def setUp(self):
super(TestExistingUsers, self).setUp()
self.user = User(username='******',
fullname='Test User',
passhash='hash')
server.db.session.add(self.user)
server.db.session.commit()
self.user.get_token()
def setUp(self):
super(TestGroups, self).setUp()
# create a user to have a token
self.user = User(username='******',
fullname='Test User',
passhash='hash')
self.user.verified = True
server.db.session.add(self.user)
server.db.session.commit()
self.user.get_token()
return
def test_delete_not_admin(self):
"""Try to delete a group when the user is not the admin."""
new_user = User(username='******',
fullname='Another user',
passhash='hash')
server.db.session.add(new_user)
server.db.session.commit()
new_user.get_token()
rv = self.delete('/group/{group_id}/'.format(group_id=self.group.id),
token=new_user.token)
self.assertJsonError(rv, 403, 'User is not admin')
return
def test_delete_not_admin(self):
"""Try to delete a group when the user is not the admin."""
new_user = User(username='******',
fullname='Another user',
passhash='hash')
server.db.session.add(new_user)
server.db.session.commit()
new_user.get_token()
rv = self.delete('/group/{group_id}/'.format(group_id=self.group.id),
token=new_user.token)
self.assertJsonError(rv, 403, 'User is not admin')
return
def test_get_members_by_non_member(self):
"""A user that is not part of the group ask for members."""
new_user = User(username='******',
fullname='Another user',
passhash='hash')
server.db.session.add(new_user)
server.db.session.commit()
new_user.get_token()
url = '/group/{group_id}/users/'.format(group_id=self.group.id)
rv = self.get(url, token=new_user.token)
self.assertJsonError(rv, 403, 'User is not member of this group')
return
def test_get_members_by_non_member(self):
"""A user that is not part of the group ask for members."""
new_user = User(username='******',
fullname='Another user',
passhash='hash')
server.db.session.add(new_user)
server.db.session.commit()
new_user.get_token()
url = '/group/{group_id}/users/'.format(group_id=self.group.id)
rv = self.get(url,
token=new_user.token)
self.assertJsonError(rv, 403, 'User is not member of this group')
return
def setUp(self):
super(TestExistingGroups, self).setUp()
# create a user to have a token
self.user = User(username='******',
fullname='Test User',
passhash='hash')
self.user.verified = True
server.db.session.add(self.user)
# create a group for the user
self.group = Group(name='Test group', owner=self.user)
server.db.session.add(self.group)
server.db.session.commit()
self.user.get_token()
return
def test_add_no_owner(self):
"""Try to add users without being the group admin."""
new_user = User(username='******',
fullname='Another user',
passhash='hash')
server.db.session.add(new_user)
server.db.session.commit()
new_user.get_token()
request = {'usernames': [new_user.username]}
url = '/group/{group_id}/users/'.format(group_id=self.group.id)
rv = self.post(url, request, token=new_user.token)
self.assertJsonError(rv, 403, 'User is not admin')
return
def setUp(self):
super(TestExistingUsers, self).setUp()
self.user = User(username='******',
fullname='Test User',
passhash='hash')
server.db.session.add(self.user)
server.db.session.commit()
self.user.get_token()
def test_add_no_owner(self):
"""Try to add users without being the group admin."""
new_user = User(username='******',
fullname='Another user',
passhash='hash')
server.db.session.add(new_user)
server.db.session.commit()
new_user.get_token()
request = {'usernames': [new_user.username]}
url = '/group/{group_id}/users/'.format(group_id=self.group.id)
rv = self.post(url,
request,
token=new_user.token)
self.assertJsonError(rv, 403, 'User is not admin')
return
def setUp(self):
# leave the database blank to make it in memory
super(TestToken, self).setUp()
# add a user
self.test_user = User(username='******',
fullname='Testing user',
passhash='hash')
server.db.session.add(self.test_user)
server.db.session.commit()
def test_get_members_by_member(self):
"""Non admin user requests the list of group members."""
