def test_update_order__failure_non_existing(self):
user = add_user('*****@*****.**', TEST_USER_PSW)
addr = add_address(user=user,
id='429994bf-784e-47cc-a823-e0c394b823e8')
Order.create(delivery_address=addr, user=user)
order_uuid = str(uuid4())
order = {
'relationships': {
'items': [
{
'id': '429994bf-784e-47cc-a823-e0c394b823e8',
'type': 'item',
'quantity': 5
},
],
}
}
data = format_jsonapi_request('order', order)
path = 'orders/{}'.format(order_uuid)
resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'PATCH',
'*****@*****.**', TEST_USER_PSW,
'application/json', json.dumps(data))
assert resp.status_code == NOT_FOUND
def test_update_order_empty_items_list__fail(self):
item1 = Item.create(
uuid='429994bf-784e-47cc-a823-e0c394b823e8',
name='mario',
price=20.20,
description='svariati mariii',
availability=2,
category='scarpe',
)
user = add_user('*****@*****.**', TEST_USER_PSW)
addr = add_address(user=user,
id='429994bf-784e-47cc-a823-e0c394b823e8')
order = Order.create(delivery_address=addr,
user=user).add_item(item1, 2)
order_uuid = str(order.uuid)
order_data = {
"order": {
"uuid": order_uuid,
'items': [],
'delivery_address': '429994bf-784e-47cc-a823-e0c394b823e8',
'user': str(user.uuid)
}
}
path = 'orders/{}'.format(order_uuid)
resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'PATCH',
'*****@*****.**', TEST_USER_PSW,
'application/json', json.dumps(order_data))
assert resp.status_code == BAD_REQUEST
assert len(order.order_items) == 1
def test_delete_order__success_admin_not_own_order(self):
user = add_user('*****@*****.**', TEST_USER_PSW)
addr_A = add_address(user=user)
addr_B = add_address(user=user)
item1 = Item.create(
uuid='429994bf-784e-47cc-a823-e0c394b823e8',
name='mario',
price=20.20,
description='svariati mariii',
availability=2,
category='scarpe',
)
order1 = Order.create(delivery_address=addr_A, user=user)
order1.add_item(item1, 2)
order2 = Order.create(delivery_address=addr_B, user=user)
user_B = add_admin_user('*****@*****.**', TEST_USER_PSW)
path = 'orders/{}'.format(order1.uuid)
resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'DELETE',
user_B.email, TEST_USER_PSW, None, None)
assert resp.status_code == NO_CONTENT
assert len(Order.select()) == 1
assert len(OrderItem.select()) == 0
assert Order.get(uuid=order2.uuid)
def test_update_order__failure_non_existing_empty_orders(self):
user = add_user('*****@*****.**', TEST_USER_PSW)
add_address(user=user, id='429994bf-784e-47cc-a823-e0c394b823e8')
uuid = str(uuid4())
order = {
"order": {
'items': [{
'id': '429994bf-784e-47cc-a823-e0c394b823e8',
'type': 'item',
'quantity': 5
}, {
'id': '577ad826-a79d-41e9-a5b2-7955bcf03499',
'type': 'item',
'quantity': 1
}],
'delivery_address':
'429994bf-784e-47cc-a823-e0c394b823e8',
'user':
'******'
}
}
data = format_jsonapi_request('order', order)
path = '/orders/{}'.format(uuid)
resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'PATCH',
'*****@*****.**', TEST_USER_PSW,
'application/json', json.dumps(data))
assert resp.status_code == NOT_FOUND
def test_delete_order__failure_non_existing_empty_orders(self):
user = add_user('*****@*****.**', TEST_USER_PSW)
path = 'orders/{}'.format(str(uuid4()))
resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'DELETE',
user.email, TEST_USER_PSW, None, None)
assert resp.status_code == NOT_FOUND
def test_get_addresses__empty(self):
user = add_user('*****@*****.**', TEST_USER_PSW)
resp = open_with_auth(self.app, '/addresses/', 'GET', user.email,
TEST_USER_PSW, None, None)
assert resp.status_code == OK
assert json.loads(resp.data) == []
def test_put_address__success(self):
addr_id = '943d754e-5826-4d5c-b878-47edc478b789'
user = add_user('*****@*****.**',
'123',
id='943d754e-5826-4d5c-b878-47edc478b789')
add_address(user,
city="Firenze",
post_code='50132',
address="Via Rossi 10",
id=addr_id)
addr1 = new_addr(user,
city="Roma",
post_code="10000",
address="Via Bianchi 20")
addr1 = format_jsonapi_request('address', addr1)
resp = open_with_auth(self.app,
'/addresses/{}'.format(addr_id),
'PATCH',
user.email,
TEST_USER_PSW,
data=json.dumps(addr1),
content_type='application/json')
assert resp.status_code == OK
upd_addr = Address.get(Address.uuid == addr_id).json()
expected_result = EXPECTED_RESULTS['put_address__success']
# Check that the response data is what is expected and is also
# the same as what has ben actually saved
assert_valid_response(resp.data, expected_result)
assert expected_result == json.loads(upd_addr)
def test_get_favorites_pass2__wrong(self):
"""Forced case where a users uses the password of another user."""
