def test_account_admin_cannot_access_resource_if_account_different(self):
test_objects = TestObjects()
test_user = test_objects.get_test_user()
timer = Timer(notes="More testing, boss", user=test_user)
timer.save()
assert(can_access_user_owned_resource(test_user, timer))
timer.delete()
def test_user_can_access_their_own_resource(self):
test_objects = TestObjects()
test_user = test_objects.get_test_user()
timer = Timer(notes="More testing, boss", user=test_user)
timer.save()
assert(can_access_user_owned_resource(test_user, timer))
timer.delete()
def test_can_save_and_load_timer(self):
user = TestObjects().get_test_user()
t = TimerEntity(id=TestObjects().get_any_id(),
notes="Saved from unit test",
user=user)
t.save()
t2 = TimerEntity.objects(id=t.id).first()
assert (t.__repr__() == t2.__repr__())
t.delete()
def test_save_timer(self):
dao = TimerDAO()
t1 = TimerEntity(notes="My Test LegacyTimer Running!",
user=TestObjects().get_test_user(),
running=True)
dao.put(t1)
assert (t1.id is not None)
def test_can_create_tag(self):
t = Tag(accountId=TestObjects().get_test_account().id,
name="Goalboost")
assert (t is not None)
t.save()
t2 = Tag.objects(name="Goalboost").first()
assert (t2.id == t.id)
t2 = Tag.objects(name="Goalboost").delete()
def test_can_load_user(self):
user = TestObjects().get_test_user()
formatter = ModelFormatter()
model_as_dict = formatter.model_to_dict(
user, include=["_id", "email", "account"])
model = formatter.dict_to_model(User, model_as_dict)
assert (model.id == user.id)
assert (model.email == user.email)
def test_can_convert_timer_to_dict(self):
user = TestObjects().get_test_user()
timer = TimerEntity(notes="Just a test timer",
user=user,
tags=["Unit Tests"])
tf = TimerFormatter()
timer_entity_as_dict = tf.model_to_dict(timer)
assert (timer_entity_as_dict is not None)
assert (timer_entity_as_dict["notes"] == timer.notes)
def test_login(self):
# Ensure test user created
test_objects = TestObjects()
userOriginal = test_objects.get_test_user()
try:
email, password = test_objects.get_test_user_credentials()
credentials = dict(email = email , password = password)
login_payload = dumps(credentials)
response = requests.post(url=test_server + "/login", data=login_payload, headers={'content-type' : 'application/json'})
assert(response.status_code == 200)
response_object = response.json()
user = response_object["response"]["user"]
assert(user["id"] is not None)
assert(user["authentication_token"] is not None)
finally:
# Cleanup
userOriginal.delete()
def get_auth_token(self):
user = TestObjects().get_test_user() # Force user creation
credentials_tuple = TestObjects().get_test_user_credentials()
credentials = dict(email=credentials_tuple[0],
password=credentials_tuple[1])
key = str(credentials)
if (not key in self.credential_map):
response = requests.post(
url=test_server + "/login",
data=dumps(credentials),
headers={'content-type': 'application/json'})
assert (response.status_code == 200)
response_object = response.json()
# TODO Note also need error case -- this assumes we passed:
user_response = response_object["response"]["user"]
basic_auth_credentials = HTTPBasicAuth(
credentials["email"], user_response["authentication_token"])
self.credential_map[key] = basic_auth_credentials
return self.credential_map[key]
def test_user_not_updated_on_save(self):
user = TestObjects().get_test_user()
t1 = TimerEntity(id=ObjectId(b"Timer1Timer3"),
notes="I want a shrubbery",
user=user)
t1.save()
t1.user.password = "******"
t1.save()
# TODO ETC...
t1.delete()
def test_can_dump_user(self):
user = TestObjects().get_test_user()
formatter = ModelFormatter()
model_as_dict = formatter.model_to_dict(
user, include=["_id", "email", "account"])
assert ("password" not in model_as_dict)
assert ("_id" in model_as_dict)
model_as_dict = formatter.model_to_dict(
user, include=["_id", "email", "account", "password"])
assert ("password" in model_as_dict)
def test_can_convert_user_to_dict_using_model_formatter(self):
user = TestObjects().get_test_user()
formatter = ModelFormatter()
user_dict = formatter.model_to_dict(user)
# This won't pass because we're using base class implementation
# assert(user_dict["account"]["name"] == user.account.name)
#assert(user_dict["confirmed_at"] == None)
# Important!!! make sure we can convert to JSON:
as_json = dumps(user_dict)
assert (isinstance(as_json, str))
def test_eval_ok(self):
user = TestObjects().get_test_user()
t1 = TimerEntity(id=ObjectId(b"Timer1Timer2"),
notes="I want a shrubbery",
user=user)
# print(t1.__repr__())
t2 = eval(t1.__repr__())
# Note this part works partly because compare is brain-dead, compares id only and only works for non-null id
# But that may be what we need for MongoEngine purposes, so don't override
assert (t1 == t2)
# A better check
assert (t1.__repr__() == t2.__repr__())
def test_login_and_use_resource(self):
# Ensure test user created
test_objects = TestObjects()
userOriginal = test_objects.get_test_user()
try:
email, password = test_objects.get_test_user_credentials()
credentials = dict(email = email, password = password)
login_payload = dumps(credentials)