new_user = User(username='******',
fullname='Another user',
passhash='hash')
server.db.session.add(new_user)
new_user.groups.append(self.group)
server.db.session.commit()
new_user.get_token()
url = '/group/{group_id}/users/'.format(group_id=self.group.id)
rv = self.get(url, token=new_user.token)
self.assertJsonOk(rv)
json = loads(rv.data)
self.assertTrue('users' in json)
self.assertEqual(len(json['users']), 2) # owner and new user
return
def test_get_members_by_member(self):
"""Non admin user requests the list of group members."""
new_user = User(username='******',
fullname='Another user',
passhash='hash')
server.db.session.add(new_user)
new_user.groups.append(self.group)
server.db.session.commit()
new_user.get_token()
url = '/group/{group_id}/users/'.format(group_id=self.group.id)
rv = self.get(url,
token=new_user.token)
self.assertJsonOk(rv)
json = loads(rv.data)
self.assertTrue('users' in json)
self.assertEqual(len(json['users']), 2) # owner and new user
return
def create_user(self, name='test', fullname='Test User', passhash='hash',
verified=True, create_token=False):
"""Add a user.
:param name: The name for the user
:param fullname: The full name of the user
:param passhash: The user passhash
:return: The user
:rtype: :py:class:`server.User`"""
user = User(username=name,
fullname=fullname,
passhash=passhash)
user.verified = verified
server.db.session.add(user)
server.db.session.commit()
if create_token:
user.get_token()
return user
def setUp(self):
super(TestGroups, self).setUp()
# create a user to have a token
self.user = User(username='******',
fullname='Test User',
passhash='hash')
self.user.verified = True
server.db.session.add(self.user)
server.db.session.commit()
self.user.get_token()
return
def test_add_user(self):
"""Try to add another user in the group."""
new_user = User(username='******',
fullname='Another user',
passhash='hash')
server.db.session.add(new_user)
server.db.session.commit()
request = {'usernames': [new_user.username]}
url = '/group/{group_id}/users/'.format(group_id=self.group.id)
rv = self.post(url, request, token=self.user.token)
self.assertJsonOk(rv)
return
def setUp(self):
super(TestExistingGroups, self).setUp()
# create a user to have a token
self.user = User(username='******',
fullname='Test User',
passhash='hash')
self.user.verified = True
server.db.session.add(self.user)
# create a group for the user
self.group = Group(name='Test group',
owner=self.user)
server.db.session.add(self.group)
server.db.session.commit()
self.user.get_token()
return
def create_user():
"""Create a new user.
**Example request**
.. sourcecode:: http
{ "username": "******",
"full_name": "I'm a person",
"password": "******" }
**Success (200)**:
.. sourcecode:: http
HTTP/1.1 200 OK
Content-Type: application/json
{ "status": "OK" }
:statuscode 200: Success
:statuscode 406: Invalid characters in username
(:py:class:`InvalidUsernameException`)
:statuscode 409: Username already exists
(:py:class:`UsernameAlreadyExistsException`)
"""
json = request.get_json(force=True)
invalid_characters = ' !@#$%^&*()|[]{}/\\\'"`~"'
for char in invalid_characters:
if char in json['username']:
raise InvalidUsernameException()
try:
new_user = User(username=json['username'],
fullname=json['full_name'],
passhash=json['password'],
verified=False)
db.session.add(new_user)
db.session.commit()
except IntegrityError:
raise UsernameAlreadyExistsException()
return jsonify(status='OK')
def test_update_owner(self):
"""Change the group owner."""
new_user = User(username='******',
fullname='Another user',
passhash='hash')
server.db.session.add(new_user)
server.db.session.commit()
group_id = self.group.id
new_username = new_user.username
request = {'admin': new_user.username}
rv = self.put('/group/{group_id}/'.format(group_id=group_id),
request,
token=self.user.token)
self.assertJsonOk(rv)
# check the database
group = Group.query.get(group_id)
self.assertEqual(group.owner, new_username)
return
class TestExistingUsers(LunchoTests):
"""Tests for existing users."""
def setUp(self):
super(TestExistingUsers, self).setUp()
self.user = User(username='******',
fullname='Test User',
passhash='hash')
server.db.session.add(self.user)
server.db.session.commit()
self.user.get_token()
def tearDown(self):
super(TestExistingUsers, self).tearDown()
def test_update_details(self):
"""Update user details."""
