def test_delete_other_user(dummy_user):
# No integration test possible because the application flow currently
# doesn't allow for this scenario to occur.
_, user_id = save(dummy_user)
mock_request = Mock()
type(mock_request).authenticated_userid = PropertyMock(
return_value=str(uuid.uuid4()))
user_handler = UserHandler(get_user_by_id(user_id), mock_request)
with pytest.raises(HTTPNoContent):
user_handler.delete()
assert get_user_by_id(user_id) is None
def test_patch_user_success(test_app_with_authenticated_user_id):
test_app, user_id = test_app_with_authenticated_user_id
token = '123456'
token_hash, token_salt = hash_plaintext(token)
verification_token = VerificationToken(
token_hash=token_hash,
token_salt=token_salt,
for_user_id=user_id
)
_, token_id = save(verification_token)
data = {
'password': '******',
'current_password': '******',
'verification_token': token
}
response = test_app.patch_json('/user/me', data)
updated_user = get_user_by_id(user_id)
updated_verification_token = get_verification_token_by_id(token_id)
assert response.status_code == HTTPStatus.OK
assert not compare_plaintext_to_hash(
'testing123',
updated_user.password_hash,
updated_user.password_salt
)
assert updated_user.verified
assert updated_verification_token.invalidated
assert updated_verification_token.used
def test_request_verification_token_success(
test_app_with_authenticated_user_id,
mocker
):
test_app, user_id = test_app_with_authenticated_user_id
email_address = get_user_by_id(user_id).email_address
token_hex_mock = mocker.patch(
'{{cookiecutter.project_slug}}.handlers.user.token_hex',
return_value='123456'
)
sendgrid_mock = mocker.MagicMock()
mocker.patch('{{cookiecutter.project_slug}}.handlers.user.SendGridClient',
return_value=sendgrid_mock)
response = test_app.post_json(
'/user/me/request-verification-token',
{},
expect_errors=True
)
assert response.status_code == HTTPStatus.CREATED
sendgrid_mock.send_account_verification_email.assert_called_with(
email_address,
token_hex_mock()
)
def test_patch_user_reset_password(test_app_with_authenticated_user_id):
test_app, user_id = test_app_with_authenticated_user_id
recovery_token = RecoveryToken(
for_user_id=user_id,
token_hash='fake',
token_salt='fake',
used=True
)
save(recovery_token)
data = {
'password': '******'
}
response = test_app.patch_json('/user/me', data)
updated_user = get_user_by_id(user_id)
assert response.status_code == HTTPStatus.OK
assert updated_user.active_recovery_token is None
assert not compare_plaintext_to_hash(
'testing123',
updated_user.password_hash,
updated_user.password_salt
)
def test_patch_user_current_password_incorrect(
test_app_with_authenticated_user_id
):
test_app, user_id = test_app_with_authenticated_user_id
data = {
'password': '******',
'current_password': '******'
}
response = test_app.patch_json('/user/me', data, expect_errors=True)
updated_user = get_user_by_id(user_id)
assert response.status_code == HTTPStatus.BAD_REQUEST
assert response.json == {
'message': {
'current_password': [
"Given password is incorrect"
]
}
}
assert compare_plaintext_to_hash(
'testing123',
updated_user.password_hash,
updated_user.password_salt
)
def test_delete_user(test_app_with_authenticated_user_id):
test_app, user_id = test_app_with_authenticated_user_id
response = test_app.delete('/user/me')
assert response.status_code == HTTPStatus.OK
assert get_user_by_id(user_id) is None
# Assert whether session was ended
assert 'auth_tkt=;' in response.headers['Set-Cookie']
def test_get_user(test_app_with_authenticated_user_id):
test_app, user_id = test_app_with_authenticated_user_id
user = get_user_by_id(user_id)
response = test_app.get('/user/me')
assert response.status_code == HTTPStatus.OK
assert response.json == {
'id': str(user_id),
'email_address': user.email_address,
'verified': False
}
def test_patch_user_empty(test_app_with_authenticated_user_id):
test_app, user_id = test_app_with_authenticated_user_id
response = test_app.patch_json('/user/me', {})
unaltered_user = get_user_by_id(user_id)
assert response.status_code == HTTPStatus.OK
assert compare_plaintext_to_hash(
'testing123',
unaltered_user.password_hash,
unaltered_user.password_salt
)
def test_patch_user_already_verified(test_app_with_authenticated_user_id):
test_app, user_id = test_app_with_authenticated_user_id
user = get_user_by_id(user_id)
user.verified = True
save(user)
data = {
'verification_token': '123456'
}
response = test_app.patch_json('/user/me', data, expect_errors=True)
assert response.status_code == HTTPStatus.BAD_REQUEST
assert response.json == {
'message': {
'verification_token': ["This user is already verified."]
}
}
def test_request_verification_token_already_verified(
test_app_with_authenticated_user_id
):
test_app, user_id = test_app_with_authenticated_user_id
user = get_user_by_id(user_id)
user.verified = True
save(user)
response = test_app.post_json(
'/user/me/request-verification-token',
{},
expect_errors=True
)
assert response.status_code == HTTPStatus.BAD_REQUEST
assert response.json == {
'message': {
'_schema': ["This user is already verified."]
}
}
def test_patch_user_invalid_password_length(
test_app_with_authenticated_user_id
):
test_app, user_id = test_app_with_authenticated_user_id
data = {
'password': '******',
'current_password': '******'
}
response = test_app.patch_json('/user/me', data, expect_errors=True)
updated_user = get_user_by_id(user_id)
assert response.status_code == HTTPStatus.BAD_REQUEST
assert response.json == {
'message': {
'password': ["Shorter than minimum length 8."]
}
}
assert compare_plaintext_to_hash(
'testing123',
updated_user.password_hash,
updated_user.password_salt
)
def test_get_user_by_id(dummy_user):
_, user_id = save(dummy_user)
user = get_user_by_id(user_id)
assert user.id == user_id
def get_authenticated_user(request):
if not request.authenticated_userid:
return None
return get_user_by_id(request.authenticated_userid)
