def test_put_user_image__failure(server):
token = util.create_jwt(99, server.config.secret)
data = FormData()
# No such user
_, response = server.app.test_client.put(
'/users/99/images/profile',
data=data,
headers={
'Authorization': token,
})
assert response.status == 404
# Forbidden (the user is trying to update another user's image)
_, response = server.app.test_client.put(
'/users/3/images/profile',
data=data,
headers={
'Authorization': token,
})
assert response.status == 403
# Invalid image name
token = util.create_jwt(3, server.config.secret)
_, response = server.app.test_client.put(
'/users/3/images/$%^&*(',
data=data,
headers={
'Authorization': token,
})
assert response.status == 400
def test_delete_membership__failure(server):
# Presidents can't delete President memberships
_, response = server.app.test_client.get('/users/founder')
founder_id = response.json['id']
founder_token = util.create_jwt(founder_id, server.config.secret)
_, response = server.app.test_client.get('/users/pres2')
pres2_id = response.json['id']
_, response = server.app.test_client.delete(
'/memberships/testclub?user_id=' + str(pres2_id),
headers={'Authorization': founder_token})
assert response.status == 403
# Admins can't delete memberships other than Member memberships
_, response = server.app.test_client.get('/users/admin')
admin_id = response.json['id']
admin_token = util.create_jwt(admin_id, server.config.secret)
_, response = server.app.test_client.delete(
'/memberships/testclub?user_id=' + str(founder_id),
headers={'Authorization': admin_token})
assert response.status == 403
# Members can't delete other memberships
_, response = server.app.test_client.get('/users/member')
member_id = response.json['id']
member_token = util.create_jwt(member_id, server.config.secret)
_, response = server.app.test_client.get('/users/founder')
founder_id = response.json['id']
_, response = server.app.test_client.delete(
'/memberships/testclub?user_id=' + str(founder_id),
headers={'Authorization': member_token})
assert response.status == 403
# a regular member cannot delete all members
_, response = server.app.test_client.delete(
'/memberships/testclub', headers={'Authorization': member_token})
assert response.status == 403
# Invalid ID
_, response = server.app.test_client.delete(
'/memberships/testclub?user_id=99',
headers={'Authorization': founder_token})
assert response.status == 400
# Invalid club
_, response = server.app.test_client.delete(
'/memberships/doesnotexist?user_id=' + str(member_id),
headers={'Authorization': founder_token})
assert response.status == 404
def test_get_memberships__success(server):
_, response = server.app.test_client.get('/users/founder')
user_id = response.json['id']
token = util.create_jwt(user_id, server.config.secret)
# get all memberships
_, response = server.app.test_client.get(
'/memberships/testclub', headers={'Authorization': token})
assert response.status == 200
# check that the four memberships were obtained
# (founder, admin, member, pres2, admin2, and member2's memberships)
assert len(response.json) == 6
# get founder's membership
_, response = server.app.test_client.get(
'/memberships/testclub?user_id=' + str(user_id),
headers={'Authorization': token})
membership = response.json[0]
assert membership['user_id'] == user_id
assert membership['full_name'] == 'Test Guy'
assert membership['username'] == 'founder'
assert isinstance(membership['created_at'], int)
# get member's membership
_, response = server.app.test_client.get(
'/memberships/testclub?user_id=' + str(user_id + 1),
headers={'Authorization': token})
def test_paginate_clubs__success(server):
# get founder's id to post a club
_, response = server.app.test_client.get('/users/founder')
user_id = response.json['id']
token = util.create_jwt(user_id, server.config.secret)
# add dummy data to search for in database
club_info = [['UBC Launch Pad', 'software engineering team'],
['envision', 'something'], ['UBC biomed', 'something else']]
for name, desc in club_info:
server.app.test_client.post('/clubs',
data=json.dumps({
'name': name,
'description': desc,
'website_url': '',
'twitter_url': '',
'facebook_url': '',
'instagram_url': '',
}),
headers={'Authorization': token})
_, response = server.app.test_client.get('/clubs/search?page=0&size=2')
assert response.status == 200
body = response.json
assert body.get('result_count') == 3
assert body.get('page') == 0
assert body.get('total_pages') == 2
def test_put_user__failure(server):
username = '******'
token = util.create_jwt(1, server.config.secret)
_, response = server.app.test_client.put(f'/users/{username}',
data=json.dumps({'garbage':
