def test_put(self):
        headers = {'Authorization': self.token}
        t_data = deepcopy(self.test_data)
        t_data['username'] = '******'
        t_data['email'] = '*****@*****.**'
        t_data['password'] = '******'
        t_user = User(**t_data)
        t_user.save()
        data = json.dumps(t_data)

        user = User.get_by_id(self.id)
        user.level = 1 
        user.save()

        response = test_app.put(f'/api/v1/user/{str(t_user.id)}',
                                data=data,
                                headers=headers,
                                content_type='application/json')
        json_resp = json.loads(response.data)
        tools.assert_equals(response.status_code, 403)
        tools.assert_equals(json.loads(response.data)['data'],
                            {'msg': 'Don\'t have authority'})
       
        user.level = 9
        user.save()

        t_data['username'] = '******'
        data = json.dumps(t_data)
        response = test_app.put(f'/api/v1/user/{str(t_user.id)}',
                                data=data,
                                headers=headers,
                                content_type='application/json')
        tools.assert_equals(response.status_code, 403)
        tools.assert_equals(json.loads(response.data)['data'],
                            {'msg': 'Can\'t modify username'})

        t_data['password'] = '******'
        t_data['username'] = '******'
        data = json.dumps(t_data)
        response = test_app.put(f'/api/v1/user/{str(t_user.id)}',
                                data=data,
                                headers=headers,
                                content_type='application/json')
        json_resp = json.loads(response.data)
        tools.assert_equals(response.status_code, 200)
        tools.assert_is_not_none(json_resp.get('data'))
        self.username = t_data.get('username')
        self.password = t_data.get('password')
        self.__test_login()
    def test_article_put(self):
        """
        测试edited_article的put接口
        1、测试登录认证
        2、测试权限问题,普通用户不能提交
        """

        user = User.get_by_id(self.user_id)
        user.level = 1
        user.save()

        headers = {'Authorization': self.token}
        t_data = deepcopy(self.test_data2)
        t_user_data = deepcopy(self.test_data1)
        t_article = Article.get_by_id(str(self.article_id_list[0]))

        t_user_data['username'] = '******'
        t_user_data['email'] = '*****@*****.**'
        t_user = User(**t_user_data)
        t_user.save()

        t_data['author'] = str(t_user.id)
        t_data.pop('added')
        data = json.dumps(t_data)

        response = test_app.put(f'/api/v1/article/{str(t_article.id)}',
                                data=data,
                                headers=headers,
                                content_type='application/json')
        tools.assert_equals(response.status_code, 500)
        tools.assert_equals(json.loads(response.data)['data'],
                            {'msg': 'user don\'t has authority'})

        user = User.get_by_id(self.user_id)
        user.level = 9
        user.save()

        response = test_app.put(f'/api/v1/article/{str(t_article.id)}',
                                data=data,
                                headers=headers,
                                content_type='application/json')
        json_resp = json.loads(response.data)
        tools.assert_equals(response.status_code, 200)
        tools.assert_is_not_none(json_resp.get('data'))
        tools.assert_is_not_none(json_resp.get('data').get('id'))
        t_user.delete()
def test_update_cube():
    """
    Tests cube update through API
    """
    # Create cube directly

    cube_id = store(Cube(dimension=4))

    cube = get(cube_id)
    assert cube
    eq_(cube['cube'], {})

    request_body = {'x': 1, 'y': 2, 'z': 3, 'value': 42}
    # Update cube
    response = test_app.put('/cubes/%s' % cube_id, data=json.dumps(request_body), content_type='application/json')

    # Check status code and content type
    _check_content_type(response)
    _check_status_code(response)

    # Check if was actually updated
    cube = get(cube_id)
    eq_(cube['cube']['1']['2']['3'], 42)
Example #4
0
def test_crag_confirmation():
    """
    Tests confirmation functionality and associated deletion permissions of the crag endpoint.
    """
    login_jwts = confirmation_fixture()

    # Create Area
    area_d = dict(name="Nahetal")
    area_rv = test_app.post('%sareas/' % api_prefix, data=area_d,
                            headers=[('loginJWT', login_jwts['login_jwt_author'])])
    check_content_type(area_rv.headers)
    eq_(area_rv.status_code, 201)
    area_resp = json.loads(area_rv.data)['data']

    # Try to POST confirmed not being admin or mod
    d = dict(name="Alter Steinbruch", area_id='%s' % area_resp['id'], confirmed=True)
    rv = test_app.post(endpoint, data=d, headers=[('loginJWT', login_jwts['login_jwt_author'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 401)
    check_error_code(rv.data, "056")

    # POST
    d = dict(name="Alter Steinbruch", area_id='%s' % area_resp['id'])
    rv = test_app.post(endpoint, data=d, headers=[('loginJWT', login_jwts['login_jwt_author'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)
    resp = json.loads(rv.data)['data']

    # GET (empty) collection
    rv = test_app.get(endpoint)
    check_content_type(rv.headers)
    eq_(rv.status_code, 200)
    eq_(len(json.loads(rv.data)['data']), 0)

    # GET (empty) single
    rv = test_app.get('%s%s' % (endpoint, resp['id']))
    check_content_type(rv.headers)
    eq_(rv.status_code, 404)
    check_error_code(rv.data, "034")

    # Try to DELETE by user
    rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=[('loginJWT', login_jwts['login_jwt_user'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 401)
    check_error_code(rv.data, '047')

    # DELETE by admin
    rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=[('loginJWT', login_jwts['login_jwt_admin'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 204)

    # POST again
    d = dict(name="Alter Steinbruch", area_id='%s' % area_resp['id'])
    rv = test_app.post(endpoint, data=d, headers=[('loginJWT', login_jwts['login_jwt_author'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)
    resp = json.loads(rv.data)['data']

    # Try to confirm by author
    d = dict(name="Alter Steinbruch", area_id='%s' % area_resp['id'], confirmed=True)
    rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=[('loginJWT', login_jwts['login_jwt_author'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 401)
    check_error_code(rv.data, '048')

    # Confirm by admin
    d = dict(name="Alter Steinbruch", area_id='%s' % area_resp['id'], confirmed=True)
    rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=[('loginJWT', login_jwts['login_jwt_admin'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)

    # GET one element collection
    rv = test_app.get(endpoint)
    check_content_type(rv.headers)
    eq_(rv.status_code, 200)
    eq_(len(json.loads(rv.data)['data']), 1)

