def test_route_add_user__already_exists(self): # Given admin_auth_token = "abc123" user_id = "*****@*****.**" password = "******" with postgres.get_db_conn() as conn: user.add(conn, "admin", "Oranges12345", auth_token=admin_auth_token, is_admin=True) user.add(conn, user_id, password) # When response = self.app.post( "/user/add", data={ "user_id": user_id, "password": password }, headers=self.authorization_custom(admin_auth_token)) # Then self.assertEqual(400, response.status_code) response_json = json.loads(response.data) self.assertEqual(f"User {user_id} already exists", response_json["error"])
def route_user_password_change(): with postgres.get_db_conn() as conn: user_id = request.authorization.username auth.check_user_password(conn, user_id, request.authorization.password) new_password = user.form_new_password(request) user.change_password(conn, user_id, new_password) return ""
def test_route_number_set__with_invalid_auth_token(self): # Given user_id = "*****@*****.**" admin_auth_token = "abc123" number_id = "com.myapp" with postgres.get_db_conn() as conn: user.add(conn, user_id, "oranges", auth_token=admin_auth_token, is_admin=True) number.add(conn, number_id) number.add_user(conn, number_id, user_id) # When invalid_auth_token = "ooo000" response = self.app.post( "/number/set", data={ "number_id": number_id, "new_number": 2 }, headers=self.authorization_custom(invalid_auth_token)) # Then self.assertEqual(401, response.status_code) response_json = json.loads(response.data) self.assertEqual("Authentication failed", response_json["error"])
def setUp(self): number_service.app.testing = True self.app = number_service.app.test_client() postgres.DATABASE_URL = os.environ.get('TEST_DATABASE_URL') with number_service.app.app_context(): with postgres.get_db_conn() as conn: postgres.drop_tables(conn)
def test_route_number_set__with_invalid_number(self): # Given user_id = "*****@*****.**" admin_auth_token = "abc123" with postgres.get_db_conn() as conn: user.add(conn, user_id, "oranges", auth_token=admin_auth_token, is_admin=True) # When invalid_number_id = "com.myapp.fake" response = self.app.post( "/number/set", data={ "number_id": invalid_number_id, "new_number": 2 }, headers=self.authorization_custom(admin_auth_token)) # Then self.assertEqual(400, response.status_code) response_json = json.loads(response.data) self.assertEqual( f"User {user_id} not added to number {invalid_number_id}", response_json["error"])
def test_route_number_add_user__with_invalid_number(self): # Given admin_auth_token = "abc123" number_id = "com.myapp" with postgres.get_db_conn() as conn: user.add(conn, "admin", "oranges", auth_token=admin_auth_token, is_admin=True) number.add(conn, number_id) # When user_id = "*****@*****.**" invalid_number_id = "com.fakeapp" response = self.app.post( "/number/user/add", data={ "user_id": user_id, "number_id": invalid_number_id }, headers=self.authorization_custom(admin_auth_token)) # Then self.assertEqual(404, response.status_code) response_json = json.loads(response.data) self.assertEqual(f"Number {invalid_number_id} not found", response_json["error"])
def test_route_number_add_user__already_added(self): # Given admin_auth_token = "abc123" number_id = "com.myapp" user_id = "*****@*****.**" password = "******" with postgres.get_db_conn() as conn: user.add(conn, "admin", "oranges", auth_token=admin_auth_token, is_admin=True) user.add(conn, user_id, password) number.add(conn, number_id) number.add_user(conn, number_id, user_id) # When response = self.app.post( "/number/user/add", data={ "user_id": user_id, "number_id": number_id }, headers=self.authorization_custom(admin_auth_token)) # Then self.assertEqual(400, response.status_code) response_json = json.loads(response.data) self.assertEqual(f"User {user_id} already added to number {number_id}", response_json["error"])
def route_init(): with postgres.get_db_conn() as conn: if not postgres.initialized(conn): postgres.initialize(conn) user.add(conn, "admin", "password", is_admin=True) return jsonify(result="Initialized") else: return jsonify(result="Already initialized")
def route_user_add(): with postgres.get_db_conn() as conn: auth.check_auth_token(conn, auth.header_auth_token(request), check_is_admin=True) user_id = user.form_user_id(request) user.verify_not_exists(conn, user_id) auth_token = user.add(conn, user_id, user.form_password(request)) return jsonify(auth_token=auth_token)
def route_number_set(): with postgres.get_db_conn() as conn: user_id = auth.check_auth_token(conn, auth.header_auth_token(request), check_is_admin=True) number_id = number.form_id(request) number.verify_user_added(conn, number_id, user_id) number.update(conn, number_id, number.form_new(request)) return ""
