Example #1
0
 def setUp(self):
     super(TestExistingUsers, self).setUp()
     self.user = User(username='******',
                      fullname='Test User',
                      passhash='hash')
     server.db.session.add(self.user)
     server.db.session.commit()
     self.user.get_token()
Example #2
0
 def setUp(self):
     super(TestGroups, self).setUp()
     # create a user to have a token
     self.user = User(username='******',
                      fullname='Test User',
                      passhash='hash')
     self.user.verified = True
     server.db.session.add(self.user)
     server.db.session.commit()
     self.user.get_token()
     return
Example #3
0
    def test_delete_not_admin(self):
        """Try to delete a group when the user is not the admin."""
        new_user = User(username='******',
                        fullname='Another user',
                        passhash='hash')
        server.db.session.add(new_user)
        server.db.session.commit()
        new_user.get_token()

        rv = self.delete('/group/{group_id}/'.format(group_id=self.group.id),
                         token=new_user.token)
        self.assertJsonError(rv, 403, 'User is not admin')
        return
Example #4
0
    def test_delete_not_admin(self):
        """Try to delete a group when the user is not the admin."""
        new_user = User(username='******',
                        fullname='Another user',
                        passhash='hash')
        server.db.session.add(new_user)
        server.db.session.commit()
        new_user.get_token()

        rv = self.delete('/group/{group_id}/'.format(group_id=self.group.id),
                         token=new_user.token)
        self.assertJsonError(rv, 403, 'User is not admin')
        return
Example #5
0
    def test_get_members_by_non_member(self):
        """A user that is not part of the group ask for members."""
        new_user = User(username='******',
                        fullname='Another user',
                        passhash='hash')
        server.db.session.add(new_user)
        server.db.session.commit()
        new_user.get_token()

        url = '/group/{group_id}/users/'.format(group_id=self.group.id)
        rv = self.get(url, token=new_user.token)
        self.assertJsonError(rv, 403, 'User is not member of this group')
        return
Example #6
0
    def test_get_members_by_non_member(self):
        """A user that is not part of the group ask for members."""
        new_user = User(username='******',
                        fullname='Another user',
                        passhash='hash')
        server.db.session.add(new_user)
        server.db.session.commit()
        new_user.get_token()

        url = '/group/{group_id}/users/'.format(group_id=self.group.id)
        rv = self.get(url,
                      token=new_user.token)
        self.assertJsonError(rv, 403, 'User is not member of this group')
        return
Example #7
0
    def setUp(self):
        super(TestExistingGroups, self).setUp()
        # create a user to have a token
        self.user = User(username='******',
                         fullname='Test User',
                         passhash='hash')
        self.user.verified = True
        server.db.session.add(self.user)

        # create a group for the user
        self.group = Group(name='Test group', owner=self.user)
        server.db.session.add(self.group)
        server.db.session.commit()
        self.user.get_token()
        return
Example #8
0
    def test_add_no_owner(self):
        """Try to add users without being the group admin."""
        new_user = User(username='******',
                        fullname='Another user',
                        passhash='hash')
        server.db.session.add(new_user)
        server.db.session.commit()
        new_user.get_token()

        request = {'usernames': [new_user.username]}

        url = '/group/{group_id}/users/'.format(group_id=self.group.id)
        rv = self.post(url, request, token=new_user.token)
        self.assertJsonError(rv, 403, 'User is not admin')
        return
Example #9
0
 def setUp(self):
     super(TestExistingUsers, self).setUp()
     self.user = User(username='******',
                      fullname='Test User',
                      passhash='hash')
     server.db.session.add(self.user)
     server.db.session.commit()
     self.user.get_token()
Example #10
0
    def test_add_no_owner(self):
        """Try to add users without being the group admin."""
        new_user = User(username='******',
                        fullname='Another user',
                        passhash='hash')
        server.db.session.add(new_user)
        server.db.session.commit()
        new_user.get_token()

        request = {'usernames': [new_user.username]}

        url = '/group/{group_id}/users/'.format(group_id=self.group.id)
        rv = self.post(url,
                       request,
                       token=new_user.token)
        self.assertJsonError(rv, 403, 'User is not admin')
        return
Example #11
0
 def setUp(self):
     # leave the database blank to make it in memory
     super(TestToken, self).setUp()
     # add a user
     self.test_user = User(username='******',
                           fullname='Testing user',
                           passhash='hash')
     server.db.session.add(self.test_user)
     server.db.session.commit()
Example #12
0
    def test_get_members_by_member(self):
        """Non admin user requests the list of group members."""
        new_user = User(username='******',
                        fullname='Another user',
                        passhash='hash')
        server.db.session.add(new_user)
        new_user.groups.append(self.group)
        server.db.session.commit()
        new_user.get_token()

