def test_delete_all_api_keys(flask_client): # create two test users user_1 = login(flask_client) user_2 = User.create(email="[email protected]", password="******", name="Test User 2", activated=True) Session.commit() # create api_key for both users ApiKey.create(user_1.id, "for test") ApiKey.create(user_1.id, "for test 2") ApiKey.create(user_2.id, "for test") Session.commit() assert (ApiKey.count() == 3 ) # assert that the total number of API keys for all users is 3. # assert that each user has the API keys created assert ApiKey.filter(ApiKey.user_id == user_1.id).count() == 2 assert ApiKey.filter(ApiKey.user_id == user_2.id).count() == 1 # delete all of user 1's API keys r = flask_client.post( url_for("dashboard.api_key"), data={"form-name": "delete-all"}, follow_redirects=True, ) assert r.status_code == 200 assert ( ApiKey.count() == 1 ) # assert that the total number of API keys for all users is now 1. assert (ApiKey.filter(ApiKey.user_id == user_1.id).count() == 0 ) # assert that user 1 now has 0 API keys assert (ApiKey.filter(ApiKey.user_id == user_2.id).count() == 1 ) # assert that user 2 still has 1 API key
def api_key(): api_keys = (ApiKey.filter(ApiKey.user_id == current_user.id).order_by( ApiKey.created_at.desc()).all()) new_api_key_form = NewApiKeyForm() if request.method == "POST": if request.form.get("form-name") == "delete": api_key_id = request.form.get("api-key-id") api_key = ApiKey.get(api_key_id) if not api_key: flash("Unknown error. Refresh the page", "warning") return redirect(url_for("dashboard.api_key")) elif api_key.user_id != current_user.id: flash("You cannot delete this api key", "warning") return redirect(url_for("dashboard.api_key")) name = api_key.name ApiKey.delete(api_key_id) Session.commit() flash(f"API Key {name} has been deleted", "success") elif request.form.get("form-name") == "create": if new_api_key_form.validate(): new_api_key = ApiKey.create(name=new_api_key_form.name.data, user_id=current_user.id) Session.commit() flash(f"New API Key {new_api_key.name} has been created", "success") elif request.form.get("form-name") == "delete-all": ApiKey.delete_all(current_user.id) Session.commit() flash("All API Keys have been deleted", "success") return redirect(url_for("dashboard.api_key")) return render_template("dashboard/api_key.html", api_keys=api_keys, new_api_key_form=new_api_key_form)