def test_read_user(self):
user = User('username', 'asdfghjkl;')
db.session.add(user)
db.session.commit()
response = self.get_with_status_check('/api/users/{}'.format(user.id), headers=self.headers,
status_code=SUCCESS)
self.assertDictEqual(response, user.as_json())
def test_read_user(self):
user = User('username', 'asdfghjkl;')
db.session.add(user)
db.session.commit()
response = self.get_with_status_check('/api/users/{}'.format(user.id), headers=self.headers,
status_code=SUCCESS)
self.assertDictEqual(response, user.as_json())
def test_has_role_user_with_role(self):
role_ids = TestUserRolesDatabase.add_roles_to_db(3)
user = User('username', 'password')
user.set_roles(role_ids)
db.session.commit()
for role in role_ids:
self.assertTrue(user.has_role(role))
def test_save_message_with_roles(self):
role = Role('some role')
db.session.add(role)
user1 = User('aaaaa', 'passssss', roles=[role.id])
user2 = User('bbbbb', 'passs', roles=[role.id])
db.session.add(user1)
db.session.add(user2)
db.session.commit()
message_data = {
'users': [user1.id],
'roles': [role.id],
'subject': 'Re: This thing',
'requires_reauth': False
}
workflow_execution_id = uuid4()
body = [{
'text': 'Here is something to look at'
}, {
'url': 'look.here.com'
}]
save_message(body, message_data, workflow_execution_id, False)
messages = Message.query.all()
self.assertEqual(len(messages), 1)
message = messages[0]
self.assertEqual(len(message.users), 2)
for user in message.users:
self.assertIn(user, [user1, user2])
def test_update_user_password_only_invalid_old_password(self):
user = User('username', 'asdfghjkl;')
db.session.add(user)
db.session.commit()
data = {'id': user.id, 'old_password': '******', 'password': '******'}
self.put_with_status_check('/api/users', headers=self.headers, content_type='application/json',
data=json.dumps(data), status_code=UNAUTHORIZED_ERROR)
self.assertTrue(user.verify_password('asdfghjkl;'))
def test_update_user_password_only_invalid_old_password(self):
user = User('username', 'asdfghjkl;')
db.session.add(user)
db.session.commit()
data = {'id': user.id, 'old_password': '******', 'password': '******'}
self.put_with_status_check('/api/users', headers=self.headers, content_type='application/json',
data=json.dumps(data), status_code=UNAUTHORIZED_ERROR)
self.assertTrue(user.verify_password('asdfghjkl;'))
def test_set_roles_none_in_user_some_in_db(self):
role_ids = TestUserRolesDatabase.add_roles_to_db(3)
user = User('username', 'password')
added_roles = set(role_ids)
added_roles.add(30)
user.set_roles(added_roles)
db.session.commit()
self.assertUserRolesEqual(user, set(role_ids))
def test_first_login(self):
user = User('username', 'password')
db.session.add(user)
db.session.commit()
user.login('192.168.0.1')
self.assertUserTimestamps(user, current_login=datetime.utcnow())
self.assertUserIps(user, current_ip='192.168.0.1')
self.assertLoginCount(user, 1)
def test_update_user_password_only(self):
user = User('username', 'asdfghjkl;')
db.session.add(user)
db.session.commit()
data = {'id': user.id, 'old_password': '******', 'password': '******'}
response = self.put_with_status_check('/api/users', headers=self.headers, content_type='application/json',
data=json.dumps(data), status_code=SUCCESS)
self.assertDictEqual(response, user.as_json())
self.assertTrue(user.verify_password('changed!'))