request = {'full_name': 'New User Name', 'password': '******'}
rv = self.put('/user/', request, self.user.token)
self.assertJsonOk(rv)
# check in the database
user = User.query.filter_by(username='******').first()
self.assertEqual(user.fullname, request['full_name'])
self.assertEqual(user.passhash, request['password'])
def test_wrong_token(self):
"""Send a request with an unexisting token."""
request = {'full_name': 'New User Name', 'password': '******'}
rv = self.put('/user/', request, 'no-token')
self.assertJsonError(rv, 404, 'User not found (via token)')
def test_expired_token(self):
"""Send a token that exists but it's not valid for today."""
# the token is not valid by our standards, but it will be found and
# and the token for today will not be valid
self.user.token = 'expired'
server.db.session.commit()
request = {'full_name': 'New User Name', 'password': '******'}
rv = self.put('/user/', request, self.user.token)
self.assertJsonError(rv, 400, 'Invalid token')
def test_delete_user(self):
"""Delete a user."""
rv = self.delete('/user/', token=self.user.token)
self.assertJsonOk(rv)
# check the database
user = User.query.filter_by(username='******').first()
self.assertIsNone(user)
def test_delete_wrong_token(self):
"""Send a delete to a non-existing token."""
rv = self.delete('/user/', token='no-token')
self.assertJsonError(rv, 404, 'User not found (via token)')
def test_delete_expired_token(self):
"""Send a delete to a token for yesterday."""
# see note on `test_expired_token`
self.user.token = 'expired'
server.db.session.commit()
rv = self.delete('/user/', token=self.user.token)
self.assertJsonError(rv, 400, 'Invalid token')
class TestUsersInGroup(LunchoTests):
"""Tests for managing users in the group."""
def setUp(self):
super(TestUsersInGroup, self).setUp()
# create a user to have a token
self.user = User(username='******',
fullname='Test User',
passhash='hash')
self.user.verified = True
server.db.session.add(self.user)
# create a group for the user
self.group = Group(name='Test group',
owner=self.user)
server.db.session.add(self.group)
self.user.groups.append(self.group)
server.db.session.commit()
self.user.get_token()
return
def tearDown(self):
super(TestUsersInGroup, self).tearDown()
return
def test_add_user(self):
"""Try to add another user in the group."""
new_user = User(username='******',
fullname='Another user',
passhash='hash')
server.db.session.add(new_user)
server.db.session.commit()
request = {'usernames': [new_user.username]}
url = '/group/{group_id}/users/'.format(group_id=self.group.id)
rv = self.post(url,
request,
token=self.user.token)
self.assertJsonOk(rv)
return
def test_add_no_owner(self):
"""Try to add users without being the group admin."""
new_user = User(username='******',
fullname='Another user',
passhash='hash')
server.db.session.add(new_user)
server.db.session.commit()
new_user.get_token()
request = {'usernames': [new_user.username]}
url = '/group/{group_id}/users/'.format(group_id=self.group.id)
rv = self.post(url,
request,
token=new_user.token)
self.assertJsonError(rv, 403, 'User is not admin')
return
def test_add_no_such_user(self):
"""Try to add an unknown user to the group."""
request = {'usernames': ['unknown']}
url = '/group/{group_id}/users/'.format(group_id=self.group.id)
rv = self.post(url,
request,
token=self.user.token)
# not finding users still returns a 200, but with the users in the
# "not_found" field
self.assertJsonOk(rv)
json = loads(rv.data)
self.assertTrue('not_found' in json)
self.assertTrue('unknown' in json['not_found'])
return
def test_add_unknown_group(self):
"""Try to add users to some unknown group."""
