def test_add_user_duplicate_email(self):
"""Ensure error is thrown if the email already exists."""
user = add_user('test', '*****@*****.**', 'test')
user.admin = True
db.session.commit()
with self.client:
token = get_user_token(self.client, '*****@*****.**', 'test')
self.client.post('/api/users/',
data=json.dumps({
'username':
'******',
'email':
'*****@*****.**',
'password':
'******',
}),
content_type='application/json',
headers={'Authorization': f'Bearer {token}'})
token_two = get_user_token(self.client, '*****@*****.**', 'test')
response = self.client.post(
'/api/users/',
data=json.dumps({
'username': '******',
'email': '*****@*****.**',
'password': '******',
}),
content_type='application/json',
headers={'Authorization': f'Bearer {token_two}'})
data = json.loads(response.data.decode())
self.assertEqual(response.status_code, 409)
self.assertIn('Email already in use: [email protected]',
data['message'])
def test_disable_user_no_role(self):
add_user('test', '*****@*****.**', 'test')
add_user('test2', '*****@*****.**', 'test2')
with self.client:
token = get_user_token(self.client, '*****@*****.**', 'test')
response = self.client.patch(
'/api/auth/disable',
headers={'Authorization': f'Bearer {token}'},
content_type='application/json',
data=json.dumps({'email': '*****@*****.**'}))
data = json.loads(response.data.decode())
self.assertEqual('MissingRoleError', data['error'])
self.assertEqual(
"This endpoint requires all the following roles: ['admin']",
data['message'])
self.assertEqual(403, data['status_code'])
token2 = login_user(self.client, '*****@*****.**',
'test2')['auth_token']
response2 = self.client.get(
'/api/auth/status',
headers={'Authorization': f'Bearer {token2}'})
data = json.loads(response2.data.decode())
self.assertEqual(200, response2.status_code)
self.assertTrue(data['email'])
self.assertTrue(data['username'])
self.assertTrue(data['is_active'])
def test_add_user_invalid_json_keys_no_password(self):
"""
Ensure error is thrown if the JSON object
does not have a password key.
"""
add_user('test', '*****@*****.**', 'test')
# update user
user = User.query.filter_by(email='*****@*****.**').first()
user.admin = True
db.session.commit()
with self.client:
token = get_user_token(self.client, '*****@*****.**', 'test')
response = self.client.post(
'/api/users/',
data=json.dumps({
'username': '******',
'email': '*****@*****.**'
}),
content_type='application/json',
headers={'Authorization': f'Bearer {token}'})
data = json.loads(response.data.decode())
self.assertEqual(response.status_code, 400)
self.assertIn("Input payload validation failed", data['message'])
self.assertIn("'password' is a required property",
data['errors']['password'])
def test_single_user_incorrect_id(self):
"""Ensure error is thrown if the id does not exist."""
add_user('test_me', '*****@*****.**', 'Downf0ryourRIGHTtoParty!')
with self.client:
token = get_user_token(self.client, '*****@*****.**',
'Downf0ryourRIGHTtoParty!')
response = self.client.get(
f'/api/users/999',
content_type='application/json',
headers={'Authorization': f'Bearer {token}'})
data = json.loads(response.data.decode())
self.assertEqual(response.status_code, 404)
self.assertIn('User Not Found by Id 999', data['message'])
def test_single_user(self):
"""Ensure get single user behaves correctly."""
user = add_user('test_me', '*****@*****.**',
'Downf0ryourRIGHTtoParty!')
with self.client:
token = get_user_token(self.client, '*****@*****.**',
'Downf0ryourRIGHTtoParty!')
response = self.client.get(
f'/api/users/{user.id}',
content_type='application/json',
headers={'Authorization': f'Bearer {token}'})
data = json.loads(response.data.decode())
self.assertEqual(response.status_code, 200)
self.assertIn('test_me', data['username'])
self.assertIn('*****@*****.**', data['email'])
def test_add_user_not_admin(self):
add_user('test', '*****@*****.**', 'test')
with self.client:
# user login
token = get_user_token(self.client, '*****@*****.**', 'test')
response = self.client.post(
'/api/users/',
data=json.dumps({
'username': '******',
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json',
headers={'Authorization': f'Bearer {token}'})
data = json.loads(response.data.decode())
self.assertTrue(data == 'You do not have permission to do that.')
self.assertEqual(response.status_code, 401)
def test_disable_user(self):
add_user('test', '*****@*****.**', 'test', 'admin')
add_user('test2', '*****@*****.**', 'test2')
with self.client:
token = get_user_token(self.client, '*****@*****.**', 'test')
response = self.client.patch(
'/api/auth/disable',
headers={'Authorization': f'Bearer {token}'},
content_type='application/json',
data=json.dumps({'email': '*****@*****.**'}))
token2 = login_user(self.client, '*****@*****.**', 'test2')
data = json.loads(response.data.decode())
response2 = self.client.get(
'/api/auth/status',
headers={'Authorization': f'Bearer {token2}'})
data = json.loads(response2.data.decode())
self.assertEqual(401, data['status_code'])
self.assertEqual('InvalidTokenHeader', data['error'])
def test_add_user_inactive(self):
add_user('test', '*****@*****.**', 'test')
# update user
user = User.query.filter_by(email='*****@*****.**').first()
user.is_active = False
db.session.commit()
with self.client:
token = get_user_token(self.client, '*****@*****.**', 'test')
response = self.client.post(
'/api/users/',
data=json.dumps({
'username': '******',
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json',
headers={'Authorization': f'Bearer {token}'})
data = json.loads(response.data.decode())
self.assertTrue(data == 'Provide a valid auth token.')
self.assertEqual(response.status_code, 401)
def test_all_users(self):
"""Ensure get all users behaves correctly."""
add_user('test_me', '*****@*****.**', 'Downf0ryourRIGHTtoParty!')
add_user('fletcher', '*****@*****.**',
'Downf0ryourRIGHTtoParty!')
with self.client:
token = get_user_token(self.client, '*****@*****.**',
'Downf0ryourRIGHTtoParty!')
response = get_url_with_token(self.client, '/api/users/', token)
data = json.loads(response.data.decode())
self.assertEqual(response.status_code, 200)
self.assertEqual(len(data), 2)
self.assertIn('test_me', data[0]['username'])
self.assertIn('*****@*****.**', data[0]['email'])
self.assertTrue(data[0]['is_active'])
self.assertFalse(data[0]['admin'])
self.assertIn('fletcher', data[1]['username'])
self.assertIn('*****@*****.**', data[1]['email'])
self.assertTrue(data[1]['is_active'])
self.assertFalse(data[1]['admin'])
def test_add_user(self):
"""Ensure a new user can be added to the database."""
add_user('test', '*****@*****.**', 'test')
# update user
user = User.query.filter_by(email='*****@*****.**').first()
user.admin = True
db.session.commit()
with self.client:
token = get_user_token(self.client, '*****@*****.**', 'test')
response = self.client.post(
'/api/users/',
data=json.dumps({
'username': '******',
'email': '*****@*****.**',
'password': '******',
}),
content_type='application/json',
headers={'Authorization': f'Bearer {token}'})
data = json.loads(response.data.decode())
self.assertEqual(response.status_code, 201)
self.assertIn('*****@*****.**', data['email'])
self.assertNotIn('password', data)