def route_number_remove(): with postgres.get_db_conn() as conn: auth.check_auth_token(conn, auth.header_auth_token(request), check_is_admin=True) number_id = number.form_id(request) number.verify_exists(conn, number_id) number.remove(conn, number_id) return ""
def test_route_init__already_initialized(self): # Given with postgres.get_db_conn() as conn: postgres.create_tables(conn) # When response = self.app.post("/init") # Then self.assertEqual(200, response.status_code) response_json = json.loads(response.data) self.assertEqual("Already initialized", response_json["result"])
def route_number_add_user(): with postgres.get_db_conn() as conn: auth.check_auth_token(conn, auth.header_auth_token(request), check_is_admin=True) number_id = number.form_id(request) number.verify_exists(conn, number_id) user_id = user.form_user_id(request) user.verify_exists(conn, user_id) number.verify_user_not_added(conn, number_id, user_id) number.add_user(conn, number_id, user_id) return ""
def test_route_add_number__with_admin_auth_token(self): # Given admin_auth_token = "abc123" with postgres.get_db_conn() as conn: user.add(conn, "admin", "oranges", auth_token=admin_auth_token, is_admin=True) # When number_id = "com.myapp" response = self.app.post("/number/add", data={"number_id": number_id}, headers=self.authorization_custom(admin_auth_token)) # Then self.assertEqual(200, response.status_code) self.assertEqual("", response.data.decode("utf-8"))
def test_route_user_refresh_auth_token__invalid_username(self): # Given user_id = "*****@*****.**" password = "******" with postgres.get_db_conn() as conn: user.add(conn, user_id, password) # When response = self.app.post("/user/auth_token/refresh", headers=self.authorization_basic( "*****@*****.**", password)) # Then self.assertEqual(401, response.status_code) response_json = json.loads(response.data) self.assertEqual("Authentication failed", response_json["error"])
def test_route_add_number__with_user_auth_token(self): # Given user_auth_token = "xyz789" with postgres.get_db_conn() as conn: user.add(conn, "user", "apples", auth_token=user_auth_token, is_admin=False) # When number_id = "com.myapp" response = self.app.post("/number/add", data={"number_id": number_id}, headers=self.authorization_custom(user_auth_token)) # Then self.assertEqual(401, response.status_code) response_json = json.loads(response.data) self.assertEqual("Authentication failed", response_json["error"])
def test_route_user_refresh_auth_token__valid_username_and_password(self): # Given user_id = "*****@*****.**" password = "******" with postgres.get_db_conn() as conn: user.add(conn, user_id, password) # When response = self.app.post("/user/auth_token/refresh", headers=self.authorization_basic( user_id, password)) # Then self.assertEqual(200, response.status_code) response_json = json.loads(response.data) self.assertIsNotNone(response_json["auth_token"])
def test_route_remove_number__with_invalid_auth_token(self): # Given invalid_auth_token = "ooo000" number_id = "com.myapp" with postgres.get_db_conn() as conn: number.add(conn, number_id) # When response = self.app.post( "/number/remove", data={"number_id": number_id}, headers=self.authorization_custom(invalid_auth_token)) # Then self.assertEqual(401, response.status_code) response_json = json.loads(response.data) self.assertEqual("Authentication failed", response_json["error"])
def test_route_user_password_change__valid_username_and_password(self): # Given user_id = "*****@*****.**" password = "******" new_password = "******" with postgres.get_db_conn() as conn: user.add(conn, user_id, password) # When response = self.app.post("/user/password/change", data={"new_password": new_password}, headers=self.authorization_basic( user_id, password)) # Then self.assertEqual(200, response.status_code) self.assertEqual("", response.data.decode("utf-8"))
def test_route_add_number__existing(self): # Given admin_auth_token = "abc123" number_id = "com.myapp" with postgres.get_db_conn() as conn: user.add(conn, "admin", "oranges", auth_token=admin_auth_token, is_admin=True) number.add(conn, number_id) # When response = self.app.post("/number/add", data={"number_id": number_id}, headers=self.authorization_custom(admin_auth_token)) # Then self.assertEqual(400, response.status_code) response_json = json.loads(response.data) self.assertEqual(f"Number {number_id} already exists", response_json["error"])
def test_route_number_get_current__with_valid_auth_token(self): # Given user_id = "*****@*****.**" user_auth_token = "abc123" number_id = "com.myapp" with postgres.get_db_conn() as conn: user.add(conn, user_id, "oranges", auth_token=user_auth_token, is_admin=False) number.add(conn, number_id) number.add_user(conn, number_id, user_id) # When response = self.app.post("/number/current", data={"number_id": number_id}, headers=self.authorization_custom(user_auth_token)) # Then self.assertEqual(200, response.status_code) self.assertEqual(0, int(response.data))
