def test_save_existing_project_fail(temp_app, temp_db):
'''Tests various failure cases when saving an existing project'''
# Tests trying to save a nonexistent project
login_res = login_mackland(temp_app)
auth_token = login_res['accessToken']
project = generate_temp_project()
project['id'] = 0
res = put_save(project, auth_token, temp_app)
res_data = json.loads(res.data)
assert res.status_code == 404
assert res_data['error'] == 'Project does not exist'
# Tests trying to save a project created by a different user
project['id'] = 1
res = put_save(project, auth_token, temp_app)
res_data = json.loads(res.data)
assert res.status_code == 403
assert res_data['error'] == 'Forbidden: project belongs to another user'
# Tests trying to save a project with no auth header
res = temp_app.put('/save',
data=json.dumps(project),
content_type='application/json')
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'No authentication provided'
# Tests trying to save a project with no auth token
res = put_save(project, '', temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'No authentication provided'
# Tests trying to save a project with an expired auth token
token = generate_expired_token('access',
temp_app.application.config['SECRET_KEY'])
res = put_save(project, token, temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'Invalid token'
# Tests trying to save a project with an invalid auth token
token = generate_invalid_token('access')
res = put_save(project, token, temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'Invalid token'
# Tests trying to use a refresh token to access projects
token = encode_auth_token('refresh', 1, datetime.timedelta(days=3),
temp_app.application.config['SECRET_KEY'])
res = put_save(project, token.decode(), temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'Invalid token type'
def test_save_new_project_fail(temp_app, temp_db):
'''Tests various failure cases when trying to save a new project'''
# Tests trying to save a project with a duplicate name under the same user
login_res = login_hello(temp_app)
auth_token = login_res['accessToken']
data = generate_temp_project()
data['name'] = 'New Project 1'
res = post_save(data, auth_token, temp_app)
res_data = json.loads(res.data)
assert res.status_code == 400
assert res_data['error'] == 'A project with that name already exists'
# Tests trying to save project with no auth header
data = generate_temp_project()
res = temp_app.post('/save',
data=json.dumps(data),
content_type='application/json')
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'No authentication provided'
# Tests trying to save project with no auth token
res = post_save(data, '', temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'No authentication provided'
# Tests trying to save project with an expired token
token = generate_expired_token('access',
temp_app.application.config['SECRET_KEY'])
res = post_save(data, token, temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'Invalid token'
# Tests trying to save project with a token signed with the wrong key
token = generate_invalid_token('access')
res = post_save(data, token, temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'Invalid token'
# Tests trying to use a refresh token to access projects
token = encode_auth_token('refresh', 1, datetime.timedelta(days=3),
temp_app.application.config['SECRET_KEY'])
res = post_save(data, token.decode(), temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'Invalid token type'
def test_delete_project_fail(temp_app, temp_db):
'''Tests various failure cases when trying to delete a project'''
# Tests trying to delete a nonexistent project'''
login_res = login_mackland(temp_app)
auth_token = login_res['accessToken']
res = delete_project(0, auth_token, temp_app)
res_data = json.loads(res.data)
assert res.status_code == 400
assert res_data['error'] == 'Project does not exist'
# Tests trying to delete a project created by a different user
res = delete_project(1, auth_token, temp_app)
res_data = json.loads(res.data)
assert res.status_code == 403
assert res_data['error'] == 'Forbidden: project belongs to another user'
# Tests trying to delete project with no auth header
res = temp_app.delete('/project/1')
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'No authentication provided'
# Tests trying to delete project with no auth token
res = temp_app.delete('/project/1', headers=dict(Authorization='Bearer '))
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'No authentication provided'
# Tests trying to delete project with an expired token
token = generate_expired_token('access',
temp_app.application.config['SECRET_KEY'])
res = delete_project(1, token, temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'Invalid token'
# Tests trying to delete project with a token signed with the wrong key
token = generate_invalid_token('access')
res = delete_project(1, token, temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'Invalid token'
# Tests trying to use a refresh token to access projects
token = encode_auth_token('refresh', 1, datetime.timedelta(days=3),
temp_app.application.config['SECRET_KEY'])
res = delete_project(1, token.decode(), temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'Invalid token type'
def test_get_projects_fail(temp_app, temp_db):
'''Tests getting projects with various failure cases'''
# Tests trying to get projects with no auth header
res = temp_app.get('/projects')
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'No authentication provided'
# Tests trying to get projects with no auth header
res = temp_app.get('/projects', headers=dict(Authorization='Bearer '))
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'No authentication provided'
# Tests trying to get projects with an expired token
token = generate_expired_token('access',
temp_app.application.config['SECRET_KEY'])
res = get_projects(token, temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'Invalid token'
# Tests trying to get projects with a token signed with the wrong key
token = generate_invalid_token('access')
res = get_projects(token, temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'Invalid token'
# Tests trying to use a refresh token to access projects
token = encode_auth_token('refresh', 1, datetime.timedelta(days=3),
temp_app.application.config['SECRET_KEY'])
res = get_projects(token.decode(), temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'Invalid token type'
def test_authenticate_fail(temp_app, temp_db):
'''Tests various failure cases when verifying a jwt'''
# Tests verifying with no auth header
res = temp_app.get('auth/authenticate')
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'No authentication provided'
# Tests verifying with no auth token
res = get_authenticate('', temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'No authentication provided'
# Tests trying to verify with an expired token
auth_token = generate_expired_token(
'refresh', temp_app.application.config['SECRET_KEY'])
res = get_authenticate(auth_token, temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'Invalid token'
# Tests trying to verify with a token signed with the wrong key
auth_token = generate_invalid_token('refresh')
res = get_authenticate(auth_token, temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'Invalid token'
# Tests trying to use an access token to refresh
token = encode_auth_token('access', 1, datetime.timedelta(days=3),
temp_app.application.config['SECRET_KEY'])
res = get_authenticate(token.decode(), temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'Invalid token type'