        url = '/group/{group_id}/users/'.format(group_id=self.group.id)
        rv = self.get(url, token=new_user.token)
        self.assertJsonOk(rv)

        json = loads(rv.data)
        self.assertTrue('users' in json)
        self.assertEqual(len(json['users']), 2)  # owner and new user
        return
Example #13
0
    def test_get_members_by_member(self):
        """Non admin user requests the list of group members."""
        new_user = User(username='******',
                        fullname='Another user',
                        passhash='hash')
        server.db.session.add(new_user)
        new_user.groups.append(self.group)
        server.db.session.commit()
        new_user.get_token()

        url = '/group/{group_id}/users/'.format(group_id=self.group.id)
        rv = self.get(url,
                      token=new_user.token)
        self.assertJsonOk(rv)

        json = loads(rv.data)
        self.assertTrue('users' in json)
        self.assertEqual(len(json['users']), 2)     # owner and new user
        return
Example #14
0
    def create_user(self, name='test', fullname='Test User', passhash='hash',
                    verified=True, create_token=False):
        """Add a user.

        :param name: The name for the user
        :param fullname: The full name of the user
        :param passhash: The user passhash

        :return: The user
        :rtype: :py:class:`server.User`"""
        user = User(username=name,
                    fullname=fullname,
                    passhash=passhash)
        user.verified = verified
        server.db.session.add(user)
        server.db.session.commit()

        if create_token:
            user.get_token()
        return user
Example #15
0
 def setUp(self):
     super(TestGroups, self).setUp()
     # create a user to have a token
     self.user = User(username='******',
                      fullname='Test User',
                      passhash='hash')
     self.user.verified = True
     server.db.session.add(self.user)
     server.db.session.commit()
     self.user.get_token()
     return
Example #16
0
    def test_add_user(self):
        """Try to add another user in the group."""
        new_user = User(username='******',
                        fullname='Another user',
                        passhash='hash')
        server.db.session.add(new_user)
        server.db.session.commit()

        request = {'usernames': [new_user.username]}

        url = '/group/{group_id}/users/'.format(group_id=self.group.id)
        rv = self.post(url, request, token=self.user.token)
        self.assertJsonOk(rv)
        return
Example #17
0
    def setUp(self):
        super(TestExistingGroups, self).setUp()
        # create a user to have a token
        self.user = User(username='******',
                         fullname='Test User',
                         passhash='hash')
        self.user.verified = True
        server.db.session.add(self.user)

        # create a group for the user
        self.group = Group(name='Test group',
                           owner=self.user)
        server.db.session.add(self.group)
        server.db.session.commit()
        self.user.get_token()
        return
Example #18
0
def create_user():
    """Create a new user.

    **Example request**

    .. sourcecode:: http

       { "username": "******",
         "full_name": "I'm a person",
         "password": "******" }

    **Success (200)**:

    .. sourcecode:: http

       HTTP/1.1 200 OK
       Content-Type: application/json

       { "status": "OK" }

    :statuscode 200: Success
    :statuscode 406: Invalid characters in username
        (:py:class:`InvalidUsernameException`)
    :statuscode 409: Username already exists
        (:py:class:`UsernameAlreadyExistsException`)
    """
    json = request.get_json(force=True)
    invalid_characters = ' !@#$%^&*()|[]{}/\\\'"`~"'
    for char in invalid_characters:
        if char in json['username']:
            raise InvalidUsernameException()

    try:
        new_user = User(username=json['username'],
                        fullname=json['full_name'],
                        passhash=json['password'],
                        verified=False)

        db.session.add(new_user)
        db.session.commit()
    except IntegrityError:
        raise UsernameAlreadyExistsException()

    return jsonify(status='OK')
Example #19
0
    def test_update_owner(self):
        """Change the group owner."""
        new_user = User(username='******',
                        fullname='Another user',
                        passhash='hash')
        server.db.session.add(new_user)
        server.db.session.commit()

        group_id = self.group.id
        new_username = new_user.username

        request = {'admin': new_user.username}
        rv = self.put('/group/{group_id}/'.format(group_id=group_id),
                      request,
                      token=self.user.token)
        self.assertJsonOk(rv)