response = requests.post(url=test_server + "/login", data=login_payload, headers={'content-type' : 'application/json'})
assert(response.status_code == 200)
response_object = response.json()
user = response_object["response"]["user"]
basic_auth_credentials = HTTPBasicAuth(email, user["authentication_token"])
response = requests.get(url=test_server + "/auth/api/resource", headers={'content-type' : 'application/json'}, auth=basic_auth_credentials)
assert(response.status_code == 200)
assert("hello" in str(response.json()))
print(response.json())
finally:
#Cleanup
userOriginal.delete()
def test_can_convert_user_to_dict(self):
user = TestObjects().get_test_user()
formatter = UserModelFormatter()
user_dict = formatter.model_to_dict(user)
# This all passes because our custom implementation takes care of these
# Extended details
assert (user_dict["account"]["name"] == user.account.name)
assert (user_dict["confirmed_at"] == None)
assert ("password" not in user_dict)
# Important!!! make sure we can convert to JSON:
as_json = dumps(user_dict)
assert (isinstance(as_json, str))
def test_can_verify_token(self):
with self.testHelper.app().app_context():
user = None
try:
user_data_store = self.security.datastore
# -- Should and do really use encrypted password in prod, but slows tests down
# encrypted = encrypt_password("WhatsUpDocument")
user = user_data_store.create_user(
email="*****@*****.**",
account=TestObjects().get_test_account(),
password="******")
# print(str(type(user)))
token = user.get_auth_token()
token2 = token
assert (token == token2)
result = user.verify_auth_token(token)
assert (result)
# Clean up
finally:
if (user is not None):
user_data_store.delete_user(user)
def test_can_dump_and_load_timer(self):
user = TestObjects().get_test_user()
timer = TimerEntity(notes="Just a test timer",
user=user,
tags=["Unit Tests"],
seconds=22,
running=True)
timer.save()
tf = TimerFormatter()
timer_entity_as_dict = tf.model_to_dict(timer)
timer.delete()
timer2 = tf.dict_to_model(TimerEntity, timer_entity_as_dict)
# This won't pass, there are subtle, trivial differences in datetimes once dates have been serialized
#assert(timer.lastRestart == timer2.lastRestart)
#assert(timer.dateEntered == timer2.dateEntered)
assert (timer.tags == timer2.tags)
assert (timer.running == timer2.running)
assert (timer.seconds == timer2.seconds)
assert (timer.notes == timer2.notes)
assert (timer.user == timer2.user)
assert (timer.to_json() == timer2.to_json())
def test_can_create_and_save_user(self):
with self.testHelper.app().app_context():
user = None
try:
user_data_store = self.security.datastore
uTemp = User.objects(email="*****@*****.**").first()
if uTemp is not None:
uTemp.delete()
# -- Should and do really use encrypted password in prod, but slows tests down
# encrypted = encrypt_password("WhatsUpDocument")
user = user_data_store.create_user(
email="*****@*****.**",
account=TestObjects().get_test_account(),
password="******")
user2 = user_data_store.find_user(email="*****@*****.**")
assert (user.email == user2.email)
assert (user.account == user2.account)
# Clean up
finally:
if (user is not None):
user_data_store.delete_user(user)
def test_timer_resource_all(self):
token = test_credentials.get_auth_token()
user = TestObjects().get_test_user()
timer = TimerEntity(notes="Just a test timer",
user=user,
tags=["Unit Tests"],
seconds=22,
running=True)
timer_dict = TimerFormatter().model_to_dict(timer)
# Not authorized w/o token
response = requests.post(v1_api + "/timer",
headers={'content-type': 'application/json'},
data=timer.to_json())
assert (response.status_code == http.client.UNAUTHORIZED)
# With token, should get "CREATED"
response = requests.post(v1_api + "/timer",
headers={'content-type': 'application/json'},
auth=token,
data=timer.to_json())
assert (response.status_code == http.client.CREATED)
# Object location
url = response.headers["Location"]
# Not authorized without the token (401)
response = requests.get(url)
assert (response.status_code == http.client.UNAUTHORIZED)
# Re-send the request with the token, this time get OK (200)
response = requests.get(url, auth=token)
assert (response.status_code == http.client.OK)
timer_dict2 = loads(response.text)
assert (timer_dict2["seconds"] == 22)
# Update the seconds and PUT the request
timer_dict2["seconds"] = 99
response = requests.put(url,
headers={'content-type': 'application/json'},
auth=token,
data=dumps(timer_dict2))
assert (response.status_code == http.client.OK)
response = requests.get(url, auth=token)
assert (response.status_code == http.client.OK)
timer_dict3 = loads(response.text)
assert (timer_dict3["seconds"] == 99)
# Currently our GET all means "Everything for the current user. This will change, and we'll need a new test
get_many_url = v1_api + "/timer"
# Not authorized without the token (401)
response = requests.get(get_many_url)
assert (response.status_code == http.client.UNAUTHORIZED)
# Re-send the request with the token, this time get OK (200)
response = requests.get(get_many_url, auth=token)
assert (response.status_code == http.client.OK)
print(response.text)
# Delete the resource
response = requests.delete(url, auth=token)
assert (response.status_code == http.client.NO_CONTENT)
