def test_delete_other_user(dummy_user): # No integration test possible because the application flow currently # doesn't allow for this scenario to occur. _, user_id = save(dummy_user) mock_request = Mock() type(mock_request).authenticated_userid = PropertyMock( return_value=str(uuid.uuid4())) user_handler = UserHandler(get_user_by_id(user_id), mock_request) with pytest.raises(HTTPNoContent): user_handler.delete() assert get_user_by_id(user_id) is None
def test_patch_user_success(test_app_with_authenticated_user_id): test_app, user_id = test_app_with_authenticated_user_id token = '123456' token_hash, token_salt = hash_plaintext(token) verification_token = VerificationToken( token_hash=token_hash, token_salt=token_salt, for_user_id=user_id ) _, token_id = save(verification_token) data = { 'password': '******', 'current_password': '******', 'verification_token': token } response = test_app.patch_json('/user/me', data) updated_user = get_user_by_id(user_id) updated_verification_token = get_verification_token_by_id(token_id) assert response.status_code == HTTPStatus.OK assert not compare_plaintext_to_hash( 'testing123', updated_user.password_hash, updated_user.password_salt ) assert updated_user.verified assert updated_verification_token.invalidated assert updated_verification_token.used
def test_request_verification_token_success( test_app_with_authenticated_user_id, mocker ): test_app, user_id = test_app_with_authenticated_user_id email_address = get_user_by_id(user_id).email_address token_hex_mock = mocker.patch( '{{cookiecutter.project_slug}}.handlers.user.token_hex', return_value='123456' ) sendgrid_mock = mocker.MagicMock() mocker.patch('{{cookiecutter.project_slug}}.handlers.user.SendGridClient', return_value=sendgrid_mock) response = test_app.post_json( '/user/me/request-verification-token', {}, expect_errors=True ) assert response.status_code == HTTPStatus.CREATED sendgrid_mock.send_account_verification_email.assert_called_with( email_address, token_hex_mock() )
def test_patch_user_reset_password(test_app_with_authenticated_user_id): test_app, user_id = test_app_with_authenticated_user_id recovery_token = RecoveryToken( for_user_id=user_id, token_hash='fake', token_salt='fake', used=True ) save(recovery_token) data = { 'password': '******' } response = test_app.patch_json('/user/me', data) updated_user = get_user_by_id(user_id) assert response.status_code == HTTPStatus.OK assert updated_user.active_recovery_token is None assert not compare_plaintext_to_hash( 'testing123', updated_user.password_hash, updated_user.password_salt )
def test_patch_user_current_password_incorrect( test_app_with_authenticated_user_id ): test_app, user_id = test_app_with_authenticated_user_id data = { 'password': '******', 'current_password': '******' } response = test_app.patch_json('/user/me', data, expect_errors=True) updated_user = get_user_by_id(user_id) assert response.status_code == HTTPStatus.BAD_REQUEST assert response.json == { 'message': { 'current_password': [ "Given password is incorrect" ] } } assert compare_plaintext_to_hash( 'testing123', updated_user.password_hash, updated_user.password_salt )
def test_delete_user(test_app_with_authenticated_user_id): test_app, user_id = test_app_with_authenticated_user_id response = test_app.delete('/user/me') assert response.status_code == HTTPStatus.OK assert get_user_by_id(user_id) is None # Assert whether session was ended assert 'auth_tkt=;' in response.headers['Set-Cookie']
def test_get_user(test_app_with_authenticated_user_id): test_app, user_id = test_app_with_authenticated_user_id user = get_user_by_id(user_id) response = test_app.get('/user/me') assert response.status_code == HTTPStatus.OK assert response.json == { 'id': str(user_id), 'email_address': user.email_address, 'verified': False }
def test_patch_user_empty(test_app_with_authenticated_user_id): test_app, user_id = test_app_with_authenticated_user_id response = test_app.patch_json('/user/me', {}) unaltered_user = get_user_by_id(user_id) assert response.status_code == HTTPStatus.OK assert compare_plaintext_to_hash( 'testing123', unaltered_user.password_hash, unaltered_user.password_salt )
def test_patch_user_already_verified(test_app_with_authenticated_user_id): test_app, user_id = test_app_with_authenticated_user_id user = get_user_by_id(user_id) user.verified = True save(user) data = { 'verification_token': '123456' } response = test_app.patch_json('/user/me', data, expect_errors=True) assert response.status_code == HTTPStatus.BAD_REQUEST assert response.json == { 'message': { 'verification_token': ["This user is already verified."] } }
def test_request_verification_token_already_verified( test_app_with_authenticated_user_id ): test_app, user_id = test_app_with_authenticated_user_id user = get_user_by_id(user_id) user.verified = True save(user) response = test_app.post_json( '/user/me/request-verification-token', {}, expect_errors=True ) assert response.status_code == HTTPStatus.BAD_REQUEST assert response.json == { 'message': { '_schema': ["This user is already verified."] } }
def test_patch_user_invalid_password_length( test_app_with_authenticated_user_id ): test_app, user_id = test_app_with_authenticated_user_id data = { 'password': '******', 'current_password': '******' } response = test_app.patch_json('/user/me', data, expect_errors=True) updated_user = get_user_by_id(user_id) assert response.status_code == HTTPStatus.BAD_REQUEST assert response.json == { 'message': { 'password': ["Shorter than minimum length 8."] } } assert compare_plaintext_to_hash( 'testing123', updated_user.password_hash, updated_user.password_salt )
def test_get_user_by_id(dummy_user): _, user_id = save(dummy_user) user = get_user_by_id(user_id) assert user.id == user_id
def get_authenticated_user(request): if not request.authenticated_userid: return None return get_user_by_id(request.authenticated_userid)