        # check the database
        group = Group.query.get(group_id)
        self.assertEqual(group.owner, new_username)
        return
Example #20
0
class TestExistingUsers(LunchoTests):
    """Tests for existing users."""
    def setUp(self):
        super(TestExistingUsers, self).setUp()
        self.user = User(username='******',
                         fullname='Test User',
                         passhash='hash')
        server.db.session.add(self.user)
        server.db.session.commit()
        self.user.get_token()

    def tearDown(self):
        super(TestExistingUsers, self).tearDown()

    def test_update_details(self):
        """Update user details."""
        request = {'full_name': 'New User Name', 'password': '******'}
        rv = self.put('/user/', request, self.user.token)

        self.assertJsonOk(rv)

        # check in the database
        user = User.query.filter_by(username='******').first()
        self.assertEqual(user.fullname, request['full_name'])
        self.assertEqual(user.passhash, request['password'])

    def test_wrong_token(self):
        """Send a request with an unexisting token."""
        request = {'full_name': 'New User Name', 'password': '******'}
        rv = self.put('/user/', request, 'no-token')

        self.assertJsonError(rv, 404, 'User not found (via token)')

    def test_expired_token(self):
        """Send a token that exists but it's not valid for today."""
        # the token is not valid by our standards, but it will be found and
        # and the token for today will not be valid
        self.user.token = 'expired'
        server.db.session.commit()

        request = {'full_name': 'New User Name', 'password': '******'}
        rv = self.put('/user/', request, self.user.token)

        self.assertJsonError(rv, 400, 'Invalid token')

    def test_delete_user(self):
        """Delete a user."""
        rv = self.delete('/user/', token=self.user.token)
        self.assertJsonOk(rv)

        # check the database
        user = User.query.filter_by(username='******').first()
        self.assertIsNone(user)

    def test_delete_wrong_token(self):
        """Send a delete to a non-existing token."""
        rv = self.delete('/user/', token='no-token')

        self.assertJsonError(rv, 404, 'User not found (via token)')

    def test_delete_expired_token(self):
        """Send a delete to a token for yesterday."""
        # see note on `test_expired_token`
        self.user.token = 'expired'
        server.db.session.commit()

        rv = self.delete('/user/', token=self.user.token)

        self.assertJsonError(rv, 400, 'Invalid token')
Example #21
0
class TestUsersInGroup(LunchoTests):
    """Tests for managing users in the group."""
    def setUp(self):
        super(TestUsersInGroup, self).setUp()
        # create a user to have a token
        self.user = User(username='******',
                         fullname='Test User',
                         passhash='hash')
        self.user.verified = True
        server.db.session.add(self.user)

        # create a group for the user
        self.group = Group(name='Test group',
                           owner=self.user)
        server.db.session.add(self.group)

        self.user.groups.append(self.group)
        server.db.session.commit()
        self.user.get_token()
        return

    def tearDown(self):
        super(TestUsersInGroup, self).tearDown()
        return

    def test_add_user(self):
        """Try to add another user in the group."""
        new_user = User(username='******',
                        fullname='Another user',
                        passhash='hash')
        server.db.session.add(new_user)
        server.db.session.commit()

        request = {'usernames': [new_user.username]}

        url = '/group/{group_id}/users/'.format(group_id=self.group.id)
        rv = self.post(url,
                       request,
                       token=self.user.token)
        self.assertJsonOk(rv)
        return

    def test_add_no_owner(self):
        """Try to add users without being the group admin."""
        new_user = User(username='******',
                        fullname='Another user',
                        passhash='hash')
        server.db.session.add(new_user)
        server.db.session.commit()
        new_user.get_token()

        request = {'usernames': [new_user.username]}

        url = '/group/{group_id}/users/'.format(group_id=self.group.id)
        rv = self.post(url,
                       request,
                       token=new_user.token)
        self.assertJsonError(rv, 403, 'User is not admin')
        return

    def test_add_no_such_user(self):
        """Try to add an unknown user to the group."""
        request = {'usernames': ['unknown']}
        url = '/group/{group_id}/users/'.format(group_id=self.group.id)
        rv = self.post(url,
                       request,
                       token=self.user.token)

