def test_location_update(self):
with self.app.test_client() as c:
user = self.create_user(c)
headers = [('Content-Type', 'application/json')]
json_data = self.create_location(c)
# anonymous cannot update
patch = c.patch('/api/locations/%d' % json_data['id'],
headers=headers,
data=json.dumps(json_data))
self.assertEqual(patch.status_code, 401)
# registered users cannot update
user_headers = headers + [
('authorization', 'bearer ' + make_jwt(user))
]
patch = c.patch('/api/locations/%d' % json_data['id'],
headers=user_headers,
data=json.dumps(json_data))
self.assertEqual(patch.status_code, 401)
# partner can update
user = User.from_email(user.email)
user.change_role('partner')
user_headers = headers + [
('authorization', 'bearer ' + make_jwt(user))
]
patch = c.patch('/api/locations/%d' % json_data['id'],
headers=user_headers,
data=json.dumps(json_data))
self.assertEqual(patch.status_code, 401)
# team member can update
user = User.from_email(user.email)
user.change_role('mapping')
user_headers = headers + [
('authorization', 'bearer ' + make_jwt(user))
]
patch = c.patch('/api/locations/%d' % json_data['id'],
headers=user_headers,
data=json.dumps(json_data))
self.assertEqual(patch.status_code, 200)
# admin can update
user = User.from_email(user.email)
user.change_role('admin')
user_headers = headers + [
('authorization', 'bearer ' + make_jwt(user))
]
patch = c.patch('/api/locations/%d' % json_data['id'],
headers=user_headers,
data=json.dumps(json_data))
self.assertEqual(patch.status_code, 200)
def test_who_can_edit_users(self):
with self.app.test_client() as c:
me = {
'first': 'Justin',
'last': 'Poehnelt',
'organization': 'USGS',
'password': '******',
'email': '*****@*****.**'
}
other = {
'first': 'Justin',
'last': 'Poehnelt',
'organization': 'USGS',
'password': '******',
'email': '*****@*****.**'
}
headers = [('Content-Type', 'application/json')]
c.post('/auth/register', headers=headers, data=json.dumps(me))
c.post('/auth/register', headers=headers, data=json.dumps(other))
user = User.from_email(me['email'])
other = User.from_email(other['email'])
# attempt to edit a user from anyone
response = c.patch('/api/users/%d' % user.id,
headers=headers,
data=json.dumps(me))
self.assertEqual(response.status_code, 401)
self.assertEqual(json.loads(response.data)['status_code'], 401)
# attempt to edit user from user
headers = [('Content-Type', 'application/json'),
('authorization', 'bearer ' + make_jwt(user))]
c.patch('/api/users/%d' % user.id,
headers=headers,
data=json.dumps(me))
# attempt to edit user from different user without roles
headers = [('Content-Type', 'application/json'),
('authorization', 'bearer ' + make_jwt(other))]
response = c.patch('/api/users/%d' % user.id,
headers=headers,
data=json.dumps(me))
self.assertEqual(response.status_code, 401)
self.assertEqual(json.loads(response.data)['status_code'], 401)
# attempt to edit different user with admin
user.role = 'admin'
headers = [('Content-Type', 'application/json'),
('authorization', 'bearer ' + make_jwt(user))]
c.patch('/api/users/%d' % other.id,
headers=headers,
data=json.dumps(me))
def test_record_update_rating(self):
with self.app.test_client() as c:
user = self.create_user(c)
user = User.from_email(user.email)
headers = [('Content-Type', 'application/json')]
user_headers = headers + [
('authorization', 'bearer ' + make_jwt(user))
]
location = self.create_location(c)
data_record = {
'year': 2014,
'month': 1,
'location_id': location['id']
}
post = c.post('/api/records',
headers=user_headers,
data=json.dumps(data_record))
record = json.loads(post.data)
data_rating = {'rating': 1, 'record_id': record['id']}
post = c.post('/api/ratings',
headers=user_headers,
data=json.dumps(data_rating))
rating = json.loads(post.data)
other = {
'first': 'Justin',
'last': 'Poehnelt',
'organization': 'USGS',
'password': '******',
'email': '*****@*****.**'
}
c.post('/auth/register', headers=headers, data=json.dumps(other))
other = User.from_email(other['email'])
other_headers = headers + [
('authorization', 'bearer ' + make_jwt(other))
]
patch = c.patch('/api/ratings/%d' % rating['id'],
headers=other_headers,
data=json.dumps(data_rating))
self.assertEqual(patch.status_code,