# the usernames are worthless, group not found should kick first
request = {'usernames': ['unkonwn']}
group_id = self.group.id + 10
rv = self.post('/group/{group_id}/users/'.format(group_id=group_id),
request,
token=self.user.token)
self.assertJsonError(rv, 404, 'Group not found')
return
def test_get_members(self):
"""Try to get a list of group members."""
username = self.user.username
fullname = self.user.fullname
url = '/group/{group_id}/users/'.format(group_id=self.group.id)
rv = self.get(url,
token=self.user.token)
self.assertJsonOk(rv)
json = loads(rv.data)
self.assertTrue('users' in json)
self.assertEqual(len(json['users']), 1) # just the owner
self.assertEqual(json['users'][0]['username'], username)
self.assertEqual(json['users'][0]['full_name'], fullname)
return
def test_get_members_by_member(self):
"""Non admin user requests the list of group members."""
new_user = User(username='******',
fullname='Another user',
passhash='hash')
server.db.session.add(new_user)
new_user.groups.append(self.group)
server.db.session.commit()
new_user.get_token()
url = '/group/{group_id}/users/'.format(group_id=self.group.id)
rv = self.get(url,
token=new_user.token)
self.assertJsonOk(rv)
json = loads(rv.data)
self.assertTrue('users' in json)
self.assertEqual(len(json['users']), 2) # owner and new user
return
def test_get_members_by_non_member(self):
"""A user that is not part of the group ask for members."""
new_user = User(username='******',
fullname='Another user',
passhash='hash')
server.db.session.add(new_user)
server.db.session.commit()
new_user.get_token()
url = '/group/{group_id}/users/'.format(group_id=self.group.id)
rv = self.get(url,
token=new_user.token)
self.assertJsonError(rv, 403, 'User is not member of this group')
return
def test_unknown_group(self):
"""Test trying to get members of a group that doesn't exist."""
group_id = self.group.id + 10
rv = self.get('/group/{group_id}/users/'.format(group_id=group_id),
token=self.user.token)
self.assertJsonError(rv, 404, 'Group not found')
return
class TestGroups(LunchoTests):
"""Test groups requests."""
def setUp(self):
super(TestGroups, self).setUp()
# create a user to have a token
self.user = User(username='******',
fullname='Test User',
passhash='hash')
self.user.verified = True
server.db.session.add(self.user)
server.db.session.commit()
self.user.get_token()
return
def test_empty_list(self):
"""Get an empty list from a user without groups."""
rv = self.get('/group/', token=self.user.token)
self.assertJsonOk(rv, groups=[])
return
def test_create_group(self):
"""Test creating a group."""
request = {'name': 'Test group'}
rv = self.post('/group/',
request,
token=self.user.token)
self.assertJsonOk(rv, id=1)
return
def test_create_group_unverified_account(self):
"""Try creating a group with an account that's not verified yet."""
self.user.verified = False
server.db.session.commit()
request = {'name': 'Test group'}
rv = self.post('/group/',
request,
token=self.user.token)
self.assertJsonError(rv, 412, 'Account not verified')
return
def test_user_in_own_group(self):
"""The user must belong to a group it owns."""
token = self.user.token
self.test_create_group()
rv = self.get('/group/', token=token)
self.assertJsonOk(rv, groups=[{'id': 1,
'name': 'Test group',
'admin': True}])
return
def test_get_groups_unknown_token(self):
"""Request groups with an unknown token."""
rv = self.get('/group/', token='invalid')
self.assertJsonError(rv, 404, 'User not found (via token)')
return
def test_get_groups_expired_token(self):
"""Request groups with an expired token."""
self.user.token = 'expired'
server.db.session.commit()
rv = self.get('/group/', token=self.user.token)
self.assertJsonError(rv, 400, 'Invalid token')
return
def test_create_group_unknown_token(self):
"""Try to create a group with an invalid token."""
request = {'name': 'Test group'}
rv = self.post('/group/',
request,
token='invalid')
self.assertJsonError(rv, 404, 'User not found (via token)')
return
def test_create_group_expired_token(self):
self.user.token = 'expired'
server.db.session.commit()
request = {'name': 'Test group'}
rv = self.post('/group/',
request,
token=self.user.token)
self.assertJsonError(rv, 400, 'Invalid token')
return
class TestExistingGroups(LunchoTests):
"""Test for existing groups."""