        # not finding users still returns a 200, but with the users in the
        # "not_found" field
        self.assertJsonOk(rv)
        json = loads(rv.data)
        self.assertTrue('not_found' in json)
        self.assertTrue('unknown' in json['not_found'])
        return

    def test_add_unknown_group(self):
        """Try to add users to some unknown group."""
        # the usernames are worthless, group not found should kick first
        request = {'usernames': ['unkonwn']}
        group_id = self.group.id + 10
        rv = self.post('/group/{group_id}/users/'.format(group_id=group_id),
                       request,
                       token=self.user.token)
        self.assertJsonError(rv, 404, 'Group not found')
        return

    def test_get_members(self):
        """Try to get a list of group members."""
        username = self.user.username
        fullname = self.user.fullname
        url = '/group/{group_id}/users/'.format(group_id=self.group.id)
        rv = self.get(url,
                      token=self.user.token)
        self.assertJsonOk(rv)
        json = loads(rv.data)
        self.assertTrue('users' in json)
        self.assertEqual(len(json['users']), 1)     # just the owner
        self.assertEqual(json['users'][0]['username'], username)
        self.assertEqual(json['users'][0]['full_name'], fullname)
        return

    def test_get_members_by_member(self):
        """Non admin user requests the list of group members."""
        new_user = User(username='******',
                        fullname='Another user',
                        passhash='hash')
        server.db.session.add(new_user)
        new_user.groups.append(self.group)
        server.db.session.commit()
        new_user.get_token()

        url = '/group/{group_id}/users/'.format(group_id=self.group.id)
        rv = self.get(url,
                      token=new_user.token)
        self.assertJsonOk(rv)

        json = loads(rv.data)
        self.assertTrue('users' in json)
        self.assertEqual(len(json['users']), 2)     # owner and new user
        return

    def test_get_members_by_non_member(self):
        """A user that is not part of the group ask for members."""
        new_user = User(username='******',
                        fullname='Another user',
                        passhash='hash')
        server.db.session.add(new_user)
        server.db.session.commit()
        new_user.get_token()

        url = '/group/{group_id}/users/'.format(group_id=self.group.id)
        rv = self.get(url,
                      token=new_user.token)
        self.assertJsonError(rv, 403, 'User is not member of this group')
        return

    def test_unknown_group(self):
        """Test trying to get members of a group that doesn't exist."""
        group_id = self.group.id + 10
        rv = self.get('/group/{group_id}/users/'.format(group_id=group_id),
                      token=self.user.token)
        self.assertJsonError(rv, 404, 'Group not found')
        return
Example #22
0
class TestGroups(LunchoTests):
    """Test groups requests."""

    def setUp(self):
        super(TestGroups, self).setUp()
        # create a user to have a token
        self.user = User(username='******',
                         fullname='Test User',
                         passhash='hash')
        self.user.verified = True
        server.db.session.add(self.user)
        server.db.session.commit()
        self.user.get_token()
        return

    def test_empty_list(self):
        """Get an empty list from a user without groups."""
        rv = self.get('/group/', token=self.user.token)
        self.assertJsonOk(rv, groups=[])
        return

    def test_create_group(self):
        """Test creating a group."""
        request = {'name': 'Test group'}
        rv = self.post('/group/',
                       request,
                       token=self.user.token)
        self.assertJsonOk(rv, id=1)
        return

    def test_create_group_unverified_account(self):
        """Try creating a group with an account that's not verified yet."""
        self.user.verified = False
        server.db.session.commit()

        request = {'name': 'Test group'}
        rv = self.post('/group/',
                       request,
                       token=self.user.token)
        self.assertJsonError(rv, 412, 'Account not verified')
        return

    def test_user_in_own_group(self):
        """The user must belong to a group it owns."""
        token = self.user.token
        self.test_create_group()
        rv = self.get('/group/', token=token)
        self.assertJsonOk(rv, groups=[{'id': 1,
                                       'name': 'Test group',
                                       'admin': True}])
        return

    def test_get_groups_unknown_token(self):
        """Request groups with an unknown token."""
        rv = self.get('/group/', token='invalid')
        self.assertJsonError(rv, 404, 'User not found (via token)')
        return

    def test_get_groups_expired_token(self):
        """Request groups with an expired token."""
        self.user.token = 'expired'
        server.db.session.commit()

        rv = self.get('/group/', token=self.user.token)
        self.assertJsonError(rv, 400, 'Invalid token')
        return

    def test_create_group_unknown_token(self):
        """Try to create a group with an invalid token."""
        request = {'name': 'Test group'}
        rv = self.post('/group/',
                       request,
                       token='invalid')
        self.assertJsonError(rv, 404, 'User not found (via token)')
        return

    def test_create_group_expired_token(self):
        self.user.token = 'expired'
        server.db.session.commit()

        request = {'name': 'Test group'}
        rv = self.post('/group/',
                       request,
                       token=self.user.token)
        self.assertJsonError(rv, 400, 'Invalid token')
        return
Example #23
0
class TestExistingGroups(LunchoTests):
    """Test for existing groups."""
    def setUp(self):
        super(TestExistingGroups, self).setUp()
        # create a user to have a token
        self.user = User(username='******',
                         fullname='Test User',
                         passhash='hash')
        self.user.verified = True
        server.db.session.add(self.user)

