def test_can_delete(db, monkeypatch): db.create_all() user = User(email="*****@*****.**") user.save() def fake_request(): return {"user": user} monkeypatch.setattr("starlette_audit.tables.get_request", fake_request) obj = MyModel(name="foo") obj.save() id = obj.id obj.delete() logs = AuditLog.query.filter(AuditLog.entity_type == "mymodel", AuditLog.entity_type_id == id).all() # all logs should remain intact after deleting assert len(logs) == 2 assert logs[0].data == {"id": id, "name": "foo"} assert logs[0].extra_data == {} assert logs[0].operation == "INSERT" assert logs[0].created_by_id == user.id assert logs[1].data == {"id": id, "name": "foo"} assert logs[1].extra_data == {} assert logs[1].operation == "DELETE" assert logs[1].created_by_id == user.id
def test_can_update(db, monkeypatch): db.create_all() user = User(email="*****@*****.**") user.save() def fake_request(): return {"user": user} monkeypatch.setattr("starlette_audit.tables.get_request", fake_request) obj = MyModel(name="foo") obj.save() obj.name = "bar" obj.save() id = obj.id logs = AuditLog.query.filter(AuditLog.entity_type == "mymodel", AuditLog.entity_type_id == id).all() assert len(logs) == 2 assert logs[1].data == {"id": id, "name": "bar"} assert logs[1].extra_data == {} assert logs[1].operation == "UPDATE" assert logs[1].created_by_id == user.id
def test_model_data(): user = User(**data) assert user.email == "*****@*****.**" assert user.first_name == "Me" assert user.last_name == "Jones" assert user.is_active is True assert user.password is None
def user(): data = {"email": "*****@*****.**", "first_name": "Test", "last_name": "User"} try: return User.query.filter(User.email == data["email"]).one() except: usr = User(**data) usr.set_password("password") usr.save() return usr
def user(): data = {"email": "*****@*****.**", "first_name": "Test", "last_name": "User"} try: return db_session.query(User).query.filter(User.email == data["email"]).one() except: usr = User(**data) usr.set_password("password") db_session.add(usr) db_session.commit() return usr
def test_scoped_endpoints(session): user = User(email="*****@*****.**") user.set_password("password") read_scope = Scope(code="read") write_scope = Scope(code="write") session.add_all([user, read_scope, write_scope]) session.flush() app = create_app() with TestClient(app) as client: assert client.get("/unauthed").status_code == 200 assert client.get("/authed").status_code == 403 assert client.get("/read").status_code == 403 assert client.get("/write").status_code == 403 login = client.post("/auth/login", data={ "email": "*****@*****.**", "password": "******" }) assert login.status_code == 302 assert client.get("/unauthed").status_code == 403 assert client.get("/authed").status_code == 200 assert client.get("/read").status_code == 403 assert client.get("/write").status_code == 403 user.scopes.append(read_scope) session.add(user) session.flush() assert client.get("/unauthed").status_code == 403 assert client.get("/authed").status_code == 200 assert client.get("/read").status_code == 200 assert client.get("/write").status_code == 403 user.scopes.append(write_scope) session.add(user) session.flush() assert client.get("/unauthed").status_code == 403 assert client.get("/authed").status_code == 200 assert client.get("/read").status_code == 200 assert client.get("/write").status_code == 200
def user(): from starlette_auth.tables import User # noqa isort:skip data = { "email": "*****@*****.**", "first_name": "Test", "last_name": "User" } try: return User.query.filter(email == data["email"]).one() except: usr = User(**data) usr.set_password("password") usr.save() return usr
def test_password(): user = User(**data) user.set_password("password") assert user.check_password("password")
def test_str(): user = User(**data) assert str(user) == "*****@*****.**"
def test_display_name(): user = User(**data) assert user.display_name == "Me Jones"
def user(): test_user = User(email="*****@*****.**") test_user.set_password("password") test_user.save() return test_user
def get_user(self, conn): return User(first_name="tom", last_name="jones", is_active=False)