def update_entry(entry, *, commit=True, **kwargs):
session = Session()
for key, value in kwargs.items():
setattr(entry, key, value)
if commit:
session.commit()
return entry
def test_send_funds_with_wrong_user(self):
resp = self.client.post(
url_for("api.send_funds", wallet_id=self.wallet_1.uid),
json={
"to_wallet": self.wallet_2.uid,
"amount": 25
},
headers=self.get_auth_headers(self.user_2_credentials),
)
self.assertEqual(resp.status_code, 404)
self.assertEqual(resp.json, {
'code': 404,
'type': 'NOT_FOUND',
'message': ANY
})
self.assertEqual(
Session().query(
Wallets.funds).filter_by(uid=self.wallet_1.uid).one().funds,
100,
)
self.assertEqual(
Session().query(
Wallets.funds).filter_by(uid=self.wallet_2.uid).one().funds,
0,
)
def test_send_funds(self):
resp = self.client.post(
url_for("api.send_funds", wallet_id=self.wallet_1.uid),
json={
"to_wallet": self.wallet_2.uid,
"amount": 25
},
headers=self.get_auth_headers(self.user_1_credentials),
)
self.assertEqual(resp.status_code, 200)
self.assertEqual(
resp.json, {
'uid': ANY,
'from_wallet': self.wallet_1.uid,
'to_wallet': self.wallet_2.uid,
'amount': 25,
'datetime': ANY
})
self.assertTrue(Session().query(Transactions).filter_by(
uid=resp.json['uid']).one())
self.assertEqual(
Session().query(
Wallets.funds).filter_by(uid=self.wallet_1.uid).one().funds,
75,
)
self.assertEqual(
Session().query(
Wallets.funds).filter_by(uid=self.wallet_2.uid).one().funds,
25,
)
def test_unauthorized(self):
resp = self.client.post(
url_for("api.send_funds", wallet_id=self.wallet_1.uid),
json={
"to_wallet": self.wallet_2.uid,
"amount": 25
},
)
self.assertEqual(resp.status_code, 401)
self.assertEqual(resp.json, {
'code': 401,
'type': 'NOT_AUTHORIZED',
'message': ANY
})
self.assertEqual(
Session().query(
Wallets.funds).filter_by(uid=self.wallet_1.uid).one().funds,
100,
)
self.assertEqual(
Session().query(
Wallets.funds).filter_by(uid=self.wallet_2.uid).one().funds,
0,
)
def list_wallets(*filters):
session = Session()
return (
session.query(Wallets)
.join(Users)
.filter(*filters)
.all()
)
def identity(payload):
admin_identity = AdminUserIdentity()
if payload['identity'] == admin_identity.id:
return admin_identity
else:
session = Session()
return UserModelIdentity(
session.query(Users).filter_by(uid=payload['identity']).one())
def list_users(email=None, first_name=None, last_name=None):
session = Session()
filters = []
if email:
filters.append(Users.email.like(email))
if first_name:
filters.append(Users.email.like(first_name))
if last_name:
filters.append(Users.email.like(last_name))
return session.query(Users).filter(*filters).all()
def authenticate(username, password):
from lab6.app import app
session = Session()
admin_identity = AdminUserIdentity()
if username == f'admin-{admin_identity.id}' and password == app.config[
'SECRET_KEY']:
return admin_identity
else:
user = session.query(Users).filter_by(email=username).one()
if user and check_password_hash(user.password, password):
return UserModelIdentity(user)
def db_session_context():
session = Session()
try:
yield session
except Exception:
session.rollback()
raise
else:
try:
session.commit()
except Exception:
session.rollback()
raise
def test_unauthorized(self):
resp = self.client.delete(
url_for("api.delete_wallet", wallet_id=self.wallet.uid), )
self.assertEqual(resp.status_code, 401)
self.assertEqual(resp.json, {
'code': 401,
'type': 'NOT_AUTHORIZED',
'message': ANY
})
self.assertTrue(Session().query(Wallets).filter_by(
uid=self.wallet.uid).one_or_none())
def test_unauthorized(self):
resp = self.client.post(url_for("api.create_user"),
json=self.user_1_data)
self.assertEqual(resp.status_code, 401)
self.assertEqual(resp.json, {
'code': 401,
'type': 'NOT_AUTHORIZED',
'message': ANY
})
self.assertFalse(Session().query(Users).filter_by(
email=self.user_1_data['email']).one_or_none())
def create_entry(model_class, *, commit=True, **kwargs):
session = Session()
entry = model_class(**kwargs)
session.add(entry)
if commit:
session.commit()
return entry
def test_delete_wallet_by_wrong_user(self):
resp = self.client.delete(
url_for("api.delete_wallet", wallet_id=self.wallet.uid),
headers=self.get_auth_headers(self.user_2_credentials),
)
self.assertEqual(resp.status_code, 404)
self.assertEqual(resp.json, {
'code': 404,
'type': 'NOT_FOUND',
'message': ANY
})
self.assertTrue(Session().query(Wallets).filter_by(
uid=self.wallet.uid).one_or_none())
def test_delete_wallet(self):
resp = self.client.delete(
url_for("api.delete_wallet", wallet_id=self.wallet.uid),