        # create a group for the user
        self.group = Group(name='Test group',
                           owner=self.user)
        server.db.session.add(self.group)
        server.db.session.commit()
        self.user.get_token()
        return

    def tearDown(self):
        super(TestExistingGroups, self).tearDown()
        return

    def test_update_name(self):
        """Change the group name."""
        group_id = self.group.id
        request = {'name': 'New test group'}
        rv = self.put('/group/{group_id}/'.format(group_id=self.group.id),
                      request,
                      token=self.user.token)
        self.assertJsonOk(rv)

        # check the database
        group = Group.query.get(group_id)
        self.assertEqual(group.name, request['name'])
        return

    def test_update_name_invalid_token(self):
        """Try to change the name with an unknown token."""
        request = {'name': 'New test group'}
        rv = self.put('/group/{group_id}/'.format(group_id=self.group.id),
                      request,
                      token='invalid')
        self.assertJsonError(rv, 404, 'User not found (via token)')
        return

    def test_update_name_expired_token(self):
        """Try to change the name with an expired token."""
        self.user.token = 'expired'
        server.db.session.commit()

        request = {'name': 'New test group'}
        rv = self.put('/group/{group_id}/'.format(group_id=self.group.id),
                      request,
                      token=self.user.token)
        self.assertJsonError(rv, 400, 'Invalid token')
        return

    def test_update_owner(self):
        """Change the group owner."""
        new_user = User(username='******',
                        fullname='Another user',
                        passhash='hash')
        server.db.session.add(new_user)
        server.db.session.commit()

        group_id = self.group.id
        new_username = new_user.username

        request = {'admin': new_user.username}
        rv = self.put('/group/{group_id}/'.format(group_id=group_id),
                      request,
                      token=self.user.token)
        self.assertJsonOk(rv)

        # check the database
        group = Group.query.get(group_id)
        self.assertEqual(group.owner, new_username)
        return

    def test_update_owner_invalid(self):
        """Try to change the owner to a user that doesn't exist."""
        request = {'admin': 'unknown'}
        rv = self.put('/group/{group_id}/'.format(group_id=self.group.id),
                      request,
                      token=self.user.token)
        self.assertJsonError(rv, 404, 'New admin not found')
        return

    def test_update_unknown_group(self):
        """Try to update a group that doesn't exist."""
        group_id = self.group.id + 10
        request = {'name': 'New test group'}
        rv = self.put('/group/{group_id}/'.format(group_id=group_id),
                      request,
                      token=self.user.token)
        self.assertJsonError(rv, 404, 'Group not found')
        return

    def test_not_admin(self):
        """Try to update with a user that it is not the group admin."""
        new_user = self.create_user(name='another_user',
                                    fullname='Another user',
                                    passhash='hash',
                                    verified=True,
                                    create_token=True)
        request = {'name': 'A new name'}
        rv = self.put('/group/{group_id}/'.format(group_id=self.group.id),
                      request,
                      token=new_user.token)
        self.assertJsonError(rv, 403, 'User is not admin')
        return

    def test_delete_group(self):
        """Delete a group."""
        group_id = self.group.id
        rv = self.delete('/group/{group_id}/'.format(group_id=group_id),
                         token=self.user.token)
        self.assertJsonOk(rv)
        return

    def test_delete_unknown_group(self):
        """Delete a group that doesn't exist."""
        group_id = self.group.id + 10
        rv = self.delete('/group/{group_id}/'.format(group_id=group_id),
                         token=self.user.token)
        self.assertJsonError(rv, 404, 'Group not found')
        return

    def test_delete_not_admin(self):
        """Try to delete a group when the user is not the admin."""
        new_user = User(username='******',
                        fullname='Another user',
                        passhash='hash')
        server.db.session.add(new_user)
        server.db.session.commit()
        new_user.get_token()

        rv = self.delete('/group/{group_id}/'.format(group_id=self.group.id),
                         token=new_user.token)
        self.assertJsonError(rv, 403, 'User is not admin')
        return