True}),
headers={'Authorization': token})
assert response.status == 400
def test_get_membership__failure(server):
# club does not exist
_, response = server.app.test_client.get('/users/founder')
user_id = response.json['id']
token = util.create_jwt(user_id, server.config.secret)
_, response = server.app.test_client.get(
'/memberships/doesnotexist?user_id=3',
headers={'Authorization': token})
assert response.status == 404
def test_delete_club__success(server):
# deleting clubs requires President privileges
# therefore use the founder's ID to successfully delete the club
_, response = server.app.test_client.get('/users/founder')
editor_id = response.json['id']
token = util.create_jwt(editor_id, server.config.secret)
_, response = server.app.test_client.delete(
'/clubs/newtest', headers={'Authorization': token})
assert response.status == 204
def test_delete_club__failure(server):
# get user's id of a Member membership
_, response = server.app.test_client.get('/users/member')
user_id = response.json['id']
token = util.create_jwt(user_id, server.config.secret)
# fail when a user with a Member membership tries to delete the club
_, response = server.app.test_client.delete(
'/clubs/newtest', headers={'Authorization': token})
assert response.status == 403
def test_delete_user_image__success(server):
# get image for user whose name is founder
_, response = server.app.test_client.get('/users/founder')
user_id = response.json['id']
token = util.create_jwt(user_id, server.config.secret)
_, response = server.app.test_client.delete(
'/users/' + str(user_id) + '/images/profile',
headers={
'Authorization': token,
})
assert response.status == 200
def test_delete_user_image__failure(server):
token = util.create_jwt(99, server.config.secret)
# No such image
_, response = server.app.test_client.delete(
'/users/99/images/profile', headers={
'Authorization': token,
})
assert response.status == 404
# Forbidden (user is trying to delete another user's image)
_, response = server.app.test_client.delete(
'/users/3/images/profile', headers={
'Authorization': token,
})
assert response.status == 403
def test_put_user_image__success(server):
# Upload image for user whose name is founder
_, response = server.app.test_client.get('/users/founder')
user_id = response.json['id']
token = util.create_jwt(user_id, server.config.secret)
data = FormData()
data.add_field('image', open('tests/testdata/large-logo.png', 'rb'))
_, response = server.app.test_client.put(
'/users/' + str(user_id) + '/images/profile',
data=data,
headers={
'Authorization': token,
})
assert response.status == 200
def test_delete_membership__success(server):
# any member can delete his/her own membership
_, response = server.app.test_client.get('/users/member2')
member2_id = response.json['id']
member2_token = util.create_jwt(member2_id, server.config.secret)
_, response = server.app.test_client.delete(
'/memberships/testclub?user_id=' + str(member2_id),
headers={'Authorization': member2_token})
assert response.status == 201
# Admin can delete Member memberships
_, response = server.app.test_client.get('/users/admin')
admin_id = response.json['id']
admin_token = util.create_jwt(admin_id, server.config.secret)
_, response = server.app.test_client.get('/users/member')
member_id = response.json['id']
_, response = server.app.test_client.delete(
'/memberships/testclub?user_id=' + str(member_id),
headers={'Authorization': admin_token})
assert response.status == 201
# Presidents can delete members that are not Presidents
_, response = server.app.test_client.get('/users/founder')
founder_id = response.json['id']
founder_token = util.create_jwt(founder_id, server.config.secret)
_, response = server.app.test_client.get('/users/admin2')
admin2_id = response.json['id']
_, response = server.app.test_client.delete(
'/memberships/testclub?user_id=' + str(admin2_id),
headers={'Authorization': founder_token})
assert response.status == 201
# Delete all members
_, response = server.app.test_client.delete(
'/memberships/testclub', headers={'Authorization': founder_token})
assert response.status == 201
def test_put_user__success(server):
username = '******'
token = util.create_jwt(1, server.config.secret)
_, response = server.app.test_client.put(
f'/users/{username}',
data=json.dumps({
'full_name': 'New Name',
'email': '*****@*****.**',
}),
headers={'Authorization': token})
assert response.status == 200
assert response.json['username'] == username
assert response.json['full_name'] == 'New Name'
assert response.json['email'] == '*****@*****.**'
assert response.json['id'] == 1
assert isinstance(response.json['created_at'], int)