401) # cannot edit someone elses rating
patch = c.patch('/api/ratings/%d' % rating['id'],
headers=user_headers,
data=json.dumps(data_rating))
self.assertEqual(patch.status_code, 200) # can edit own rating
def test_image_upload_with_user(self):
with self.app.test_client() as c:
location = self.create_location(c)
user = self.create_user(c)
user_headers = [('authorization', 'bearer ' + make_jwt(user))]
d = os.path.dirname(
os.path.abspath(inspect.getfile(inspect.currentframe())))
with open(os.path.join(d, 'test.JPG'), 'r') as f:
img = f.read()
data = {
'location_id': location['id'],
'lat': 0.01,
'lon': 0.0123,
'date_acquired': '2012-10-01',
'file': (StringIO(img), 'hello_world.jpg'),
}
r = c.post('/upload/image', data=data, headers=user_headers)
response = json.loads(r.data)
self.assertEqual(response['user_id'], user.id)
self.assertEqual(r.status_code, 201)
def test_record_rating_stale_after_update(self):
with self.app.test_client() as c:
user = self.create_user(c)
user = User.from_email(user.email)
user.change_role('partner')
headers = [('Content-Type', 'application/json')]
user_headers = headers + [
('authorization', 'bearer ' + make_jwt(user))
]
location = self.create_location(c)
data_record = {
'year': 2014,
'month': 1,
'location_id': location['id']
}
post = c.post('/api/records',
headers=user_headers,
data=json.dumps(data_record))
record = json.loads(post.data)
data_rating = {'rating': 1, 'record_id': record['id']}
c.post('/api/ratings',
headers=user_headers,
data=json.dumps(data_rating))
patch = c.patch('/api/records/%d' % record['id'],
headers=user_headers,
data=json.dumps(record))
record = json.loads(patch.data)
for rating in record['ratings']:
self.assertTrue(rating['stale'])
def test_record_create_rating(self):
with self.app.test_client() as c:
user = self.create_user(c)
user = User.from_email(user.email)
headers = [('Content-Type', 'application/json')]
user_headers = headers + [
('authorization', 'bearer ' + make_jwt(user))
]
location = self.create_location(c)
data_record = {
'year': 2014,
'month': 1,
'location_id': location['id']
}
post = c.post('/api/records',
headers=user_headers,
data=json.dumps(data_record))
record = json.loads(post.data)
data_rating = {'rating': 1, 'record_id': record['id']}
c.post('/api/ratings',
headers=user_headers,
data=json.dumps(data_rating))
# try a duplicate, should replace old
post = c.post('/api/ratings',
headers=user_headers,
data=json.dumps(data_rating))
self.assertEqual(post.status_code, 201)
def test_record_update(self):
with self.app.test_client() as c:
headers = [('Content-Type', 'application/json')]
user = self.create_user(c)
user = User.from_email(user.email)
user.change_role('partner')
user_headers = headers + [
('authorization', 'bearer ' + make_jwt(user))
]
data = {'lat': 0, 'lon': 0}
post = c.post('/api/locations',
headers=user_headers,
data=json.dumps(data))
location = json.loads(post.data)
data_record = {
'year': 2014,
'month': 1,
'location_id': location['id']
}
post = c.post('/api/records',
headers=user_headers,
data=json.dumps(data_record))
record = json.loads(post.data)
c.patch('/api/records/%d' % record['id'],
headers=user_headers,
data=json.dumps(record))
def test_create_location_with_user(self):
with self.app.test_client() as c:
headers = [('Content-Type', 'application/json')]
user = self.create_user(c)
user_headers = headers + [
('authorization', 'bearer ' + make_jwt(user))
]
data = {
'lat':
0,
'lon':
0,
'records': [{
'year': 2014,
'month': 1
}],
'images': [{
'url': 'adsf',
'lat': 0.01,
'lon': 0.0123,
'date_acquired': '2012-10-01'
}]
}
post = c.post('/api/locations',
headers=user_headers,
data=json.dumps(data))
response = json.loads(post.data)
self.assertEqual(len(data['records']), len(response['records']))
self.assertEqual(response['user_id'], user.id)
self.assertEqual(response['records'][0]['user_id'], user.id)
self.assertEqual(response['images'][0]['user_id'], user.id)
def reset_password():
token = request.json['token']
email = decode_token(token, current_app.config['SECRET_KEY'],
current_app.config['AUTH_RESET_TOKEN_EXPIRATION'])
user = User.from_email(email)
user.change_password(request.json['password'])
return JSONResponse(status_code=200,
