def test_get_user(client, jwt, session): # pylint:disable=unused-argument
"""Assert that a user can retrieve their own profile."""
# POST a test user
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.public_user_role)
rv = client.post('/api/v1/users', headers=headers, content_type='application/json')
assert rv.status_code == http_status.HTTP_201_CREATED
rv = client.get('/api/v1/users/@me', headers=headers, content_type='application/json')
assert rv.status_code == http_status.HTTP_200_OK
user = json.loads(rv.data)
assert user['firstname'] == 'Test'
def test_add_org_staff_admin_anonymous_not_passed(client, jwt, session,
keycloak_mock): # pylint:disable=unused-argument
"""Assert that an org can be POSTed."""
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.staff_admin_role)
rv = client.post('/api/v1/users', headers=headers, content_type='application/json')
rv = client.post('/api/v1/orgs', data=json.dumps({'name': 'My Test Org'}),
headers=headers, content_type='application/json')
assert rv.status_code == http_status.HTTP_201_CREATED
dictionary = json.loads(rv.data)
assert dictionary['accessType'] == 'ANONYMOUS'
def test_documents_returns_200(client, jwt, session): # pylint:disable=unused-argument
"""Assert get documents endpoint returns 200."""
headers = factory_auth_header(jwt=jwt,
claims=TestJwtClaims.public_user_role)
rv = client.get('/api/v1/documents/termsofuse',
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_200_OK
assert rv.json.get('version_id') == '2'
headers = factory_auth_header(jwt=jwt,
claims=TestJwtClaims.anonymous_bcros_role)
rv = client.get('/api/v1/documents/termsofuse',
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_200_OK
assert rv.json.get('version_id') == 'd1'
def test_add_affiliation_returns_exception(client, jwt, session, keycloak_mock): # pylint:disable=unused-argument
"""Assert that attempting to delete an affiliation returns an exception."""
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.passcode)
rv = client.post('/api/v1/entities', data=json.dumps(TestEntityInfo.entity1),
headers=headers, content_type='application/json')
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.public_user_role)
rv = client.post('/api/v1/users', headers=headers, content_type='application/json')
rv = client.post('/api/v1/orgs', data=json.dumps(TestOrgInfo.org1),
headers=headers, content_type='application/json')
dictionary = json.loads(rv.data)
org_id = dictionary['id']
with patch.object(AffiliationService, 'create_affiliation',
side_effect=BusinessException(Error.DATA_ALREADY_EXISTS, None)):
rv = client.post('/api/v1/orgs/{}/affiliations'.format(org_id),
data=json.dumps(TestAffliationInfo.affliation1),
headers=headers,
content_type='application/json')
assert rv.status_code == 400
def test_add_contact_duplicate_returns_400(client, jwt, session): # pylint:disable=unused-argument
"""Assert that adding a duplicate contact to an Entity returns 400."""
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.passcode)
client.post('/api/v1/entities', data=json.dumps(TestEntityInfo.entity1),
headers=headers, content_type='application/json')
client.post('/api/v1/entities/{}/contacts'.format(TestEntityInfo.entity1['businessIdentifier']),
headers=headers, data=json.dumps(TestContactInfo.contact1), content_type='application/json')
rv = client.post('/api/v1/entities/{}/contacts'.format(TestEntityInfo.entity1['businessIdentifier']),
headers=headers, data=json.dumps(TestContactInfo.contact1), content_type='application/json')
assert rv.status_code == http_status.HTTP_400_BAD_REQUEST
def test_staff_get_user(client, jwt, session): # pylint:disable=unused-argument
"""Assert that a staff user can GET a user by id."""
# POST a test user
headers = factory_auth_header(jwt=jwt,
claims=TestJwtClaims.public_user_role)
rv = client.post('/api/v1/users',
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_201_CREATED
# GET the test user as a staff user
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.staff_role)
rv = client.get('/api/v1/users/{}'.format(
TestJwtClaims.public_user_role['preferred_username']),
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_200_OK
user = json.loads(rv.data)
assert user['firstname'] == 'Test'
def test_add_org_invalid_user_returns_401(client, jwt, session): # pylint:disable=unused-argument
"""Assert that POSTing an org with invalid user returns a 401."""
headers = factory_auth_header(jwt, claims=TestJwtClaims.edit_role)
with patch.object(UserService, 'find_by_jwt_token', return_value=None):
rv = client.post('/api/v1/orgs',
data=json.dumps(TestOrgInfo.org1),
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_401_UNAUTHORIZED
def test_authorizations_for_staff_returns_200(client, jwt, session): # pylint:disable=unused-argument
"""Assert authorizations for staff user returns 200."""
inc_number = 'tester'
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.staff_role)
rv = client.get(f'/api/v1/entities/{inc_number}/authorizations',
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_200_OK
def test_update_contact_missing_contact_returns_404(client, jwt, session): # pylint:disable=unused-argument
"""Assert that updating a contact for a non-existent user returns a 404."""