def test_post_clubs__success(server):
# A user is required to create the club
_, response = server.app.test_client.post('/users',
data=json.dumps({
'username':
'******',
'full_name':
'Test Guy',
'bio':
'Yeet!',
'email':
'*****@*****.**',
'password':
'******'
}))
assert response.status == 201
_, response = server.app.test_client.get('/users/founder')
assert response.status == 200
user_id = response.json['id']
token = util.create_jwt(user_id, server.config.secret)
# post club using the id of the user from token
_, response = server.app.test_client.post('/clubs',
data=json.dumps({
'name':
'test',
'description':
'club called test',
'website_url':
'club.com',
'facebook_url':
'facebook.com/test',
'instagram_url':
'instagram.com/test',
'twitter_url':
'twitter.com/test',
}),
headers={'Authorization': token})
assert response.status == 201
def test_post_clubs__failure(server):
# Get token for founder
_, response = server.app.test_client.get('/users/founder')
user_id = response.json['id']
token = util.create_jwt(user_id, server.config.secret)
_, response = server.app.test_client.post('/clubs',
data=json.dumps({
'name':
'test',
'description':
'club called test',
'website_url':
'club.com',
'facebook_url':
'facebook.com/test',
'instagram_url':
'instagram.com/test',
'twitter_url':
'twitter.com/test',
}),
headers={'Authorization': token})
assert response.status == 409
assert 'error' in response.json
def test_put_memberships__failure(server):
# Club does not exist
_, response = server.app.test_client.get('/users/founder')
founder_id = response.json['id']
founder_token = util.create_jwt(founder_id, server.config.secret)
_, response = server.app.test_client.put(
'/memberships/doesnotexist?user_id=3',
data=json.dumps({
'members_role': 'President',
'position': 'VP'
}),
headers={'Authorization': founder_token})
assert response.status == 400
# User does not exist
_, response = server.app.test_client.put(
'/memberships/testclub?user_id=99',
data=json.dumps({
'members_role': 'President',
'position': 'VP'
}),
headers={'Authorization': founder_token})
assert response.status == 400
# User id not provided
_, response = server.app.test_client.put(
'/memberships/testclub',
data=json.dumps({
'members_role': 'President',
'position': 'VP'
}),
headers={'Authorization': founder_token})
assert response.status == 400
# Permission denied. A user with an Admin membership cannot
# edit a President membership
_, response = server.app.test_client.get('/users/admin')
admin_id = response.json['id']
admin_token = util.create_jwt(admin_id, server.config.secret)
_, response = server.app.test_client.put(
'/memberships/testclub?user_id=' + str(founder_id),
data=json.dumps({
'members_role': 'President',
'position': 'some new position'
}),
headers={'Authorization': admin_token})
assert response.status == 403
# Permission denied. A user with an Admin membership cannot
# add a President membership
# Create new user to attempt adding into database
_, response = server.app.test_client.post(
'/users',
data=json.dumps({
'username': '******',
'full_name': 'president guy',
'bio': 'I am president2, rip',
'email': '*****@*****.**',
'password': '******'
}))
# get his id
_, response = server.app.test_client.get('/users/president2')
president_id = response.json['id']
# attempt to add President membership
_, response = server.app.test_client.put(
'/memberships/testclub?user_id=' + str(president_id),
data=json.dumps({
'members_role': 'President',
'position': 'VP'
}),
headers={'Authorization': admin_token})
assert response.status == 403
# Permission denied. A user with a Membership membership cannot
# edit an Admin membership
_, response = server.app.test_client.get('/users/member')
member_id = response.json['id']
member_token = util.create_jwt(member_id, server.config.secret)
_, response = server.app.test_client.put(
'/memberships/testclub?user_id=' + str(admin_id),
data=json.dumps({
'members_role': 'President',
'position': 'some new position'
}),
headers={'Authorization': member_token})
assert response.status == 403
# Permission denied. A user with a Membership membership cannot
# add an Admin membership
# Create new user to attempt adding into database
_, response = server.app.test_client.post(
'/users',
data=json.dumps({
'username': '******',
'full_name': 'admin guy',
'bio': 'I am admin2, rip',
'email': '*****@*****.**',
'password': '******'
}))
# get his id
_, response = server.app.test_client.get('/users/admin2')
admin_id = response.json['id']
# attempt to add Admin membership
_, response = server.app.test_client.put(
'/memberships/testclub?user_id=' + str(admin_id),
data=json.dumps({
