def test_not_admin(client, not_admin):
    auth_header = {'Authorization': not_admin}

    response = client.post(test_url,
                           headers=auth_header,
                           json=valid_data,
                           as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert 'Invalid JWT Credentials' in response.json['description']

    response = client.put(f'{test_url}/1',
                          headers=auth_header,
                          json={'color': 'purple'},
                          as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert 'Invalid JWT Credentials' in response.json['description']

    response = client.delete(f'{test_url}/1',
                             headers=auth_header,
                             as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert 'Invalid JWT Credentials' in response.json['description']
def test_missing_other_token_fields(client, bad_token):
    # this test is for if any fields in the token
    # that are NOT checked by PyJWT are missing
    #   ex: 'sub', 'user'
    auth_header = {'Authorization': create_token(bad_token)}

    response = client.post(test_url,
                           headers=auth_header,
                           json=valid_data,
                           as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert response.json['description'] == 'Invalid JWT Credentials'

    response = client.put(f'{test_url}/1',
                          headers=auth_header,
                          json={'color': 'purple'},
                          as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert response.json['description'] == 'Invalid JWT Credentials'

    response = client.delete(f'{test_url}/1',
                             headers=auth_header,
                             as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert response.json['description'] == 'Invalid JWT Credentials'
def test_expired_token(client, expired_token):
    auth_header = {'Authorization': expired_token}

    response = client.post(test_url,
                           headers=auth_header,
                           json=valid_data,
                           as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert 'Error Decoding Token' in response.json['description']

    response = client.put(f'{test_url}/1',
                          headers=auth_header,
                          json={'color': 'purple'},
                          as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert 'Error Decoding Token' in response.json['description']

    response = client.delete(f'{test_url}/1',
                             headers=auth_header,
                             as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert 'Error Decoding Token' in response.json['description']
def test_missing_required_token_fields(client, bad_token):
    # this test is for if any fields in the token
    # that are automatically checked by PyJWT are missing
    #   ex: 'exp', 'iat', 'nbf'
    auth_header = {'Authorization': bad_token}
    missing_claim = re.compile(
        'Error Decoding Token: Token is missing the "(\w+)" claim')

    response = client.post(test_url,
                           headers=auth_header,
                           json=valid_data,
                           as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert missing_claim.match(response.json['description'])

    response = client.put(f'{test_url}/1',
                          headers=auth_header,
                          json={'color': 'purple'},
                          as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert missing_claim.match(response.json['description'])

    response = client.delete(f'{test_url}/1',
                             headers=auth_header,
                             as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert missing_claim.match(response.json['description'])
def test_delete_foreign_key(client, url, key):
    prepopulate()

    # prepopulate should have created the thing
    response = client.get(url, as_response=True)
    assert response.status_code == 200
    # thing should be referenced as ForeignKey in Potions
    response = client.get(f'/v1/potions?{key}=1', as_response=True)
    assert response.status_code == 200
    assert len(response.json['results']) >= 1
    matched_potions = len(response.json['results'])

    # if you delete PotionType/Potency with Potion referencing it
    # should throw an error & not delete
    response = client.delete(url, headers=valid_token, as_response=True)
    assert response.status_code == 400

    # delete should not have removed the thing
    response = client.get(url, as_response=True)
    assert response.status_code == 200

    response = client.get(f'/v1/potions?{key}=1', as_response=True)
    assert response.status_code == 200
    assert len(response.json['results']) == matched_potions

    delete_all()
def test_no_token(client, header):
    response = client.post(test_url,
                           headers=header,
                           json=valid_data,
                           as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert 'Missing Authorization Header' in response.json['description']

    response = client.put(f'{test_url}/1',
                          headers=header,
                          json={'color': 'purple'},
                          as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert 'Missing Authorization Header' in response.json['description']

    response = client.delete(f'{test_url}/1', headers=header, as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert 'Missing Authorization Header' in response.json['description']
def test_invalid_token_format(client, bad_token):
    bad_token = {'Authorization': bad_token}
    response = client.post(test_url,
                           headers=bad_token,
                           json=valid_data,
                           as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert 'Invalid Authorization Header' in response.json['description']

    response = client.put(f'{test_url}/1',
                          headers=bad_token,
                          json={'color': 'purple'},
                          as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert 'Invalid Authorization Header' in response.json['description']

    response = client.delete(f'{test_url}/1',
                             headers=bad_token,
                             as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert 'Invalid Authorization Header' in response.json['description']
Esempio n. 8
0
 def delete(route):
     client.delete(f'{route}/1',
                   headers=valid_token,
                   expected_statuses=[204])
     response = client.get(route)
     assert len(response['results']) == 0
def test_delete_all(client, url):
    response = client.delete(url, headers=valid_token, as_response=True)
    assert response.status_code == 405