# POST a test user
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.public_user_role)
rv = client.post('/api/v1/users', headers=headers, content_type='application/json')
# PUT a contact to test user
rv = client.put('/api/v1/users/contacts', data=json.dumps(TestContactInfo.contact1),
headers=headers, content_type='application/json')
assert rv.status_code == http_status.HTTP_404_NOT_FOUND
def test_update_user(client, jwt, session): # pylint:disable=unused-argument
"""Assert that a POST to an existing user updates that user."""
headers = factory_auth_header(jwt=jwt,
claims=TestJwtClaims.public_user_role)
rv = client.post('/api/v1/users',
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_201_CREATED
user = json.loads(rv.data)
assert user['firstname'] == 'Test'
# post token with updated claims
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.updated_test)
rv = client.post('/api/v1/users',
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_201_CREATED
user = json.loads(rv.data)
assert user['firstname'] == 'Updated_Test'
def test_update_user_terms_of_use_invalid_input(client, jwt, session): # pylint:disable=unused-argument
"""Assert that a PATCH to an existing user updates that user."""
headers = factory_auth_header(jwt=jwt,
claims=TestJwtClaims.public_user_role)
rv = client.post('/api/v1/users',
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_201_CREATED
user = json.loads(rv.data)
assert user['firstname'] == 'Test'
# post token with updated claims
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.updated_test)
input_data = json.dumps({'invalid': True})
rv = client.patch('/api/v1/users/@me',
headers=headers,
data=input_data,
content_type='application/json')
assert rv.status_code == http_status.HTTP_400_BAD_REQUEST
def test_fetch_tasks(client, jwt, session): # pylint:disable=unused-argument
"""Assert that the tasks can be fetched."""
user = factory_user_model()
factory_task_service(user.id)
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.staff_role)
rv = client.get('/api/v1/tasks', headers=headers, content_type='application/json')
item_list = rv.json
assert schema_utils.validate(item_list, 'paged_response')[0]
assert rv.status_code == http_status.HTTP_200_OK
def test_update_contact_invalid_format_returns_400(client, jwt, session): # pylint:disable=unused-argument
"""Assert that updating with an invalidly formatted contact returns a 400."""
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.edit_role)
client.post('/api/v1/entities', data=json.dumps(TestEntityInfo.entity1),
headers=headers, content_type='application/json')
client.post('/api/v1/entities/{}/contacts'.format(TestEntityInfo.entity1['businessIdentifier']),
headers=headers, data=json.dumps(TestContactInfo.contact1), content_type='application/json')
rv = client.put('/api/v1/entities/{}/contacts'.format(TestEntityInfo.entity1['businessIdentifier']),
headers=headers, data=json.dumps(TestContactInfo.invalid), content_type='application/json')
assert rv.status_code == http_status.HTTP_400_BAD_REQUEST
def test_fetch_task(client, jwt, session): # pylint:disable=unused-argument
"""Assert that the task can be fetched by id."""
user = factory_user_model()
task = factory_task_service(user.id)
task_id = task._model.id
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.staff_role)
rv = client.get('/api/v1/tasks/{}'.format(task_id), headers=headers, content_type='application/json')
assert rv.status_code == http_status.HTTP_200_OK
assert rv.json.get('name') == task._model.name
def test_add_same_org_409(client, jwt, session, keycloak_mock): # pylint:disable=unused-argument
"""Assert that an org can be POSTed."""
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.public_user_role)
rv = client.post('/api/v1/users', headers=headers, content_type='application/json')
rv = client.post('/api/v1/orgs', data=json.dumps(TestOrgInfo.org1),
headers=headers, content_type='application/json')
assert rv.status_code == http_status.HTTP_201_CREATED
rv = client.post('/api/v1/orgs', data=json.dumps(TestOrgInfo.org1),
headers=headers, content_type='application/json')
assert rv.status_code == http_status.HTTP_409_CONFLICT
def test_search_directors_xlsx_export(client, jwt, session): # pylint:disable=unused-argument
"""Assert that directors can be searched via GET."""
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.no_role)
client.get(
'/api/v1/directors/export/?field=firstNme&operator=exact&value=Lillian&mode=ALL&page=1&sort_type=asc&'
'sort_value=lastNme&additional_cols=none',
headers=headers,
content_type='application/json',
)
def test_delete_inactive_user_returns_400(client, jwt, session, keycloak_mock): # pylint:disable=unused-argument
"""Test if the user doesn't have any teams/orgs assert status is 204."""