    # GET single
    rv = test_app.get('%s%s' % (endpoint, resp['id']))
    check_content_type(rv.headers)
    eq_(rv.status_code, 200)

    # Try to DELETE by author
    rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=[('loginJWT', login_jwts['login_jwt_author'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 401)
    check_error_code(rv.data, '046')

    # DELETE by admin
    rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=[('loginJWT', login_jwts['login_jwt_admin'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 204)
Example #5
0
def test_crag_endpoints():
    """
    Tests CRUD functionality of the crag endpoint.
    """
    # Create test user and login JWT
    d = dict(nickname="Jule", email="*****@*****.**", password="******", installAdmin=True)
    rv = test_app.post('%susers/' % api_prefix, data=d)
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)
    resp = json.loads(rv.data)['data']
    eq_(resp['nickname'], "Jule")
    eq_(resp['email'], "*****@*****.**")
    ok_(datetime.now() >= datetime.strptime(resp['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))
    encoded_credentials = base64.b64encode('[email protected]:secret123!')
    h = [('Authorization', 'Basic %s' % encoded_credentials)]
    rv = test_app.get('%slogin/' % api_prefix, headers=h)
    eq_(rv.status_code, 200)
    login_jwt = json.loads(rv.data)['data']['loginJWT']
    h = [('loginJWT', login_jwt)]

    # GET (empty) collection
    rv = test_app.get(endpoint)
    check_content_type(rv.headers)
    resp = json.loads(rv.data)['data']
    eq_(rv.status_code, 200)
    eq_(len(resp), 0)

    # POST without existing area
    d = dict(name="Alter Steinbruch", confirmed=True)
    rv = test_app.post(endpoint, data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 400)

    # Create Area
    area_d = dict(name="Nahetal", confirmed=True)
    area_rv = test_app.post('%sareas/' % api_prefix, data=area_d, headers=h)
    check_content_type(area_rv.headers)
    eq_(area_rv.status_code, 201)
    area_resp = json.loads(area_rv.data)['data']

    # POST
    d = dict(name="Alter Steinbruch", area_id='%s' % area_resp['id'], confirmed=True)
    rv = test_app.post(endpoint, data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)
    resp = json.loads(rv.data)['data']
    eq_(resp['name'], "Alter Steinbruch")
    eq_(resp['area']['name'], area_resp['name'])
    eq_(len(resp['blocks']), 0)
    ok_(datetime.now() >= datetime.strptime(resp['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))

    # GET (populated) collection
    rv = test_app.get(endpoint)
    check_content_type(rv.headers)
    resp = json.loads(rv.data)['data']
    eq_(rv.status_code, 200)
    eq_(len(resp), 1)

    # GET non existing single
    rv = test_app.get('%s%s' % (endpoint, 42))
    check_content_type(rv.headers)
    eq_(rv.status_code, 404)
    check_error_code(rv.data, "034")

    # GET single
    rv = test_app.get('%s%s' % (endpoint, resp[0]['id']))
    check_content_type(rv.headers)
    eq_(rv.status_code, 200)
    resp = json.loads(rv.data)['data']
    eq_(resp['name'], "Alter Steinbruch")
    ok_(datetime.now() >= datetime.strptime(resp['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))

    # PUT
    d = dict(name="Klein Bleau", area_id='%s' % area_resp['id'])
    rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)
    resp = json.loads(rv.data)['data']
    eq_(resp['name'], "Klein Bleau")
    ok_(datetime.strptime(resp['time_updated'][:-6], '%a, %d %b %Y %H:%M:%S') >= datetime.strptime(
            resp['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))

    # GET (updated) single
    rv = test_app.get('%s%s' % (endpoint, resp['id']))
    check_content_type(rv.headers)
    eq_(rv.status_code, 200)
    resp = json.loads(rv.data)['data']
    eq_(resp['name'], "Klein Bleau")

    # PUT non existing
    d = dict(name="Klein Bleau", area_id='%s' % area_resp['id'])
    rv = test_app.put('%s%s' % (endpoint, 42), data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 404)
    check_error_code(rv.data, "070")

    # POST duplicate
    rv = test_app.post(endpoint, data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 500)

    # DELETE single
    rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 204)

    # DELETE non existing single
    rv = test_app.delete('%s%s' % (endpoint, 42), headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 404)
    check_error_code(rv.data, "035")

    # GET (empty) collection
    rv = test_app.get(endpoint)
    check_content_type(rv.headers)
    resp = json.loads(rv.data)['data']
    eq_(rv.status_code, 200)
    eq_(len(resp), 0)
Example #6
0
def test_boulder_confirmation():
    """
    Tests confirmation functionality and associated deletion permissions of the boulder endpoint.
    """
    login_jwts = confirmation_fixture()

    # Create Area
    area_d = dict(name="Eifel")
    area_rv = test_app.post('%sareas/' % api_prefix, data=area_d,
                            headers=[('loginJWT', login_jwts['login_jwt_author'])])
    check_content_type(area_rv.headers)
    eq_(area_rv.status_code, 201)
    area_resp = json.loads(area_rv.data)['data']

    # Create Crag
    crag_d = dict(name="Glees", area_id='%s' % area_resp['id'])
    crag_rv = test_app.post('%scrags/' % api_prefix, data=crag_d,
                            headers=[('loginJWT', login_jwts['login_jwt_author'])])
    check_content_type(crag_rv.headers)
    eq_(crag_rv.status_code, 201)
    crag_resp = json.loads(crag_rv.data)['data']

    # Create Block
    block_d = dict(name="Bleausard", crag_id='%s' % crag_resp['id'])
    block_rv = test_app.post('%sblocks/' % api_prefix, data=block_d,
                             headers=[('loginJWT', login_jwts['login_jwt_author'])])
    check_content_type(block_rv.headers)
    eq_(block_rv.status_code, 201)
    block_resp = json.loads(block_rv.data)['data']

    # Try to POST confirmed not being admin or mod
    d = dict(name="Es", grade="7b+", block_id='%s' % block_resp['id'], confirmed=True)
    rv = test_app.post(endpoint, data=d, headers=[('loginJWT', login_jwts['login_jwt_author'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 401)
    check_error_code(rv.data, "058")

