Example #1
0
def test_edit_user_change_pass_no_match(client):
    create_user(username="******", role=2)
    header = get_access_token_header(username="******")
    data = {"password": "******", "confirm_password": "******"}
    resp = client.put("auth/users/tester/", headers=header, json=data)
    assert resp.status == BADPARAMETER and resp.get_json(
    )['msg'] == PASSWORD_MISSMATCH
Example #2
0
def test_edit_user_admins_edit_administrator(client):
    create_user()
    create_user(username="******", role=2, no_role=True)
    header = get_access_token_header(username="******")
    resp = client.put("auth/users/admin/", headers=header, json=dict())
    assert resp.status == FORBIDDEN and resp.get_json(
    )['msg'] == INSUFFICIENT_CREDENTIALS
Example #3
0
def test_edit_user_no_role(client):
    header = get_access_token_header()
    create_user(username="******", role=2, no_role=True)
    resp = client.put("auth/users/tester/",
                      headers=header,
                      json={"role": "NoMatch"})
    assert resp.status == BADPARAMETER and resp.get_json(
    )['msg'] == ROLE_MISSMATCH
Example #4
0
def test_edit_user_reporter_change_role(client):
    create_user()
    create_user(username="******", role=3, no_role=True)
    header = get_access_token_header(username="******")
    resp = client.put("auth/users/tester/",
                      headers=header,
                      json={"role": "Administrator"})
    assert resp.status == FORBIDDEN and resp.get_json()['msg'] == ADMINS_ONLY
Example #5
0
def test_edit_user_change_role(client):
    header = get_access_token_header()
    create_user(username="******", role=2, no_role=True)
    resp = client.put("auth/users/tester/",
                      headers=header,
                      json={"role": "Reporter"})
    header = get_access_token_header(username="******")
    result = client.get("auth/users/me/", headers=header)
    assert resp.status == INSERTED and result.get_json()['role'] == "Reporter"
Example #6
0
def test_edit_user_admin_change_their_role(client):
    create_user()
    create_user(username="******", role=2, no_role=True)
    header = get_access_token_header(username="******")
    resp = client.put("auth/users/tester/",
                      headers=header,
                      json={"role": "Reporter"})
    assert resp.status == FORBIDDEN and resp.get_json(
    )['msg'] == SOMEONE_ELSE_DO_IT
Example #7
0
def test_edit_user_change_pass(client):
    create_user(username="******", password="******", role=2)
    header = get_access_token_header(username="******")
    data = {
        "password": "******",
        "confirm_password": "******",
        "current_password": "******"
    }
    resp = client.put("auth/users/tester/", headers=header, json=data)
    assert resp.status == INSERTED
Example #8
0
def test_edit_user_change_pass_new_and_current_same(client):
    create_user(username="******", password="******", role=2)
    header = get_access_token_header(username="******")
    data = {
        "password": "******",
        "confirm_password": "******",
        "current_password": "******"
    }
    resp = client.put("auth/users/tester/", headers=header, json=data)
    assert resp.status == BADPARAMETER and resp.get_json(
    )['msg'] == SAME_OLD_NEW_PASSWORD
Example #9
0
def test_edit_user_change_pass_force_password(client):
    create_user(username="******",
                password="******",
                password_change=True,
                role=2)
    header = get_access_token_header(username="******")
    data = {
        "password": "******",
        "confirm_password": "******",
        "current_password": "******"
    }
    resp = client.put("auth/users/tester/", headers=header, json=data)
    result = client.get("auth/users/me/", headers=header)
    assert resp.status == INSERTED and result.get_json(
    )['force_password_change'] == False
Example #10
0
def test_edit_user_change_lastname(client):
    header = get_access_token_header()
    data = {"last_name": "admin"}
    resp = client.put("auth/users/admin/", headers=header, json=data)
    assert resp.status == INSERTED
Example #11
0
def test_edit_user_reporter_edit_someone_else(client):
    create_user()
    create_user(username="******", role=3, no_role=True)
    header = get_access_token_header(username="******")
    resp = client.put("auth/users/admin/", headers=header, json=dict())
    assert resp.status == FORBIDDEN and resp.get_json()['msg'] == ADMINS_ONLY
Example #12
0
def test_edit_user_no_user(client):
    header = get_access_token_header()
    resp = client.put("auth/users/tester/", headers=header, json=dict())
    assert resp.status == BADPARAMETER and resp.get_json(
    )['msg'] == NO_USER_FOUND