def test_api_auth_login_valid(self):
UserFactory.generate(username='******', password='******')
resp = self.api_utils.request(AuthLoginURI,
data={
'username': '******',
'password': '******',
'remember_me': False,
})
self.assertEqual(resp.status_code, 200)
self.assertEqual(resp.json['username'], 'username')
def test_api_add_new_user_unavailable_username(self):
UserFactory.generate(username='******')
resp = self.api_utils.request(UserAddURI,
data={
'username': '******',
'password': '******',
})
self.assertEqual(resp.status_code, 409)
self.assertEqual(resp.json['failure'], 'failure_unavailable_username')
def test_api_auth_login_undefined_error(self):
UserFactory.generate(username='******', password='******')
with mock.patch.object(util.response, 'success') as mock_success:
mock_success.side_effect = ValueError
resp = self.api_utils.request(AuthLoginURI,
data={
'username': '******',
'password': '******',
'remember_me': False,
})
self.assertTrue(self.api_utils.is_undefined_error(resp))
def test_require_login_api_login_auth(self):
@util.decorators.require_form_args()
@util.decorators.require_login_api()
def login_auth(data):
return 'resp'
flask_login.login_user(UserFactory.generate())
self.assertEqual(login_auth(), 'resp')
def test_require_login_api_api_key_header_auth(self):
@util.decorators.require_form_args()
@util.decorators.require_login_api()
def api_key_auth(data):
return 'resp'
user = UserFactory.generate()
with app.test_request_context(headers={'X-Linkr-Key': user.api_key}):
self.assertEqual(api_key_auth(), 'resp')
def test_require_login_api_api_key_admin_only_admin_user(self):
@util.decorators.require_form_args()
@util.decorators.require_login_api(admin_only=True)
def api_key_admin_only_admin_user(data):
return 'resp'
user = UserFactory.generate(is_admin=True)
with app.test_request_context(headers={'X-Linkr-Key': user.api_key}):
self.assertEqual(api_key_admin_only_admin_user(), 'resp')
def test_optional_login_api_api_key_header_auth(self):
@util.decorators.require_form_args()
@util.decorators.optional_login_api
def api_key_auth(data):
if flask_login.current_user.is_authenticated:
return 'resp'
user = UserFactory.generate()
with app.test_request_context(headers={'X-Linkr-Key': user.api_key}):
self.assertEqual(api_key_auth(), 'resp')
def test_optional_login_api_login_auth(self):
@util.decorators.require_form_args()
@util.decorators.optional_login_api
def login_auth(data):
if flask_login.current_user.is_authenticated:
return 'resp'
# Noop in this case
flask_login.login_user(UserFactory.generate())
self.assertEqual(login_auth(), 'resp')
def test_require_login_api_api_key_data_auth(self):
@util.decorators.require_form_args()
@util.decorators.require_login_api()
def api_key_auth(data):
return 'resp'
user = UserFactory.generate()
with app.test_request_context(
data=json.dumps({'api_key': user.api_key})):
self.assertEqual(api_key_auth(), 'resp')
def test_require_login_api_api_key_admin_only_regular_user(self):
@util.decorators.require_form_args()
@util.decorators.require_login_api(admin_only=True)
def api_key_admin_only_regular_user(data):
return 'resp'
user = UserFactory.generate(is_admin=False)
with app.test_request_context(headers={'X-Linkr-Key': user.api_key}):
resp, status = api_key_admin_only_regular_user()
self.assertEqual(status, 403)
self.assertEqual(resp.json['failure'], 'failure_unauth')
def test_api_deactivate_user_unauth(self):
user = UserFactory.generate()
with self.api_utils.authenticated_user():
resp = self.api_utils.request(UserDeactivationURI,
data={
'user_id': user.user_id,
})
self.assertEqual(resp.status_code, 403)
self.assertEqual(resp.json['failure'], 'failure_unauth')
def test_require_login_api_admin_only_unauth(self):
@util.decorators.require_form_args()
@util.decorators.require_login_api(admin_only=True)
def admin_only_unauth(data):
return 'resp'
flask_login.login_user(UserFactory.generate(is_admin=False))
resp, status = admin_only_unauth()
self.assertEqual(status, 403)
self.assertFalse(resp.json['success'])
self.assertEqual(resp.json['failure'], 'failure_unauth')
def test_require_login_api_api_key_invalid(self):
@util.decorators.require_form_args()
@util.decorators.require_login_api()
def api_key_invalid(data):
return 'resp'
user = UserFactory.generate()
with app.test_request_context(
headers={'X-Linkr-Key': user.api_key + 'a'}):
resp, status = api_key_invalid()
self.assertEqual(status, 401)
self.assertEqual(resp.json['failure'], 'failure_unauth')
def test_api_links_for_user_specified_user_valid(self):
user = UserFactory.generate()
with self.api_utils.authenticated_user(is_admin=True):
link = LinkFactory.generate(user_id=user.user_id)
resp = self.api_utils.request(LinksForUserURI,
data={
'user_id': user.user_id,
})
self.assertEqual(resp.status_code, 200)
self.assertEqual(resp.json['links'], [link.as_dict()])
def test_get_links_for_user_pagination(self):
user = UserFactory.generate()
links = [
LinkFactory.generate(user_id=user.user_id) for _ in xrange(10)
]
queried_links = database.link.get_links_for_user(user.user_id,
page_num=0,
num_per_page=5)
self.assertEqual(queried_links, links[:5])
queried_links = database.link.get_links_for_user(user.user_id,
page_num=1,
num_per_page=5)
self.assertEqual(queried_links, links[5:])
def test_api_deactivate_user_nonexistent(self):
user = UserFactory.generate()
with self.api_utils.authenticated_user(is_admin=True):
resp = self.api_utils.request(UserDeactivationURI,
data={
'user_id': user.user_id,
})
self.assertEqual(resp.status_code, 200)
self.assertEqual(resp.json['user_id'], user.user_id)
resp = self.api_utils.request(UserDeactivationURI,
data={
'user_id': user.user_id,
})
self.assertEqual(resp.status_code, 404)
self.assertEqual(resp.json['failure'], 'failure_nonexistent_user')
def test_api_deactivate_user_admin(self):
user = UserFactory.generate()
with self.api_utils.authenticated_user(is_admin=True) as admin:
# Admin should initially be authenticated
resp = self.api_utils.request(AuthCheckURI)
self.assertEqual(resp.status_code, 200)
# Actual account deactivation of someone else's account
resp = self.api_utils.request(UserDeactivationURI,
data={
'user_id': user.user_id,
})
self.assertEqual(resp.status_code, 200)
self.assertEqual(resp.json['user_id'], user.user_id)
# Admin should still be authenticated since his or her account was not affected
resp = self.api_utils.request(AuthCheckURI)
self.assertEqual(resp.status_code, 200)
def test_get_links_for_user(self):
user = UserFactory.generate()
links = [LinkFactory.generate(user_id=user.user_id) for _ in xrange(5)]
self.assertEqual(database.link.get_links_for_user(user.user_id), links)