    # POST
    d = dict(name="Es", grade="7b+", block_id='%s' % block_resp['id'])
    rv = test_app.post(endpoint, data=d, headers=[('loginJWT', login_jwts['login_jwt_author'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)
    resp = json.loads(rv.data)['data']

    # GET (empty) collection
    rv = test_app.get(endpoint)
    check_content_type(rv.headers)
    eq_(rv.status_code, 200)
    eq_(len(json.loads(rv.data)['data']), 0)

    # GET (empty) single
    rv = test_app.get('%s%s' % (endpoint, resp['id']))
    check_content_type(rv.headers)
    eq_(rv.status_code, 404)
    check_error_code(rv.data, "032")

    # Try to DELETE by user
    rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=[('loginJWT', login_jwts['login_jwt_user'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 401)
    check_error_code(rv.data, '053')

    # DELETE by admin
    rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=[('loginJWT', login_jwts['login_jwt_admin'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 204)

    # POST again
    d = dict(name="Es", grade="7b+", block_id='%s' % block_resp['id'])
    rv = test_app.post(endpoint, data=d, headers=[('loginJWT', login_jwts['login_jwt_author'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)
    resp = json.loads(rv.data)['data']

    # Try to confirm by author
    d = dict(name="Es", grade="7b+", block_id='%s' % block_resp['id'], confirmed=True)
    rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=[('loginJWT', login_jwts['login_jwt_author'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 401)
    check_error_code(rv.data, '054')

    # Confirm by admin
    d = dict(name="Es", grade="7b+", block_id='%s' % block_resp['id'], confirmed=True)
    rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=[('loginJWT', login_jwts['login_jwt_admin'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)

    # GET one element collection
    rv = test_app.get(endpoint)
    check_content_type(rv.headers)
    eq_(rv.status_code, 200)
    eq_(len(json.loads(rv.data)['data']), 1)

    # GET single
    rv = test_app.get('%s%s' % (endpoint, resp['id']))
    check_content_type(rv.headers)
    eq_(rv.status_code, 200)

    # Try to DELETE by author
    rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=[('loginJWT', login_jwts['login_jwt_author'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 401)
    check_error_code(rv.data, '052')

    # DELETE by admin
    rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=[('loginJWT', login_jwts['login_jwt_admin'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 204)
Example #7
0
def test_boulder_endpoints():
    """
    Tests CRUD functionality of the boulder endpoint.
    """
    # Create test user and login JWT
    d = dict(nickname="Jule", email="*****@*****.**", password="******", installAdmin=True)
    rv = test_app.post('%susers/' % api_prefix, data=d)
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)
    resp = json.loads(rv.data)['data']
    eq_(resp['nickname'], "Jule")
    eq_(resp['email'], "*****@*****.**")
    ok_(datetime.now() >= datetime.strptime(resp['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))
    encoded_credentials = base64.b64encode('[email protected]:secret123!')
    h = [('Authorization', 'Basic %s' % encoded_credentials)]
    rv = test_app.get('%slogin/' % api_prefix, headers=h)
    eq_(rv.status_code, 200)
    login_jwt = json.loads(rv.data)['data']['loginJWT']
    h = [('loginJWT', login_jwt)]

    # GET (empty) collection
    rv = test_app.get(endpoint)
    check_content_type(rv.headers)
    resp = json.loads(rv.data)['data']
    eq_(rv.status_code, 200)
    eq_(len(resp), 0)

    # POST without existing block
    d = dict(name="Es", confirmed=True)
    rv = test_app.post(endpoint, data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 400)

    # Create Area
    area_d = dict(name="Eifel", confirmed=True)
    area_rv = test_app.post('%sareas/' % api_prefix, data=area_d, headers=h)
    check_content_type(area_rv.headers)
    eq_(area_rv.status_code, 201)
    area_resp = json.loads(area_rv.data)['data']

    # Create Crag
    crag_d = dict(name="Glees", area_id='%s' % area_resp['id'], confirmed=True)
    crag_rv = test_app.post('%scrags/' % api_prefix, data=crag_d, headers=h)
    check_content_type(crag_rv.headers)
    eq_(crag_rv.status_code, 201)
    crag_resp = json.loads(crag_rv.data)['data']

    # Create Block
    block_d = dict(name="Bleausard", crag_id='%s' % crag_resp['id'], confirmed=True)
    block_rv = test_app.post('%sblocks/' % api_prefix, data=block_d, headers=h)
    check_content_type(block_rv.headers)
    eq_(block_rv.status_code, 201)
    block_resp = json.loads(block_rv.data)['data']

    # POST with invalid grade
    d = dict(name="Es", grade="42B+", block_id='%s' % block_resp['id'], confirmed=True)
    rv = test_app.post(endpoint, data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 400)
    check_error_code(rv.data, "059")

    # POST
    d = dict(name="Es", grade="7b+", block_id='%s' % block_resp['id'], confirmed=True)
    rv = test_app.post(endpoint, data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)
    resp = json.loads(rv.data)['data']
    eq_(resp['name'], "Es")
    eq_(resp['grade'], "7B+")
    eq_(resp['block']['name'], block_resp['name'])
    ok_(datetime.now() >= datetime.strptime(resp['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))

    # GET (populated) collection
    rv = test_app.get(endpoint)
    check_content_type(rv.headers)
    resp = json.loads(rv.data)['data']
    eq_(rv.status_code, 200)
    eq_(len(resp), 1)

    # GET non existing single
    rv = test_app.get('%s%s' % (endpoint, 42))
    check_content_type(rv.headers)
    eq_(rv.status_code, 404)
    check_error_code(rv.data, "032")

    # GET single
    rv = test_app.get('%s%s' % (endpoint, resp[0]['id']))
    check_content_type(rv.headers)
    eq_(rv.status_code, 200)
    resp = json.loads(rv.data)['data']
    eq_(resp['name'], "Es")
    ok_(datetime.now() >= datetime.strptime(resp['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))

    # PUT with invalid grade
    d = dict(name="The bittersweet moment of losing", grade="42b", block_id='%s' % block_resp['id'],
             rock_type="Vulkangestein", rock_texture="rauh", height=4.5, beta="Direct", landing_area="Perfekt")
    rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 400)
    check_error_code(rv.data, "060")

