def test_search_multiple_query_parameters(database, domain, cleanup):
__create_roles(database)
users = UserManager(database)
__create_user_samples(domain, users)
owner_user_id = users.query(email="*****@*****.**")[0].id
# Correct
msg_content = {
"email": "*****@*****.**",
"role": 2,
"current_user": owner_user_id,
}
response = build_syft_msg(domain, SearchUsersMessage, msg_content, generic_key)
assert response.status_code == 200
search_result = response.content
assert len(search_result) == 1
assert search_result[0]["email"] == "*****@*****.**"
assert search_result[0]["role"] == 2
# Wrong
msg_content = {
"email": "*****@*****.**",
"role": 1,
"current_user": owner_user_id,
}
response = build_syft_msg(domain, SearchUsersMessage, msg_content, generic_key)
assert response.status_code == 200
assert response.content == {}
def test_search_unique_query(database, domain, cleanup):
__create_roles(database)
users = UserManager(database)
__create_user_samples(domain, users)
owner_user_id = users.query(email="*****@*****.**")[0].id
msg_content = {"email": "*****@*****.**", "current_user": owner_user_id}
response = build_syft_msg(domain, SearchUsersMessage, msg_content,
generic_key)
assert response.status_code == 200
search_result = response.content
print("Result: ", search_result)
assert len(search_result) == 1
assert search_result[0]["email"] == "*****@*****.**"
assert search_result[0]["role"] == 2
msg_content = {"role": 2, "current_user": owner_user_id}
response = build_syft_msg(domain, SearchUsersMessage, msg_content,
generic_key)
assert response.status_code == 200
search_result = response.content
assert len(search_result) == 1
assert search_result[0]["email"] == "*****@*****.**"
assert search_result[0]["role"] == 2
def test_search_query_mutual_parameter_values(database, domain, cleanup):
__create_roles(database)
users = UserManager(database)
__create_user_samples(domain, users)
new_user_content = {
"email": "*****@*****.**",
"password": "******",
}
response = build_syft_msg(domain, CreateUserMessage, new_user_content, generic_key)
assert response.status_code == 200
owner_user_id = users.query(email="*****@*****.**")[0].id
# Correct
msg_content = {"role": 2, "current_user": owner_user_id}
response = build_syft_msg(domain, SearchUsersMessage, msg_content, generic_key)
assert response.status_code == 200
search_result = response.content
assert len(search_result) == 2
assert search_result[0]["email"] == "*****@*****.**"
assert search_result[0]["role"] == 2
assert search_result[1]["email"] == "*****@*****.**"
assert search_result[1]["role"] == 2
def test_get_all_users_with_permission(database, domain, cleanup):
__create_roles(database)
users = UserManager(database)
__create_user_samples(domain, users)
owner_user_id = users.query(email="*****@*****.**")[0].id
msg_content = {"current_user": owner_user_id}
response = build_syft_msg(domain, GetUsersMessage, msg_content,
generic_key)
assert response.status_code == 200
assert len(response.content) == 3
retrieved_user = response.content[0]
assert retrieved_user["email"] == "*****@*****.**"
assert retrieved_user["id"] == 1
assert retrieved_user["role"] == 1
retrieved_user = response.content[1]
assert retrieved_user["email"] == "*****@*****.**"
assert retrieved_user["id"] == 2
assert retrieved_user["role"] == 2
retrieved_user = response.content[2]
assert retrieved_user["email"] == "*****@*****.**"
assert retrieved_user["id"] == 3
assert retrieved_user["role"] == 3
def test_search_users_without_permission(database, domain, cleanup):
__create_roles(database)
users = UserManager(database)
__create_user_samples(domain, users)
std_user_id = users.query(email="*****@*****.**")[0].id
msg_content = {"email": "*****@*****.**", "current_user": std_user_id}
try:
build_syft_msg(domain, DeleteUserMessage, msg_content, generic_key)
pytest.fail("We shouldn't execute this line!")
except Exception as e:
assert str(e) == "You're not allowed to delete this user information!"
