Example #1
0
def test_user_delete(app, admin_access_token_header, client_user):
    # Given
    # Clinet user

    # When
    response = app.test_client().delete(f'/api/user/{client_user.uuid}',
                                        headers=admin_access_token_header)

    # Then
    assert response.status_code == 204
    assert not User.find_by_email('*****@*****.**')
def test_database_seeder_inserts_admin(app):
    # Given
    # seeded_database

    # When
    user = User.find_by_email('*****@*****.**')

    # Then
    assert user
    assert user.email == '*****@*****.**'
    assert any(role for role in user.roles
               if role.role_type == RoleTypes.ADMIN)
Example #3
0
    def post(self):
        # Serialize login model
        try:
            login_dto = self.login_schema.load(api.payload)
        except ValidationError as err:
            error_response = self.error_schema.dump(
                ErrorResponse(details=err.messages, error='validation errors'))
            log.info(f'Validation errors during login: {error_response}')
            return error_response, 400

        # Find user in database
        user = User.find_by_email(login_dto.email)
        if not user:
            error_response = self.error_schema.dump(
                ErrorResponse(details={
                    'user': [f'There is no user with {login_dto.email} email']
                },
                              error='not existing user'))
            log.info(f'Trying to log in non existing user: {error_response}')
            return error_response, 404

        # Chcek if user is confirmed
        if not user.confirmed:
            error_response = self.error_schema.dump(
                ErrorResponse(
                    details={'user': [f'User {user.name} is unconfirmed']},
                    error='user not confirmed'))
            log.info(f'Trying to log in unconfirmed user: {error_response}')
            return error_response, 400

        # Check user password
        if not user.check_password(login_dto.password):
            error_response = self.error_schema.dump(
                ErrorResponse(
                    details={'password': ['You provided wrong password']},
                    error='wrong password'))
            log.info(f'Wrong password used during login: {error_response}')
            return error_response, 400

        # Create JWT from user data
        token = TokenDto(create_access_token(identity=user),
                         create_refresh_token(identity=user))

        # Return token
        log.info('User login sucessful')
        return self.token_schema.dump(token), 200
Example #4
0
    def post(self):
        # Map request body to user model
        try:
            user = self.user_schema.load(api.payload)
        except ValidationError as err:
            error_schema = ErrorResponseSchema()
            error_response = error_schema.dump(
                ErrorResponse(details=err.messages, error='validation errors'))
            log.info(
                f'Validation errors during user creation: {error_response}')
            return error_response, 400

        # Check if user with same email already exists
        if User.find_by_email(user.email) is not None:
            error_schema = ErrorResponseSchema()
            error_response = error_schema.dump(
                ErrorResponse(details={
                    'user': ['User with provided email already exists']
                },
                              error='duplicate email'))
            log.info(f'trying to create user with existing email {user.email}')
            return error_response, 400

        # If caller was ADMIN create ADMIN if caller was CLIENT create CLIENT
        user_claims = self.user_claims_schema.load(get_jwt_claims())
        if user_claims.is_admin():
            user.add_to_role(RoleTypes.ADMIN)
        else:
            user.add_to_role(RoleTypes.CLIENT)

        # Send confirmation mail that user was created
        if app.config['REQUIRE_MAIL_CONFIRMATION']:
            send_confirmation_token(user.email)
        else:
            user.confirm_account()

        # Save model to DB
        user.commit()

        # Map saved user to response body
        log.info(f'Sucessfuly created new user')
        return self.user_schema.dump(user), 201
Example #5
0
def test_non_admin_creates_user(app, seeded_database):
    # Given
    new_user_info = {
        'email': '*****@*****.**',
        'name': 'Test User',
        'password': '******'
    }

    # When
    response = app.test_client().post('/api/user',
                                      data=dumps(new_user_info),
                                      content_type='application/json')
    response_body = loads(response.data)

    created_user = User.find_by_email('*****@*****.**')

    # Then
    assert response.status_code == 201
    assert created_user.uuid == UUID(response_body['uuid'])
    assert not created_user.confirmed
    assert next(role for role in created_user.roles
                if role.role_type == RoleTypes.CLIENT)
Example #6
0
    def get(self, token):
        # Confirm token
        try:
            email = ConfirmationMailHandler.confirm_token(token)
        except InvalidConfirmationToken:
            error_response = self.error_schema.dump(
                ErrorResponse(
                    details={'token': f'{email} is invalid or expired'},
                    error='Invalid or expired token'))
            log.info(f'Invalid token: {error_response}')
            return error_response, 403

        # Find user that token belongs to
        user = User.find_by_email(email)
        if not user:
            error_response = self.error_schema.dump(
                ErrorResponse(
                    details={'user': [f'There is no user with {email} email']},
                    error='not existing user'))
            log.info(f'Trying to confirm non existing user: {error_response}')
            return error_response, 404

        # Check if user was already confirmed
        if user.confirmed:
            error_response = self.error_schema.dump(
                ErrorResponse(details={
                    'user': [f'User "{user.name}" is already confirmed']
                },
                              error='User already confirmed'))
            log.info(
                f'Trying to confirm already confirmed user: {error_response}')
            return error_response, 404

        # Confirm user
        user.confirm_account()
        user.commit()

        return '', 204