def test_search_multiple_query_parameters(database, domain, cleanup): __create_roles(database) users = UserManager(database) __create_user_samples(domain, users) owner_user_id = users.query(email="*****@*****.**")[0].id # Correct msg_content = { "email": "*****@*****.**", "role": 2, "current_user": owner_user_id, } response = build_syft_msg(domain, SearchUsersMessage, msg_content, generic_key) assert response.status_code == 200 search_result = response.content assert len(search_result) == 1 assert search_result[0]["email"] == "*****@*****.**" assert search_result[0]["role"] == 2 # Wrong msg_content = { "email": "*****@*****.**", "role": 1, "current_user": owner_user_id, } response = build_syft_msg(domain, SearchUsersMessage, msg_content, generic_key) assert response.status_code == 200 assert response.content == {}
def test_search_unique_query(database, domain, cleanup): __create_roles(database) users = UserManager(database) __create_user_samples(domain, users) owner_user_id = users.query(email="*****@*****.**")[0].id msg_content = {"email": "*****@*****.**", "current_user": owner_user_id} response = build_syft_msg(domain, SearchUsersMessage, msg_content, generic_key) assert response.status_code == 200 search_result = response.content print("Result: ", search_result) assert len(search_result) == 1 assert search_result[0]["email"] == "*****@*****.**" assert search_result[0]["role"] == 2 msg_content = {"role": 2, "current_user": owner_user_id} response = build_syft_msg(domain, SearchUsersMessage, msg_content, generic_key) assert response.status_code == 200 search_result = response.content assert len(search_result) == 1 assert search_result[0]["email"] == "*****@*****.**" assert search_result[0]["role"] == 2
def test_search_query_mutual_parameter_values(database, domain, cleanup): __create_roles(database) users = UserManager(database) __create_user_samples(domain, users) new_user_content = { "email": "*****@*****.**", "password": "******", } response = build_syft_msg(domain, CreateUserMessage, new_user_content, generic_key) assert response.status_code == 200 owner_user_id = users.query(email="*****@*****.**")[0].id # Correct msg_content = {"role": 2, "current_user": owner_user_id} response = build_syft_msg(domain, SearchUsersMessage, msg_content, generic_key) assert response.status_code == 200 search_result = response.content assert len(search_result) == 2 assert search_result[0]["email"] == "*****@*****.**" assert search_result[0]["role"] == 2 assert search_result[1]["email"] == "*****@*****.**" assert search_result[1]["role"] == 2
def test_get_all_users_with_permission(database, domain, cleanup): __create_roles(database) users = UserManager(database) __create_user_samples(domain, users) owner_user_id = users.query(email="*****@*****.**")[0].id msg_content = {"current_user": owner_user_id} response = build_syft_msg(domain, GetUsersMessage, msg_content, generic_key) assert response.status_code == 200 assert len(response.content) == 3 retrieved_user = response.content[0] assert retrieved_user["email"] == "*****@*****.**" assert retrieved_user["id"] == 1 assert retrieved_user["role"] == 1 retrieved_user = response.content[1] assert retrieved_user["email"] == "*****@*****.**" assert retrieved_user["id"] == 2 assert retrieved_user["role"] == 2 retrieved_user = response.content[2] assert retrieved_user["email"] == "*****@*****.**" assert retrieved_user["id"] == 3 assert retrieved_user["role"] == 3
def test_search_users_without_permission(database, domain, cleanup): __create_roles(database) users = UserManager(database) __create_user_samples(domain, users) std_user_id = users.query(email="*****@*****.**")[0].id msg_content = {"email": "*****@*****.**", "current_user": std_user_id} try: build_syft_msg(domain, DeleteUserMessage, msg_content, generic_key) pytest.fail("We shouldn't execute this line!") except Exception as e: assert str(e) == "You're not allowed to delete this user information!"
def test_delete_user_with_invalid_user_id(database, domain, cleanup): __create_roles(database) users = UserManager(database) __create_user_samples(domain, users) owner_user_id = users.query(email="*****@*****.**")[0].id msg_content = {"user_id": "10", "current_user": owner_user_id} try: build_syft_msg(domain, DeleteUserMessage, msg_content, generic_key) pytest.fail("We shouldn't execute this line!") except Exception as e: assert str(e) == "User not found!"
def test_delete_user_with_permission(database, domain, cleanup): __create_roles(database) users = UserManager(database) __create_user_samples(domain, users) owner_user_id = users.query(email="*****@*****.**")[0].id std_user_id = users.query(email="*****@*****.**")[0].id msg_content = {"user_id": std_user_id, "current_user": owner_user_id} response = build_syft_msg(domain, DeleteUserMessage, msg_content, generic_key) assert response.status_code == 200 assert {"msg": "User deleted successfully!"} == { "msg": "User deleted successfully!" }
def test_delete_owner_with_admin_permission(database, domain, cleanup): __create_roles(database) users = UserManager(database) __create_user_samples(domain, users) owner_user_id = users.query(email="*****@*****.**")[0].id admin_user_id = users.query(email="*****@*****.**")[0].id msg_content = {"user_id": owner_user_id, "current_user": admin_user_id} try: response = build_syft_msg(domain, DeleteUserMessage, msg_content, generic_key) pytest.fail("We shouldn't execute this line!") except Exception as e: assert str(e) == "You're not allowed to delete this user information!"