    def test_delete_invalid_token(self):
        """Try to delete a group with an unknown token."""
        rv = self.delete('/group/{group_id}/'.format(group_id=self.group.id),
                         token='invalid')
        self.assertJsonError(rv, 404, 'User not found (via token)')
        return
Example #24
0
class TestGroups(LunchoTests):
    """Test groups requests."""
    def setUp(self):
        super(TestGroups, self).setUp()
        # create a user to have a token
        self.user = User(username='******',
                         fullname='Test User',
                         passhash='hash')
        self.user.verified = True
        server.db.session.add(self.user)
        server.db.session.commit()
        self.user.get_token()
        return

    def test_empty_list(self):
        """Get an empty list from a user without groups."""
        rv = self.get('/group/', token=self.user.token)
        self.assertJsonOk(rv, groups=[])
        return

    def test_create_group(self):
        """Test creating a group."""
        request = {'name': 'Test group'}
        rv = self.post('/group/', request, token=self.user.token)
        self.assertJsonOk(rv, id=1)
        return

    def test_create_group_unverified_account(self):
        """Try creating a group with an account that's not verified yet."""
        self.user.verified = False
        server.db.session.commit()

        request = {'name': 'Test group'}
        rv = self.post('/group/', request, token=self.user.token)
        self.assertJsonError(rv, 412, 'Account not verified')
        return

    def test_user_in_own_group(self):
        """The user must belong to a group it owns."""
        token = self.user.token
        self.test_create_group()
        rv = self.get('/group/', token=token)
        self.assertJsonOk(rv,
                          groups=[{
                              'id': 1,
                              'name': 'Test group',
                              'admin': True
                          }])
        return

    def test_get_groups_unknown_token(self):
        """Request groups with an unknown token."""
        rv = self.get('/group/', token='invalid')
        self.assertJsonError(rv, 404, 'User not found (via token)')
        return

    def test_get_groups_expired_token(self):
        """Request groups with an expired token."""
        self.user.token = 'expired'
        server.db.session.commit()

        rv = self.get('/group/', token=self.user.token)
        self.assertJsonError(rv, 400, 'Invalid token')
        return

    def test_create_group_unknown_token(self):
        """Try to create a group with an invalid token."""
        request = {'name': 'Test group'}
        rv = self.post('/group/', request, token='invalid')
        self.assertJsonError(rv, 404, 'User not found (via token)')
        return

    def test_create_group_expired_token(self):
        self.user.token = 'expired'
        server.db.session.commit()

        request = {'name': 'Test group'}
        rv = self.post('/group/', request, token=self.user.token)
        self.assertJsonError(rv, 400, 'Invalid token')
        return
Example #25
0
class TestExistingUsers(LunchoTests):
    """Tests for existing users."""
    def setUp(self):
        super(TestExistingUsers, self).setUp()
        self.user = User(username='******',
                         fullname='Test User',
                         passhash='hash')
        server.db.session.add(self.user)
        server.db.session.commit()
        self.user.get_token()

    def tearDown(self):
        super(TestExistingUsers, self).tearDown()

    def test_update_details(self):
        """Update user details."""
        request = {'full_name': 'New User Name',
                   'password': '******'}
        rv = self.put('/user/',
                      request,
                      self.user.token)

        self.assertJsonOk(rv)

        # check in the database
        user = User.query.filter_by(username='******').first()
        self.assertEqual(user.fullname, request['full_name'])
        self.assertEqual(user.passhash, request['password'])

    def test_wrong_token(self):
        """Send a request with an unexisting token."""
        request = {'full_name': 'New User Name',
                   'password': '******'}
        rv = self.put('/user/',
                      request,
                      'no-token')

        self.assertJsonError(rv, 404, 'User not found (via token)')

    def test_expired_token(self):
        """Send a token that exists but it's not valid for today."""
        # the token is not valid by our standards, but it will be found and
        # and the token for today will not be valid
        self.user.token = 'expired'
        server.db.session.commit()

        request = {'full_name': 'New User Name',
                   'password': '******'}
        rv = self.put('/user/',
                      request,
                      self.user.token)

        self.assertJsonError(rv, 400, 'Invalid token')

    def test_delete_user(self):
        """Delete a user."""
        rv = self.delete('/user/', token=self.user.token)
        self.assertJsonOk(rv)

        # check the database
        user = User.query.filter_by(username='******').first()
        self.assertIsNone(user)

    def test_delete_wrong_token(self):
        """Send a delete to a non-existing token."""
        rv = self.delete('/user/', token='no-token')

        self.assertJsonError(rv, 404, 'User not found (via token)')

    def test_delete_expired_token(self):
        """Send a delete to a token for yesterday."""
        # see note on `test_expired_token`
        self.user.token = 'expired'
        server.db.session.commit()

        rv = self.delete('/user/', token=self.user.token)

        self.assertJsonError(rv, 400, 'Invalid token')
Example #26
0
class TestExistingGroups(LunchoTests):
    """Test for existing groups."""
    def setUp(self):
        super(TestExistingGroups, self).setUp()
        # create a user to have a token
        self.user = User(username='******',
                         fullname='Test User',
                         passhash='hash')
        self.user.verified = True
        server.db.session.add(self.user)