def test_delete_user_with_invalid_user_id(database, domain, cleanup):
__create_roles(database)
users = UserManager(database)
__create_user_samples(domain, users)
owner_user_id = users.query(email="*****@*****.**")[0].id
msg_content = {"user_id": "10", "current_user": owner_user_id}
try:
build_syft_msg(domain, DeleteUserMessage, msg_content, generic_key)
pytest.fail("We shouldn't execute this line!")
except Exception as e:
assert str(e) == "User not found!"
def test_delete_user_with_permission(database, domain, cleanup):
__create_roles(database)
users = UserManager(database)
__create_user_samples(domain, users)
owner_user_id = users.query(email="*****@*****.**")[0].id
std_user_id = users.query(email="*****@*****.**")[0].id
msg_content = {"user_id": std_user_id, "current_user": owner_user_id}
response = build_syft_msg(domain, DeleteUserMessage, msg_content, generic_key)
assert response.status_code == 200
assert {"msg": "User deleted successfully!"} == {
"msg": "User deleted successfully!"
}
def test_delete_owner_with_admin_permission(database, domain, cleanup):
__create_roles(database)
users = UserManager(database)
__create_user_samples(domain, users)
owner_user_id = users.query(email="*****@*****.**")[0].id
admin_user_id = users.query(email="*****@*****.**")[0].id
msg_content = {"user_id": owner_user_id, "current_user": admin_user_id}
try:
response = build_syft_msg(domain, DeleteUserMessage, msg_content, generic_key)
pytest.fail("We shouldn't execute this line!")
except Exception as e:
assert str(e) == "You're not allowed to delete this user information!"
def test_update_empty_body(database, domain, cleanup):
__create_roles(database)
users = UserManager(database)
__create_user_samples(domain, users)
# Correct
owner_user_id = users.query(email="*****@*****.**")[0].id
msg_content = {
"user_id": "56",
"current_user": owner_user_id,
}
try:
build_syft_msg(domain, UpdateUserMessage, msg_content, generic_key)
pytest.fail("We shouldn't execute this line!")
except Exception as e:
assert str(e) == "Missing json fields ( email,password,role,groups )"
def test_register_new_user(database, cleanup):
users = UserManager(database)
test_role = create_role(*user_role)
user = users.register(
email="*****@*****.**",
hashed_password="******",
salt="aifhaufa",
private_key="afihauhfao",
role=test_role.id,
)
assert user.email == "*****@*****.**"
assert user.hashed_password == "aifhufhaf"
assert user.salt == "aifhaufa"
assert user.private_key == "afihauhfao"
assert user.role == test_role.id
def test_create_second_user(database, domain, cleanup):
__create_roles(database)
users = UserManager(database)
first_user_content = {
"email": "*****@*****.**",
"password": "******",
}
response = build_syft_msg(
domain, CreateUserMessage, first_user_content, generic_key
)
# Check database
assert len(users) == 1
user = users.query(email="*****@*****.**")[0]
assert user.email == "*****@*****.**"
assert users.login(email="*****@*****.**", password="******")
assert users.role(user_id=user.id).name == "Owner"
assert users.role(user_id=user.id).can_create_users
assert users.role(user_id=user.id).can_triage_requests
# Check message response
assert response.status_code == 200
second_user_content = {
"email": "*****@*****.**",
"password": "******",
}
response = build_syft_msg(
domain, CreateUserMessage, second_user_content, generic_key
)
# Check database
assert len(users) == 2
user = users.query(email="*****@*****.**")[0]
assert user.email == "*****@*****.**"
assert users.login(email="*****@*****.**", password="******")
assert users.role(user_id=user.id).name == "User"
assert not users.role(user_id=user.id).can_create_users
assert not users.role(user_id=user.id).can_triage_requests
# Check message response
assert response.status_code == 200
def test_update_its_own_user_password(database, domain, cleanup):
__create_roles(database)
users = UserManager(database)
__create_user_samples(domain, users)
# Correct
std_user_id = users.query(email="*****@*****.**")[0].id
msg_content = {
"user_id": std_user_id,
"password": "******",
"current_user": std_user_id,
}
response = build_syft_msg(domain, UpdateUserMessage, msg_content, generic_key)
assert response.status_code == 200
assert response.content == {"message": "User updated successfully!"}
assert users.login(email="*****@*****.**", password="******")
def test_update_role_without_permission(database, domain, cleanup):
__create_roles(database)
users = UserManager(database)
__create_user_samples(domain, users)
# Correct
std_user_id = users.query(email="*****@*****.**")[0].id
msg_content = {
"user_id": std_user_id,
"role": "2",
"current_user": std_user_id,
}
try:
build_syft_msg(domain, UpdateUserMessage, msg_content, generic_key)
pytest.fail("We shouldn't execute this line!")