'members_role': 'Admin',
'position': 'tech lead 2'
}),
headers={'Authorization': member_token})
assert response.status == 403
# Permission denied. A user with a President membership cannot
# edit another President membership
# get pres2's id
_, response = server.app.test_client.get('/users/pres2')
pres2_id = response.json['id']
_, response = server.app.test_client.put(
'/memberships/testclub?user_id=' + str(pres2_id),
data=json.dumps({
'members_role': 'President',
'position': 'former tech lead 2'
}),
headers={'Authorization': founder_token})
assert response.status == 403
def test_put_memberships__success(server):
# to put a new membership, we will first need to create a club
# to add a membership to. A founder user will be needed to create
# the club
# get user whose name is founder and get his id to pass in with his token
_, response = server.app.test_client.get('/users/founder')
founder_id = response.json['id']
founder_token = util.create_jwt(founder_id, server.config.secret)
_, response = server.app.test_client.post(
'/clubs',
data=json.dumps({
'name': 'testclub',
'description': 'club called test',
'website_url': 'club.com',
'facebook_url': 'facebook.com/test',
'instagram_url': 'instagram.com/test',
'twitter_url': 'twitter.com/test',
}),
headers={'Authorization': founder_token})
# add an Admin membership to another user
# first create user whom we will give an Admin membership to
_, response = server.app.test_client.post(
'/users',
data=json.dumps({
'username': '******',
'full_name': 'admin guy',
'bio': 'I am an eng student, rip',
'email': '*****@*****.**',
'password': '******'
}))
# get his id
_, response = server.app.test_client.get('/users/admin')
admin_id = response.json['id']
# add Admin membership
_, response = server.app.test_client.put(
'/memberships/testclub?user_id=' + str(admin_id),
data=json.dumps({
'members_role': 'Admin',
'position': 'tech lead'
}),
headers={'Authorization': founder_token})
assert response.status == 201
# edit same Admin membership
_, response = server.app.test_client.put(
'/memberships/testclub?user_id=' + str(admin_id),
data=json.dumps({
'members_role': 'Admin',
'position': 'former tech lead'
}),
headers={'Authorization': founder_token})
assert response.status == 201
# add a Member membership to another user.
# use the Admin membership to put entry into the memberships table
admin_token = util.create_jwt(admin_id, server.config.secret)
_, response = server.app.test_client.get('/users/member')
member_id = response.json['id']
_, response = server.app.test_client.put(
'/memberships/testclub?user_id=' + str(member_id),
data=json.dumps({
'members_role': 'Member',
'position': 'club member'
}),
headers={'Authorization': admin_token})
assert response.status == 201
# edit the same Member membership
_, response = server.app.test_client.put(
'/memberships/testclub?user_id=' + str(member_id),
data=json.dumps({
'members_role': 'Member',
'position': 'former club member'
}),
headers={'Authorization': admin_token})
assert response.status == 201
# Add President membership using the founder's id.
# Create new user to attempt adding into database
_, response = server.app.test_client.post(
'/users',
data=json.dumps({
'username': '******',
'full_name': 'admin guy',
'bio': 'I am a president, rip',
'email': '*****@*****.**',
'password': '******'
}))
# get his id
_, response = server.app.test_client.get('/users/pres2')
pres2_id = response.json['id']
# add President membership
_, response = server.app.test_client.put(
'/memberships/testclub?user_id=' + str(pres2_id),
data=json.dumps({
'members_role': 'President',
'position': 'tech lead 2'
}),
headers={'Authorization': founder_token})
assert response.status == 201
# Add another Member and Admin membership to the table for other tests
# Create new user to attempt adding into database
_, response = server.app.test_client.post(
'/users',
data=json.dumps({
'username': '******',
'full_name': 'member guy 2',
'bio': 'I am an admin, rip',
'email': '*****@*****.**',
'password': '******'
}))
assert response.status == 201
# get his id
_, response = server.app.test_client.get('/users/member2')
member2_id = response.json['id']
# add Member membership
_, response = server.app.test_client.put(
'/memberships/testclub?user_id=' + str(member2_id),
data=json.dumps({
'members_role': 'Member',
'position': 'another member'
}),
headers={'Authorization': founder_token})
assert response.status == 201
# Create new user to attempt adding into database
_, response = server.app.test_client.post(
'/users',
data=json.dumps({
'username': '******',
'full_name': 'admin guy 2',
'bio': 'I am admin2, rip',
'email': '*****@*****.**',
