def test_change_user_pw(testing_db): NEW_PASSWORD = '******' # first, verify that both user and admin logins work response = hug.test.post(main, "/login", body=get_user_login_body()) assert response.status == hug.HTTP_200 response = hug.test.get(main, "/admin/config.js", headers=get_admin_login()) assert response.status == hug.HTTP_200 # now, let's change the password hug.test.cli('change_user_pw', module='main', username=USER, password=NEW_PASSWORD, for_real=True) # check that the old login does not work anymore response = hug.test.post(main, "/login", body=get_user_login_body()) assert response.status == hug.HTTP_400 # and the new one does response = hug.test.post(main, "/login", body=get_user_login_body(password=NEW_PASSWORD)) assert response.status == hug.HTTP_200 # and the existing user wasn't changed response = hug.test.get(main, "/admin/config.js", headers=get_admin_login()) assert response.status == hug.HTTP_200
def test_change_user_pw(testing_db): NEW_PASSWORD = '******' # first, verify that both users' logins work response = hug.test.get(main, "/api/booked", headers=get_user_login(), start_date="2020-03-26", end_date="2020-03-26") assert response.status == hug.HTTP_200 response = hug.test.get(main, "/admin/config.js", headers=get_admin_login()) assert response.status == hug.HTTP_200 # now, let's change the password hug.test.cli('change_user_pw', module='main', username=USER, password=NEW_PASSWORD, for_real=True) # check that the old login does not work anymore response = hug.test.get(main, "/api/booked", headers=get_user_login(), start_date="2020-03-26", end_date="2020-03-26") assert response.status == hug.HTTP_401 # and the new one does response = hug.test.get( main, "/api/booked", headers={"Authorization": get_basic_auth(USER, NEW_PASSWORD)}, start_date="2020-03-26", end_date="2020-03-26") assert response.status == hug.HTTP_200 # and the existing user wasn't changed response = hug.test.get(main, "/admin/config.js", headers=get_admin_login()) assert response.status == hug.HTTP_200
def test_create_user(testing_db): username = "******" password = "******" response = hug.test.get(main, "/config.js", headers=get_auth_header(username, password)) assert response.status == hug.HTTP_401 response = hug.test.put(main, "/admin_api/user", headers=get_admin_login(), body=get_create_user(username, password)) assert response.status == hug.HTTP_200 response = hug.test.get(main, "/config.js", headers=get_auth_header(username, password)) assert response.status == hug.HTTP_200 response = hug.test.get(main, "/admin_api/user", headers=get_auth_header(username, password)) assert response.status == hug.HTTP_401
def test_create_user_already_exists(testing_db): response = hug.test.put(main, "/admin_api/user", headers=get_admin_login(), body=get_create_user(USER, USER + "1")) assert response.status == hug.HTTP_409
def test_create_user_password_no_match(testing_db): response = hug.test.put(main, "/admin_api/user", headers=get_admin_login(), body=get_create_user_pw_mismatch(username="******")) assert response.status == hug.HTTP_400
def test_admin_is_authorized(testing_db): response = hug.test.get(main, "/admin_api/user", headers=get_admin_login()) assert response.status == hug.HTTP_200