except Exception as e:
assert str(e) == "You're not allowed to change User roles!"
def test_update_to_invalid_role(database, domain, cleanup):
__create_roles(database)
users = UserManager(database)
__create_user_samples(domain, users)
# Correct
std_user_id = users.query(email="*****@*****.**")[0].id
owner_user_id = users.query(email="*****@*****.**")[0].id
msg_content = {
"user_id": std_user_id,
"role": "InvalidRole",
"current_user": owner_user_id,
}
try:
build_syft_msg(domain, UpdateUserMessage, msg_content, generic_key)
pytest.fail("We shouldn't execute this line!")
except Exception as e:
assert str(e) == "Role ID not found!"
def test_update_to_owner_role(database, domain, cleanup):
__create_roles(database)
users = UserManager(database)
__create_user_samples(domain, users)
# Correct
std_user_id = users.query(email="*****@*****.**")[0].id
admin_user = users.query(email="*****@*****.**")[0].id
msg_content = {
"user_id": std_user_id,
"role": "1",
"current_user": admin_user,
}
try:
build_syft_msg(domain, UpdateUserMessage, msg_content, generic_key)
pytest.fail("We shouldn't execute this line!")
except Exception as e:
assert str(e) == "You can't change it to Owner role!"
def test_create_second_user_with_role_and_permission(database, domain,
cleanup):
__create_roles(database)
users = UserManager(database)
request_content = {
"email": "*****@*****.**",
"password": "******",
}
response = build_syft_msg(domain, CreateUserMessage, request_content,
generic_key)
# Check database
assert len(users) == 1
user = users.query(email="*****@*****.**")[0]
assert user.email == "*****@*****.**"
assert users.login(email="*****@*****.**", password="******")
assert users.role(user_id=user.id).name == "Owner"
assert users.role(user_id=user.id).can_create_users
# Check message response
assert response.status_code == 200
owner_id = str(users.query(email="*****@*****.**")[0].id)
second_user_content = {
"email": "*****@*****.**",
"password": "******",
"role": "Administrator",
"current_user": owner_id,
}
response = build_syft_msg(domain, CreateUserMessage, second_user_content,
generic_key)
# Check database
assert len(users) == 2
user = users.query(email="*****@*****.**")[0]
assert user.email == "*****@*****.**"
assert users.login(email="*****@*****.**", password="******")
assert users.role(user_id=user.id).name == "Administrator"
assert users.role(user_id=user.id).can_create_users == True
# Check message response
assert response.status_code == 200
def test_signup(database, cleanup):
users = UserManager(database)
user_role_obj = create_role(*user_role)
users.signup(
email="*****@*****.**",
password="******",
role=user_role_obj.id,
private_key="aghuehffadawe",
verify_key="aufhyfaeiiead",
)
user = users.query(email="*****@*****.**")[0]
assert user.email == "*****@*****.**"
assert user.role == user_role_obj.id
assert checkpw(
"qrjhsiofjadasd".encode("UTF-8"),
user.salt.encode("UTF-8") + user.hashed_password.encode("UTF-8"),
)
def test_create_first_user_msg(database, domain, cleanup):
__create_roles(database)
users = UserManager(database)
request_content = {
"email": "*****@*****.**",
"password": "******",
}
response = build_syft_msg(domain, CreateUserMessage, request_content, generic_key)
# Check database
assert len(users) == 1
user = users.query(email="*****@*****.**")[0]
assert user.email == "*****@*****.**"
assert users.login(email="*****@*****.**", password="******")
assert users.role(user_id=user.id).name == "Owner"
# Check message response
assert response.status_code == 200
assert database.session().query(Role).get(user.role).name == "Owner"
def test_login(database, cleanup):
users = UserManager(database)
user_role_obj = create_role(*user_role)
users.signup(
email="*****@*****.**",
password="******",