'password': '******'
}))
# get his id
_, response = server.app.test_client.get('/users/admin2')
admin2_id = response.json['id']
# add Member membership
_, response = server.app.test_client.put(
'/memberships/testclub?user_id=' + str(admin2_id),
data=json.dumps({
'members_role': 'Admin',
'position': 'another admin'
}),
headers={'Authorization': founder_token})
assert response.status == 201
def test_create_and_check_jwt__failure():
token = util.create_jwt(12345, 'test secret')
assert util.check_jwt(token, 'wrong secret') is None
def test_create_and_check_jwt__success():
user_id = 12345
secret = 'test secret'
token = util.create_jwt(user_id, secret)
assert util.check_jwt(token, secret) == user_id
def test_put_club__success(server):
# updating clubs requires Admin or President privileges
# therefore we will get the owners id to get access
_, response = server.app.test_client.get('/users/founder')
founder_id = response.json['id']
founder_token = util.create_jwt(founder_id, server.config.secret)
# test if the club is successfully edited by President
_, response = server.app.test_client.put(
'/clubs/test',
data=json.dumps({
'name': 'newtest',
'description': 'club with a new description',
}),
headers={'Authorization': founder_token})
assert response.status == 200
assert response.json['description'] == 'club with a new description'
assert response.json['id'] == 1
assert isinstance(response.json['created_at'], int)
# test if the club is successfully edited by an Admin
# First, create admin user
_, response = server.app.test_client.post('/users',
data=json.dumps({
'username':
'******',
'full_name':
'admin Guy',
'bio':
'Ayyy I\'m an admin',
'email':
'*****@*****.**',
'password':
'******'
}))
_, response = server.app.test_client.get('/users/adminPerson')
admin_id = response.json['id']
admin_token = util.create_jwt(admin_id, server.config.secret)
# add Admin membership
_, response = server.app.test_client.put(
'/memberships/newtest?user_id=' + str(admin_id),
data=json.dumps({
'members_role': 'Admin',
'position': 'tech lead'
}),
headers={'Authorization': founder_token})
assert response.status == 201
# test if the club is successfully edited by Admin
_, response = server.app.test_client.put(
'/clubs/newtest',
data=json.dumps({
'name': 'newtest',
'description': 'club with a newer description',
}),
headers={'Authorization': admin_token})
assert response.status == 200
assert response.json['description'] == 'club with a newer description'
assert response.json['id'] == 1
assert isinstance(response.json['created_at'], int)
def test_delete_user__success(server):
token = util.create_jwt(1, server.config.secret)
_, response = server.app.test_client.delete(
'/users/test', headers={'Authorization': token})
assert response.status == 204
def test_delete_user__failure(server):
token = util.create_jwt(1, server.config.secret)
_, response = server.app.test_client.delete(
'/users/doesnotexist', headers={'Authorization': token})
assert response.status == 404
def test_put_club__failure(server):
# bad json data test:
# first get the founder's id to get access
_, response = server.app.test_client.get('/users/founder')
user_id = response.json['id']
token = util.create_jwt(user_id, server.config.secret)
# bad json data
_, response = server.app.test_client.put('/clubs/newtest',
data=json.dumps({'garbage':
True}),
headers={'Authorization': token})
assert response.status == 400
# try editing the club with a Member membership
# first create user whom we will give a member membership to
_, response = server.app.test_client.post('/users',
data=json.dumps({
'username':
'******',
'full_name':
'Matthew Gin',
'bio':
'Ayyy I\'m a member',
'email':
'*****@*****.**',
'password':
'******'
}))
# get the founder's id and his membership to get access
# to add the member to the club
_, response = server.app.test_client.get('/users/founder')
editor_id = response.json['id']
token = util.create_jwt(editor_id, server.config.secret)
# get user's id to add to the club
_, response = server.app.test_client.get('/users/member')
user_id = response.json['id']
# give user a Member membership to the club
_, response = server.app.test_client.put('/memberships/newtest?user_id=' +
str(user_id),
data=json.dumps({
'members_role':
'Member',
'position':
'Student'
}),
headers={'Authorization': token})
# now try editing the club with the Member membership
token = util.create_jwt(user_id, server.config.secret)
_, response = server.app.test_client.put('/clubs/newtest',
data=json.dumps({
'name':
'newtest',
'description':
'new description',
}),
headers={'Authorization': token})
assert response.status == 403
