def test_duplicate_user(self):
"""
Test trying to register a duplicate user
"""
json_resp = make_user(self.client)
json_resp = make_user(self.client, username='******')
# email should be taken
self.assertEqual(json_resp['status'], 'email taken')
# check only one user in the db
self.assertEqual(User.query.count(), 1)
# username should be taken
json_resp = make_user(self.client, email='*****@*****.**')
# check api response
self.assertEqual(json_resp['status'], 'username taken')
def test_user_by_username(self):
"""
Test retrieving user by username
"""
username = make_user(self.client)['username']
resp = self.client.get('/user/' + username, headers=api_headers())
json_resp = json.loads(resp.data.decode('utf-8'))
self.assertEqual(json_resp['status'], 'user found')
self.assertEqual(json_resp['user']['username'], username)
def test_permissions(self):
"""
Test user permissions
"""
json_resp = make_user(self.client, 'Dan')
user = User.query.filter_by(username='******').one()
self.assertEqual(len(user.permissions), 2)
perms = [p.name for p in user.permissions]
self.assertIn('users_view_me', perms)
self.assertIn('points_create', perms)
def test_permissions(self):
"""
Test the authorization permissions in the JWT
"""
json_resp = make_user(self.client, 'test')
# get a token
resp = self.client.post('/auth',
headers=api_headers(),
data=json.dumps({
'username': '******',
'password': '******'
}))
json_resp = json.loads(resp.data.decode('utf-8'))['access_token']
token = jwt.decode(json_resp, 'secret', algorithms=['HS256'])
self.assertIn('permissions', token['identity'])
def test_new_user(self):
"""
Test user creation via REST API
"""
json_resp = make_user(self.client)
# check api response
self.assertEqual(json_resp['status'], 'user registered')
self.assertEqual(json_resp['username'], 'Dan')
# check that user is in database
self.assertEqual(User.query.count(), 1)
# check malformed query
resp = self.client.post('/user/',
headers=api_headers(),
data=json.dumps({'username': '******'}))
json_resp = json.loads(resp.data.decode('utf-8'))
# check api response
self.assertEqual(resp.status, '400 BAD REQUEST')
self.assertEqual(json_resp['status'], 'missing fields')
self.assertEqual(json_resp['missing'], ['email', 'password'])
def test_jwt(self):
"""
Test generation of JWT token
"""
# create a user
json_resp = make_user(self.client)
resp = self.client.get('/auth/status', headers=api_headers())
json_resp = json.loads(resp.data.decode('utf-8'))
self.assertEqual(json_resp['username'], 'not authenticated')
# get a token
resp = self.client.post('/auth',
headers=api_headers(),
data=json.dumps({
'username': '******',
'password': '******'
}))
json_resp = json.loads(resp.data.decode('utf-8'))
# check status
headers = api_headers()
headers.update({'Authorization': "JWT " + json_resp['access_token']})
resp = self.client.get('/auth/status', headers=headers)
json_resp = json.loads(resp.data.decode('utf-8'))
self.assertEqual(json_resp['username'], 'Dan')