    # PUT
    d = dict(name="The bittersweet moment of losing", grade="8b", block_id='%s' % block_resp['id'],
             rock_type="Vulkangestein", rock_texture="rauh", height=4.5, beta="Direct", landing_area="Perfekt")
    rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)
    resp = json.loads(rv.data)['data']
    eq_(resp['name'], "The bittersweet moment of losing")
    eq_(resp['grade'], "8B")
    eq_(resp['rock_type'], "Vulkangestein")
    eq_(resp['rock_texture'], "rauh")
    eq_(resp['beta'], "Direct")
    eq_(resp['landing_area'], "Perfekt")
    eq_(resp['height'], 4.5)
    ok_(datetime.strptime(resp['time_updated'][:-6], '%a, %d %b %Y %H:%M:%S') >= datetime.strptime(
            resp['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))

    # GET (updated) single
    rv = test_app.get('%s%s' % (endpoint, resp['id']))
    check_content_type(rv.headers)
    eq_(rv.status_code, 200)
    resp = json.loads(rv.data)['data']
    eq_(resp['name'], "The bittersweet moment of losing")
    eq_(resp['grade'], "8B")
    eq_(resp['rock_type'], "Vulkangestein")
    eq_(resp['rock_texture'], "rauh")
    eq_(resp['beta'], "Direct")
    eq_(resp['landing_area'], "Perfekt")
    eq_(resp['height'], 4.5)

    # PUT non existing
    d = dict(name="The bittersweet moment of losing", grade="8b", block_id='%s' % block_resp['id'],
             rock_type="Vulkangestein", rock_texture="rauh", height=4.5, beta="Direct", landing_area="Perfekt")
    rv = test_app.put('%s%s' % (endpoint, 42), data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 404)
    check_error_code(rv.data, "071")

    # POST duplicate
    rv = test_app.post(endpoint, data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 500)

    # DELETE single
    rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 204)

    # DELETE non existing single
    rv = test_app.delete('%s%s' % (endpoint, 42), headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 404)
    check_error_code(rv.data, "033")

    # GET (empty) collection
    rv = test_app.get(endpoint)
    check_content_type(rv.headers)
    resp = json.loads(rv.data)['data']
    eq_(rv.status_code, 200)
    eq_(len(resp), 0)
def test_unconfirmed_endpoint():
    """
    Tests functionality of the unconfirmed endpoint.
    """
    login_jwts = confirmation_fixture()
    h = [('loginJWT', login_jwts['login_jwt_author'])]

    # Create Area
    area_d = dict(name="Eifel")
    area_rv = test_app.post('%sareas/' % api_prefix, data=area_d, headers=h)
    check_content_type(area_rv.headers)
    eq_(area_rv.status_code, 201)
    area_resp = json.loads(area_rv.data)['data']

    # Create Crag
    crag_d = dict(name="Glees", area_id='%s' % area_resp['id'])
    crag_rv = test_app.post('%scrags/' % api_prefix, data=crag_d, headers=h)
    check_content_type(crag_rv.headers)
    eq_(crag_rv.status_code, 201)
    crag_resp = json.loads(crag_rv.data)['data']

    # Create Block
    block_d = dict(name="Bleausard", crag_id='%s' % crag_resp['id'])
    block_rv = test_app.post('%sblocks/' % api_prefix, data=block_d, headers=h)
    check_content_type(block_rv.headers)
    eq_(block_rv.status_code, 201)
    block_resp = json.loads(block_rv.data)['data']

    # Create Boulder
    boulder_d = dict(name="Es", grade="7b+", block_id='%s' % block_resp['id'])
    boulder_rv = test_app.post('%sboulders/' % api_prefix, data=boulder_d, headers=h)
    check_content_type(boulder_rv.headers)
    eq_(boulder_rv.status_code, 201)

    # GET collection as author
    rv = test_app.get('%sunconfirmed/' % api_prefix, headers=h)
    check_content_type(rv.headers)
    resp = json.loads(rv.data)['data']
    eq_(rv.status_code, 200)
    eq_(len(resp), 4)

    # GET collection as admin
    rv = test_app.get('%sunconfirmed/' % api_prefix, headers=[('loginJWT', login_jwts['login_jwt_admin'])])
    check_content_type(rv.headers)
    resp = json.loads(rv.data)['data']
    eq_(rv.status_code, 200)
    eq_(len(resp), 4)

    # GET collection as normal user
    rv = test_app.get('%sunconfirmed/' % api_prefix, headers=[('loginJWT', login_jwts['login_jwt_user'])])
    check_content_type(rv.headers)
    resp = json.loads(rv.data)['data']
    eq_(rv.status_code, 200)
    eq_(len(resp), 0)

    # Create Area as user
    area_d = dict(name="Nahetal")
    area_rv = test_app.post('%sareas/' % api_prefix, data=area_d, headers=[('loginJWT', login_jwts['login_jwt_user'])])
    check_content_type(area_rv.headers)
    eq_(area_rv.status_code, 201)

    # Confirm area by admin
    d = dict(name="Eifel", confirmed=True)
    rv = test_app.put('%sareas/%s' % (api_prefix, area_resp['id']), data=d,
                      headers=[('loginJWT', login_jwts['login_jwt_admin'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)

    # GET collection as author
    rv = test_app.get('%sunconfirmed/' % api_prefix, headers=h)
    check_content_type(rv.headers)
    resp = json.loads(rv.data)['data']
    eq_(rv.status_code, 200)
    eq_(len(resp), 3)

    # GET collection as admin
    rv = test_app.get('%sunconfirmed/' % api_prefix, headers=[('loginJWT', login_jwts['login_jwt_admin'])])
    check_content_type(rv.headers)
    resp = json.loads(rv.data)['data']
    eq_(rv.status_code, 200)
    eq_(len(resp), 4)

    # GET collection as normal user
    rv = test_app.get('%sunconfirmed/' % api_prefix, headers=[('loginJWT', login_jwts['login_jwt_user'])])
    check_content_type(rv.headers)
    resp = json.loads(rv.data)['data']
    eq_(rv.status_code, 200)
    eq_(len(resp), 1)
Example #9
0
def test_area_confirmation():
    """
    Tests confirmation functionality and associated deletion permissions of the area endpoint.
    """
    login_jwts = confirmation_fixture()

    # Try to POST confirmed not being admin or mod
    d = dict(name="Nahetal", confirmed=True)
    rv = test_app.post(endpoint, data=d, headers=[('loginJWT', login_jwts['login_jwt_author'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 401)
    check_error_code(rv.data, "055")