def setUp(self):
super(TestExistingGroups, self).setUp()
# create a user to have a token
self.user = User(username='******',
fullname='Test User',
passhash='hash')
self.user.verified = True
server.db.session.add(self.user)
# create a group for the user
self.group = Group(name='Test group',
owner=self.user)
server.db.session.add(self.group)
server.db.session.commit()
self.user.get_token()
return
def tearDown(self):
super(TestExistingGroups, self).tearDown()
return
def test_update_name(self):
"""Change the group name."""
group_id = self.group.id
request = {'name': 'New test group'}
rv = self.put('/group/{group_id}/'.format(group_id=self.group.id),
request,
token=self.user.token)
self.assertJsonOk(rv)
# check the database
group = Group.query.get(group_id)
self.assertEqual(group.name, request['name'])
return
def test_update_name_invalid_token(self):
"""Try to change the name with an unknown token."""
request = {'name': 'New test group'}
rv = self.put('/group/{group_id}/'.format(group_id=self.group.id),
request,
token='invalid')
self.assertJsonError(rv, 404, 'User not found (via token)')
return
def test_update_name_expired_token(self):
"""Try to change the name with an expired token."""
self.user.token = 'expired'
server.db.session.commit()
request = {'name': 'New test group'}
rv = self.put('/group/{group_id}/'.format(group_id=self.group.id),
request,
token=self.user.token)
self.assertJsonError(rv, 400, 'Invalid token')
return
def test_update_owner(self):
"""Change the group owner."""
new_user = User(username='******',
fullname='Another user',
passhash='hash')
server.db.session.add(new_user)
server.db.session.commit()
group_id = self.group.id
new_username = new_user.username
request = {'admin': new_user.username}
rv = self.put('/group/{group_id}/'.format(group_id=group_id),
request,
token=self.user.token)
self.assertJsonOk(rv)
# check the database
group = Group.query.get(group_id)
self.assertEqual(group.owner, new_username)
return
def test_update_owner_invalid(self):
"""Try to change the owner to a user that doesn't exist."""
request = {'admin': 'unknown'}
rv = self.put('/group/{group_id}/'.format(group_id=self.group.id),
request,
token=self.user.token)
self.assertJsonError(rv, 404, 'New admin not found')
return
def test_update_unknown_group(self):
"""Try to update a group that doesn't exist."""
group_id = self.group.id + 10
request = {'name': 'New test group'}
rv = self.put('/group/{group_id}/'.format(group_id=group_id),
request,
token=self.user.token)
self.assertJsonError(rv, 404, 'Group not found')
return
def test_not_admin(self):
"""Try to update with a user that it is not the group admin."""
new_user = self.create_user(name='another_user',
fullname='Another user',
passhash='hash',
verified=True,
create_token=True)
request = {'name': 'A new name'}
rv = self.put('/group/{group_id}/'.format(group_id=self.group.id),
request,
token=new_user.token)
self.assertJsonError(rv, 403, 'User is not admin')
return
def test_delete_group(self):
"""Delete a group."""
group_id = self.group.id
rv = self.delete('/group/{group_id}/'.format(group_id=group_id),
token=self.user.token)
self.assertJsonOk(rv)
return
def test_delete_unknown_group(self):
"""Delete a group that doesn't exist."""
group_id = self.group.id + 10
rv = self.delete('/group/{group_id}/'.format(group_id=group_id),
token=self.user.token)
self.assertJsonError(rv, 404, 'Group not found')
return
def test_delete_not_admin(self):
"""Try to delete a group when the user is not the admin."""
new_user = User(username='******',
fullname='Another user',
passhash='hash')
server.db.session.add(new_user)
server.db.session.commit()
new_user.get_token()
rv = self.delete('/group/{group_id}/'.format(group_id=self.group.id),
token=new_user.token)
self.assertJsonError(rv, 403, 'User is not admin')
return
def test_delete_invalid_token(self):
"""Try to delete a group with an unknown token."""
rv = self.delete('/group/{group_id}/'.format(group_id=self.group.id),
token='invalid')
self.assertJsonError(rv, 404, 'User not found (via token)')
return
class TestGroups(LunchoTests):
"""Test groups requests."""