def test_update_empty_body(database, domain, cleanup): __create_roles(database) users = UserManager(database) __create_user_samples(domain, users) # Correct owner_user_id = users.query(email="*****@*****.**")[0].id msg_content = { "user_id": "56", "current_user": owner_user_id, } try: build_syft_msg(domain, UpdateUserMessage, msg_content, generic_key) pytest.fail("We shouldn't execute this line!") except Exception as e: assert str(e) == "Missing json fields ( email,password,role,groups )"
def test_register_new_user(database, cleanup): users = UserManager(database) test_role = create_role(*user_role) user = users.register( email="*****@*****.**", hashed_password="******", salt="aifhaufa", private_key="afihauhfao", role=test_role.id, ) assert user.email == "*****@*****.**" assert user.hashed_password == "aifhufhaf" assert user.salt == "aifhaufa" assert user.private_key == "afihauhfao" assert user.role == test_role.id
def test_create_second_user(database, domain, cleanup): __create_roles(database) users = UserManager(database) first_user_content = { "email": "*****@*****.**", "password": "******", } response = build_syft_msg( domain, CreateUserMessage, first_user_content, generic_key ) # Check database assert len(users) == 1 user = users.query(email="*****@*****.**")[0] assert user.email == "*****@*****.**" assert users.login(email="*****@*****.**", password="******") assert users.role(user_id=user.id).name == "Owner" assert users.role(user_id=user.id).can_create_users assert users.role(user_id=user.id).can_triage_requests # Check message response assert response.status_code == 200 second_user_content = { "email": "*****@*****.**", "password": "******", } response = build_syft_msg( domain, CreateUserMessage, second_user_content, generic_key ) # Check database assert len(users) == 2 user = users.query(email="*****@*****.**")[0] assert user.email == "*****@*****.**" assert users.login(email="*****@*****.**", password="******") assert users.role(user_id=user.id).name == "User" assert not users.role(user_id=user.id).can_create_users assert not users.role(user_id=user.id).can_triage_requests # Check message response assert response.status_code == 200
def test_update_its_own_user_password(database, domain, cleanup): __create_roles(database) users = UserManager(database) __create_user_samples(domain, users) # Correct std_user_id = users.query(email="*****@*****.**")[0].id msg_content = { "user_id": std_user_id, "password": "******", "current_user": std_user_id, } response = build_syft_msg(domain, UpdateUserMessage, msg_content, generic_key) assert response.status_code == 200 assert response.content == {"message": "User updated successfully!"} assert users.login(email="*****@*****.**", password="******")
def test_update_role_without_permission(database, domain, cleanup): __create_roles(database) users = UserManager(database) __create_user_samples(domain, users) # Correct std_user_id = users.query(email="*****@*****.**")[0].id msg_content = { "user_id": std_user_id, "role": "2", "current_user": std_user_id, } try: build_syft_msg(domain, UpdateUserMessage, msg_content, generic_key) pytest.fail("We shouldn't execute this line!") except Exception as e: assert str(e) == "You're not allowed to change User roles!"
def test_update_to_invalid_role(database, domain, cleanup): __create_roles(database) users = UserManager(database) __create_user_samples(domain, users) # Correct std_user_id = users.query(email="*****@*****.**")[0].id owner_user_id = users.query(email="*****@*****.**")[0].id msg_content = { "user_id": std_user_id, "role": "InvalidRole", "current_user": owner_user_id, } try: build_syft_msg(domain, UpdateUserMessage, msg_content, generic_key) pytest.fail("We shouldn't execute this line!") except Exception as e: assert str(e) == "Role ID not found!"
def test_update_to_owner_role(database, domain, cleanup): __create_roles(database) users = UserManager(database) __create_user_samples(domain, users) # Correct std_user_id = users.query(email="*****@*****.**")[0].id admin_user = users.query(email="*****@*****.**")[0].id msg_content = { "user_id": std_user_id, "role": "1", "current_user": admin_user, } try: build_syft_msg(domain, UpdateUserMessage, msg_content, generic_key) pytest.fail("We shouldn't execute this line!") except Exception as e: assert str(e) == "You can't change it to Owner role!"
