def test_get_user_with_other_jwt(self):
user = User(
username='******',
password='******',
email='*****@*****.**',
)
role = Roles({'username': user.username, 'roles': user.is_admin})
save_user(user)
save_user(role)
me = User(
username='******',
password='******',
email='*****@*****.**',
)
role_me = Roles({'username': me.username, 'roles': me.is_admin})
save_user(me)
save_user(role_me)
with self.client:
res_login = self.client.post('/v1/login',
headers={
'Content-Type':
'application/json',
'Accept': 'application/json'
},
data=json.dumps({
'username': '******',
'password': '******'
}))
data_login = json.loads(res_login.data.decode())
response = self.client.get('/v1/users/{}'.format(user.username),
headers={
'Content-Type':
'application/json',
'Accept':
'application/json',
'Authorization':
'Bearer {}'.format(
data_login['access_token'])
})
data = json.loads(response.data.decode())
self.assertTrue(data['ok'] == True)
self.assertTrue(
data['msg'] == 'Accessed to {} page.'.format(user.username))
self.assertTrue(data['is_user'] == False)
self.assertTrue(response.content_type == 'application/json')
self.assertEqual(response.status_code, 200)
def test_get_all_users_with_unauthorized_jwt(self):
user = User(
username='******',
password='******',
email='*****@*****.**',
)
role = Roles({'username': user.username, 'roles': user.is_admin})
admin = User(
username='******',
password='******',
email='*****@*****.**',
)
admin_r = Roles({'username': admin.username, 'roles': admin.is_admin})
save_user(user)
save_user(role)
save_user(admin)
save_user(admin_r)
with self.client:
res_login = self.client.post('/v1/login',
headers={
'Content-Type':
'application/json',
'Accept': 'application/json'
},
data=json.dumps({
'username': '******',
'password': '******'
}))
data_login = json.loads(res_login.data.decode())
response = self.client.get('/v1/users',
headers={
'Content-Type':
'application/json',
'Accept':
'application/json',
'Authorization':
'Bearer {}'.format(
data_login['access_token'])
})
data = json.loads(response.data.decode())
self.assertTrue(data['ok'] == False)
self.assertTrue(data['msg'] == 'Sorry, page not found.')
self.assertTrue(response.content_type == 'application/json')
self.assertEqual(response.status_code, 404)
def test_update_email_by_user(self):
user = User(
username='******',
password='******',
email='*****@*****.**'
)
user_r = Roles({
'username': user.username,
'roles': user.is_admin
})
save_user(user)
save_user(user_r)
with self.client:
res_login = self.client.post(
'/v1/login',
headers={
'Content-Type': 'application/json',
'Accept': 'application/json'
},
data=json.dumps({
'username': '******',
'password': '******'
})
)
data_login = json.loads(res_login.data.decode())
response = self.client.put(
f'/v1/users/{user.username}',
headers={
'Content-Type': 'application/json',
'Accept': 'application/json',
'Authorization': 'Bearer {}'.format(data_login['access_token'])
},
data=json.dumps({
'username': '******',
'email': '*****@*****.**'
})
)
data = json.loads(response.data.decode())
self.assertTrue(data['ok'] == True)
self.assertTrue(data['msg'] == 'Updated successfully')
self.assertTrue(response.content_type == 'application/json')
self.assertEqual(response.status_code, 200)
def test_post_non_admin_user_with_admin_role(self):
user = User(
username='******',
password='******',
email='*****@*****.**',
)
user_r = Roles({'username': user.username, 'roles': 'admin'})
save_user(user)
save_user(user_r)
with self.client:
res_login = self.client.post('/v1/login',
headers={
'Content-Type':
'application/json',
'Accept': 'application/json'
},
data=json.dumps({
'username': '******',
'password': '******'
}))
data_login = json.loads(res_login.data.decode())
response = self.client.post('/v1/users',
headers={
'Content-Type':
'application/json',
'Accept':
'application/json',
'Authorization':
'Bearer {}'.format(
data_login['access_token'])
},
data=json.dumps({
'username':
'******',
'password':
'******',
'email':
'*****@*****.**',
}))
data = json.loads(response.data.decode())
self.assertTrue(data['ok'] == True)
self.assertTrue(data['msg'] == 'Registered successfully')
self.assertTrue(response.content_type == 'application/json')
self.assertTrue(response.status_code == 201)
def test_get_admin_users_with_no_jwt(self):
user = User(
username='******',
password='******',
email='*****@*****.**',
)
role = Roles({'username': user.username, 'roles': user.is_admin})
save_user(user)
save_user(role)
with self.client:
response = self.client.get('/v1/users/admin',
headers={
'Content-Type': 'application/json',
'Accept': 'application/json',
})
data = json.loads(response.data.decode())
self.assertTrue(data['ok'] == False)
self.assertTrue(data['msg'] == 'Sorry, page not found.')
self.assertTrue(response.content_type == 'application/json')
self.assertEqual(response.status_code, 404)
def test_update_invalid_fields_by_admin(self):
admin = User(
username='******',
password='******',
email='*****@*****.**'
)
admin_r = Roles({
'username': admin.username,
'roles': admin.is_admin
})
save_user(admin)
save_user(admin_r)
with self.client:
res_login = self.client.post(
'/v1/login',
headers={
'Content-Type': 'application/json',
'Accept': 'application/json'
},
data=json.dumps({
'username': '******',
'password': '******'
})
)
data_login = json.loads(res_login.data.decode())
res_test = self.client.post(
'/v1/users',
headers={
'Content-Type': 'application/json',
'Accept': 'application/json',
'Authorization': 'Bearer {}'.format(data_login['access_token'])
},
data=json.dumps({
'username': '******',
'password': '******',
'email': '*****@*****.**'
})
)
data_test = json.loads(res_test.data.decode())
response = self.client.put(
'/v1/users/test',
headers={
'Content-Type': 'application/json',
'Accept': 'application/json',
'Authorization': 'Bearer {}'.format(data_login['access_token'])
},
data=json.dumps({
'username': '******',
'email': '*****@*****.**',
'is_admin': True
})
)
data = json.loads(response.data.decode())
self.assertTrue(data['ok'] == False)
self.assertTrue(data['msg'])
self.assertTrue(response.content_type == 'application/json')
self.assertEqual(response.status_code, 400)