role=user_role_obj.id,
private_key="aghuehffadawe",
verify_key="aiehufaefhuada",
)
# Success
user = users.login(email="*****@*****.**", password="******")
# Wrong e-mail
with pytest.raises(InvalidCredentialsError) as exc:
users.login(email="*****@*****.**", password="******")
# Wrong password
with pytest.raises(InvalidCredentialsError) as exc:
users.login(email="*****@*****.**", password="******")
def test_create_second_user_with_owner_role_name(database, domain, cleanup):
__create_roles(database)
users = UserManager(database)
owner_content = {
"email": "*****@*****.**",
"password": "******",
}
response = build_syft_msg(domain, CreateUserMessage, owner_content,
generic_key)
# Check database
assert len(users) == 1
user = users.query(email="*****@*****.**")[0]
assert user.email == "*****@*****.**"
assert users.login(email="*****@*****.**", password="******")
assert users.role(user_id=user.id).name == "Owner"
assert users.role(user_id=user.id).can_create_users
assert users.role(user_id=user.id).can_triage_requests
# Check message response
assert response.status_code == 200
owner_id = str(users.query(email="*****@*****.**")[0].id)
second_user_content = {
"email": "*****@*****.**",
"password": "******",
"role": "Owner",
"current_user": owner_id,
}
try:
build_syft_msg(domain, CreateUserMessage, second_user_content,
generic_key)
pytest.fail("We shouldn't execute this line!")
except Exception as e:
assert str(e) == 'You can\'t create a new User with "Owner" role!'
# Check database
assert len(users) == 1
def test_query_new_user(database, cleanup):
users = UserManager(database)
test_role = create_role(*user_role)
user1 = {
"email": "*****@*****.**",
"hashed_password": "******",
"salt": "diwriqjroqds",
"private_key": "rweqoasnfa",
"role": test_role.id,
}
user2 = {
"email": "*****@*****.**",
"hashed_password": "******",
"salt": "dgfgsgwrwers",
"private_key": "AHEIJASDAEW",
"role": test_role.id,
}
db_user1 = users.register(**user1)
db_user2 = users.register(**user2)
# Test every database field, except role id
for key, value in list(user1.items())[:-1]:
query_result_1 = users.query(**{key: value})
assert len(query_result_1) == 1
query_result_1 = query_result_1[0]
assert query_result_1.email == db_user1.email
assert query_result_1.hashed_password == db_user1.hashed_password
assert query_result_1.salt == db_user1.salt
assert query_result_1.private_key == db_user1.private_key
assert query_result_1.role == db_user1.role
for key, value in list(user2.items())[:-1]:
query_result_2 = users.query(**{key: value})
assert len(query_result_2) == 1
query_result_2 = query_result_2[0]
assert query_result_2.email == db_user2.email
assert query_result_2.hashed_password == db_user2.hashed_password
assert query_result_2.salt == db_user2.salt
assert query_result_2.private_key == db_user2.private_key
assert query_result_2.role == db_user2.role
query_result_3 = users.query(role=test_role.id)
assert len(query_result_3) == 2
def test_set_email(database, cleanup):
users = UserManager(database)
test_role = create_role(*user_role)
user1 = {
"email": "*****@*****.**",
"hashed_password": "******",
"salt": "diwriqjroqds",
"private_key": "rweqoasnfa",
"role": test_role.id,
}
db_user1 = users.register(**user1)
assert users.query(id=db_user1.id)[0].email == "*****@*****.**"
users.set(user_id=db_user1.id, email="*****@*****.**")
assert users.query(id=db_user1.id)[0].email == "*****@*****.**"
def test_set_role(database, cleanup):
users = UserManager(database)
user_role_obj = create_role(*user_role)
admin_role_obj = create_role(*admin_role)
user1 = {
"email": "*****@*****.**",
"hashed_password": "******",
"salt": "diwriqjroqds",
"private_key": "rweqoasnfa",
"role": user_role_obj.id,
}
db_user1 = users.register(**user1)
