def test_get_entry(self): with self.app.app_context(): user = UsersModel("test", "test") user.hash_password("test") user.save_to_db() book = BooksModel(1, 1, 1, "test") book.save_to_db() book2 = BooksModel(2, 1, 1, "test") book2.save_to_db() book3 = BooksModel(3, 1, 1, "test") book3.save_to_db() entry = LibraryModel(book.isbn, user.id, LibraryType.Bought, State.Pending) entry.save_to_db() entry2 = LibraryModel(book2.isbn, user.id, LibraryType.WishList, State.Pending) entry2.save_to_db() entry3 = LibraryModel(book3.isbn, user.id, LibraryType.Bought, State.Reading) entry3.save_to_db() res = self.client.post("api/login", data={"email": user.email, "password": "******"}) token = json.loads(res.data)["token"] res = self.client.get(f"api/userLibrary/{user.email}", headers={ "Authorization": 'Basic ' + base64.b64encode((token + ":").encode('ascii')).decode('ascii') }) self.assertEqual(200, res.status_code) expectedRes = list(map(lambda e: e.json(), [entry, entry3])) self.assertEqual(expectedRes, json.loads(res.data)["library"])
def post(self): data = parse_user() check_constraints_user(data) with lock: user = UsersModel.find_by_username(data["username"]) if user: return { "message": f"An user with same username {data['username']} already exists" }, 409 user = UsersModel.find_by_email(data["email"]) if user: return { "message": f"An user with same email {data['email']} already exists" }, 409 password = data.pop("password") try: user = UsersModel(**data) user.hash_password(password) user.save_to_db() verify = VerifyModel(user.id) verify.save_to_db() verify.send_email(user.email, request.url_root) except Exception as e: return {"message": str(e)}, 500 return user.json(), 201
def test_add(self): with self.app.app_context(): to_add = UsersModel('test', '*****@*****.**') to_add.hash_password('password') UsersModel.save_to_db(to_add) self.assertEqual( UsersModel.find_by_username('test').username, to_add.username)
def test_library_visibility_modification_other_user(self): with self.app.app_context(): self.basic_setup() user2 = UsersModel("test2", "test2") user2.hash_password("test2") user2.save_to_db() library = self.entry = LibraryModel(self.book.isbn, user2.id, LibraryType.Bought) library.save_to_db() res = self.client.delete( f"api/library/{user2.email}/visibility/{self.book.isbn}", headers={ "Authorization": 'Basic ' + base64.b64encode( (self.token + ":").encode('ascii')).decode('ascii') }) self.assertEqual(401, res.status_code) # Checks visibility doesn't change self.assertEqual( self.entry.visible, LibraryModel.find_by_id_and_isbn(self.user.id, self.book.isbn).visible)
def test_get_all_transactions_no_admin(self): with self.app.app_context(): user = UsersModel("test", "*****@*****.**", role=Roles.User) user.hash_password("test") user.save_to_db() res = self.client.post("/api/login", data={ "email": user.email, "password": "******" }) token = json.loads(res.data)["token"] book = BooksModel(1, 1, 1, "book1") book.save_to_db() book2 = BooksModel(2, 2, 13.1, "book2") book2.save_to_db() isbns = [book.isbn, book2.isbn] prices = [book.precio, book2.precio] quantities = [1, 1] TransactionsModel.save_transaction(user.id, isbns, prices, quantities) res = self.client.get( "/api/allTransactions", headers={ "Authorization": 'Basic ' + base64.b64encode( (token + ":").encode('ascii')).decode('ascii') }) self.assertEqual(403, res.status_code)
def test_library_visibility_modification_other_user(self): with self.app.app_context(): self.basic_setup() user2 = UsersModel("test2", "test2") user2.hash_password("test2") user2.save_to_db() library = self.entry = LibraryModel(self.book.isbn, user2.id, LibraryType.Bought) library.save_to_db() new_data = { "state": State.Finished.name, "library_type": LibraryType.WishList.name } res = self.client.put( f"/api/library/{user2.email}/{self.book.isbn}", data=new_data, headers={ "Authorization": 'Basic ' + base64.b64encode( (self.token + ":").encode('ascii')).decode('ascii') }) self.assertEqual(401, res.status_code) self.assertEqual( self.entry.state, LibraryModel.find_by_id_and_isbn(self.user.id, self.book.isbn).state) self.assertEqual( self.entry.library_type, LibraryModel.find_by_id_and_isbn(self.user.id, self.book.isbn).library_type)
