def practitioners_edit(*args, **kwargs):
print request.method
if request.method == 'PUT':
data = json.loads(request.data)
user = User.by_id(kwargs.get('user_id'))
if not user or not user.activated:
response = jsonify(
request=request.json,
response={'error': 'Invalid Practitioner.'})
response.status_code = 404
return response
user.map_data(data)
db.session.add(user)
db.session.commit()
response = jsonify(
request=data,
response={
'practitioner_id': user.id,
'active': user.active
}
)
response.status_code = 200
return response
elif request.method == 'DELETE':
data = json.loads(request.data)
user = User.by_id(int(kwargs.get('user_id')))
requester = User.by_email(request.headers.get('key'))
if user == requester:
status = 'Success'
status_code = 200
db.session.delete(user)
db.session.commit()
else:
status = 'Not Authorized'
status_code = 401
response = jsonify(
request=data,
response={
'status': status
}
)
response.status_code = status_code
return response
else:
print request.method
response = jsonify(
request=request.json,
response={'error': 'This request type not supported'})
response.status_code = 400
return response
def practitioners_get(*args, **kwargs):
user = User.by_id(kwargs.get('user_id'))
if not user or not user.activated:
response = jsonify(
request=request.json,
response={'error': 'Invalid Practitioner.'})
response.status_code = 404
return response
practice = None
if user.practice:
practice = practice.id
response = jsonify(
request={
'practitioner_id': user.id,
},
response={
'active': user.active,
'first_name': user.first_name,
'last_name': user.last_name,
'address_one': user.address_one,
'address_two': user.address_two,
'city': user.city,
'state': user.state,
'zip_code': user.zip_code,
'email': user.email,
'activation_code': user.activation_code,
'primary_color': user.primary_color,
'secondary_color': user.secondary_color,
'practice': practice,
}
)
response.status_code = 200
return response
def practitioners_login(*args, **kwargs):
if request.method == 'POST':
data = json.loads(request.data)
user = User.by_email(data['email'])
if not user or not user.activated:
data.pop('password')
response = jsonify(
request=data,
response={'error': 'Invalid Practitioner'})
response.status_code = 404
return response
if not verify_password(data['password'], user.password):
data.pop('password')
response = jsonify(
request=data,
response={'error': 'Authentication Failed'})
response.status_code = 401
return response
else:
data.pop('password')
response = jsonify(
request=data,
response={'secret': user.secret})
response.status_code = 200
return response
else:
response = jsonify(
request=request.json,
response={'error': 'This request type not supported'})
response.status_code = 400
return response
def decorated_function(*args, **kwargs):
''' authenticate_request validates the use of the provided credentials.
It cycles through a tuple of required_headers and checks the presence
of each header for validation. It then validates the licensekey and
will allow the consumer to use the decorated handler
'''
required_headers = ('datetime', 'body_hash', 'key', 'signature')
for header in required_headers:
if header not in request.headers:
response = jsonify(request=request.json, response={'error': 'Required headers missing'})
response.status_code = 403
return response
sent_timestamp = request.headers.get('datetime', '')
sent_body_hash = request.headers.get('body_hash', '')
sent_key = request.headers.get('key', '')
sent_signature = request.headers.get('signature', '')
user = User.by_email(sent_key)
if not user or not user.active or not user.activated:
response = jsonify(request=request.json, response={'error': 'Invalid Practitioner'})
response.status_code = 403
return response
recreated_signature = hashlib.sha256(unicode(sent_body_hash + sent_timestamp + user.secret)).hexdigest()
if not sent_signature == recreated_signature:
response = jsonify(request=request.json, response={'error': 'Invalid Practitioner'})
response.status_code = 403
return response
return f(*args, **kwargs)
def teardown_method(self, method):
os.environ['DATABASE_URL'] = 'sqlite:////tmp/test.db'
from cagenix import db
from cagenix.users.models import User
user = User.by_email('*****@*****.**')
if user:
db.session.delete(user)
db.session.commit()
def users_create():
"""This function handles the /users/create endpoint for the blueprint
It allows PNT-Admins to create users. It uses the :ref:`users-forms-label`
to display UsersCreateForm
:returns: users/index.html
:rtype: template
"""
user = User()
form = UserCreateForm()
if form.validate_on_submit():
form.populate_obj(user)
user.activation_code = ''.join(random.sample('0123456789ABCDEFGHJKMNPQRTVWXYZ', 15))
msg = Message("Welcome to Cagenix", recipients=[user.email])
msg.body = "Welcome to the cagenix app, please use the code %(activation_code)s to activate the application" % {'activation_code': user.activation_code}
mail.send(msg)
db.session.add(user)
db.session.commit()
return redirect(url_for('users.users_home'))
return render_template('users/create.html', form=form, admin=True)
def setup_method(self, method):
""" setup any state tied to the execution of the given method in a
class. setup_method is invoked for every test method of a class.