    # POST
    d = dict(name="Nahetal")
    rv = test_app.post(endpoint, data=d, headers=[('loginJWT', login_jwts['login_jwt_author'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)
    resp = json.loads(rv.data)['data']

    # GET (empty) collection
    rv = test_app.get(endpoint)
    check_content_type(rv.headers)
    eq_(rv.status_code, 200)
    eq_(len(json.loads(rv.data)['data']), 0)

    # GET (empty) single
    rv = test_app.get('%s%s' % (endpoint, resp['id']))
    check_content_type(rv.headers)
    eq_(rv.status_code, 404)
    check_error_code(rv.data, "028")

    # Try to DELETE by user
    rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=[('loginJWT', login_jwts['login_jwt_user'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 401)
    check_error_code(rv.data, '044')

    # DELETE by admin
    rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=[('loginJWT', login_jwts['login_jwt_admin'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 204)

    # POST again
    d = dict(name="Nahetal")
    rv = test_app.post(endpoint, data=d, headers=[('loginJWT', login_jwts['login_jwt_author'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)
    resp = json.loads(rv.data)['data']

    # Try to confirm by author
    d = dict(name="Nahetal", confirmed=True)
    rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=[('loginJWT', login_jwts['login_jwt_author'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 401)
    check_error_code(rv.data, '045')

    # Confirm by admin
    d = dict(name="Nahetal", confirmed=True)
    rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=[('loginJWT', login_jwts['login_jwt_admin'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)

    # GET one element collection
    rv = test_app.get(endpoint)
    check_content_type(rv.headers)
    eq_(rv.status_code, 200)
    eq_(len(json.loads(rv.data)['data']), 1)

    # GET single
    rv = test_app.get('%s%s' % (endpoint, resp['id']))
    check_content_type(rv.headers)
    eq_(rv.status_code, 200)

    # Try to DELETE by author
    rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=[('loginJWT', login_jwts['login_jwt_author'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 401)
    check_error_code(rv.data, '043')

    # DELETE by admin
    rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=[('loginJWT', login_jwts['login_jwt_admin'])])
    check_content_type(rv.headers)
    eq_(rv.status_code, 204)
Example #10
0
def test_admins_and_mods():
    """
    Tests CRUD functionality of the user endpoints administrator and moderator functionality.
    """
    # POST
    d = dict(nickname="Jule", email="*****@*****.**", password="******", installAdmin=True)
    rv = test_app.post(endpoint, data=d)
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)
    resp = json.loads(rv.data)['data']
    eq_(resp['nickname'], "Jule")
    eq_(resp['email'], "*****@*****.**")
    eq_(resp['administrator'], True)
    eq_(resp['moderator'], True)
    ok_(datetime.now() >= datetime.strptime(resp['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))

    # Try to create initial administrator a second time
    d = dict(nickname="Juleee", email="*****@*****.**", password="******", installAdmin=True)
    rv = test_app.post(endpoint, data=d)
    check_content_type(rv.headers)
    eq_(rv.status_code, 401)
    check_error_code(rv.data, "036")

    # Create a second user
    d = dict(nickname="Danny", email="*****@*****.**", password="******")
    rv = test_app.post(endpoint, data=d)
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)
    resp = json.loads(rv.data)['data']
    id_danny = resp['id']

    # Create a third user
    d = dict(nickname="Jimmy", email="*****@*****.**", password="******")
    rv = test_app.post(endpoint, data=d)
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)
    resp = json.loads(rv.data)['data']
    id_jimmy = resp['id']

    # Login Jimmy
    encoded_credentials = base64.b64encode('[email protected]:secret123!')
    h = [('Authorization', 'Basic %s' % encoded_credentials)]
    rv = test_app.get('%slogin/' % api_prefix, headers=h)
    eq_(rv.status_code, 200)
    resp = json.loads(rv.data)['data']
    ok_(isinstance(resp['loginJWT'], unicode))
    login_jwt_jimmy = resp['loginJWT']

    # Login Jule
    encoded_credentials = base64.b64encode('[email protected]:secret123!')
    h = [('Authorization', 'Basic %s' % encoded_credentials)]
    rv = test_app.get('%slogin/' % api_prefix, headers=h)
    eq_(rv.status_code, 200)
    resp = json.loads(rv.data)['data']
    ok_(isinstance(resp['loginJWT'], unicode))
    login_jwt_jule = resp['loginJWT']

    # Test if Jimmy can promote administrators
    d = dict(promoteToAdmin=True)
    h = [('loginJWT', login_jwt_jimmy)]
    rv = test_app.put('%spromote/%s' % (api_prefix, id_danny), data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 401)
    check_error_code(rv.data, "038")

    # Test if Jimmy can promote moderators
    d = dict(promoteToMod=True)
    h = [('loginJWT', login_jwt_jimmy)]
    rv = test_app.put('%spromote/%s' % (api_prefix, id_danny), data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 401)
    check_error_code(rv.data, "039")

    # Promote Jimmy to moderator
    d = dict(promoteToMod=True)
    h = [('loginJWT', login_jwt_jule)]
    rv = test_app.put('%spromote/%s' % (api_prefix, id_jimmy), data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)
    resp = json.loads(rv.data)['data']
    eq_(resp['nickname'], "Jimmy")
    eq_(resp['administrator'], False)
    eq_(resp['moderator'], True)

    # Login Jimmy again to get higher privileged login jwt
    encoded_credentials = base64.b64encode('[email protected]:secret123!')
    h = [('Authorization', 'Basic %s' % encoded_credentials)]
    rv = test_app.get('%slogin/' % api_prefix, headers=h)
    eq_(rv.status_code, 200)
    resp = json.loads(rv.data)['data']
    ok_(isinstance(resp['loginJWT'], unicode))
    login_jwt_jimmy = resp['loginJWT']

    # Test if Jimmy can promote moderators
    d = dict(promoteToMod=True)
    h = [('loginJWT', login_jwt_jimmy)]
    rv = test_app.put('%spromote/%s' % (api_prefix, id_danny), data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)
    resp = json.loads(rv.data)['data']
    eq_(resp['nickname'], "Danny")
    eq_(resp['administrator'], False)
    eq_(resp['moderator'], True)