def test_delete_user(self): with self.app.app_context(): user = UsersModel("test4", "*****@*****.**") user.hash_password("test4") user.save_to_db() res = self.client.post("/api/login", data={"email": "*****@*****.**", "password": "******"}) self.assertEqual(200, res.status_code) token = json.loads(res.data)["token"] res = self.client.delete("/api/user/[email protected]", headers={ "Authorization": 'Basic ' + base64.b64encode((token + ":").encode('ascii')).decode('ascii') }) # veiem que s'esborra correctament self.assertEqual(200, res.status_code) res = self.client.get("/api/users") self.assertEqual(200, res.status_code) self.assertEqual(None, json.loads(res.data)["users"]) # tornem a crear un usuari amb les mateixes dades i ens deixa user = UsersModel("test4", "*****@*****.**") user.hash_password("test4") user.save_to_db() res = self.client.post("/api/login", data={"email": "*****@*****.**", "password": "******"}) self.assertEqual(200, res.status_code)
def test_post_entry_without_login(self): with self.app.app_context(): user = UsersModel("test", "test") user.hash_password("test2") user.save_to_db() res = self.client.post(f"api/library/{user.email}") self.assertEqual(401, res.status_code)
def test_modify_without_login(self): with self.app.app_context(): user = UsersModel("test", "*****@*****.**") user.hash_password("test") user.save_to_db() data_new = {'username': '******', 'password': '******'} res = self.client.put(f"/api/user/{user.email}", data=data_new) self.assertEqual(401, res.status_code)
def test_add_same_email(self): with self.app.app_context(): to_add = UsersModel('test', '*****@*****.**') to_add.hash_password('password') UsersModel.save_to_db(to_add) to_add = UsersModel('test_not_same', '*****@*****.**') to_add.hash_password('password') with self.assertRaises(Exception): UsersModel.save_to_db(to_add)
def test_delete_but_keep(self): with self.app.app_context(): to_add = UsersModel('test', '*****@*****.**') to_add.hash_password('password') UsersModel.save_to_db(to_add) UsersModel.delete_from_db(UsersModel.find_by_username('test')) keeps = len( UsersModel.query.filter_by(username='******', state=False).all()) self.assertNotEqual(keeps, 0)
def test_put_recovery_not_requested(self): with self.app.app_context(): user = UsersModel("test", "test") user.hash_password("test") user.save_to_db() new_password = "******" res = self.client.put(f"/api/recovery/notImportant", data={"new_password": new_password}) self.assertEqual(403, res.status_code)
def test_get_invalid_validation(self): with self.app.app_context(): user = UsersModel("test2", "test2") user.hash_password("test2") user.save_to_db() res = self.client.get(f"/api/recovery/fails") self.assertEqual(404, res.status_code) self.assertEqual("Password Recovery with ['key':fails] is invalid", json.loads(res.data)["message"])
def test_get_users(self): with self.app.app_context(): user = UsersModel("test5", "*****@*****.**") user.hash_password("test5") user.save_to_db() res = self.client.get("/api/users") self.assertEqual(200, res.status_code) list_users = list(map(lambda u: u.json(), UsersModel.query.all())) self.assertEqual(list_users, json.loads(res.data)["users"])
def test_post_recovery(self): with self.app.app_context(), mail.record_messages() as outbox: user = UsersModel("test", "*****@*****.**") user.hash_password("test") user.save_to_db() res = self.client.post(f"/api/recovery", data={"email": user.email}) self.assertEqual(201, res.status_code) self.assertEqual(1, len(outbox)) self.assertEqual(user.json(), json.loads(res.data)["user"])