user1 = add_user(USER1, PASS1)
user2 = add_user(None, PASS2) # noqa: F841
resp = open_with_auth(self.app, API_ENDPOINT.format('favorites/'),
'GET', user1.email, PASS2, None, None)
assert resp.status_code == UNAUTHORIZED
def test_update_order__non_existing_items(self):
item1 = Item.create(
uuid='429994bf-784e-47cc-a823-e0c394b823e8',
name='mario',
price=20.20,
description='svariati mariii',
availability=2,
category='scarpe',
)
item2 = Item.create(
uuid='577ad826-a79d-41e9-a5b2-7955bcf03499',
name='GINO',
price=30.20,
description='svariati GINIIIII',
availability=1,
category='accessori',
)
user = add_user('*****@*****.**', TEST_USER_PSW)
addr = add_address(user=user)
add_address(user=user, id='429994bf-784e-47cc-a823-e0c394b823e8')
order1 = Order.create(delivery_address=addr, user=user)
order1.add_item(item1, 2).add_item(item2)
order_item_before = [o.json() for o in OrderItem.select()]
# order_uuid = str(order1.uuid)
order = {
'relationships': {
'items': [{
'id': '577ad826-a79d-41e9-a5b2-7955bcf00000',
'type': 'item',
'quantity': 1
}, {
'id': '577ad826-a79d-41e9-a5b2-7955bcf2222',
'type': 'item',
'quantity': 1
}, {
'id': '577ad826-a79d-41e9-a5b2-7955bcf9999',
'type': 'item',
'quantity': 2
}],
'delivery_address': {
'type': 'address',
'id': '429994bf-784e-47cc-a823-e0c394b823e8'
},
'user': {
'type': 'user',
'id': '86ba7e70-b3c0-4c9c-8d26-a14f49360e47'
}
}
}
data = format_jsonapi_request('order', order)
path = 'orders/{}'.format(order1.uuid)
resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'PATCH',
user.email, TEST_USER_PSW, 'application/json',
json.dumps(data))
order_item_after = [o.json() for o in OrderItem.select()]
assert resp.status_code == BAD_REQUEST
assert order_item_before == order_item_after
def test_post_favorites2__fail(self):
user = add_user(USER1, PASS1)
data = {"data": {"type": "favorite", "attributes": {"item_uuid": ""}}}
resp = open_with_auth(self.app, API_ENDPOINT.format('favorites/'),
'POST', user.email, PASS1, 'application/json',
json.dumps(data))
assert resp.status_code == BAD_REQUEST
assert Favorite.select().count() == 0
def test_delete_favorites__fail(self):
user = add_user(USER1, PASS1)
item = add_item()
favorite = add_favorite(user, item)
user_path = 'favorites/{}'.format(str(favorite.uuid))
resp = open_with_auth(self.app, API_ENDPOINT.format(user_path),
'DELETE', user.email, PASS2, None, None)
assert resp.status_code == UNAUTHORIZED
def test_create_order__success(self):
Item.create(
uuid='429994bf-784e-47cc-a823-e0c394b823e8',
name='mario',
price=20.20,
description='svariati mariii',
availability=4,
category='scarpe',
)
Item.create(
uuid='577ad826-a79d-41e9-a5b2-7955bcf03499',
name='GINO',
price=30.20,
description='svariati GINIIIII',
availability=10,
category='accessori',
)
user = add_user('*****@*****.**',
TEST_USER_PSW,
id='e736a9a6-448b-4b92-9e38-4cf745b066db')
add_address(user=user, id='8473fbaa-94f0-46db-939f-faae898f001c')
order = {
'relationships': {
'items': [{
'id': '429994bf-784e-47cc-a823-e0c394b823e8',
'type': 'item',
'quantity': 4
}, {
'id': '577ad826-a79d-41e9-a5b2-7955bcf03499',
'type': 'item',
'quantity': 10
}],
'delivery_address': {
'type': 'address',
'id': '8473fbaa-94f0-46db-939f-faae898f001c'
},
'user': {
'type': 'user',
'id': 'e736a9a6-448b-4b92-9e38-4cf745b066db'
}
}
}
data = format_jsonapi_request('order', order)
path = 'orders/'
resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'POST',
user.email, TEST_USER_PSW, 'application/json',
json.dumps(data))
assert resp.status_code == CREATED
assert len(Order.select()) == 1
assert len(OrderItem.select()) == 2
order = Order.get()
expected_result = EXPECTED_RESULTS['create_order__success']
assert_valid_response(resp.data, expected_result)
