Esempio n. 1
0
def test_transfer_agreement_mutations_identical_source_org_for_creation(
    read_only_client, ):
    # Test case 2.2.14
    mutation = """mutation { createTransferAgreement( creationInput: {
                    targetOrganisationId: 1,
                    type: Unidirectional
                } ) { id } }"""
    assert_bad_user_input(read_only_client, mutation)
Esempio n. 2
0
def test_transfer_agreement_mutations_create_non_existent_target_org(
        read_only_client):
    # Test case 2.2.15
    creation_input = "targetOrganisationId: 0"
    mutation = f"""mutation {{ createTransferAgreement( creationInput: {{
                    {creation_input},
                    type: Bidirectional
                }} ) {{ id }} }}"""
    assert_bad_user_input(read_only_client, mutation)
Esempio n. 3
0
def test_transfer_agreement_mutations_create_invalid_source_base(
        read_only_client, kind, base_id):
    # Test cases 2.2.18, 2.2.19
    mutation = f"""mutation {{ createTransferAgreement( creationInput: {{
                    targetOrganisationId: 2,
                    {kind}BaseIds: [{base_id}],
                    type: Bidirectional
                }} ) {{ id }} }}"""
    assert_bad_user_input(read_only_client, mutation)
Esempio n. 4
0
def test_shipment_mutations_create_non_existent_resource(
        read_only_client, default_bases):
    # Test case 3.2.5
    mutation = _generate_create_shipment_mutation(
        source_base=default_bases[1],
        target_base=default_bases[3],
        agreement={"id": 0},
    )
    assert_bad_user_input(read_only_client, mutation)
Esempio n. 5
0
def test_transfer_agreement_mutations_invalid_state(read_only_client, mocker,
                                                    expired_transfer_agreement,
                                                    action):
    # The client has to be permitted to perform the action in general
    mocker.patch("jose.jwt.decode").return_value = create_jwt_payload(
        organisation_id=expired_transfer_agreement["target_organisation"],
        user_id=2)
    # Test cases 2.2.11, 2.2.12, 2.2.13
    agreement_id = expired_transfer_agreement["id"]
    mutation = f"mutation {{ {action}TransferAgreement(id: {agreement_id}) {{ id }} }}"
    assert_bad_user_input(read_only_client, mutation)
Esempio n. 6
0
def test_code_not_associated_with_box(read_only_client, qr_code_without_box):
    code = qr_code_without_box["code"]
    query = f"""query {{ qrCode(qrCode: "{code}") {{ box {{ id }} }} }}"""
    response = assert_bad_user_input(read_only_client,
                                     query,
                                     value={"box": None})
    assert "SQL" not in response.json["errors"][0]["message"]
Esempio n. 7
0
def test_mutation_update_non_existent_resource(read_only_client, operation):
    # Test cases 3.2.21
    if operation == "updateBox":
        update_input = """boxUpdateInput: { labelIdentifier: "xxx" }"""
    else:
        update_input = "updateInput: { id: 0 }"
    mutation = f"mutation {{ {operation}({update_input}) {{ id }} }}"
    response = assert_bad_user_input(read_only_client, mutation, field=operation)
    assert "SQL" not in response.json["errors"][0]["message"]
Esempio n. 8
0
def test_qr_code_mutation(client, box_without_qr_code):
    mutation = "mutation { createQrCode { id } }"
    qr_code = assert_successful_request(client, mutation)
    qr_code_id = int(qr_code["id"])
    assert qr_code_id > 2

    mutation = f"""mutation {{
        createQrCode(boxLabelIdentifier: "{box_without_qr_code['label_identifier']}")
        {{
            id
            box {{
                id
                items
            }}
        }}
    }}"""
    created_qr_code = assert_successful_request(client, mutation)
    assert int(created_qr_code["id"]) == qr_code_id + 1
    assert created_qr_code["box"]["items"] == box_without_qr_code["items"]
    assert int(created_qr_code["box"]["id"]) == box_without_qr_code["id"]

    assert_bad_user_input(
        client,
        """mutation { createQrCode(boxLabelIdentifier: "xxx") { id } }""")
Esempio n. 9
0
def test_shipment_mutations_in_non_preparing_state(read_only_client,
                                                   canceled_shipment, act):
    # Test cases 3.2.9, 3.2.13
    mutation = f"mutation {{ {act}Shipment(id: {canceled_shipment['id']}) {{ id }} }}"
    assert_bad_user_input(read_only_client, mutation)
Esempio n. 10
0
def assert_bad_user_input_when_updating_shipment(client, **kwargs):
    mutation = _generate_update_shipment_mutation(**kwargs)
    assert_bad_user_input(client, mutation)
Esempio n. 11
0
def test_code_does_not_exist(read_only_client):
    query = """query { qrCode(qrCode: "-1") { id } }"""
    response = assert_bad_user_input(read_only_client, query)
    assert "SQL" not in response.json["errors"][0]["message"]
Esempio n. 12
0
def test_query_non_existent_resource_for_god_user(read_only_client, mocker, resource):
    # Non-god users would not be authorized to access resource ID 0
    mocker.patch("jose.jwt.decode").return_value = create_jwt_payload(permissions=["*"])
    query = f"query {{ {resource}(id: 0) {{ id }} }}"
    response = assert_bad_user_input(read_only_client, query, field=resource)
    assert "SQL" not in response.json["errors"][0]["message"]
Esempio n. 13
0
def test_query_non_existent_resource(read_only_client, resource):
    # Test cases 2.1.4, 3.1.3
    query = f"query {{ {resource}(id: 0) {{ id }} }}"
    response = assert_bad_user_input(read_only_client, query, field=resource)
    assert "SQL" not in response.json["errors"][0]["message"]
Esempio n. 14
0
def test_invalid_pagination_input(read_only_client):
    query = """query { beneficiaries(paginationInput: {last: 2}) {
        elements { id }
    } }"""
    assert_bad_user_input(read_only_client, query, none_data=True)
Esempio n. 15
0
def test_mutation_non_existent_resource(read_only_client, operation):
    # Test cases 2.2.4, 2.2.6, 2.2.8, 3.2.8, 3.2.12
    mutation = f"mutation {{ {operation}(id: 0) {{ id }} }}"
    response = assert_bad_user_input(read_only_client, mutation, field=operation)
    assert "SQL" not in response.json["errors"][0]["message"]