def test_get_user(self): with self.app.app_context(): user = UsersModel("test", "*****@*****.**") user.hash_password("test") user.save_to_db() res = self.client.get("/api/user/[email protected]") self.assertEqual(200, res.status_code) self.assertEqual(user.json(), json.loads(res.data)["user"]) res = self.client.get("/api/user/doesntexist") self.assertEqual(404, res.status_code)
def test_get_validation(self): with self.app.app_context(): user = UsersModel("test", "test") user.hash_password("test") user.save_to_db() recovery = PasswordRecoveryModel(user.id) recovery.save_to_db() res = self.client.get(f"/api/recovery/{recovery.key}") self.assertEqual(200, res.status_code) self.assertEqual(recovery.json(), json.loads(res.data)["recovery"])
def test_get_entry_invalid_parameter(self): with self.app.app_context(): user = UsersModel("test", "test") user.hash_password("test4") user.save_to_db() res = self.client.post("api/login", data={"email": user.email, "password": "******"}) token = json.loads(res.data)["token"] res = self.client.get(f"api/userLibrary/{user.email}", data={"library_type": "Potato"}, headers={ "Authorization": 'Basic ' + base64.b64encode((token + ":").encode('ascii')).decode('ascii') }) self.assertEqual(409, res.status_code)
def test_put_recovery_expired(self): with self.app.app_context(): user = UsersModel("test", "test") user.hash_password("test") user.save_to_db() recovery = PasswordRecoveryModel(user.id) recovery.time -= 2 * PasswordRecoveryModel.VALID_UNTIL recovery.save_to_db() new_password = "******" res = self.client.put(f"/api/recovery/{recovery.key}", data={"new_password": new_password}) self.assertEqual(403, res.status_code)
def test_put_recovery(self): with self.app.app_context(): user = UsersModel("test", "test") user.hash_password("test") user.save_to_db() recovery = PasswordRecoveryModel(user.id) recovery.save_to_db() new_password = "******" res = self.client.put(f"/api/recovery/{recovery.key}", data={"new_password": new_password}) self.assertEqual(200, res.status_code) self.assertEqual(user.json(), json.loads(res.data)["user"]) self.assertTrue(user.check_password(new_password))
def test_get_transactions_without_login(self): with self.app.app_context(): user = UsersModel('test', '*****@*****.**') user.hash_password('test') UsersModel.save_to_db(user) book = BooksModel(1, 1, 1.0, "titulo") book.save_to_db() # no login dataTransaction = {} res = self.client.post("/api/transaction", data=dataTransaction) self.assertEqual(401, res.status_code)
def test_login_user(self): with self.app.app_context(): user = UsersModel("test3", "*****@*****.**") user.hash_password("test3") user.save_to_db() res = self.client.post("/api/login", data={ "email": "*****@*****.**", "password": "******" }) self.assertEqual(200, res.status_code) self.assertEqual( user, UsersModel.verify_auth_token(json.loads(res.data)["token"]))
def test_recovery_mail(self): with self.app.app_context(), mail.record_messages() as outbox: user = UsersModel("test", "*****@*****.**") user.hash_password("test") user.save_to_db() recovery = PasswordRecoveryModel(user.id) recovery.save_to_db() root = "http://test.com/" recovery.send_email(user.email, root) self.assertEqual(1, len(outbox)) self.assertEqual("Password recovery", outbox[0].subject) self.assertEqual(user.email, outbox[0].recipients[0]) self.assertTrue( f"http://test.com/reset?key={recovery.key}" in outbox[0].body)
def test_modify_email_already_used(self): with self.app.app_context(): self.basic_setup() user2 = UsersModel("patata", "*****@*****.**") user2.hash_password("patata") user2.save_to_db() data_new = {'email': user2.email, 'password': '******'} res = self.client.put( f"/api/user/{self.user.email}", data=data_new, headers={ "Authorization": 'Basic ' + base64.b64encode( (self.token + ":").encode('ascii')).decode('ascii') }) self.assertEqual(409, res.status_code)