    # Test if Jimmy can promote administrators
    d = dict(promoteToAdmin=True)
    h = [('loginJWT', login_jwt_jimmy)]
    rv = test_app.put('%spromote/%s' % (api_prefix, id_danny), data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 401)
    check_error_code(rv.data, "038")

    # Promote Jimmy to administrator
    d = dict(promoteToAdmin=True)
    h = [('loginJWT', login_jwt_jule)]
    rv = test_app.put('%spromote/%s' % (api_prefix, id_jimmy), data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)
    resp = json.loads(rv.data)['data']
    eq_(resp['nickname'], "Jimmy")
    eq_(resp['administrator'], True)
    eq_(resp['moderator'], True)

    # Login Jimmy again to get higher privileged login jwt
    encoded_credentials = base64.b64encode('[email protected]:secret123!')
    h = [('Authorization', 'Basic %s' % encoded_credentials)]
    rv = test_app.get('%slogin/' % api_prefix, headers=h)
    eq_(rv.status_code, 200)
    resp = json.loads(rv.data)['data']
    ok_(isinstance(resp['loginJWT'], unicode))
    login_jwt_jimmy = resp['loginJWT']

    # Test if Jimmy can promote administrators
    d = dict(promoteToAdmin=True)
    h = [('loginJWT', login_jwt_jimmy)]
    rv = test_app.put('%spromote/%s' % (api_prefix, id_danny), data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)
    resp = json.loads(rv.data)['data']
    eq_(resp['nickname'], "Danny")
    eq_(resp['administrator'], True)
    eq_(resp['moderator'], True)
Example #11
0
def test_user_endpoints():
    """
    Tests CRUD functionality of the user endpoint.
    """
    # GET (empty) collection
    rv = test_app.get(endpoint)
    check_content_type(rv.headers)
    resp = json.loads(rv.data)['data']
    eq_(rv.status_code, 200)
    eq_(len(resp), 0)

    # POST with missing parameter
    d = dict()
    rv = test_app.post(endpoint, data=d)
    check_content_type(rv.headers)
    eq_(rv.status_code, 400)

    # POST
    d = dict(nickname="Jule", email="*****@*****.**", password="******")
    rv = test_app.post(endpoint, data=d)
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)
    resp = json.loads(rv.data)['data']
    eq_(resp['nickname'], "Jule")
    eq_(resp['email'], "*****@*****.**")
    ok_(datetime.now() >= datetime.strptime(resp['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))

    # GET (populated) collection
    rv = test_app.get(endpoint)
    check_content_type(rv.headers)
    resp = json.loads(rv.data)['data']
    eq_(rv.status_code, 200)
    eq_(len(resp), 1)

    # Get single
    rv = test_app.get('%s%s' % (endpoint, resp[0]['id']))
    check_content_type(rv.headers)
    eq_(rv.status_code, 200)
    resp = json.loads(rv.data)['data']
    eq_(resp['nickname'], "Jule")
    eq_(resp['email'], "*****@*****.**")
    ok_(datetime.now() >= datetime.strptime(resp['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))

    # Post duplicate
    rv = test_app.post(endpoint, data=d)
    check_content_type(rv.headers)
    eq_(rv.status_code, 500)

    # POST without nickname or first & lastname
    d = dict(email="*****@*****.**", passwort="secret")
    rv = test_app.post(endpoint, data=d)
    check_content_type(rv.headers)
    eq_(rv.status_code, 400)
    check_error_code(rv.data, "008")

    # POST with invalid email
    d = dict(nickname="Jimmy", email="jimmywebb.de", password="******")
    rv = test_app.post(endpoint, data=d)
    check_content_type(rv.headers)
    eq_(rv.status_code, 400)
    check_error_code(rv.data, "009")

    # POST with invalid sex
    d = dict(nickname="Jimmy", email="*****@*****.**", password="******", sex="humbug")
    rv = test_app.post(endpoint, data=d)
    check_content_type(rv.headers)
    eq_(rv.status_code, 400)
    check_error_code(rv.data, "026")

    # Get put permission jwt
    encoded_credentials = base64.b64encode('[email protected]:secret123!')
    h = [('Authorization', 'Basic %s' % encoded_credentials)]
    d = dict(action='put')
    rv = test_app.post('%sprotected-action-permission/' % api_prefix, headers=h, data=d)
    eq_(rv.status_code, 200)
    put_jwt = json.loads(rv.data)['data']['paJWT']

    # Login and get JWT
    encoded_credentials = base64.b64encode('[email protected]:secret123!')
    h = [('Authorization', 'Basic %s' % encoded_credentials)]
    rv = test_app.get('%slogin/' % api_prefix, headers=h)
    eq_(rv.status_code, 200)
    login_jwt = json.loads(rv.data)['data']['loginJWT']

    # PUT without login token
    d = dict(nickname="Der Jan", email="*****@*****.**")
    h = [('paJWT', put_jwt)]
    rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=h)
    check_content_type(rv.headers)
    check_error_code(rv.data, "013")

    # PUT without permission token
    d = dict(nickname="Der Jan", email="*****@*****.**")
    h = [('loginJWT', login_jwt)]
    rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=h)
    check_content_type(rv.headers)
    check_error_code(rv.data, "006")

    # PUT with invalid permission
    h = [('paJWT', 'iAmAnIvalidToken')]
    d = dict(nickname="Der Jan", email="*****@*****.**")
    rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 401)
    check_error_code(rv.data, "023")

    # PUT without nickname or first & lastname
    d = dict(firstname="Jan", email="*****@*****.**")
    h = [('paJWT', put_jwt), ('loginJWT', login_jwt)]
    rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 400)
    check_error_code(rv.data, "003")

    # PUT with invalid email
    d = dict(nickname="Jan", email="jan@hojerde")
    rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 400)
    check_error_code(rv.data, "004")

    # PUT with invalid sex
    d = dict(nickname="Jan", email="*****@*****.**", sex="humbug")
    rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 400)
    check_error_code(rv.data, "027")