def test_create_second_user_with_role_and_permission(database, domain, cleanup): __create_roles(database) users = UserManager(database) request_content = { "email": "*****@*****.**", "password": "******", } response = build_syft_msg(domain, CreateUserMessage, request_content, generic_key) # Check database assert len(users) == 1 user = users.query(email="*****@*****.**")[0] assert user.email == "*****@*****.**" assert users.login(email="*****@*****.**", password="******") assert users.role(user_id=user.id).name == "Owner" assert users.role(user_id=user.id).can_create_users # Check message response assert response.status_code == 200 owner_id = str(users.query(email="*****@*****.**")[0].id) second_user_content = { "email": "*****@*****.**", "password": "******", "role": "Administrator", "current_user": owner_id, } response = build_syft_msg(domain, CreateUserMessage, second_user_content, generic_key) # Check database assert len(users) == 2 user = users.query(email="*****@*****.**")[0] assert user.email == "*****@*****.**" assert users.login(email="*****@*****.**", password="******") assert users.role(user_id=user.id).name == "Administrator" assert users.role(user_id=user.id).can_create_users == True # Check message response assert response.status_code == 200
def test_signup(database, cleanup): users = UserManager(database) user_role_obj = create_role(*user_role) users.signup( email="*****@*****.**", password="******", role=user_role_obj.id, private_key="aghuehffadawe", verify_key="aufhyfaeiiead", ) user = users.query(email="*****@*****.**")[0] assert user.email == "*****@*****.**" assert user.role == user_role_obj.id assert checkpw( "qrjhsiofjadasd".encode("UTF-8"), user.salt.encode("UTF-8") + user.hashed_password.encode("UTF-8"), )
def test_create_first_user_msg(database, domain, cleanup): __create_roles(database) users = UserManager(database) request_content = { "email": "*****@*****.**", "password": "******", } response = build_syft_msg(domain, CreateUserMessage, request_content, generic_key) # Check database assert len(users) == 1 user = users.query(email="*****@*****.**")[0] assert user.email == "*****@*****.**" assert users.login(email="*****@*****.**", password="******") assert users.role(user_id=user.id).name == "Owner" # Check message response assert response.status_code == 200 assert database.session().query(Role).get(user.role).name == "Owner"
def test_login(database, cleanup): users = UserManager(database) user_role_obj = create_role(*user_role) users.signup( email="*****@*****.**", password="******", role=user_role_obj.id, private_key="aghuehffadawe", verify_key="aiehufaefhuada", ) # Success user = users.login(email="*****@*****.**", password="******") # Wrong e-mail with pytest.raises(InvalidCredentialsError) as exc: users.login(email="*****@*****.**", password="******") # Wrong password with pytest.raises(InvalidCredentialsError) as exc: users.login(email="*****@*****.**", password="******")
def test_create_second_user_with_owner_role_name(database, domain, cleanup): __create_roles(database) users = UserManager(database) owner_content = { "email": "*****@*****.**", "password": "******", } response = build_syft_msg(domain, CreateUserMessage, owner_content, generic_key) # Check database assert len(users) == 1 user = users.query(email="*****@*****.**")[0] assert user.email == "*****@*****.**" assert users.login(email="*****@*****.**", password="******") assert users.role(user_id=user.id).name == "Owner" assert users.role(user_id=user.id).can_create_users assert users.role(user_id=user.id).can_triage_requests # Check message response assert response.status_code == 200 owner_id = str(users.query(email="*****@*****.**")[0].id) second_user_content = { "email": "*****@*****.**", "password": "******", "role": "Owner", "current_user": owner_id, } try: build_syft_msg(domain, CreateUserMessage, second_user_content, generic_key) pytest.fail("We shouldn't execute this line!") except Exception as e: assert str(e) == 'You can\'t create a new User with "Owner" role!' # Check database assert len(users) == 1
def test_query_new_user(database, cleanup): users = UserManager(database) test_role = create_role(*user_role) user1 = { "email": "*****@*****.**", "hashed_password": "******", "salt": "diwriqjroqds", "private_key": "rweqoasnfa", "role": test_role.id, } user2 = { "email": "*****@*****.**", "hashed_password": "******", "salt": "dgfgsgwrwers", "private_key": "AHEIJASDAEW", "role": test_role.id, } db_user1 = users.register(**user1) db_user2 = users.register(**user2) # Test every database field, except role id for key, value in list(user1.items())[:-1]: query_result_1 = users.query(**{key: value}) assert len(query_result_1) == 1 query_result_1 = query_result_1[0] assert query_result_1.email == db_user1.email assert query_result_1.hashed_password == db_user1.hashed_password assert query_result_1.salt == db_user1.salt assert query_result_1.private_key == db_user1.private_key assert query_result_1.role == db_user1.role for key, value in list(user2.items())[:-1]: query_result_2 = users.query(**{key: value}) assert len(query_result_2) == 1 query_result_2 = query_result_2[0] assert query_result_2.email == db_user2.email assert query_result_2.hashed_password == db_user2.hashed_password assert query_result_2.salt == db_user2.salt assert query_result_2.private_key == db_user2.private_key assert query_result_2.role == db_user2.role query_result_3 = users.query(role=test_role.id) assert len(query_result_3) == 2
