def test_user_case(engine, session):
_create_all(session)
user = User(username="******")
session.add(user)
session.commit()
assert User.get_by_username(session, "BOB") is user
assert user.identity == str(user.id)
def test_groups(engine, session):
_create_all(session)
alice = User.get_by_username(session, "alice")
alice.groups.append(Group.get_by_name(session, "users"))
alice.groups.append(Group.get_by_name(session, "admins"))
session.commit()
alice = User.get_by_username(session, "alice")
assert ["admins", "users"] == sorted(group.name for group in alice.groups)
def test_user_permissions(engine, session):
_create_all(session)
alice = User.get_by_username(session, "alice")
alice.user_permissions.append(Permission.get_by_name(session, "READ"))
alice.user_permissions.append(Permission.get_by_name(session, "WRITE"))
session.commit()
alice = User.get_by_username(session, "alice")
assert ["READ",
"WRITE"] == sorted(permission.name
for permission in alice.user_permissions)
def test_timestamp_mixin(session):
assert models.TimestampMixin in User.__mro__
user = User(username="******")
session.add(user)
session.commit()
updated_at = user.updated_at
assert user.created_at.replace(microsecond=0) == \
updated_at.replace(microsecond=0)
user.username = "******"
session.add(user)
session.commit()
assert user.updated_at != updated_at
assert user.created_at < user.updated_at
def test_permissions(engine, session):
_create_all(session)
alice = User.get_by_username(session, "alice")
admins = Group.get_by_name(session, "admins")
admins.users.append(alice)
write_permission = Permission.get_by_name(session, "WRITE")
write_permission.groups.append(admins)
alice.user_permissions.append(Permission.get_by_name(session, "READ"))
session.commit()
alice = User.get_by_username(session, "alice")
assert ["READ", "WRITE"] == sorted(permission.name
for permission in alice.permissions)
def test_login_post(mocker, engine, session, app, client):
now_dt = datetime.utcnow()
mocker.patch("apitoolbox.tz.utcnow", return_value=now_dt)
user = User(username="******")
user.password = "******"
session.add(user)
session.commit()
user = session.merge(user)
endpoint = endpoints.LoginEndpoint(User, secret="s0secret")
@app.post("/login")
async def _post(username: str = fastapi.Form(None),
password: str = fastapi.Form(None)):
return await endpoint.on_post(session, username, password)
expiry = now_dt + timedelta(seconds=endpoint.token_expiry)
expected_data = {
**user.as_dict(),
"exp": expiry,
}
expected_token = jwt.encode(
expected_data, endpoint.secret,
algorithm=endpoint.jwt_algorithm).decode("utf-8")
res = client.post("/login",
data={
"username": "******",
"password": "******",
})
assert res.status_code == 303
assert res.headers.get("location") == "/"
assert res.cookies.items() == [("jwt", expected_token)]
assert res.json() == {
**expected_data, "exp": expiry.isoformat(),
"token": expected_token
}
def test_login_post_invalid_password(engine, session, app, client):
password = "******"
user = User(username="******")
user.password = password
session.add(user)
session.commit()
endpoint = endpoints.LoginEndpoint(User,
secret="s0secret",
template="<${error}")
@app.post("/login")
async def _post(username: str = fastapi.Form(None),
password: str = fastapi.Form(None)):
return await endpoint.on_post(session, username, password)
res = client.post("/login",
data={
"username": "******",
"password": password + "make_it_invalid",
})
assert res.status_code == 401
assert res.text == "<Login failed; Invalid userID or password"
def test_user_password():
password = "******"
user = User(username="******")
user.password = password
assert user.verify(password) is True
user.hashed_password = None
assert user.verify(password) is False
with pytest.raises(RuntimeError) as exc_info:
assert not user.password
assert str(exc_info.value) == "Invalid access: get password not allowed"
def _create_all(session):
alice = User(username="******")
assert MODEL_MAPPING["User"] is User
session.add(alice)
users_group = Group(name="users")
assert MODEL_MAPPING["Group"] is Group
session.add(users_group)
admins_group = Group(name="admins")
session.add(admins_group)
read_permission = Permission(name="READ")
assert MODEL_MAPPING["Permission"] is Permission
session.add(read_permission)
write_permission = Permission(name="WRITE")
session.add(write_permission)
session.commit()