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.edit_role)
rv = client.post('/api/v1/users',
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_201_CREATED
# post token with updated claims
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.updated_test)
rv = client.delete('/api/v1/users/@me',
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_204_NO_CONTENT
rv = client.delete('/api/v1/users/@me',
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_400_BAD_REQUEST
def test_delete_contact_no_contact_returns_404(client, jwt, session): # pylint:disable=unused-argument, invalid-name
"""Assert that deleting a contact that doesn't exist returns a 404."""
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.edit_role)
rv = client.post('/api/v1/users',
headers=headers,
content_type='application/json')
rv = client.delete('/api/v1/users/contacts',
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_404_NOT_FOUND
def test_update_user_terms_of_use(client, jwt, session): # pylint:disable=unused-argument
"""Assert that a PATCH to an existing user updates that user."""
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.edit_role)
rv = client.post('/api/v1/users',
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_201_CREATED
user = json.loads(rv.data)
assert user['firstname'] == 'Test'
# post token with updated claims
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.updated_test)
input_data = json.dumps({'termsversion': 1, 'istermsaccepted': True})
rv = client.patch('/api/v1/users/@me',
headers=headers,
data=input_data,
content_type='application/json')
assert rv.status_code == http_status.HTTP_200_OK
user = json.loads(rv.data)
assert user['userTerms']['termsOfUseAcceptedVersion'] == 1
def test_add_contact(client, jwt, session): # pylint:disable=unused-argument
"""Assert that a contact can be added to an entity."""
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.system_role)
rv = client.post('/api/v1/entities',
data=json.dumps(TestEntityInfo.entity1),
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_201_CREATED
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.system_role)
rv = client.post('/api/v1/entities/{}/contacts'.format(
TestEntityInfo.entity1['businessIdentifier']),
headers=headers,
data=json.dumps(TestContactInfo.contact1),
content_type='application/json')
assert rv.status_code == http_status.HTTP_201_CREATED
dictionary = json.loads(rv.data)
assert len(dictionary['contacts']) == 1
assert dictionary['contacts'][0]['email'] == TestContactInfo.contact1[
'email']
def test_authorizations_passcode_returns_200(client, jwt, session): # pylint:disable=unused-argument
"""Assert authorizations for passcode user returns 200."""
inc_number = 'CP1234567'
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.passcode)
rv = client.get(f'/api/v1/entities/{inc_number}/authorizations',
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_200_OK
assert rv.json.get('orgMembership') == 'OWNER'
# Test with invalid number
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.passcode)
rv = client.get('/api/v1/entities/INVALID/authorizations',
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_200_OK
assert rv.json.get('role', None) is None
def test_delete_user_with_tester_role(client, jwt, session, keycloak_mock): # pylint:disable=unused-argument
"""Test delete the user by tester role assert status is 204."""
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.tester_role)
rv = client.post('/api/v1/users',
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_201_CREATED
# post token with updated claims
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.tester_role)
rv = client.delete('/api/v1/users/@me',
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_204_NO_CONTENT
rv = client.get('/api/v1/users/@me',
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_404_NOT_FOUND
def test_document_signature_get_returns_200(client, jwt, session): # pylint:disable=unused-argument
"""Assert get documents/filename/signatures endpoint returns 200."""
headers = factory_auth_header(jwt=jwt,
claims=TestJwtClaims.public_bceid_user)
file_name = 'test_file.jpeg'
rv = client.get(f'/api/v1/documents/{file_name}/signatures',
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_200_OK
assert rv.json.get('key').startswith('Affidavits/')
def test_invalid_documents_returns_404(client, jwt, session): # pylint:disable=unused-argument
"""Assert get documents endpoint returns 404."""
headers = factory_auth_header(jwt=jwt,
claims=TestJwtClaims.public_user_role)
rv = client.get('/api/v1/documents/junk',
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_404_NOT_FOUND
assert rv.json.get(
'message') == 'The requested invitation could not be found.'
def test_unauthorized_search_orgs_for_affiliation(client, jwt, session,
keycloak_mock): # pylint:disable=unused-argument
"""Assert that search org with affiliation works."""
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.passcode)
client.post('/api/v1/entities', data=json.dumps(TestEntityInfo.entity_lear_mock),
headers=headers, content_type='application/json')
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.public_user_role)
client.post('/api/v1/users', headers=headers, content_type='application/json')
rv = client.post('/api/v1/orgs', data=json.dumps(TestOrgInfo.org1),
headers=headers, content_type='application/json')
dictionary = json.loads(rv.data)
org_id = dictionary['id']
client.post('/api/v1/orgs/{}/affiliations'.format(org_id), headers=headers,
data=json.dumps(TestAffliationInfo.affiliation3), content_type='application/json')
# Create a system token
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.edit_user_role)
rv = client.get('/api/v1/orgs?affiliation={}'.format(TestAffliationInfo.affiliation3.get('businessIdentifier')),
headers=headers, content_type='application/json')
assert rv.status_code == http_status.HTTP_401_UNAUTHORIZED
def test_search_corporations_xlsx_export(client, jwt, session): # pylint: disable=unused-argument
"""Check we can export corps."""
