def test_delete_all_helper(client):
# starts empty
resp = client.get(POTION_TYPE, as_response=True)
assert resp.status_code == 200
if resp.json['results']:
delete_all()
resp = client.get(POTION_TYPE, as_response=True)
assert resp.status_code == 200
assert resp.json['results'] == EMPTY
# add some potions
client.post(POTION_TYPE,
headers=valid_token,
json=[{
'related_stat': 'Health',
'color': 'red'
}, {
'related_stat': 'Mana',
'color': 'blue'
}])
resp = client.get(POTION_TYPE, as_response=True)
assert resp.status_code == 200
assert len(resp.json['results']) == 2
# use helper to delete from DB
delete_all()
# immediately run get again, should be empty
resp = client.get(POTION_TYPE, as_response=True)
assert resp.status_code == 200
assert resp.json['results'] == EMPTY
def test_post_bad_json(client, url):
response = client.post(url, headers=valid_token, json=1, as_response=True)
assert response.status_code == 400
assert response.json['title'] == 'Invalid Content'
response = client.post(url, headers=valid_token, json={'invalid':'invalid'}, as_response=True)
assert response.status_code == 400
assert response.json['title'] == 'Invalid Content'
def test_not_admin(client, not_admin):
auth_header = {'Authorization': not_admin}
response = client.post(test_url,
headers=auth_header,
json=valid_data,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Invalid JWT Credentials' in response.json['description']
response = client.put(f'{test_url}/1',
headers=auth_header,
json={'color': 'purple'},
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Invalid JWT Credentials' in response.json['description']
response = client.delete(f'{test_url}/1',
headers=auth_header,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Invalid JWT Credentials' in response.json['description']
def test_expired_token(client, expired_token):
auth_header = {'Authorization': expired_token}
response = client.post(test_url,
headers=auth_header,
json=valid_data,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Error Decoding Token' in response.json['description']
response = client.put(f'{test_url}/1',
headers=auth_header,
json={'color': 'purple'},
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Error Decoding Token' in response.json['description']
response = client.delete(f'{test_url}/1',
headers=auth_header,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Error Decoding Token' in response.json['description']
def test_missing_other_token_fields(client, bad_token):
# this test is for if any fields in the token
# that are NOT checked by PyJWT are missing
# ex: 'sub', 'user'
auth_header = {'Authorization': create_token(bad_token)}
response = client.post(test_url,
headers=auth_header,
json=valid_data,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert response.json['description'] == 'Invalid JWT Credentials'
response = client.put(f'{test_url}/1',
headers=auth_header,
json={'color': 'purple'},
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert response.json['description'] == 'Invalid JWT Credentials'
response = client.delete(f'{test_url}/1',
headers=auth_header,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert response.json['description'] == 'Invalid JWT Credentials'
def test_missing_required_token_fields(client, bad_token):
# this test is for if any fields in the token
# that are automatically checked by PyJWT are missing
# ex: 'exp', 'iat', 'nbf'
auth_header = {'Authorization': bad_token}
missing_claim = re.compile(
'Error Decoding Token: Token is missing the "(\w+)" claim')
response = client.post(test_url,
headers=auth_header,
json=valid_data,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert missing_claim.match(response.json['description'])
response = client.put(f'{test_url}/1',
headers=auth_header,
json={'color': 'purple'},
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert missing_claim.match(response.json['description'])
response = client.delete(f'{test_url}/1',
headers=auth_header,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert missing_claim.match(response.json['description'])
def test_potion_type_duplicate_color(client):
prepopulate()
response = client.post('/v1/potions/types', headers=valid_token, json={'related_stat':'sleep', 'color':'red'}, as_response=True)
assert response.status_code == 400
delete_all()
def test_methods_without_params(client, url):
prepopulate()
response = client.put(f'{url}/1', headers=valid_token, as_response=True)
assert response.status_code == 400
response = client.post(url, headers=valid_token, as_response=True)
assert response.status_code == 400
def test_valid_auth_token(client):
delete_all()
response = client.post(
test_url,
headers={'Authorization': create_token(token, adjust_times=True)},
json=valid_data,
as_response=True)
assert response.status_code == 201
delete_all()
def test_bearer_case_insensitive(client, bearer_case):
delete_all()
token_value = create_token(token,
adjust_times=True)[7:] # removes 'Bearer '
response = client.post(
test_url,
headers={'Authorization': f'{bearer_case} {token_value}'},
json=valid_data,
as_response=True)
assert response.status_code == 201
def test_invalid_value_type(client, url, bad_value):
prepopulate()
response = client.put(f'{url}/1', headers=valid_token, json=bad_value, as_response=True)
assert response.status_code in [400,404]
response = client.post(url, headers=valid_token, json=bad_value, as_response=True)
assert response.status_code in [400,404]
delete_all()
def test_no_token(client, header):
response = client.post(test_url,
headers=header,
json=valid_data,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Missing Authorization Header' in response.json['description']
response = client.put(f'{test_url}/1',
headers=header,
json={'color': 'purple'},
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Missing Authorization Header' in response.json['description']
response = client.delete(f'{test_url}/1', headers=header, as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Missing Authorization Header' in response.json['description']
def test_invalid_token_format(client, bad_token):
bad_token = {'Authorization': bad_token}
response = client.post(test_url,
headers=bad_token,
json=valid_data,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Invalid Authorization Header' in response.json['description']
response = client.put(f'{test_url}/1',
headers=bad_token,
json={'color': 'purple'},
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Invalid Authorization Header' in response.json['description']
response = client.delete(f'{test_url}/1',
headers=bad_token,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Invalid Authorization Header' in response.json['description']
def create(route, test_value):
response = client.post(route, headers=valid_token, json=test_value)
test_value.update({'id': 1})
value_equals(f'{route}/1', test_value)
assert response['results'][0]['id'] == 1
def test_post_unknown_foreign_key(client):
prepopulate()
# can't create a valid potion if the potency/type don't exist!
response = client.post('/v1/potions', headers=valid_token, json={'potency_id':9000, 'type_id':9000}, as_response=True)
assert response.status_code == 400
def test_post_to_id(client, url):
response = client.post(f'{url}/1', headers=valid_token, json={'invalid':'invalid'}, as_response=True)
assert response.status_code == 405