        # create a group for the user
        self.group = Group(name='Test group', owner=self.user)
        server.db.session.add(self.group)
        server.db.session.commit()
        self.user.get_token()
        return

    def tearDown(self):
        super(TestExistingGroups, self).tearDown()
        return

    def test_update_name(self):
        """Change the group name."""
        group_id = self.group.id
        request = {'name': 'New test group'}
        rv = self.put('/group/{group_id}/'.format(group_id=self.group.id),
                      request,
                      token=self.user.token)
        self.assertJsonOk(rv)

        # check the database
        group = Group.query.get(group_id)
        self.assertEqual(group.name, request['name'])
        return

    def test_update_name_invalid_token(self):
        """Try to change the name with an unknown token."""
        request = {'name': 'New test group'}
        rv = self.put('/group/{group_id}/'.format(group_id=self.group.id),
                      request,
                      token='invalid')
        self.assertJsonError(rv, 404, 'User not found (via token)')
        return

    def test_update_name_expired_token(self):
        """Try to change the name with an expired token."""
        self.user.token = 'expired'
        server.db.session.commit()

        request = {'name': 'New test group'}
        rv = self.put('/group/{group_id}/'.format(group_id=self.group.id),
                      request,
                      token=self.user.token)
        self.assertJsonError(rv, 400, 'Invalid token')
        return

    def test_update_owner(self):
        """Change the group owner."""
        new_user = User(username='******',
                        fullname='Another user',
                        passhash='hash')
        server.db.session.add(new_user)
        server.db.session.commit()

        group_id = self.group.id
        new_username = new_user.username

        request = {'admin': new_user.username}
        rv = self.put('/group/{group_id}/'.format(group_id=group_id),
                      request,
                      token=self.user.token)
        self.assertJsonOk(rv)

        # check the database
        group = Group.query.get(group_id)
        self.assertEqual(group.owner, new_username)
        return

    def test_update_owner_invalid(self):
        """Try to change the owner to a user that doesn't exist."""
        request = {'admin': 'unknown'}
        rv = self.put('/group/{group_id}/'.format(group_id=self.group.id),
                      request,
                      token=self.user.token)
        self.assertJsonError(rv, 404, 'New admin not found')
        return

    def test_update_unknown_group(self):
        """Try to update a group that doesn't exist."""
        group_id = self.group.id + 10
        request = {'name': 'New test group'}
        rv = self.put('/group/{group_id}/'.format(group_id=group_id),
                      request,
                      token=self.user.token)
        self.assertJsonError(rv, 404, 'Group not found')
        return

    def test_not_admin(self):
        """Try to update with a user that it is not the group admin."""
        new_user = self.create_user(name='another_user',
                                    fullname='Another user',
                                    passhash='hash',
                                    verified=True,
                                    create_token=True)
        request = {'name': 'A new name'}
        rv = self.put('/group/{group_id}/'.format(group_id=self.group.id),
                      request,
                      token=new_user.token)
        self.assertJsonError(rv, 403, 'User is not admin')
        return

    def test_delete_group(self):
        """Delete a group."""
        group_id = self.group.id
        rv = self.delete('/group/{group_id}/'.format(group_id=group_id),
                         token=self.user.token)
        self.assertJsonOk(rv)
        return

    def test_delete_unknown_group(self):
        """Delete a group that doesn't exist."""
        group_id = self.group.id + 10
        rv = self.delete('/group/{group_id}/'.format(group_id=group_id),
                         token=self.user.token)
        self.assertJsonError(rv, 404, 'Group not found')
        return

    def test_delete_not_admin(self):
        """Try to delete a group when the user is not the admin."""
        new_user = User(username='******',
                        fullname='Another user',
                        passhash='hash')
        server.db.session.add(new_user)
        server.db.session.commit()
        new_user.get_token()

        rv = self.delete('/group/{group_id}/'.format(group_id=self.group.id),
                         token=new_user.token)
        self.assertJsonError(rv, 403, 'User is not admin')
        return

    def test_delete_invalid_token(self):
        """Try to delete a group with an unknown token."""
        rv = self.delete('/group/{group_id}/'.format(group_id=self.group.id),
                         token='invalid')
        self.assertJsonError(rv, 404, 'User not found (via token)')
        return
Example #27
0
class TestUsersInGroup(LunchoTests):
    """Tests for managing users in the group."""
    def setUp(self):
        super(TestUsersInGroup, self).setUp()
        # create a user to have a token
        self.user = User(username='******',
                         fullname='Test User',
                         passhash='hash')
        self.user.verified = True
        server.db.session.add(self.user)