def test_get_favorites__success(self):
user = add_user(USER1, PASS1)
item = add_item()
add_favorite(user, item)
resp = open_with_auth(self.app, API_ENDPOINT.format('favorites/'),
'GET', user.email, PASS1, None, None)
assert resp.status_code == OK
expected_result = EXPECTED_RESULTS['get_favorites__success']
assert_valid_response(resp.data, expected_result)
def test_update_order__non_existing_address(self):
item1 = Item.create(
uuid='429994bf-784e-47cc-a823-e0c394b823e8',
name='mario',
price=20.20,
description='svariati mariii',
availability=2,
category='scarpe',
)
item2 = Item.create(
uuid='577ad826-a79d-41e9-a5b2-7955bcf03499',
name='GINO',
price=30.20,
description='svariati GINIIIII',
availability=1,
category='accessori',
)
user = add_user('*****@*****.**', TEST_USER_PSW)
addr_A = add_address(user=user)
order1 = Order.create(delivery_address=addr_A,
user=user).add_item(item1, 2).add_item(item2)
order_item_before = order1.order_items
order = {
'relationships': {
'items': [
{
'id': '577ad826-a79d-41e9-a5b2-7955bcf00000',
'type': 'item',
'quantity': 1
},
{
'id': '577ad826-a79d-41e9-a5b2-7955bcf2222',
'type': 'item',
'quantity': 1
},
],
'delivery_address': {
'type': 'address',
'id': '817c8747-dfb7-4c2d-8a24-82dae23d250b',
},
'user': {
'type': 'user',
'id': str(user.uuid),
}
}
}
data = format_jsonapi_request('order', order)
path = 'orders/{}'.format(order1.uuid)
resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'PATCH',
'*****@*****.**', TEST_USER_PSW,
'application/json', json.dumps(data))
assert resp.status_code == BAD_REQUEST
assert order_item_before == order1.order_items
def test_get_users_list_authenticated_not_admin__unauthorized(self):
add_user(None, TEST_USER_PSW)
user = add_user(None, TEST_USER_PSW)
resp = open_with_auth(self.app, API_ENDPOINT.format('users/'), 'GET',
user.email, TEST_USER_PSW, None, None)
assert user.admin is False
assert resp.status_code == UNAUTHORIZED
def test_delete_user_auth_does_not_exists__fail(self):
user = add_user(None, TEST_USER_PSW)
path = 'users/'
resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'DELETE',
'*****@*****.**', 'unused_psw', None, None)
assert resp.status_code == UNAUTHORIZED
assert User.exists(user.email)
def test_update_order__success_admin_not_own_order(self):
item1 = Item.create(
uuid='429994bf-784e-47cc-a823-e0c394b823e8',
name='mario',
price=20.20,
description='svariati mariii',
availability=5,
category='scarpe',
)
item2 = Item.create(
uuid='577ad826-a79d-41e9-a5b2-7955bcf03499',
name='GINO',
price=30.20,
description='svariati GINIIIII',
availability=2,
category='accessori',
)
user = add_user('*****@*****.**',
TEST_USER_PSW,
id='35b9d92a-83c4-48c6-bc2a-580d95951f99')
addr_A = add_address(user=user,
id='7f7bc402-469c-4f7b-8918-d4e150469ac7')
order1 = Order.create(
delivery_address=addr_A,
user=user,
uuid='54a2b917-6c21-42b5-b273-39ad6c765187').add_item(
item1, 2).add_item(item2)
order = {
'relationships': {
'items': [{
'id': '429994bf-784e-47cc-a823-e0c394b823e8',
'type': 'item',
'quantity': 5
}, {
'id': '577ad826-a79d-41e9-a5b2-7955bcf03499',
'type': 'item',
'quantity': 1
}],
}
}
data = format_jsonapi_request('order', order)
user_B = add_admin_user('*****@*****.**', TEST_USER_PSW)
path = 'orders/{}'.format(order1.uuid)
resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'PATCH',
user_B.email, TEST_USER_PSW, 'application/json',
json.dumps(data))
assert resp.status_code == OK
expected_result = EXPECTED_RESULTS[
'update_order__success_admin_not_owner']
assert_valid_response(resp.data, expected_result)
def test_create_order__failure_user_auth(self):
Item.create(
uuid='429994bf-784e-47cc-a823-e0c394b823e8',
name='mario',
price=20.20,
description='svariati mariii',