headers=self.get_auth_headers(self.user_1_credentials),
)
self.assertEqual(resp.status_code, 200)
self.assertEqual(resp.json, {
'code': 200,
'type': 'OK',
'message': ANY
})
self.assertFalse(Session().query(Wallets).filter_by(
uid=self.wallet.uid).one_or_none())
def test_update_another_user(self):
resp = self.client.delete(
url_for("api.delete_user", user_id=self.user_2.uid),
headers=self.get_auth_headers(self.user_1_credentials),
)
self.assertEqual(resp.status_code, 401)
self.assertEqual(resp.json, {
'code': 401,
'type': 'NOT_AUTHORIZED',
'message': ANY
})
self.assertTrue(Session().query(Users).filter_by(
uid=self.user_2.uid).one_or_none())
def test_unauthorized(self):
resp = self.client.put(
url_for("api.update_wallet", wallet_id=self.wallet.uid),
json={"name": "Updated Wallet A"},
)
self.assertEqual(resp.status_code, 401)
self.assertEqual(resp.json, {
'code': 401,
'type': 'NOT_AUTHORIZED',
'message': ANY
})
self.assertFalse(Session().query(Wallets).filter_by(
name="Updated Wallet A").one_or_none())
def test_update_wallet_by_wrong_user(self):
resp = self.client.put(
url_for("api.update_wallet", wallet_id=self.wallet.uid),
json={"name": "Updated Wallet A"},
headers=self.get_auth_headers(self.user_2_credentials),
)
self.assertEqual(resp.status_code, 404)
self.assertEqual(resp.json, {
'code': 404,
'type': 'NOT_FOUND',
'message': ANY
})
self.assertFalse(Session().query(Wallets).filter_by(
name="Updated Wallet A").one_or_none())
def test_update_wallet(self):
resp = self.client.put(
url_for("api.update_wallet", wallet_id=self.wallet.uid),
json={"name": "Updated Wallet A"},
headers=self.get_auth_headers(self.user_1_credentials),
)
self.assertEqual(resp.status_code, 200)
self.assertEqual(resp.json, {
'code': 200,
'type': 'OK',
'message': ANY
})
self.assertTrue(
Session().query(Wallets).filter_by(name="Updated Wallet A").one())
def test_unauthorized(self):
resp = self.client.put(
url_for("api.update_user", user_id=self.user_1.uid),
json={
**self.user_1_data, "first_name": "UpdatedFirst"
},
)
self.assertEqual(resp.status_code, 401)
self.assertEqual(resp.json, {
'code': 401,
'type': 'NOT_AUTHORIZED',
'message': ANY
})
self.assertFalse(Session().query(Users).filter_by(
first_name='UpdatedFirst').one_or_none())
def test_not_admin(self):
db_utils.create_entry(Users, **self.user_1_data_hashed)
resp = self.client.post(
url_for("api.create_user"),
json=self.user_2_data,
headers=self.get_auth_headers(self.user_1_credentials),
)
self.assertEqual(resp.status_code, 401)
self.assertEqual(resp.json, {
'code': 401,
'type': 'NOT_AUTHORIZED',
'message': ANY
})
self.assertFalse(Session().query(Users).filter_by(
email=self.user_2_data['email']).one_or_none())
def test_self_update(self):
resp = self.client.put(
url_for("api.update_user", user_id=self.user_1.uid),
json={
**self.user_1_data, "first_name": "UpdatedFirst"
},
headers=self.get_auth_headers(self.user_1_credentials),
)
self.assertEqual(resp.status_code, 200)
self.assertEqual(resp.json, {
'code': 200,
'type': 'OK',
'message': ANY
})
self.assertTrue(
Session().query(Users).filter_by(first_name='UpdatedFirst').one())
def test_create_user(self):
resp = self.client.post(
url_for("api.create_user"),
json=self.user_1_data,
headers=self.get_auth_headers(self.admin_credentials),
)
self.assertEqual(resp.status_code, 200)
self.assertEqual(
resp.json, {
'uid': ANY,
'email': self.user_1_data['email'],
'first_name': self.user_1_data['first_name'],
'last_name': self.user_1_data['last_name'],
})
self.assertTrue(Session().query(Users).filter_by(
email=self.user_1_data['email']).one())
def list_transactions_for_wallet(user_uid, wallet_id):
session = Session()
session.query(Wallets).filter_by(uid=wallet_id, owner_uid=user_uid).one()
transactions_from = (
session.query(Transactions)
.join(Wallets, Transactions.from_wallet_uid == Wallets.uid)
.filter(
Wallets.owner_uid == user_uid, Transactions.from_wallet_uid == wallet_id
)
)
transactions_to = (
session.query(Transactions)
.join(Wallets, Transactions.to_wallet_uid == Wallets.uid)
.filter(
Wallets.owner_uid == user_uid, Transactions.to_wallet_uid == wallet_id
)
)
return (
transactions_from.union(transactions_to)
.order_by(Transactions.datetime)
.all()
)
def close_session(self):
Session().close()
def delete_entry(model_class, uid, *, commit=True, **kwargs):
session = Session()
session.query(model_class).filter_by(uid=uid, **kwargs).delete()
if commit:
session.commit()
def get_entry_by_uid(model_class, uid, **kwargs):
session = Session()
return session.query(model_class).filter_by(uid=uid, **kwargs).one()
