resp.status_code == 200
survey_id = resp.json['id']
resp = test_client.post("/case_definitions/",
data=json.dumps(case_definition),
headers=headers)
assert resp.status_code == 200
case_defn_id = resp.json['id']
resp = test_client.get(f'/case_definitions/{case_defn_id}',
headers=headers)
assert resp.status_code == 200
assert resp.json['surveys'] == []
rescan_mock.assert_called()
rescan_mock.reset_mock()
case_defn = resp.json
case_defn['surveys'] = [survey_id]
resp = test_client.put(f'/case_definitions/{case_defn_id}',
data=json.dumps(case_defn),
headers=headers)
assert resp.status_code == 200
rescan_mock.assert_not_called()
case_defn['surveys'] = []
resp = test_client.put(f'/case_definitions/{case_defn_id}',
data=json.dumps(case_defn),
headers=headers)
assert resp.status_code == 200
rescan_mock.assert_not_called()
def setup_role(test_client):
access_token = test_helpers.get_access_token(test_client)
headers = {
'Content-Type': 'application/json',
'Authorization': f"Bearer {access_token}"
}
role = {'name': 'test_role', 'default': False, 'permissions': 1}
resp = test_client.post('/roles', data=json.dumps(role), headers=headers)
assert resp.status_code == 200
return resp.json['id'], headers
def test_post_multiple_default_roles_fails(test_client, test_db):
access_token = test_helpers.get_access_token(test_client)
headers = {
'Content-Type': 'application/json',
'Authorization': f"Bearer {access_token}"
}
role = {'name': 'test_role_2', 'default': True, 'permissions': 2}
resp = test_client.post('/roles', data=json.dumps(role), headers=headers)
assert resp.status_code == 400
assert resp.json['message'] == 'A default role already exists.'
def test_endpoint_no_update_ts(test_client, test_db):
user = User.query.filter_by(username='******').first()
last_seen_before = user.last_seen_at
updated_before = user.updated_at
access_token = test_helpers.get_access_token(test_client)
response = test_client.get(
'/secure', headers={'Authorization': 'Bearer ' + access_token})
assert response.status_code == 200
assert user.last_seen_at > last_seen_before
assert user.updated_at == updated_before