    # PUT unprotected fields
    d = dict(nickname="Der Jan", email="*****@*****.**", firstname="Jan", lastname="Hojer",
             birthday="1993-02-01", size=1.94, sex='male')
    h = [('loginJWT', login_jwt)]
    rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)
    resp = json.loads(rv.data)['data']
    eq_(resp['nickname'], "Der Jan")
    eq_(resp['email'], "*****@*****.**")
    eq_(resp['firstname'], "Jan")
    eq_(resp['lastname'], "Hojer")
    eq_(resp['size'], 1.94)
    eq_(resp['sex'], "male")
    eq_(datetime.strptime(resp['birthday'][:-6], '%a, %d %b %Y %H:%M:%S'), datetime(1993, 02, 01, 0, 0, 0))
    ok_(datetime.now() >= datetime.strptime(resp['time_updated'][:-6], '%a, %d %b %Y %H:%M:%S'))
    ok_(datetime.strptime(resp['time_updated'][:-6], '%a, %d %b %Y %H:%M:%S') >= datetime.strptime(
            resp['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))
    try:
        resp['refreshedJWT']
        ok_(False)
    except KeyError:
        ok_(True)

    # PUT protected fields (only password)
    d = dict(nickname="Der Jan", email="*****@*****.**", password="******")
    h = [('paJWT', put_jwt), ('loginJWT', login_jwt)]
    rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)
    resp = json.loads(rv.data)['data']
    eq_(resp['nickname'], "Der Jan")
    eq_(resp['email'], "*****@*****.**")
    ok_(datetime.now() >= datetime.strptime(resp['time_updated'][:-6], '%a, %d %b %Y %H:%M:%S'))
    ok_(datetime.strptime(resp['time_updated'][:-6], '%a, %d %b %Y %H:%M:%S') >= datetime.strptime(
            resp['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))
    try:
        resp['refreshedJWT']
        ok_(False)
    except KeyError:
        ok_(True)

    # PUT protected fields
    d = dict(nickname="Der Jan", email="*****@*****.**", password="******")
    rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)
    resp = json.loads(rv.data)
    eq_(resp['data']['nickname'], "Der Jan")
    eq_(resp['data']['email'], "*****@*****.**")
    ok_(datetime.now() >= datetime.strptime(resp['data']['time_updated'][:-6], '%a, %d %b %Y %H:%M:%S'))
    ok_(datetime.strptime(resp['data']['time_updated'][:-6], '%a, %d %b %Y %H:%M:%S') >= datetime.strptime(
            resp['data']['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))
    ok_(isinstance(resp['refreshedJWT'], unicode))
    login_jwt = resp['refreshedJWT']

    # PUT non existing
    d = dict(nickname="Der Jan", email="*****@*****.**", firstname="Jan", lastname="Hojer",
             birthday="1993-02-01", size=1.94, sex='male')
    h = [('loginJWT', login_jwt)]
    rv = test_app.put('%s%s' % (endpoint, 42), data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 404)
    check_error_code(rv.data, "080")

    # PUT duplicate
    d = dict(nickname="Adam", email="*****@*****.**", password="******")
    rv = test_app.post(endpoint, data=d)
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)

    d = dict(nickname="Adam", email="*****@*****.**")
    h = [('loginJWT', login_jwt)]
    rv = test_app.put('%s%s' % (endpoint, resp['data']['id']), data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 500)

    # Get new put permission jwt
    encoded_credentials = base64.b64encode('[email protected]:geheim')
    h = [('Authorization', 'Basic %s' % encoded_credentials)]
    d = dict(action='put')
    rv = test_app.post('%sprotected-action-permission/' % api_prefix, headers=h, data=d)
    eq_(rv.status_code, 200)
    put_jwt = json.loads(rv.data)['data']['paJWT']

    d = dict(nickname="Der Jan", email="*****@*****.**")
    h = [('loginJWT', login_jwt), ('paJWT', put_jwt)]
    rv = test_app.put('%s%s' % (endpoint, resp['data']['id']), data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 500)

    # GET (updated) single
    rv = test_app.get('%s%s' % (endpoint, resp['data']['id']))
    check_content_type(rv.headers)
    eq_(rv.status_code, 200)
    resp = json.loads(rv.data)['data']
    eq_(resp['nickname'], "Der Jan")
    eq_(resp['email'], "*****@*****.**")

    # Get delete permission jwt
    encoded_credentials = base64.b64encode('[email protected]:geheim')
    h = [('Authorization', 'Basic %s' % encoded_credentials)]
    d = dict(action='delete')
    rv = test_app.post('%sprotected-action-permission/' % api_prefix, headers=h, data=d)
    eq_(rv.status_code, 200)
    delete_jwt = json.loads(rv.data)['data']['paJWT']

    # DELETE single without permission
    rv = test_app.delete('%s%s' % (endpoint, resp['id']))
    check_content_type(rv.headers)
    eq_(rv.status_code, 401)
    check_error_code(rv.data, "025")

    # DELETE single with invalid permission token
    h = [('paJWT', 'iAmAnInvalidToken')]
    rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 401)
    check_error_code(rv.data, "023")

    # DELETE single
    h = [('paJWT', delete_jwt)]
    rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 204)

    # GET (1-length) collection
    rv = test_app.get(endpoint)
    check_content_type(rv.headers)
    resp = json.loads(rv.data)['data']
    eq_(rv.status_code, 200)
    eq_(len(resp), 1)
    def test_items(self):
        # register
        r = test_app.post('/api/users/register',data={'name':'Test','username':'******','password':'******'})
        eq_(r.status_code,200)
        assert 'token' in r.data
        authorization = {'Authorization':json.loads(r.data)['token']}

        # login
        r = test_app.post('/api/users/login',data={'username':'******','password':'******'},headers=authorization)
        eq_(r.status_code,200)

        # get all items
        r = test_app.get('/api/items',headers=authorization)
        eq_(r.status_code,200)
        assert 'items' in r.data
        eq_(json.loads(r.data)['items'],[])

        # create an item
        #r = test_app.post('/api/items',data={'text':'todo item 1'},headers=authorization)
        h = {'Content-Type':'application/json','Authorization':authorization['Authorization']}
        r = test_app.post('/api/items',data=json.dumps({'item':{'title':'todo item 1'}}),headers=h)
        eq_(r.status_code,200)

        # create an item
        #r = test_app.post('/api/items',data={'text':'todo item 2'},headers=authorization)
        r = test_app.post('/api/items',data=json.dumps({'item':{'title':'todo item 2'}}),headers=h)
        eq_(r.status_code,200)