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.no_role)
rv = client.get(
'/api/v1/businesses/export/?query=pembina&page=1&sort_type=dsc&sort_value=corpNme',
headers=headers,
content_type='application/json',
)
assert rv.status_code == http_status.HTTP_200_OK
def test_get_org_no_auth_returns_401(client, jwt, session, keycloak_mock): # pylint:disable=unused-argument
"""Assert that an org cannot be retrieved without an authorization header."""
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.public_user_role)
rv = client.post('/api/v1/users', headers=headers, content_type='application/json')
rv = client.post('/api/v1/orgs', data=json.dumps(TestOrgInfo.org1),
headers=headers, content_type='application/json')
dictionary = json.loads(rv.data)
org_id = dictionary['id']
rv = client.get('/api/v1/orgs/{}'.format(org_id),
headers=None, content_type='application/json')
assert rv.status_code == http_status.HTTP_401_UNAUTHORIZED
def test_delete_org(client, jwt, session, keycloak_mock): # pylint:disable=unused-argument
"""Assert that an org can be deleted."""
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.public_user_role)
rv = client.post('/api/v1/users', headers=headers, content_type='application/json')
rv = client.post('/api/v1/orgs', data=json.dumps(TestOrgInfo.org1),
headers=headers, content_type='application/json')
assert rv.status_code == http_status.HTTP_201_CREATED
dictionary = json.loads(rv.data)
org_id = dictionary['id']
rv = client.delete('/api/v1/orgs/{}'.format(org_id), headers=headers, content_type='application/json')
assert rv.status_code == http_status.HTTP_204_NO_CONTENT
def test_list_api_keys(client, jwt, session, keycloak_mock): # pylint:disable=unused-argument
"""Assert that api keys can be listed."""
# First create an account
user_header = factory_auth_header(
jwt=jwt, claims=TestJwtClaims.public_account_holder_user)
client.post('/api/v1/users',
headers=user_header,
content_type='application/json')
rv = client.post('/api/v1/orgs',
data=json.dumps(TestOrgInfo.org1),
headers=user_header,
content_type='application/json')
org_id = rv.json.get('id')
# Create a system token and create an API key for this account.
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.system_role)
rv = client.post(f'/api/v1/orgs/{org_id}/api-keys',
headers=headers,
content_type='application/json',
data=json.dumps({
'environment': 'dev',
'keyName': 'TEST'
}))
rv = client.post(f'/api/v1/orgs/{org_id}/api-keys',
headers=headers,
content_type='application/json',
data=json.dumps({
'environment': 'dev',
'keyName': 'TEST 2'
}))
rv = client.get(f'/api/v1/orgs/{org_id}/api-keys',
headers=headers,
content_type='application/json')
assert rv.json['consumer']['consumerKey']
rv = client.get(f'/api/v1/orgs/{org_id}/api-keys',
headers=user_header,
content_type='application/json')
assert rv.json['consumer']['consumerKey']
def test_get_affiliations(client, jwt, session): # pylint:disable=unused-argument
"""Assert that a list of affiliation for an org can be retrieved."""
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.passcode)
rv = client.post('/api/v1/entities',
data=json.dumps(TestEntityInfo.entity_lear_mock),
headers=headers,
content_type='application/json')
rv = client.post('/api/v1/entities',
data=json.dumps(TestEntityInfo.entity_lear_mock2),
headers=headers,
content_type='application/json')
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.edit_role)
rv = client.post('/api/v1/users',
headers=headers,
content_type='application/json')
rv = client.post('/api/v1/orgs',
data=json.dumps(TestOrgInfo.org1),
headers=headers,
content_type='application/json')
dictionary = json.loads(rv.data)
org_id = dictionary['id']
rv = client.post('/api/v1/orgs/{}/affiliations'.format(org_id),
data=json.dumps(TestAffliationInfo.affiliation3),
headers=headers,
content_type='application/json')
rv = client.post('/api/v1/orgs/{}/affiliations'.format(org_id),
data=json.dumps(TestAffliationInfo.affiliation4),
headers=headers,
content_type='application/json')
rv = client.get('/api/v1/orgs/{}/affiliations'.format(org_id),
headers=headers)
assert rv.status_code == http_status.HTTP_200_OK
affiliations = json.loads(rv.data)
assert affiliations[0][
'businessIdentifier'] == TestEntityInfo.entity_lear_mock[
'businessIdentifier']
assert affiliations[1][
'businessIdentifier'] == TestEntityInfo.entity_lear_mock2[
'businessIdentifier']