def setUp(self):
super(TestGroups, self).setUp()
# create a user to have a token
self.user = User(username='******',
fullname='Test User',
passhash='hash')
self.user.verified = True
server.db.session.add(self.user)
server.db.session.commit()
self.user.get_token()
return
def test_empty_list(self):
"""Get an empty list from a user without groups."""
rv = self.get('/group/', token=self.user.token)
self.assertJsonOk(rv, groups=[])
return
def test_create_group(self):
"""Test creating a group."""
request = {'name': 'Test group'}
rv = self.post('/group/', request, token=self.user.token)
self.assertJsonOk(rv, id=1)
return
def test_create_group_unverified_account(self):
"""Try creating a group with an account that's not verified yet."""
self.user.verified = False
server.db.session.commit()
request = {'name': 'Test group'}
rv = self.post('/group/', request, token=self.user.token)
self.assertJsonError(rv, 412, 'Account not verified')
return
def test_user_in_own_group(self):
"""The user must belong to a group it owns."""
token = self.user.token
self.test_create_group()
rv = self.get('/group/', token=token)
self.assertJsonOk(rv,
groups=[{
'id': 1,
'name': 'Test group',
'admin': True
}])
return
def test_get_groups_unknown_token(self):
"""Request groups with an unknown token."""
rv = self.get('/group/', token='invalid')
self.assertJsonError(rv, 404, 'User not found (via token)')
return
def test_get_groups_expired_token(self):
"""Request groups with an expired token."""
self.user.token = 'expired'
server.db.session.commit()
rv = self.get('/group/', token=self.user.token)
self.assertJsonError(rv, 400, 'Invalid token')
return
def test_create_group_unknown_token(self):
"""Try to create a group with an invalid token."""
request = {'name': 'Test group'}
rv = self.post('/group/', request, token='invalid')
self.assertJsonError(rv, 404, 'User not found (via token)')
return
def test_create_group_expired_token(self):
self.user.token = 'expired'
server.db.session.commit()
request = {'name': 'Test group'}
rv = self.post('/group/', request, token=self.user.token)
self.assertJsonError(rv, 400, 'Invalid token')
return
class TestExistingUsers(LunchoTests):
"""Tests for existing users."""
def setUp(self):
super(TestExistingUsers, self).setUp()
self.user = User(username='******',
fullname='Test User',
passhash='hash')
server.db.session.add(self.user)
server.db.session.commit()
self.user.get_token()
def tearDown(self):
super(TestExistingUsers, self).tearDown()
def test_update_details(self):
"""Update user details."""
request = {'full_name': 'New User Name',
'password': '******'}
rv = self.put('/user/',
request,
self.user.token)
self.assertJsonOk(rv)
# check in the database
user = User.query.filter_by(username='******').first()
self.assertEqual(user.fullname, request['full_name'])
self.assertEqual(user.passhash, request['password'])
def test_wrong_token(self):
"""Send a request with an unexisting token."""
request = {'full_name': 'New User Name',
'password': '******'}
rv = self.put('/user/',
request,
'no-token')
self.assertJsonError(rv, 404, 'User not found (via token)')
def test_expired_token(self):
"""Send a token that exists but it's not valid for today."""
# the token is not valid by our standards, but it will be found and
# and the token for today will not be valid
self.user.token = 'expired'
server.db.session.commit()
request = {'full_name': 'New User Name',
'password': '******'}
rv = self.put('/user/',
request,
self.user.token)
self.assertJsonError(rv, 400, 'Invalid token')
def test_delete_user(self):
"""Delete a user."""
rv = self.delete('/user/', token=self.user.token)
self.assertJsonOk(rv)
# check the database
user = User.query.filter_by(username='******').first()
self.assertIsNone(user)
def test_delete_wrong_token(self):
"""Send a delete to a non-existing token."""
rv = self.delete('/user/', token='no-token')
self.assertJsonError(rv, 404, 'User not found (via token)')
def test_delete_expired_token(self):
"""Send a delete to a token for yesterday."""