def test_set_email(database, cleanup): users = UserManager(database) test_role = create_role(*user_role) user1 = { "email": "*****@*****.**", "hashed_password": "******", "salt": "diwriqjroqds", "private_key": "rweqoasnfa", "role": test_role.id, } db_user1 = users.register(**user1) assert users.query(id=db_user1.id)[0].email == "*****@*****.**" users.set(user_id=db_user1.id, email="*****@*****.**") assert users.query(id=db_user1.id)[0].email == "*****@*****.**"
def test_set_role(database, cleanup): users = UserManager(database) user_role_obj = create_role(*user_role) admin_role_obj = create_role(*admin_role) user1 = { "email": "*****@*****.**", "hashed_password": "******", "salt": "diwriqjroqds", "private_key": "rweqoasnfa", "role": user_role_obj.id, } db_user1 = users.register(**user1) assert users.query(id=db_user1.id)[0].role == user_role_obj.id users.set(user_id=db_user1.id, role=admin_role_obj.id) assert users.query(id=db_user1.id)[0].role == admin_role_obj.id
def test_update_role_with_permission(database, domain, cleanup): __create_roles(database) users = UserManager(database) __create_user_samples(domain, users) # Correct std_user_id = users.query(email="*****@*****.**")[0].id owner_user_id = users.query(email="*****@*****.**")[0].id msg_content = { "user_id": std_user_id, "role": "3", "current_user": owner_user_id, } response = build_syft_msg(domain, UpdateUserMessage, msg_content, generic_key) assert response.status_code == 200 assert response.content == {"message": "User updated successfully!"} user = users.query(email="*****@*****.**")[0] assert user.email == "*****@*****.**" assert users.role(user_id=user.id).name == "Administrator"
def test_update_its_own_user_email(database, domain, cleanup): __create_roles(database) users = UserManager(database) __create_user_samples(domain, users) # Correct std_user_id = users.query(email="*****@*****.**")[0].id msg_content = { "user_id": std_user_id, "email": "*****@*****.**", "current_user": std_user_id, } response = build_syft_msg(domain, UpdateUserMessage, msg_content, generic_key) assert response.status_code == 200 assert response.content == {"message": "User updated successfully!"} # Old email will no longer exist with pytest.raises(UserNotFoundError) as exc: users.query(email="*****@*****.**") assert len(users.query(email="*****@*****.**")) == 1
def test_create_user_manager(database, cleanup): users = UserManager(database)
def test_update_user_group(database, domain, cleanup): __create_roles(database) users = UserManager(database) groups = GroupManager(database) __create_user_samples(domain, users) # Create Group Samples group1 = groups.register(name="Group A") group2 = groups.register(name="Group B") group3 = groups.register(name="Group C") # Correct std_user_id = users.query(email="*****@*****.**")[0].id admin_user = users.query(email="*****@*****.**")[0].id msg_content = { "user_id": std_user_id, "groups": [group1.id], "current_user": admin_user, } assert ( len( database.session.query(UserGroup) .filter_by(user=std_user_id, group=group1.id) .all() ) == 0 ) response = build_syft_msg(domain, UpdateUserMessage, msg_content, generic_key) assert response.status_code == 200 assert response.content == {"message": "User updated successfully!"} assert ( len( database.session.query(UserGroup) .filter_by(user=std_user_id, group=group1.id) .all() ) == 1 ) assert ( database.session.query(UserGroup) .filter_by(user=std_user_id, group=group1.id) .first() .id == group1.id ) msg_content = { "user_id": std_user_id, "groups": [group2.id, group3.id], "current_user": admin_user, } response = build_syft_msg(domain, UpdateUserMessage, msg_content, generic_key) assert response.status_code == 200 assert response.content == {"message": "User updated successfully!"} assert ( len( database.session.query(UserGroup) .filter_by(user=std_user_id, group=group1.id) .all() ) == 0 ) assert len(database.session.query(UserGroup).filter_by(user=std_user_id).all()) == 2 assert ( len( database.session.query(UserGroup) .filter_by(user=std_user_id, group=group2.id) .all() ) == 1 ) assert ( len( database.session.query(UserGroup) .filter_by(user=std_user_id, group=group3.id) .all() ) == 1 ) msg_content = { "user_id": admin_user, "groups": [group2.id], "current_user": admin_user, } response = build_syft_msg(domain, UpdateUserMessage, msg_content, generic_key) assert response.status_code == 200 assert response.content == {"message": "User updated successfully!"} assert len(database.session.query(UserGroup).filter_by(group=group2.id).all()) == 2