async def test_wrong_pwd_change_user_pwd(fake_dependencies) -> None:
uow, _ = fake_dependencies
user = uow.users.list()[0]
token = user.generate_password_reset_token()
user.password = helpers.random_password()
with pytest.raises(utils.InvalidToken):
handlers.change_password(token=token,
new_password=helpers.random_password(),
uow=uow)
def test_create_user_without_token(starlette_client):
mutation = read_graphql("tests/auth/e2e/queries/create_user.graphql")
command = {
"accessKey": helpers.random_username(),
"name": helpers.random_name(),
"email": helpers.random_email(),
"password": helpers.random_password(),
}
response = starlette_client.post(
"/",
json=dict(
query=mutation,
operationName="createUser",
variables=dict(command=command),
),
)
errors = response.json()["errors"]
assert len(errors) > 0
assert (
"Authorization directives missing from HTTP header"
in errors[0]["message"]
)
assert "missing_auth_header" in errors[0]["extensions"]["status"].lower()
def test_change_pwd_valid_token(starlette_client, uow):
mutation = read_graphql("tests/auth/e2e/queries/change_pwd.graphql")
with uow:
user = uow.users.get(helpers.TEST_USER_ACCESS_KEY)
token = user.generate_password_reset_token()
new_password = helpers.random_password()
command = {
"token": token,
"newPassword": new_password,
}
response = starlette_client.post(
"/",
json=dict(
query=mutation,
operationName="changePassword",
variables=dict(command=command),
),
)
status = response.json()["data"]["changePassword"]["status"]
message = response.json()["data"]["changePassword"]["message"]
assert status == "PWD_CHANGED"
assert message == "Password changed successfully"
with uow:
user = uow.users.get(helpers.TEST_USER_ACCESS_KEY)
assert user.is_correct_password(new_password)
async def test_correct_pwd_change_user_pwd(fake_dependencies) -> None:
uow, _ = fake_dependencies
user = uow.users.list()[0]
token = user.generate_password_reset_token()
new_password = helpers.random_password()
handlers.change_password(token=token, new_password=new_password, uow=uow)
assert user.is_correct_password(new_password)
async def test_wrong_token_change_user_pwd(fake_dependencies) -> None:
uow, _ = fake_dependencies
user = uow.users.list()[0]
token = user.pack_authentication_secret()
with pytest.raises(utils.InvalidToken):
handlers.change_password(token=token,
new_password=helpers.random_password(),
uow=uow)
async def test_pwd_change_unknow_user(fake_dependencies) -> None:
uow, _ = fake_dependencies
user = uow.users.list()[0]
token = user.generate_password_reset_token()
user.access_key = helpers.random_username()
with pytest.raises(handlers.UnknownUser):
handlers.change_password(token=token,
new_password=helpers.random_password(),
uow=uow)
async def test_create_user_with_invalid_email(fake_dependencies):
uow, _ = fake_dependencies
user = {
"access_key": helpers.random_username(),
"name": helpers.random_name(),
"email": "invalid_email",
"password": helpers.random_password(),
}
with pytest.raises(handlers.InvalidEmail):
handlers.create_user(**user, uow=uow)
def test_user_has_not_needed_permission_on_action(auth_post):
permission_mutation = read_graphql(
"tests/auth/e2e/queries/permission.graphql")
command = {
"accessKey":
config.default_user()[0],
"permissions": [{
"resource": "user",
"action": "CREATE",
"isConditional": False
}],
}
response = auth_post(json=dict(
query=permission_mutation,
operationName="detachUserPermissions",
variables=dict(command=command),
), )
status = response.json()["data"]["detachUserPermissions"]["status"]
assert "PERMISSIONS_DETACHED" in status
mutation = read_graphql("tests/auth/e2e/queries/create_user.graphql")
command = {
"accessKey": helpers.random_username(),
"name": helpers.random_name(),
"email": helpers.random_email(),
"password": helpers.random_password(),
}
response = auth_post(json=dict(
query=mutation,
operationName="createUser",
variables=dict(command=command),
))
response = response.json()
assert not response["data"]["createUser"]
assert response["errors"]
assert "not allowed" in response["errors"][0]["message"]
permission_mutation = read_graphql(
"tests/auth/e2e/queries/permission.graphql")
command = {
"accessKey":
config.default_user()[0],
"permissions": [{
"resource": "user",
"action": "CREATE",
"isConditional": False
}],
}
auth_post(json=dict(
query=permission_mutation,
operationName="attachUserPermissions",
variables=dict(command=command),
), )
def test_user_has_needed_permission_on_action(auth_post):
mutation = read_graphql("tests/auth/e2e/queries/create_user.graphql")
command = {
"accessKey": helpers.random_username(),
"name": helpers.random_name(),
"email": helpers.random_email(),
"password": helpers.random_password(),
}
response = auth_post(json=dict(
query=mutation,
operationName="createUser",
variables=dict(command=command),
))
status = response.json()["data"]["createUser"]["status"]
assert "USER_CREATED" in status
async def test_verify_permission_user_without_permission(fake_dependencies, ):
uow, _ = fake_dependencies
access_key = helpers.random_username()
handlers.create_user(
access_key=access_key,
name=helpers.random_name(),
email=helpers.random_email(),
password=helpers.random_password(),
uow=uow,
)
with pytest.raises(handlers.NotAllowed):
handlers.verify_user_permission(access_key=access_key,
resource="user",
action="CREATE",
uow=uow)
def test_change_pwd_invalid_token(starlette_client):
mutation = read_graphql("tests/auth/e2e/queries/change_pwd.graphql")
command = {
"token": "invalid_token",
"newPassword": helpers.random_password(),
}
response = starlette_client.post(
"/",
json=dict(
query=mutation,
operationName="changePassword",
variables=dict(command=command),
),
)
errors = response.json()["errors"]
assert errors
assert "invalid_token" in errors[0]["extensions"]["status"].lower()
def test_unit_of_work_can_persist_user(postgres_session_factory):
user = {
"access_key": helpers.random_username(),
"name": helpers.random_name(),
"email": helpers.random_email(),
"password": helpers.random_password(),
}
model_user = model.User(**user)
uow = unit_of_work.AuthSqlAlchemyUnitOfWork(postgres_session_factory)
with uow:
uow.users.add(model_user)
uow.commit()
session = postgres_session_factory()
user = helpers.query_user_by_access_key(session,
access_key=user["access_key"])
assert user
def test_create_user(auth_post):
mutation = read_graphql("tests/auth/e2e/queries/create_user.graphql")
command = {
"accessKey": helpers.TEST_USER_ACCESS_KEY,
"name": helpers.random_name(),
"email": helpers.TEST_USER_EMAIL,
"password": helpers.random_password(),
}
response = auth_post(
json=dict(
query=mutation,
operationName="createUser",
variables=dict(command=command),
)
)
command_response = response.json()["data"]["createUser"]
assert command_response
assert "user_created" in command_response["status"].lower()