def test_when_logged_in_form_is_available(self):
user = create_user()
login_user(user.id)
response = self.send_request(user_id=user.id)
assert response.status_code == 200
def test_when_logged_in_endpoint_is_available(self):
old_password = '******'
new_password = '******'
user = create_user()
password_service.create_password_hash(user.id, old_password)
login_user(user.id)
credential_before = self.find_credential(user.id)
assert credential_before is not None
session_token_before = self.find_session_token(user.id)
assert session_token_before is not None
form_data = {
'old_password': old_password,
'new_password': new_password,
'new_password_confirmation': new_password,
}
response = self.send_request(form_data, user_id=user.id)
assert response.status_code == 302
assert response.headers.get(
'Location') == 'http://example.com/authentication/login'
credential_after = self.find_credential(user.id)
session_token_after = self.find_session_token(user.id)
assert credential_after is not None
assert credential_before.password_hash != credential_after.password_hash
assert credential_before.updated_at != credential_after.updated_at
# Session token should have been removed after password change.
assert session_token_after is None
def test_when_logged_in(self):
user = create_user('McFly')
login_user(user.id)
response = self.send_request(user_id=user.id)
assert response.status_code == 200
assert response.mimetype == 'text/html'
def create_admin(self):
admin = create_user('Admin')
permission_ids = {'admin.access', 'shop_order.view'}
assign_permissions_to_user(admin.id, 'admin', permission_ids)
login_user(admin.id)
return admin
def create_admin(self):
admin = create_user('Admin')
permission_ids = {'admin.access', 'newsletter.export_subscribers'}
assign_permissions_to_user(admin.id, 'admin', permission_ids)
login_user(admin.id)
return admin
def request_view(self, current_user, order_id):
login_user(current_user.id)
url = '/shop/orders/{}'.format(str(order_id))
with http_client(self.app, user_id=current_user.id) as client:
response = client.get(url)
return response
def test_user_should_create_review_if_already_did(client, db):
helpers.create_user(client)
helpers.login_user(client)
helpers.insert_complete_restaurant(db)
create_review(client)
res = create_review(client, rating=3)
assert res.status_code == 200
assert b"You already reviewed this restaraunt"
def test_user_should_see_review_form(client, db):
helpers.create_user(client)
helpers.login_user(client)
helpers.insert_complete_restaurant(db)
res = visit_restaurant_page(client)
assert res.status_code == 200
assert b"Add your review" in res.data
assert b"Your rating" in res.data
assert b"Your review" in res.data
def send_request(self, recipient_id, text, *, current_user_id=None):
url = '/user_messages/to/{}/create'.format(recipient_id)
form_data = {
'body': text,
}
if current_user_id is not None:
login_user(current_user_id)
with http_client(self.app, user_id=current_user_id) as client:
return client.post(url, data=form_data)
def create_admin(self):
admin = create_user('Admin')
permission_ids = {
'admin.access',
'shop_order.cancel',
'shop_order.mark_as_paid',
}
assign_permissions_to_user(admin.id, 'admin', permission_ids)
login_user(admin.id)
return admin
def test_user_should_create_review(client, db):
helpers.create_user(client)
helpers.login_user(client)
helpers.insert_complete_restaurant(db)
res = create_review(client)
assert res.status_code == 200
assert b"mario" in res.data
assert b"5" in res.data
assert (
b"It was a delicious dinner, but initially the service was not so excellent in the speed of serving the meals."
in res.data)
def test_user_should_not_create_review_when_message_is_less_than_30_character(
client, db):
helpers.create_user(client)
helpers.login_user(client)
helpers.insert_complete_restaurant(db)
res = client.post(
"/restaurants/1",
data=dict(rating=4, message="It was a"),
follow_redirects=True,
)
assert res.status_code == 200
assert b"The review should be at least of 30 characters." in res.data
def test_when_logged_in(self):
user = create_user('McFly')
login_user(user.id)
response = self.send_request(user_id=user.id)
assert response.status_code == 200
assert response.content_type == CONTENT_TYPE_JSON
assert response.mimetype == CONTENT_TYPE_JSON
response_data = response.json
assert response_data['id'] == str(user.id)
assert response_data['screen_name'] == user.screen_name
assert response_data['avatar_url'] is None
def setUp(self):
super().setUp()
self.admin = create_user('Admin')
login_user(self.admin.id)
self.user = create_user('User')
self.brand = create_brand()
party = create_party(brand_id=self.brand.id)
create_email_config()
create_site(party.id)
self.board = create_board(self.brand.id)
site_settings_service \
.create_setting('acmecon-2014-website', 'board_id', self.board.id)
def test_non_registered_user_login(self):
""" Test for login of non-registered user """
with self.client:
response = login_user(self, '*****@*****.**', '123456')
data = json.loads(response.get_data().decode())
self.assertTrue(data['status'] == 'fail')
self.assertTrue(data['message'] == 'User does not exist.')