# see note on `test_expired_token`
self.user.token = 'expired'
server.db.session.commit()
rv = self.delete('/user/', token=self.user.token)
self.assertJsonError(rv, 400, 'Invalid token')
class TestExistingGroups(LunchoTests):
"""Test for existing groups."""
def setUp(self):
super(TestExistingGroups, self).setUp()
# create a user to have a token
self.user = User(username='******',
fullname='Test User',
passhash='hash')
self.user.verified = True
server.db.session.add(self.user)
# create a group for the user
self.group = Group(name='Test group', owner=self.user)
server.db.session.add(self.group)
server.db.session.commit()
self.user.get_token()
return
def tearDown(self):
super(TestExistingGroups, self).tearDown()
return
def test_update_name(self):
"""Change the group name."""
group_id = self.group.id
request = {'name': 'New test group'}
rv = self.put('/group/{group_id}/'.format(group_id=self.group.id),
request,
token=self.user.token)
self.assertJsonOk(rv)
# check the database
group = Group.query.get(group_id)
self.assertEqual(group.name, request['name'])
return
def test_update_name_invalid_token(self):
"""Try to change the name with an unknown token."""
request = {'name': 'New test group'}
rv = self.put('/group/{group_id}/'.format(group_id=self.group.id),
request,
token='invalid')
self.assertJsonError(rv, 404, 'User not found (via token)')
return
def test_update_name_expired_token(self):
"""Try to change the name with an expired token."""
self.user.token = 'expired'
server.db.session.commit()
request = {'name': 'New test group'}
rv = self.put('/group/{group_id}/'.format(group_id=self.group.id),
request,
token=self.user.token)
self.assertJsonError(rv, 400, 'Invalid token')
return
def test_update_owner(self):
"""Change the group owner."""
new_user = User(username='******',
fullname='Another user',
passhash='hash')
server.db.session.add(new_user)
server.db.session.commit()
group_id = self.group.id
new_username = new_user.username
request = {'admin': new_user.username}
rv = self.put('/group/{group_id}/'.format(group_id=group_id),
request,
token=self.user.token)
self.assertJsonOk(rv)
# check the database
group = Group.query.get(group_id)
self.assertEqual(group.owner, new_username)
return
def test_update_owner_invalid(self):
"""Try to change the owner to a user that doesn't exist."""
request = {'admin': 'unknown'}
rv = self.put('/group/{group_id}/'.format(group_id=self.group.id),
request,
token=self.user.token)
self.assertJsonError(rv, 404, 'New admin not found')
return
def test_update_unknown_group(self):
"""Try to update a group that doesn't exist."""
group_id = self.group.id + 10
request = {'name': 'New test group'}
rv = self.put('/group/{group_id}/'.format(group_id=group_id),
request,
token=self.user.token)
self.assertJsonError(rv, 404, 'Group not found')
return
def test_not_admin(self):
"""Try to update with a user that it is not the group admin."""
new_user = self.create_user(name='another_user',
fullname='Another user',
passhash='hash',
verified=True,
create_token=True)
request = {'name': 'A new name'}
rv = self.put('/group/{group_id}/'.format(group_id=self.group.id),
request,
token=new_user.token)
self.assertJsonError(rv, 403, 'User is not admin')
return
def test_delete_group(self):
"""Delete a group."""
group_id = self.group.id
rv = self.delete('/group/{group_id}/'.format(group_id=group_id),
token=self.user.token)
self.assertJsonOk(rv)
return
def test_delete_unknown_group(self):
"""Delete a group that doesn't exist."""
group_id = self.group.id + 10
rv = self.delete('/group/{group_id}/'.format(group_id=group_id),
token=self.user.token)
self.assertJsonError(rv, 404, 'Group not found')
return
def test_delete_not_admin(self):
"""Try to delete a group when the user is not the admin."""
new_user = User(username='******',
fullname='Another user',
passhash='hash')
server.db.session.add(new_user)
server.db.session.commit()
new_user.get_token()
rv = self.delete('/group/{group_id}/'.format(group_id=self.group.id),
token=new_user.token)
self.assertJsonError(rv, 403, 'User is not admin')
return
def test_delete_invalid_token(self):
"""Try to delete a group with an unknown token."""