        # create a group for the user
        self.group = Group(name='Test group', owner=self.user)
        server.db.session.add(self.group)

        self.user.groups.append(self.group)
        server.db.session.commit()
        self.user.get_token()
        return

    def tearDown(self):
        super(TestUsersInGroup, self).tearDown()
        return

    def test_add_user(self):
        """Try to add another user in the group."""
        new_user = User(username='******',
                        fullname='Another user',
                        passhash='hash')
        server.db.session.add(new_user)
        server.db.session.commit()

        request = {'usernames': [new_user.username]}

        url = '/group/{group_id}/users/'.format(group_id=self.group.id)
        rv = self.post(url, request, token=self.user.token)
        self.assertJsonOk(rv)
        return

    def test_add_no_owner(self):
        """Try to add users without being the group admin."""
        new_user = User(username='******',
                        fullname='Another user',
                        passhash='hash')
        server.db.session.add(new_user)
        server.db.session.commit()
        new_user.get_token()

        request = {'usernames': [new_user.username]}

        url = '/group/{group_id}/users/'.format(group_id=self.group.id)
        rv = self.post(url, request, token=new_user.token)
        self.assertJsonError(rv, 403, 'User is not admin')
        return

    def test_add_no_such_user(self):
        """Try to add an unknown user to the group."""
        request = {'usernames': ['unknown']}
        url = '/group/{group_id}/users/'.format(group_id=self.group.id)
        rv = self.post(url, request, token=self.user.token)

        # not finding users still returns a 200, but with the users in the
        # "not_found" field
        self.assertJsonOk(rv)
        json = loads(rv.data)
        self.assertTrue('not_found' in json)
        self.assertTrue('unknown' in json['not_found'])
        return

    def test_add_unknown_group(self):
        """Try to add users to some unknown group."""
        # the usernames are worthless, group not found should kick first
        request = {'usernames': ['unkonwn']}
        group_id = self.group.id + 10
        rv = self.post('/group/{group_id}/users/'.format(group_id=group_id),
                       request,
                       token=self.user.token)
        self.assertJsonError(rv, 404, 'Group not found')
        return

    def test_get_members(self):
        """Try to get a list of group members."""
        username = self.user.username
        fullname = self.user.fullname
        url = '/group/{group_id}/users/'.format(group_id=self.group.id)
        rv = self.get(url, token=self.user.token)
        self.assertJsonOk(rv)
        json = loads(rv.data)
        self.assertTrue('users' in json)
        self.assertEqual(len(json['users']), 1)  # just the owner
        self.assertEqual(json['users'][0]['username'], username)
        self.assertEqual(json['users'][0]['full_name'], fullname)
        return

    def test_get_members_by_member(self):
        """Non admin user requests the list of group members."""
        new_user = User(username='******',
                        fullname='Another user',
                        passhash='hash')
        server.db.session.add(new_user)
        new_user.groups.append(self.group)
        server.db.session.commit()
        new_user.get_token()

        url = '/group/{group_id}/users/'.format(group_id=self.group.id)
        rv = self.get(url, token=new_user.token)
        self.assertJsonOk(rv)

        json = loads(rv.data)
        self.assertTrue('users' in json)
        self.assertEqual(len(json['users']), 2)  # owner and new user
        return

    def test_get_members_by_non_member(self):
        """A user that is not part of the group ask for members."""
        new_user = User(username='******',
                        fullname='Another user',
                        passhash='hash')
        server.db.session.add(new_user)
        server.db.session.commit()
        new_user.get_token()

        url = '/group/{group_id}/users/'.format(group_id=self.group.id)
        rv = self.get(url, token=new_user.token)
        self.assertJsonError(rv, 403, 'User is not member of this group')
        return

    def test_unknown_group(self):
        """Test trying to get members of a group that doesn't exist."""
        group_id = self.group.id + 10
        rv = self.get('/group/{group_id}/users/'.format(group_id=group_id),
                      token=self.user.token)
        self.assertJsonError(rv, 404, 'Group not found')
        return