description='Password was changed',
data={'token': make_jwt(user)})
def test_record_create_has_history(self):
with self.app.test_client() as c:
headers = [('Content-Type', 'application/json')]
user = self.create_user(c)
user = User.from_email(user.email)
user.change_role('partner')
user_headers = headers + [
('authorization', 'bearer ' + make_jwt(user))
]
data = {'lat': 0, 'lon': 0}
post = c.post('/api/locations',
headers=user_headers,
data=json.dumps(data))
location = json.loads(post.data)
data_record = {
'year': 2014,
'month': 1,
'location_id': location['id']
}
post = c.post('/api/records',
headers=user_headers,
data=json.dumps(data_record))
record = json.loads(post.data)
self.assertEqual(len(record['history']), 1)
self.assertAlmostEqual(datetime.datetime.strptime(
record['history'][0]['date_edited'], "%Y-%m-%dT%H:%M:%S.%f"),
datetime.datetime.now(),
delta=datetime.timedelta(seconds=5))
patch = c.patch('/api/records/%d' % record['id'],
headers=user_headers,
data=json.dumps(data_record))
record = json.loads(patch.data)
self.assertEqual(len(record['history']), 2)
self.assertAlmostEqual(datetime.datetime.strptime(
record['history'][0]['date_edited'], "%Y-%m-%dT%H:%M:%S.%f"),
datetime.datetime.now(),
delta=datetime.timedelta(seconds=5))
for history in record['history']:
data = json.loads(history['data'])
self.assertNotIn('history', data)
def register():
data = request.json
# create user with the data,
# all stormpath exceptions will be caught and passed on in standardized format
user = User.create(**data)
# if requires confirmation
if current_app.config['AUTH_REQUIRE_CONFIRMATION']:
token = generate_token(
(user.email, user.custom_data['email_verification_token']),
current_app.config['SECRET_KEY'])
# Send Email #
link = 'https://croplands.org/app/a/confirm?t=' + token
send_confirmation_email(link, user.email)
return JSONResponse(status_code=201, description='User created')
# else just return token
response_data = {'token': make_jwt(user)}
return JSONResponse(status_code=201,
description='User created',
data=response_data)
def test_location_delete(self):
with self.app.test_client() as c:
user = self.create_user(c)
user = User.from_email(user.email)
headers = [('Content-Type', 'application/json')]
json_data = self.create_location(c)
delete = c.delete('/api/locations/%d' % json_data['id'],
headers=headers)
self.assertEqual(delete.status_code, 401)
# admin can delete
user = User.from_email(user.email)
user.change_role('admin')
user_headers = headers + [
('authorization', 'bearer ' + make_jwt(user))
]
delete = c.delete('/api/locations/%d' % json_data['id'],
headers=user_headers)
self.assertEqual(delete.status_code, 204)
def test_location_update_with_relation(self):
with self.app.test_client() as c:
user = self.create_user(c)
headers = [('Content-Type', 'application/json')]
json_data = self.create_location(c)
json_data['records'].append({'year': 2014, 'month': 1})
# partner can update
user = User.from_email(user.email)
user.change_role('mapping')
user_headers = headers + [
('authorization', 'bearer ' + make_jwt(user))
]
patch = c.patch('/api/locations/%d' % json_data['id'],
headers=user_headers,
data=json.dumps(json_data))
location = json.loads(patch.data)
self.assertEqual(patch.status_code, 200)
self.assertEqual(len(location['records']), 0)
def test_user_patch(self):
with self.app.test_client() as c:
me = {
'first': 'Justin',
'last': 'Poehnelt',
'organization': 'USGS',
'password': '******',
'email': '*****@*****.**'
}
user = self.create_user(c)
headers = [('Content-Type', 'application/json')]
user_headers = headers + [
('authorization', 'bearer ' + make_jwt(user))
]
patch = c.patch('/api/users/%d' % user.id,
headers=headers,
data=json.dumps(me))
self.assertEqual(patch.status_code, 401)
patch = c.patch('/api/users/%d' % user.id,
headers=user_headers,
data=json.dumps(me))
self.assertEqual(patch.status_code, 200)
def login():
user = User.from_login(request.json['email'], request.json['password'])
return JSONResponse(status_code=200,
description='User logged in',
data={'token': make_jwt(user)})
def request_jwt(user):
if user is None:
return {}
return {'Authorization': 'bearer ' + make_jwt(user)}