        # get all items
        r = test_app.get('/api/items',headers=authorization)
        eq_(r.status_code,200)
        assert 'items' in r.data
        eq_(json.loads(r.data)['items'],[{'title':'todo item 1','completed':False,'id':1,'uri':'/api/items/1'},{'title':'todo item 2','completed':False,'id':2,'uri':'/api/items/2'}])

        # get one item
        r = test_app.get('/api/items/1',headers=authorization)
        eq_(r.status_code,200)
        eq_(json.loads(r.data),{'id':1,'title':'todo item 1','completed':False,'uri':'/api/items/1'})

        # get an item that doesn't exist
        r = test_app.get('/api/items/10',headers=authorization)
        eq_(r.status_code,403)

        # put new info for item
        r = test_app.put('/api/items/1',data=json.dumps({'item':{'title':'todo item changed','completed':True}}),headers=h)
        eq_(r.status_code,200)
        eq_(json.loads(r.data),{'id':1,'title':'todo item changed','completed':True,'uri':'/api/items/1'})

        # delete an item
        r = test_app.delete('/api/items/2',headers=authorization)
        eq_(r.status_code,200)

        # register a second user
        r = test_app.post('/api/users/register',data={'name':'Test2','username':'******','password':'******'})
        eq_(r.status_code,200)
        assert 'token' in r.data
        authorization = {'Authorization':json.loads(r.data)['token']}

        # login
        r = test_app.post('/api/users/login',data={'username':'******','password':'******'},headers=authorization)
        eq_(r.status_code,200)

        # get an item that doesn't belong to second user
        r = test_app.get('/api/items/1',headers=authorization)
        eq_(r.status_code,403)
Example #13
0
def test_comments():
    """
    Tests CRUD functionality of the comment endpoint.
    """
    login_jwts = ratings_fixture()

    # POST comments
    for i in range(3):
        h = [('loginJWT', login_jwts[i])]
        d = dict(text="Lorem ipsum number %s" % i, entity_id=1)
        rv = test_app.post(endpoint, data=d, headers=h)
        check_content_type(rv.headers)
        eq_(rv.status_code, 201)

    # GET comment list
    rv = test_app.get(endpoint)
    check_content_type(rv.headers)
    eq_(rv.status_code, 200)
    resp = json.loads(rv.data)['data']
    eq_(len(resp), 3)

    # GET single
    rv = test_app.get("%s%s" % (endpoint, 1))
    check_content_type(rv.headers)
    eq_(rv.status_code, 200)
    resp = json.loads(rv.data)['data']
    eq_(resp['text'], "Lorem ipsum number 0")

    # GET non existing single
    rv = test_app.get("%s%s" % (endpoint, 42))
    check_content_type(rv.headers)
    eq_(rv.status_code, 404)
    check_error_code(rv.data, "065")

    # POST children
    h = [('loginJWT', login_jwts[i])]
    d = dict(text="This is a child comment", entity_id=1, parent_id=1)
    rv = test_app.post(endpoint, data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)
    child_resp = json.loads(rv.data)['data']

    # POST grandchildren
    h = [('loginJWT', login_jwts[i])]
    d = dict(text="This is a child comment", entity_id=1, parent_id=child_resp['id'])
    rv = test_app.post(endpoint, data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 400)
    check_error_code(rv.data, "064")

    # POST children for non exiting parent
    h = [('loginJWT', login_jwts[i])]
    d = dict(text="This is a child comment", entity_id=1, parent_id=42)
    rv = test_app.post(endpoint, data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 400)
    check_error_code(rv.data, "063")

    # GET comment list
    rv = test_app.get(endpoint)
    check_content_type(rv.headers)
    eq_(rv.status_code, 200)
    resp = json.loads(rv.data)['data']
    eq_(len(resp), 4)

    # GET comment list for entity
    rv = test_app.get('%sentity/1/comments/' % api_prefix)
    check_content_type(rv.headers)
    eq_(rv.status_code, 200)
    resp = json.loads(rv.data)['data']
    eq_(len(resp), 3)

    # GET comment list for entity without comments
    rv = test_app.get('%sentity/42/comments/' % api_prefix)
    check_content_type(rv.headers)
    eq_(rv.status_code, 200)
    resp = json.loads(rv.data)['data']
    eq_(len(resp), 0)

    # Try to comment on an unconfirmed entity
    h = [('loginJWT', login_jwts[i])]
    d = dict(text="Lorem ipsum", entity_id=5)
    rv = test_app.post(endpoint, data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 400)
    check_error_code(rv.data, "062")

    # Try to comment on a non existing entity
    h = [('loginJWT', login_jwts[i])]
    d = dict(text="Lorem ipsum", entity_id=42)
    rv = test_app.post(endpoint, data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 404)
    check_error_code(rv.data, "061")

    # UPDATE as author
    h = [('loginJWT', login_jwts[0])]
    d = dict(text="New text", entity_id=1)
    rv = test_app.put("%s%s" % (endpoint, 1), data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 201)
    resp = json.loads(rv.data)['data']
    eq_(resp['text'], "New text")

    # UPDATE as non author
    h = [('loginJWT', login_jwts[1])]
    d = dict(text="Newer text", entity_id=1)
    rv = test_app.put("%s%s" % (endpoint, 1), data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 401)
    check_error_code(rv.data, "069")

    # UPDATE non existing
    h = [('loginJWT', login_jwts[1])]
    d = dict(text="Newer text", entity_id=1)
    rv = test_app.put("%s%s" % (endpoint, 42), data=d, headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 404)
    check_error_code(rv.data, "068")

    # DELETE single as author
    h = [('loginJWT', login_jwts[0])]
    rv = test_app.delete("%s%s" % (endpoint, 1), headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 204)

    # GET now non existing child comment
    rv = test_app.get("%s%s" % (endpoint, child_resp['id']))
    check_content_type(rv.headers)
    eq_(rv.status_code, 404)
    check_error_code(rv.data, "065")

    # DELETE non existing single as author
    h = [('loginJWT', login_jwts[0])]
    rv = test_app.delete("%s%s" % (endpoint, 1), headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 404)
    check_error_code(rv.data, "066")

    # DELETE single as non-author
    h = [('loginJWT', login_jwts[2])]
    rv = test_app.delete("%s%s" % (endpoint, 2), headers=h)
    check_content_type(rv.headers)
    eq_(rv.status_code, 401)
    check_error_code(rv.data, "067")