def test_route_remove_user__with_admin_auth_token(self): admin_auth_token = "abc123" user_auth_token = "xyz789" user_id = "*****@*****.**" # Given with postgres.get_db_conn() as conn: user.add(conn, "admin", "oranges", auth_token=admin_auth_token, is_admin=True) user.add(conn, user_id, "sesame", auth_token=user_auth_token, is_admin=False) # When response = self.app.post("/user/remove", data={"user_id": user_id}, headers=self.authorization_custom(admin_auth_token)) # Then self.assertEqual(200, response.status_code) self.assertEqual("", response.data.decode("utf-8"))
def test_route_user_password_change__invalid_password(self): # Given user_id = "*****@*****.**" password = "******" invalid_password = "******" new_password = "******" with postgres.get_db_conn() as conn: user.add(conn, user_id, password) # When response = self.app.post("/user/password/change", data={"new_password": new_password}, headers=self.authorization_basic( user_id, invalid_password)) # Then self.assertEqual(401, response.status_code) response_json = json.loads(response.data) self.assertEqual("Authentication failed", response_json["error"])
def test_route_remove_user__with_user_auth_token(self): admin_auth_token = "abc123" user_id = "*****@*****.**" user_auth_token = "xyz789" # Given with postgres.get_db_conn() as conn: user.add(conn, "admin", "oranges", auth_token=admin_auth_token, is_admin=True) user.add(conn, user_id, "sesame", auth_token=user_auth_token, is_admin=False) # When response = self.app.post("/user/remove", data={"user_id": user_id}, headers=self.authorization_custom(user_auth_token)) # Then self.assertEqual(401, response.status_code) response_json = json.loads(response.data) self.assertEqual("Authentication failed", response_json["error"])
def test_route_user_password_change__weak_new_password(self): # Given user_id = "*****@*****.**" password = "******" weak_new_password = "******" with postgres.get_db_conn() as conn: user.add(conn, user_id, password) # When response = self.app.post("/user/password/change", data={"new_password": weak_new_password}, headers=self.authorization_basic( user_id, password)) # Then self.assertEqual(401, response.status_code) response_json = json.loads(response.data) self.assertEqual( "Password must be at least 12 characters long, including an uppercase letter, a lowercase letter and a digit.", response_json["error"])
def test_route_add_user__with_valid_auth_token(self): # Given admin_auth_token = "abc123" with postgres.get_db_conn() as conn: user.add(conn, "admin", "Oranges12345", auth_token=admin_auth_token, is_admin=True) # When response = self.app.post( "/user/add", data={ "user_id": "*****@*****.**", "password": "******" }, headers=self.authorization_custom(admin_auth_token)) # Then self.assertEqual(200, response.status_code) response_json = json.loads(response.data) self.assertIsNotNone(response_json["auth_token"])
def test_route_number_set__with_valid_auth_token(self): # Given user_id = "*****@*****.**" admin_auth_token = "abc123" number_id = "com.myapp" with postgres.get_db_conn() as conn: user.add(conn, user_id, "oranges", auth_token=admin_auth_token, is_admin=True) number.add(conn, number_id) number.add_user(conn, number_id, user_id) # When response = self.app.post( "/number/set", data={ "number_id": number_id, "new_number": 2 }, headers=self.authorization_custom(admin_auth_token)) # Then self.assertEqual(200, response.status_code) self.assertEqual("", response.data.decode("utf-8"))
def test_route_add_user__with_weak_password(self): # Given admin_auth_token = "abc123" with postgres.get_db_conn() as conn: user.add(conn, "admin", "Oranges12345", auth_token=admin_auth_token, is_admin=True) weak_password = "******" # When response = self.app.post( "/user/add", data={ "user_id": "*****@*****.**", "password": weak_password }, headers=self.authorization_custom(admin_auth_token)) # Then self.assertEqual(401, response.status_code) response_json = json.loads(response.data) self.assertEqual( "Password must be at least 12 characters long, including an uppercase letter, a lowercase letter and a digit.", response_json["error"])
def route_user_auth_token_refresh(): with postgres.get_db_conn() as conn: user_id = request.authorization.username auth.check_user_password(conn, user_id, request.authorization.password) auth_token = user.refresh_auth_token(conn, user_id) return jsonify(auth_token=auth_token)
def route_number_get_next(): with postgres.get_db_conn() as conn: user_id = auth.check_auth_token(conn, auth.header_auth_token(request)) number_id = number.form_id(request) number.verify_user_added(conn, number_id, user_id) return str(number.get_next(conn, number_id))