def test_change_password_and_username_invalid_password(self):
user = User('username', 'whisperDieselEngine')
db.session.add(user)
db.session.commit()
data = {'id': user.id, 'old_password': '******', 'password': '******', 'username': '******'}
self.put_with_status_check('/api/users', headers=self.headers, content_type='application/json',
data=json.dumps(data), status_code=UNAUTHORIZED_ERROR)
self.assertTrue(user.verify_password('whisperDieselEngine'))
self.assertEqual(user.username, 'username')
def test_update_username(self):
user = User('username', 'whisperDieselEngine')
db.session.add(user)
db.session.commit()
data = {'id': user.id, 'username': '******'}
response = self.put_with_status_check('/api/users', headers=self.headers, content_type='application/json',
data=json.dumps(data), status_code=SUCCESS)
self.assertEqual(user.username, 'new_name')
self.assertDictEqual(response, user.as_json())
def test_update_user_password_only(self):
user = User('username', 'asdfghjkl;')
db.session.add(user)
db.session.commit()
data = {'id': user.id, 'old_password': '******', 'password': '******'}
response = self.put_with_status_check('/api/users', headers=self.headers, content_type='application/json',
data=json.dumps(data), status_code=SUCCESS)
self.assertDictEqual(response, user.as_json())
self.assertTrue(user.verify_password('changed!'))
def test_update_username(self):
user = User('username', 'whisperDieselEngine')
db.session.add(user)
db.session.commit()
data = {'id': user.id, 'username': '******'}
response = self.put_with_status_check('/api/users', headers=self.headers, content_type='application/json',
data=json.dumps(data), status_code=SUCCESS)
self.assertEqual(user.username, 'new_name')
self.assertDictEqual(response, user.as_json())
def test_change_password_and_username_invalid_password(self):
user = User('username', 'whisperDieselEngine')
db.session.add(user)
db.session.commit()
data = {'id': user.id, 'old_password': '******', 'password': '******', 'username': '******'}
self.put_with_status_check('/api/users', headers=self.headers, content_type='application/json',
data=json.dumps(data), status_code=UNAUTHORIZED_ERROR)
self.assertTrue(user.verify_password('whisperDieselEngine'))
self.assertEqual(user.username, 'username')
def test_as_json_with_user_history(self):
role_ids = TestUserRolesDatabase.add_roles_to_db(3)
user = User('username', 'password')
db.session.add(user)
user.set_roles(role_ids)
user.login('192.168.0.1')
first_login_timestamp = datetime.utcnow()
user.login('192.168.0.2')
second_login_timestamp = datetime.utcnow()
user_json = user.as_json(with_user_history=True)
expected = {"id": 1,
"username": '******',
"roles": [{'name': role, 'description': '', 'resources': []} for role in
['role1', 'role2', 'role3']],
"active": True,
"last_login_at": first_login_timestamp,
"current_login_at": second_login_timestamp,
"last_login_ip": '192.168.0.1',
"current_login_ip": '192.168.0.2',
"login_count": 2}
self.assertSetEqual(set(user_json.keys()), set(expected.keys()))
for key in ['username', 'active', 'last_login_ip', 'current_login_ip', 'login_count']:
self.assertEqual(user_json[key], expected[key], '{} for user\'s json in incorrect'.format(key))
self.assertAlmostEqual(timestamp_to_datetime(user_json['last_login_at']), first_login_timestamp,
delta=timedelta(milliseconds=100))
self.assertAlmostEqual(timestamp_to_datetime(user_json['current_login_at']), second_login_timestamp,
delta=timedelta(milliseconds=100))
for role in user_json['roles']:
self.assertIn('id', role)
self.assertIn(role['name'], ['role1', 'role2', 'role3'])
self.assertListEqual(role['resources'], [])
self.assertEqual(role['description'], '')
def test_roles_as_json_with_users_one_user(self):
role = Role('role1')
db.session.add(role)
db.session.commit()
user = User('username', 'password')
db.session.add(user)
user.set_roles([role.id])