availability=4,
category='scarpe',
)
Item.create(
uuid='577ad826-a79d-41e9-a5b2-7955bcf03499',
name='GINO',
price=30.20,
description='svariati GINIIIII',
availability=10,
category='scarpe',
)
user = add_user('*****@*****.**',
TEST_USER_PSW,
id='e736a9a6-448b-4b92-9e38-4cf745b066db')
other_user = add_user('*****@*****.**',
TEST_USER_PSW,
id='d41ad9db-9d60-45c6-9fa6-51f66cd3d99a')
add_address(user=user, id='8473fbaa-94f0-46db-939f-faae898f001c')
order = {
'relationships': {
'items': [{
'id': '429994bf-784e-47cc-a823-e0c394b823e8',
'type': 'item',
'quantity': 4
}, {
'id': '577ad826-a79d-41e9-a5b2-7955bcf03499',
'type': 'item',
'quantity': 10
}],
'delivery_address': {
'type': 'address',
'id': '8473fbaa-94f0-46db-939f-faae898f001c'
},
'user': {
'type': 'user',
'id': str(other_user.uuid)
}
}
}
data = format_jsonapi_request('order', order)
path = 'orders/'
resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'POST',
user.email, TEST_USER_PSW, 'application/json',
json.dumps(data))
assert resp.status_code == UNAUTHORIZED
assert len(Order.select()) == 0
assert len(OrderItem.select()) == 0
def test_delete_favorites__success(self):
user = add_user(USER1, PASS1)
item = add_item()
favorite = add_favorite(user, item)
user_path = 'favorites/{}'.format(str(favorite.uuid))
resp = open_with_auth(self.app, API_ENDPOINT.format(user_path),
'DELETE', user.email, PASS1, None, None)
assert resp.status_code == OK
assert Favorite.select().count() == 0
def test_post_favorites__success(self):
user = add_user(USER1, PASS1)
item = add_item()
favorite = json_favorite(str(item.uuid))
data = format_jsonapi_request('favorite', favorite)
resp = open_with_auth(self.app, API_ENDPOINT.format('favorites/'),
'POST', user.email, PASS1, 'application/json',
json.dumps(data))
assert resp.status_code == CREATED
assert Favorite.select().count() == 1
def test_create_address__not_json_failure(self):
user = add_user('*****@*****.**', '123')
addr = new_addr(user)
resp = open_with_auth(self.app, '/addresses/', 'POST', user.email,
TEST_USER_PSW, 'application/json',
wrong_dump(addr))
assert resp.status_code == BAD_REQUEST
assert len(Address.select()) == 0
def test_get_users_otherme__success(self):
email = '*****@*****.**'
add_user(email, TEST_USER_PSW)
email2 = '*****@*****.**'
resp = open_with_auth(self.app, API_ENDPOINT.format('users/me/'), 'GET',
email2, TEST_USER_PSW, None, None)
assert resp.status_code == UNAUTHORIZED
def test_delete_user__success(self):
email = '*****@*****.**'
add_user(email, TEST_USER_PSW)
user_path = 'users/'
resp = open_with_auth(self.app, API_ENDPOINT.format(user_path),
'DELETE', email, TEST_USER_PSW, None, None)
assert resp.status_code == NO_CONTENT
assert User.select().count() == 0
def test_delete_alien_favorites__fail(self):
user1 = add_user(USER1, PASS1)
user2 = add_user(USER2, PASS2)
item = add_item()
favorite = add_favorite(user2, item)
user_path = 'favorites/{}'.format(str(favorite.uuid))
resp = open_with_auth(self.app, API_ENDPOINT.format(user_path),
'DELETE', user1.email, PASS1, None, None)
assert resp.status_code == NOT_FOUND
assert Favorite.select().count() == 1
def test_update_order__remove_item_without_delete(self):
item1 = Item.create(
uuid='429994bf-784e-47cc-a823-e0c394b823e8',
name='mario',
price=20.20,
description='svariati mariii',
availability=10,
category='scarpe',
)
item2 = Item.create(
uuid='577ad826-a79d-41e9-a5b2-7955bcf03499',
name='GINO',
price=30.20,
description='svariati GINIIIII',
availability=20,
category='accessori',
)
user = add_user('*****@*****.**', TEST_USER_PSW)
addr = add_address(user=user,
id='86ba7e70-b3c0-4c9c-8d26-a14f49360e47')
add_address(user=user, id='429994bf-784e-47cc-a823-e0c394b823e8')
order = Order.create(
