def test_update_invalid_password():
"""--> Test update with incorrect password for logged in user"""
# Use a new session
new_session = get_new_session()
login_data = {'username': '******', 'password': '******'}
resp1 = get_response_with_jwt(new_session, 'POST', '/login', login_data)
log_response_error(resp1)
assert resp1.status_code == 200
assert 'csrf_access_token' in resp1.cookies
update_data = {
'username': '******',
'password': '******',
'email': '*****@*****.**',
'phone': 'it does not matter'
}
resp = get_response_with_jwt(new_session, 'PUT', '/users/' + testing_id,
update_data)
assert resp.status_code == 401
def test_unauthorized_update():
"""--> Test that a user without Admin role cannot update another user"""
# Use a new session
new_session = get_new_session()
# Login with talw
login_data = {'username': '******', 'password': '******'}
resp1 = get_response_with_jwt(new_session, 'POST', '/login', login_data)
log_response_error(resp1)
assert resp1.status_code == 200
assert 'csrf_access_token' in resp1.cookies
update_data = {
'username': '******',
'password': '******',
"email": "*****@*****.**",
'phone': 'This should not work'
}
resp2 = get_response_with_jwt(new_session, 'PUT', '/users/' + testing_id,
update_data)
assert resp2.status_code == 401
def test_self_update():
"""--> Update the same user that is authenticated"""
# Use a new session
my_session = get_new_session()
# Login in with talw
login_data = {'username': '******', 'password': '******'}
resp1 = get_response_with_jwt(my_session, 'POST', '/login', login_data)
log_response_error(resp1)
assert resp1.status_code == 200
assert 'csrf_access_token' in resp1.cookies
update_data = {
"username": "******",
"password": "******",
"email": "*****@*****.**",
"phone": "9109999999",
"newPassword": "******"
}
resp2 = get_response_with_jwt(my_session, 'PUT', '/users/' + added_id,
update_data)
assert resp2.status_code == 200
log_response_error(resp2)
resp3 = get_response_with_jwt(my_session, 'GET', '/users/' + added_id)
log_response_error(resp3)
assert resp3.json()['phone'] == '9109999999'
import os.path
import logging
from sqlalchemy import create_engine, exc
from sqlalchemy.orm import sessionmaker
from src.dm.User import User
from TestUtil import get_response_with_jwt, get_new_session,\
log_response_error
# Set up logger
LOGGER = logging.getLogger()
# We need a setup session to login in so we have privilege to delete
# the user as part of cleanup. We need a separate test session that
# does not have an access_token or refresh_token to test the lost
# password reset use case
SETUP_SESSION = get_new_session()
TEST_SESSION = get_new_session()
# Need a database connection to get the generated reset code between
# tests, since it is not returned via the API
CONNECT_STRING = os.environ['TEST_CONNECT_STRING']
try:
ENGINE = create_engine(CONNECT_STRING, pool_recycle=3600)
except exc.SQLAlchemyError: # pragma: no cover
LOGGER.debug('Caught exception in create_engine: ' + exc.SQLAlchemyError)
try:
DBSESSION = sessionmaker(bind=ENGINE)
except exc.SQLAlchemyError: # pragma: no cover
LOGGER.debug('Caught an exception in sessionmaker' + exc.SQLAlchemyError)
LOGGER.debug('We have created a session')