expected = {'name': 'role1', 'description': '', 'resources': [], 'users': ['username']}
role_json = role.as_json(with_users=True)
role_json.pop('id')
self.assertDictEqual(role_json, expected)
def test_update_username_name_already_exists(self):
user = User('username', 'whisperDieselEngine')
db.session.add(user)
user2 = User('user2', 'shhnow')
db.session.add(user)
db.session.add(user2)
db.session.commit()
data = {'id': user.id, 'username': '******'}
self.put_with_status_check('/api/users', headers=self.headers, content_type='application/json',
data=json.dumps(data), status_code=BAD_REQUEST)
self.assertTrue(user.verify_password('whisperDieselEngine')) # check password wasn't changed
def test_update_username_name_already_exists(self):
user = User('username', 'whisperDieselEngine')
db.session.add(user)
user2 = User('user2', 'shhnow')
db.session.add(user)
db.session.add(user2)
db.session.commit()
data = {'id': user.id, 'username': '******'}
self.put_with_status_check('/api/users', headers=self.headers, content_type='application/json',
data=json.dumps(data), status_code=BAD_REQUEST)
self.assertTrue(user.verify_password('whisperDieselEngine')) # check password wasn't changed
def setUp(self):
self.user = User('username', 'password')
self.user2 = User('username2', 'password2')
self.role = Role('visitor')
db.session.add(self.role)
db.session.commit()
self.user3 = User('username3', 'password3', roles=[self.role.id])
db.session.add(self.user)
db.session.add(self.user2)
db.session.add(self.user3)
db.session.commit()
def put_patch_update_user_with_roles(self, verb):
send_func = self.put_with_status_check if verb == 'put' else self.patch_with_status_check
role = Role('role1')
db.session.add(role)
db.session.commit()
user = User('username', 'supersecretshhhhh')
db.session.add(user)
db.session.commit()
data = {'id': user.id, 'roles': [{'id': role.id}]}
response = send_func('/api/users', headers=self.headers, content_type='application/json',
data=json.dumps(data), status_code=SUCCESS)
self.assertDictEqual(response, user.as_json())
self.assertSetEqual({role.name for role in user.roles}, {'role1'})
def put_patch_update_user_with_roles(self, verb):
send_func = self.put_with_status_check if verb == 'put' else self.patch_with_status_check
role = Role('role1')
db.session.add(role)
db.session.commit()
user = User('username', 'supersecretshhhhh')
db.session.add(user)
db.session.commit()
data = {'id': user.id, 'roles': [{'id': role.id}]}
response = send_func('/api/users', headers=self.headers, content_type='application/json',
data=json.dumps(data), status_code=SUCCESS)
self.assertDictEqual(response, user.as_json())
self.assertSetEqual({role.name for role in user.roles}, {'role1'})
def test_change_password_and_username_invalid_username(self):
user = User('username', 'whisperDieselEngine')
db.session.add(user)
user2 = User('user2', 'somethingelse#@!@#')
db.session.add(user)
db.session.add(user2)
db.session.commit()
data = {'id': user.id, 'old_password': '******', 'password': '******', 'username': '******'}
self.put_with_status_check('/api/users', headers=self.headers, content_type='application/json',
data=json.dumps(data), status_code=BAD_REQUEST)
self.assertTrue(user.verify_password('whisperDieselEngine'))
self.assertEqual(user.username, 'username')
self.assertTrue(user2.verify_password('somethingelse#@!@#'))
self.assertEqual(user2.username, 'user2')
def test_create_user_username_already_exists(self):
user = User('username', 'asdfghjkl;')
db.session.add(user)
db.session.commit()
data = {'username': '******', 'password': '******'}
self.post_with_status_check('/api/users', headers=self.headers, content_type='application/json',
data=json.dumps(data), status_code=OBJECT_EXISTS_ERROR)
def test_delete_user(self):
user = User('username', 'asdfghjkl;')
db.session.add(user)
db.session.commit()