delivery_address=addr,
user=user,
).add_item(item1, 10).add_item(item2, 20)
post_data = {
"relationships": {
'items': [{
'id': '429994bf-784e-47cc-a823-e0c394b823e8',
'type': 'item',
'quantity': 0,
}],
'delivery_address': {
'type': 'address',
'id': '429994bf-784e-47cc-a823-e0c394b823e8',
}
}
}
post_data = format_jsonapi_request('order', post_data)
path = 'orders/{}'.format(order.uuid)
resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'PATCH',
user.email, TEST_USER_PSW, 'application/json',
json.dumps(post_data))
assert resp.status_code == OK
expected_result = EXPECTED_RESULTS[
'update_order__remove_item_without_delete']
assert_valid_response(resp.data, expected_result)
assert len(order.order_items) == 1
assert order.order_items[0].quantity == 20
def test_delete_address__success(self):
user = add_user('*****@*****.**', '123')
addr = add_address(user,
city="Firenze",
post_code='50132',
address="Via Rossi 10")
resp = open_with_auth(self.app, '/addresses/{}'.format(addr.uuid),
'DELETE', user.email, TEST_USER_PSW, None, None)
assert resp.status_code == NO_CONTENT
assert not Address.select().exists()
def test_update_order__failure_not_own_order(self):
item1 = Item.create(
uuid='429994bf-784e-47cc-a823-e0c394b823e8',
name='mario',
price=20.20,
description='svariati mariii',
availability=5,
category='scarpe',
)
item2 = Item.create(
uuid='577ad826-a79d-41e9-a5b2-7955bcf03499',
name='GINO',
price=30.20,
description='svariati GINIIIII',
availability=2,
category='accessori',
)
user = add_user('*****@*****.**', TEST_USER_PSW)
addr = add_address(user=user,
id='429994bf-784e-47cc-a823-e0c394b823e8')
order = Order.create(delivery_address=addr,
user=user).add_item(item1, 2).add_item(item2)
post_data = {
'relationships': {
'items': [{
'id': '429994bf-784e-47cc-a823-e0c394b823e8',
'type': 'item',
'quantity': 5
}, {
'id': '577ad826-a79d-41e9-a5b2-7955bcf03499',
'type': 'item',
'quantity': 1
}],
'delivery_address': {
'type': 'address',
'id': '429994bf-784e-47cc-a823-e0c394b823e8'
},
'user': {
'type': 'user',
'id': '90c3e1c1-b51c-4224-b69d-17f84f6a8dfc'
}
}
}
post_data = format_jsonapi_request('order', post_data)
user_B = add_user('*****@*****.**', TEST_USER_PSW)
path = 'orders/{}'.format(order.uuid)
resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'PATCH',
user_B.email, TEST_USER_PSW, 'application/json',
json.dumps(post_data))
assert resp.status_code == UNAUTHORIZED
def test_delete_order__failure__failure_non_existing(self):
user = add_user('*****@*****.**', TEST_USER_PSW)
addr_A = add_address(user=user)
Order.create(delivery_address=addr_A, user=user)
resp = self.app.delete('/orders/{}'.format(uuid4()))
path = 'orders/{}'.format(str(uuid4()))
resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'DELETE',
user.email, TEST_USER_PSW, None, None)
assert resp.status_code == NOT_FOUND
assert Order.select().count() == 1
def test_patch_user_other_user__fail(self):
email = '*****@*****.**'
add_user(email, TEST_USER_PSW)
email2 = '*****@*****.**'
post_data = format_jsonapi_request('user', {'first_name': 'new-first-name'})
content_type = 'application/json'
user_path = 'users/'
resp = open_with_auth(self.app, API_ENDPOINT.format(user_path), 'PATCH',
email2, TEST_USER_PSW, content_type, json.dumps(post_data))
assert resp.status_code == UNAUTHORIZED
def test_delete_user_other_user__fail(self):
user_A = add_user('*****@*****.**', TEST_USER_PSW)
user_B = add_user('*****@*****.**', TEST_USER_PSW)
path = 'users/'
resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'DELETE',
user_B.uuid, TEST_USER_PSW, None, None)
assert resp.status_code == UNAUTHORIZED
assert User.get(User.email == user_A.email)
assert User.exists(user_A.email)
assert User.select().count() == 2