assert users.query(id=db_user1.id)[0].role == user_role_obj.id
users.set(user_id=db_user1.id, role=admin_role_obj.id)
assert users.query(id=db_user1.id)[0].role == admin_role_obj.id
def test_update_role_with_permission(database, domain, cleanup):
__create_roles(database)
users = UserManager(database)
__create_user_samples(domain, users)
# Correct
std_user_id = users.query(email="*****@*****.**")[0].id
owner_user_id = users.query(email="*****@*****.**")[0].id
msg_content = {
"user_id": std_user_id,
"role": "3",
"current_user": owner_user_id,
}
response = build_syft_msg(domain, UpdateUserMessage, msg_content, generic_key)
assert response.status_code == 200
assert response.content == {"message": "User updated successfully!"}
user = users.query(email="*****@*****.**")[0]
assert user.email == "*****@*****.**"
assert users.role(user_id=user.id).name == "Administrator"
def test_update_its_own_user_email(database, domain, cleanup):
__create_roles(database)
users = UserManager(database)
__create_user_samples(domain, users)
# Correct
std_user_id = users.query(email="*****@*****.**")[0].id
msg_content = {
"user_id": std_user_id,
"email": "*****@*****.**",
"current_user": std_user_id,
}
response = build_syft_msg(domain, UpdateUserMessage, msg_content, generic_key)
assert response.status_code == 200
assert response.content == {"message": "User updated successfully!"}
# Old email will no longer exist
with pytest.raises(UserNotFoundError) as exc:
users.query(email="*****@*****.**")
assert len(users.query(email="*****@*****.**")) == 1
def test_create_user_manager(database, cleanup):
users = UserManager(database)
def test_update_user_group(database, domain, cleanup):
__create_roles(database)
users = UserManager(database)
groups = GroupManager(database)
__create_user_samples(domain, users)
# Create Group Samples
group1 = groups.register(name="Group A")
group2 = groups.register(name="Group B")
group3 = groups.register(name="Group C")
# Correct
std_user_id = users.query(email="*****@*****.**")[0].id
admin_user = users.query(email="*****@*****.**")[0].id
msg_content = {
"user_id": std_user_id,
"groups": [group1.id],
"current_user": admin_user,
}
assert (
len(
database.session.query(UserGroup)
.filter_by(user=std_user_id, group=group1.id)
.all()
)
== 0
)
response = build_syft_msg(domain, UpdateUserMessage, msg_content, generic_key)
assert response.status_code == 200
assert response.content == {"message": "User updated successfully!"}
assert (
len(
database.session.query(UserGroup)
.filter_by(user=std_user_id, group=group1.id)
.all()
)
== 1
)
assert (
database.session.query(UserGroup)
.filter_by(user=std_user_id, group=group1.id)
.first()
.id
== group1.id
)
msg_content = {
"user_id": std_user_id,
"groups": [group2.id, group3.id],
"current_user": admin_user,
}
response = build_syft_msg(domain, UpdateUserMessage, msg_content, generic_key)
assert response.status_code == 200
assert response.content == {"message": "User updated successfully!"}
assert (
len(
database.session.query(UserGroup)
.filter_by(user=std_user_id, group=group1.id)
.all()
)
== 0
)
assert len(database.session.query(UserGroup).filter_by(user=std_user_id).all()) == 2
assert (
len(
database.session.query(UserGroup)
.filter_by(user=std_user_id, group=group2.id)
.all()
)
== 1
)
assert (
len(
database.session.query(UserGroup)
.filter_by(user=std_user_id, group=group3.id)
.all()
)
== 1
)
msg_content = {
"user_id": admin_user,
"groups": [group2.id],
"current_user": admin_user,
}
response = build_syft_msg(domain, UpdateUserMessage, msg_content, generic_key)
assert response.status_code == 200
assert response.content == {"message": "User updated successfully!"}
assert len(database.session.query(UserGroup).filter_by(group=group2.id).all()) == 2