def test_post_entry_invalid_parameter(self): with self.app.app_context(): user = UsersModel("test", "test") user.hash_password("test") user.save_to_db() res = self.client.post("api/login", data={"email": user.email, "password": "******"}) token = json.loads(res.data)["token"] parameters = { 'isbn': 40, 'email': user.email } res = self.client.post("api/library", data=parameters, headers={ "Authorization": 'Basic ' + base64.b64encode((token + ":").encode('ascii')).decode('ascii') }) self.assertEqual(404, res.status_code)
def test_model_update_several_score(self): with self.app.app_context(): self.basic_setup() user2 = UsersModel("test2", "test2") user2.hash_password("test2") user2.save_to_db() review = ReviewsModel(self.book.isbn, self.user.id, 2) review.save_to_db() review2 = ReviewsModel(self.book.isbn, user2.id, 4) review2.save_to_db() data = {"score": 3} review.update_from_db(data) self.assertEqual(data["score"], review.score) self.assertEqual((data["score"] + review2.score)/2, ScoresModel.find_by_isbn(self.book.isbn).score)
def test_post_entry(self): with self.app.app_context(): user = UsersModel("test", "test") user.hash_password("test") user.save_to_db() book = BooksModel(1, 1, 1, "test") book.save_to_db() res = self.client.post("api/login", data={"email": user.email, "password": "******"}) token = json.loads(res.data)["token"] parameters = { 'isbn': book.isbn, } res = self.client.post(f"api/library/{user.email}", data=parameters, headers={ "Authorization": 'Basic ' + base64.b64encode((token + ":").encode('ascii')).decode('ascii') }) self.assertEqual(201, res.status_code) self.assertEqual(LibraryModel.find_by_id_and_isbn(user.id, 1).json(), json.loads(res.data))
class UnitTestOfUS(BaseTest): def basic_setup(self): password = "******" self.admin = UsersModel("admin", "admin", Roles.Admin) self.admin.hash_password(password) self.admin.save_to_db() self.user = UsersModel("test", "test") self.user.hash_password("test") self.user.save_to_db() self.book = BooksModel(2, 2, 2, "test") self.book.save_to_db() res = self.client.post("/api/login", data={ "email": self.admin.email, "password": password }) self.token = json.loads(res.data)["token"] def test_delete_review_admin(self): with self.app.app_context(): self.basic_setup() review = ReviewsModel(self.book.isbn, self.user.id, 2, "test") review.save_to_db() res = self.client.delete( f"api/review/{self.user.id}/{self.book.isbn}", headers={ "Authorization": 'Basic ' + base64.b64encode( (self.token + ":").encode('ascii')).decode('ascii') }) self.assertEqual(200, res.status_code) self.assertEqual( None, ReviewsModel.find_by_isbn_user_id(self.book.isbn, self.user.id))
def test_delete_user(self): with self.app.app_context(): user = UsersModel("test4", "*****@*****.**") user.hash_password("test4") user.save_to_db() res = self.client.post("/api/login", data={ "email": "*****@*****.**", "password": "******" }) self.assertEqual(200, res.status_code) token = json.loads(res.data)["token"] res = self.client.delete( "/api/user/[email protected]", headers={ "Authorization": 'Basic ' + base64.b64encode( (token + ":").encode('ascii')).decode('ascii') }) self.assertEqual(200, res.status_code)
def test_get_transactions_other_user(self): with self.app.app_context(): self.basic_setup() book2 = BooksModel(2, 2, 13.1, "book2") book2.save_to_db() isbns = [self.book.isbn, book2.isbn] prices = [self.book.precio, book2.precio] quantities = [1, 1] dataTransaction = { "isbns": isbns, 'prices': prices, 'quantities': quantities, "email": self.user.email, } res = self.client.post( "/api/transaction", data=dataTransaction, headers={ "Authorization": 'Basic ' + base64.b64encode( (self.token + ":").encode('ascii')).decode('ascii') }) self.assertEqual(201, res.status_code) user2 = UsersModel('test2', '*****@*****.**') user2.hash_password('test2') UsersModel.save_to_db(user2) res = self.client.get( '/api/transactions/' + user2.email, headers={ # user tries to get user2 transactions "Authorization": 'Basic ' + base64.b64encode( (self.token + ":").encode('ascii')).decode('ascii') }) self.assertEqual(401, res.status_code)