self.delete_with_status_check('/api/users/{}'.format(user.id),
headers=self.headers,
status_code=NO_CONTENT)
def test_as_json(self):
role_ids = TestUserRolesDatabase.add_roles_to_db(3)
user = User('username', 'password')
db.session.add(user)
user.set_roles(role_ids)
user.login('192.168.0.1')
user.login('192.168.0.2')
user_json = user.as_json()
expected = {
"id":
1,
"username":
'******',
"active":
True,
"roles": [{
'name': role,
'description': '',
'resources': []
} for role in ['role1', 'role2', 'role3']]
}
self.assertSetEqual(set(user_json.keys()), set(expected.keys()))
self.assertEqual(user_json['username'], 'username')
self.assertEqual(user_json['active'], True)
for role in user_json['roles']:
self.assertIn('id', role)
self.assertIn(role['name'], ['role1', 'role2', 'role3'])
self.assertListEqual(role['resources'], [])
self.assertEqual(role['description'], '')
def test_user_init(self):
user = User('username', 'password')
self.assertEqual(user.username, 'username')
self.assertUserRolesEqual(user, set())
self.assertUserTimestamps(user)
self.assertUserIps(user)
db.session.add(user)
db.session.commit()
self.assertLoginCount(user, 0)
def test_read_users(self):
user = User('username', 'asdfghjkl;')
db.session.add(user)
db.session.commit()
response = self.get_with_status_check('/api/users',
headers=self.headers,
status_code=SUCCESS)
self.assertSetEqual({user['username']
for user in response}, {'admin', 'username'})
def test_set_roles_some_in_user_all_in_db(self):
role_ids = TestUserRolesDatabase.add_roles_to_db(3)
x = role_ids.pop()
user = User('username', 'password')
user.set_roles(role_ids)
user.set_roles({x - 1, x})
self.assertUserRolesEqual(user, {x - 1, x})
def test_logout_from_first_login(self):
user = User('username', 'password')
db.session.add(user)
db.session.commit()
user.login('192.168.0.1')
user.logout()
self.assertLoginCount(user, 0)
def test_set_roles_to_none_with_some_in_user(self):
role_ids = TestUserRolesDatabase.add_roles_to_db(3)
user = User('username', 'password')
user.set_roles(role_ids)
db.session.commit()
user.set_roles([])
db.session.commit()
self.assertUserRolesEqual(user, set())
def test_change_password_and_username_invalid_username(self):
user = User('username', 'whisperDieselEngine')
db.session.add(user)
user2 = User('user2', 'somethingelse#@!@#')
db.session.add(user)
db.session.add(user2)
db.session.commit()
data = {'id': user.id, 'old_password': '******', 'password': '******', 'username': '******'}
self.put_with_status_check('/api/users', headers=self.headers, content_type='application/json',
data=json.dumps(data), status_code=BAD_REQUEST)
self.assertTrue(user.verify_password('whisperDieselEngine'))
self.assertEqual(user.username, 'username')
self.assertTrue(user2.verify_password('somethingelse#@!@#'))
self.assertEqual(user2.username, 'user2')
def test_add_user_already_exists(self):
user = User('username', 'password')
db.session.add(user)
db.session.commit()
user = add_user('username', 'password')
self.assertIsNone(user)
def test_verify_invalid_password(self):
user = User('username', 'invalid')
self.assertFalse(user.verify_password('password'))
def test_password_stored_encrypted(self):
user = User('username', 'password')
self.assertNotEqual(user.password, 'password')
def test_verify_valid_password(self):
user = User('username', 'password')
self.assertTrue(user.verify_password('password'))
def test_has_role_user_with_no_roles(self):
user = User('username', 'password')
self.assertFalse(user.has_role(100))
def test_has_role_user_without_role(self):
role_ids = TestUserRolesDatabase.add_roles_to_db(3)
user = User('username', 'password')
user.set_roles(role_ids)
self.assertFalse(user.has_role('invalid'))
def test_remove_user(self):
user = User('username', 'password')
db.session.add(user)
db.session.commit()
remove_user('username')
self.assertIsNone(User.query.filter_by(username='******').first())