rv = self.delete('/group/{group_id}/'.format(group_id=self.group.id),
token='invalid')
self.assertJsonError(rv, 404, 'User not found (via token)')
return
class TestUsersInGroup(LunchoTests):
"""Tests for managing users in the group."""
def setUp(self):
super(TestUsersInGroup, self).setUp()
# create a user to have a token
self.user = User(username='******',
fullname='Test User',
passhash='hash')
self.user.verified = True
server.db.session.add(self.user)
# create a group for the user
self.group = Group(name='Test group', owner=self.user)
server.db.session.add(self.group)
self.user.groups.append(self.group)
server.db.session.commit()
self.user.get_token()
return
def tearDown(self):
super(TestUsersInGroup, self).tearDown()
return
def test_add_user(self):
"""Try to add another user in the group."""
new_user = User(username='******',
fullname='Another user',
passhash='hash')
server.db.session.add(new_user)
server.db.session.commit()
request = {'usernames': [new_user.username]}
url = '/group/{group_id}/users/'.format(group_id=self.group.id)
rv = self.post(url, request, token=self.user.token)
self.assertJsonOk(rv)
return
def test_add_no_owner(self):
"""Try to add users without being the group admin."""
new_user = User(username='******',
fullname='Another user',
passhash='hash')
server.db.session.add(new_user)
server.db.session.commit()
new_user.get_token()
request = {'usernames': [new_user.username]}
url = '/group/{group_id}/users/'.format(group_id=self.group.id)
rv = self.post(url, request, token=new_user.token)
self.assertJsonError(rv, 403, 'User is not admin')
return
def test_add_no_such_user(self):
"""Try to add an unknown user to the group."""
request = {'usernames': ['unknown']}
url = '/group/{group_id}/users/'.format(group_id=self.group.id)
rv = self.post(url, request, token=self.user.token)
# not finding users still returns a 200, but with the users in the
# "not_found" field
self.assertJsonOk(rv)
json = loads(rv.data)
self.assertTrue('not_found' in json)
self.assertTrue('unknown' in json['not_found'])
return
def test_add_unknown_group(self):
"""Try to add users to some unknown group."""
# the usernames are worthless, group not found should kick first
request = {'usernames': ['unkonwn']}
group_id = self.group.id + 10
rv = self.post('/group/{group_id}/users/'.format(group_id=group_id),
request,
token=self.user.token)
self.assertJsonError(rv, 404, 'Group not found')
return
def test_get_members(self):
"""Try to get a list of group members."""
username = self.user.username
fullname = self.user.fullname
url = '/group/{group_id}/users/'.format(group_id=self.group.id)
rv = self.get(url, token=self.user.token)
self.assertJsonOk(rv)
json = loads(rv.data)
self.assertTrue('users' in json)
self.assertEqual(len(json['users']), 1) # just the owner
self.assertEqual(json['users'][0]['username'], username)
self.assertEqual(json['users'][0]['full_name'], fullname)
return
def test_get_members_by_member(self):
"""Non admin user requests the list of group members."""
new_user = User(username='******',
fullname='Another user',
passhash='hash')
server.db.session.add(new_user)
new_user.groups.append(self.group)
server.db.session.commit()
new_user.get_token()
url = '/group/{group_id}/users/'.format(group_id=self.group.id)
rv = self.get(url, token=new_user.token)
self.assertJsonOk(rv)
json = loads(rv.data)
self.assertTrue('users' in json)
self.assertEqual(len(json['users']), 2) # owner and new user
return
def test_get_members_by_non_member(self):
"""A user that is not part of the group ask for members."""
new_user = User(username='******',
fullname='Another user',
passhash='hash')
server.db.session.add(new_user)
server.db.session.commit()
new_user.get_token()
url = '/group/{group_id}/users/'.format(group_id=self.group.id)
rv = self.get(url, token=new_user.token)
self.assertJsonError(rv, 403, 'User is not member of this group')
return
def test_unknown_group(self):
"""Test trying to get members of a group that doesn't exist."""
group_id = self.group.id + 10
rv = self.get('/group/{group_id}/users/'.format(group_id=group_id),
token=self.user.token)
self.assertJsonError(rv, 404, 'Group not found')
return