def test_create_user_duplicate_fail(self):
email = "*****@*****.**"
hashed_password = '******'
admin = True
user.create_user(self.database, email, hashed_password, admin)
with pytest.raises(psycopg2.errors.UniqueViolation):
user.create_user(self.database, email, hashed_password, admin)
def setUp(self):
self.app = expungeservice.create_app('development')
self.client = self.app.test_client()
with self.app.app_context():
expungeservice.request.before()
self.db_cleanup()
user.create_user(g.database, self.email, self.hashed_password, False)
user.create_user(g.database, self.admin_email, self.hashed_admin_password, True)
expungeservice.request.teardown(None)
def setUp(self):
self.app = expungeservice.create_app('development')
self.client = self.app.test_client()
self.app.add_url_rule(
'/api/test/user_protected',
view_func=UserProtectedView.as_view('user_protected'))
self.app.add_url_rule(
'/api/test/admin_protected',
view_func=AdminProtectedView.as_view('admin_protected'))
with self.app.app_context():
expungeservice.request.before()
self.db_cleanup()
user.create_user(g.database, self.email, self.hashed_password,
False)
expungeservice.request.teardown(None)
def test_is_admin_auth_token(self):
admin_email = 'pytest_admin_user@auth_test.com'
admin_password = '******'
hashed_admin_password = generate_password_hash(admin_password)
with self.app.app_context():
expungeservice.request.before()
user.create_user(g.database, admin_email, hashed_admin_password,
True)
expungeservice.request.teardown(None)
response = self.generate_auth_token(admin_email, admin_password)
response = self.client.get('/api/test/admin_protected',
headers={
'Authorization':
'Bearer {}'.format(
response.get_json()['auth_token'])
})
assert (response.status_code == 200)
def test_create_user_success(self):
email = "*****@*****.**"
hashed_password = "******"
admin = True
create_result = user.create_user(self.database, email, hashed_password,
admin)
assert create_result['email'] == email
assert create_result['hashed_password'] == hashed_password
assert create_result['admin'] == admin
assert create_result['user_id']
assert create_result['auth_id']
assert create_result['date_created']
assert create_result['date_modified']
self.verify_user_data(email, hashed_password, admin)
def post(self):
"""
Create a new user with provided email, password, and admin flag.
- If required fields are missing in the request, return 400
- Password must be 8 or more characters long. Otherwise return 422
- Email must not already be in use by an existing user. Otherwise return 422
If success, return 201 with the new user's email, admin flag, and creation timestamp.
"""
data = request.get_json()
if data == None:
error(400, "No json data in request body")
#print("data received by Users.post():", data)
check_data_fields(data, ['email', 'name', 'group_name', 'password', 'admin'])
if len(data['password']) <8:
error(422, 'New password is less than 8 characters long!')
password_hash = generate_password_hash(data['password'])
try:
create_user_result = create_user(g.database,
email = data['email'],
name = data['name'],
group_name = data['group_name'],
password_hash = password_hash,
admin = data['admin'])
except UniqueViolation:
error(422, 'User with that email address already exists')
response_data = {
'email': create_user_result['email'],
'admin': create_user_result['admin'],
'timestamp': create_user_result['date_created'],
}
# user_id is not required by the frontend here so it is not included.
# other endpoints may expose the user_id e.g. for other admin user-management operations.
return jsonify(response_data), 201