self.assertTrue(response.content_type == 'application/json')
self.assertEqual(response.status_code,
html_codes.HTTP_BAD_NOTFOUND)
def test_login_success(client):
username = "******"
email = "*****@*****.**"
password = "******"
signup_user(client=client,
username=username,
email=email,
password=password)
response = login_user(client=client, username=username, password=password)
assert_success_200(response)
data = json.loads(response.data)
assert data["token"]
def test_login_bad_credentials(client):
username = "******"
email = "*****@*****.**"
password = "******"
signup_user(client=client,
username=username,
email=email,
password=password)
response = login_user(client=client,
username=username,
password="******")
assert_error(response, 401)
data = json.loads(response.data)
assert data["errorCode"] == "INVALID_CREDENTIALS"
assert not "token" in data
def test_registered_user_login(self):
""" Test for login of registered-user login """
with self.client:
# user registration
register_user(self, '*****@*****.**', '123456')
# registered user login
response = login_user(self, '*****@*****.**', '123456')
data = json.loads(response.get_data().decode())
self.assertTrue(data['status'] == 'success')
self.assertTrue(data['message'] == 'Successfully logged in.')
self.assertTrue(data['auth_token'])
self.assertTrue(data['token_max_age'])
self.assertTrue(response.content_type == 'application/json')
self.assertEqual(response.status_code,
html_codes.HTTP_OK_BASIC)
def test_protected_get_data(self):
""" Test for protected api against user with permissions """
with self.client:
# user login
resp_login = login_user(self, '*****@*****.**',
'TestTourister2017@')
# valid api call
resp_get_data = self.client.get(
'/api/protected_get_data',
headers={
'Authentication-Token':
'Bearer ' +
json.loads(resp_login.get_data().decode())['auth_token']
})
data_api = json.loads(resp_get_data.get_data().decode())
self.assertTrue(data_api['Heroes'])
def test_get_data(self):
""" Test for guarded api """
with self.client:
# user login
resp_login = login_user(self, '*****@*****.**',
'TestTourister2017@')
data = json.loads(resp_login.get_data().decode())
# valid api call
resp_get_data = self.client.get('/api/get_data',
headers={
'Authentication-Token':
'Bearer ' + data['auth_token']
})
data_api = json.loads(resp_get_data.get_data().decode())
self.assertTrue(data_api['Heroes'])
self.assertEqual(resp_get_data.status_code,
html_codes.HTTP_OK_BASIC)
def test_valid_logout(self):
""" Test for logout before token expires """
with self.client:
# user login
resp_login = login_user(
self,
'*****@*****.**',
'TestTourister2017@'
)
data_login = json.loads(resp_login.get_data().decode())
# valid token logout
resp_logout = self.client.post(
'/auth/logout',
headers={
'Authentication-Token': 'Bearer ' +
data_login['auth_token']
}
)
data_logout = json.loads(resp_logout.get_data().decode())
self.assertTrue(data_logout['status'] == 'success')
self.assertTrue(
data_logout['message'] == 'Successfully logged out.'
)
self.assertEqual(resp_logout.status_code,
html_codes.HTTP_OK_BASIC)
# try to access guarded endpoint again
response = self.client.post(
'/auth/logout',
headers={
'Authentication-Token': 'Bearer ' +
data_login['auth_token']
}
)
data = json.loads(response.get_data().decode())
self.assertTrue(data['status'] == 'fail')
self.assertTrue(
data['message'] == 'Token blacklisted. Please log in again.'
)
self.assertEqual(response.status_code,
html_codes.HTTP_BAD_UNAUTHORIZED)
def test_protected_get_data(self):
""" Test for protected api against user with permissions """
with self.client:
# user login
resp_login = login_user(
self,
'*****@*****.**',
'TestTourister2017@'
)
# valid api call
resp_get_data = self.client.get(
'/api/protected_get_data',
headers={
'Authentication-Token': 'Bearer ' + json.loads(
resp_login.get_data().decode()
)['auth_token']
}
)
data_api = json.loads(resp_get_data.get_data().decode())
self.assertTrue(
data_api['Heroes']
)
def test_get_data(self):
""" Test for guarded api """
with self.client:
# user login
resp_login = login_user(
self,
'*****@*****.**',
'TestTourister2017@'
)
data = json.loads(resp_login.get_data().decode())
# valid api call
resp_get_data = self.client.get(
'/api/get_data',
headers={
'Authentication-Token': 'Bearer ' + data['auth_token']
}
)
data_api = json.loads(resp_get_data.get_data().decode())
self.assertTrue(
data_api['Heroes']
)
self.assertEqual(resp_get_data.status_code,
html_codes.HTTP_OK_BASIC)
def create_player(self):
player = create_user()
login_user(player.id)
return player
def setup_orderer(self):
self.orderer = create_user()
login_user(self.orderer.id)