"""
os.environ['DATABASE_URL'] = 'sqlite:////tmp/test.db'
from cagenix import db
from cagenix.users.models import User
self.user = User(first_name='Chocolate', last_name='Chip', email='*****@*****.**', activation_code='DPJE3XFBVM271HC', password=encrypt_password('cookies'))
self.user.gen_secret()
db.session.add(self.user)
db.session.commit()
def users_delete(id):
"""This function handles the /users/delete endpoint for the blueprint
It allows PNT-Admins to delete a user. It is called via a button on
the ``users/edit.html`` template
:param id: The id of the user being deleted
:type id: int
:returns: users.users_home
:rtype: redirect
"""
user = User.by_id(id)
if not user:
abort(404)
db.session.delete(user)
db.session.commit()
return redirect(url_for('users.users_home'))
def setup_method(self, method):
""" setup any state tied to the execution of the given method in a
class. setup_method is invoked for every test method of a class.
"""
os.environ['DATABASE_URL'] = 'sqlite:////tmp/test.db'
from cagenix import db
from cagenix.users.models import User
from cagenix.practices.models import Practice
from cagenix.patients.models import Patient
self.practice = Practice(practice_name='Cookie Dental Clinic', address_one='123 Cookie Lane', city='Cookieville', state='TN', zip_code='37037', phone='+16155555555', active=True)
db.session.add(self.practice)
db.session.commit()
self.user = User(first_name='Chocolate', last_name='Chip', email='*****@*****.**', activation_code='DPJE3XFBVM271HC', password=encrypt_password('cookies'))
self.user.gen_secret()
self.user.activated = True
db.session.add(self.user)
db.session.commit()
self.patient = Patient(first_name='Chocolate', last_name='Chip', address_one='123 Cookie Lane', city='Cookieville', state='TN', zip_code='37201', email='[email protected]', practice=self.practice, dentist=self.user)
db.session.add(self.patient)
db.session.commit()
def users_edit(id):
"""This function handles the /users/edit endpoint for the bcornerstone/users/views.py
It allows PNT-Admins to edit users. It uses the :ref:`users-forms-label`
to display UsersEditForm
:param id: The id of the user being edited
:type id: int
:returns: users/edit.html
:rtype: template
"""
user = User.by_id(id)
if not user:
abort(404)
form = UserEditForm(obj=user)
if form.validate_on_submit():
form.populate_obj(user)
db.session.add(user)
db.session.commit()
return redirect(url_for('users.users_home'))
return render_template('users/edit.html', form=form, user_id=user.id, admin=True)
def decorated_function(*args, **kwargs):
''' authenticate_request validates the use of the provided credentials.
It cycles through a tuple of required_headers and checks the presence
of each header for validation. It then validates the licensekey and
will allow the consumer to use the decorated handler
'''
user = User.by_email(request.args.get('email'))
if not user or not user.active or not user.activated:
response = jsonify(request=None, response={'error': 'Invalid Practitioner'})
response.status_code = 403
return response
query_string = urlparse(request.url).query
is_valid_sig, message = check_signature(user.secret, query_string)
if not is_valid_sig:
response = jsonify(request=None, response={'error': 'Invalid Practitioner'})
response.status_code = 403
return response
return f(*args, **kwargs)
def users_changepassword(id):
"""This function handles the /users/changepassword endpoint for the blueprint
It allows PNT-Admins to change a users password. It uses the
:ref:`users-forms-label` to display UsersChangePasswordForm
:param id: The id of the user being edited
:type id: int
:returns: users/change_password.html
:rtype: template
"""
user = User.by_id(id)
if not user:
abort(404)
form = UserChangePasswordForm(obj=user)
if form.validate_on_submit():
form.populate_obj(user)
user.password = encrypt_password(user.password)
db.session.add(user)
db.session.commit()
return redirect(url_for('users.users_home'))
return render_template('users/change_password.html', form=form, user_id=user.id, admin=True)
def practitioners_create(*args, **kwargs):
if request.method == 'POST':
data = json.loads(request.data)
user = User.by_email(data['email'])
if not user or user.activated:
response = jsonify(
request=request.json,
response={'error': 'Practitioner or Activiation Code does not exist.'})
response.status_code = 404
return response
if not user.activation_code == data['activation_code']:
response = jsonify(
request=request.json,
response={'error': 'Bad activation code.'})
response.status_code = 401
return response
else:
user.map_data(data)
user.password = encrypt_password(data['password'])
user.gen_secret()
user.activated = True
db.session.add(user)
db.session.commit()
data.pop('password')
response = jsonify(
request=data,
response={'practitioner_id': user.id})
response.status_code = 201
return response
else:
response = jsonify(
request=request.json,
response={'error': 'This request type not supported'})
response.status_code = 400
return response
class TestPractitionersAPI:
api_url_base = 'http://127.0.0.1:5000/api/v1/practitioners/'
bad_data = {'cookies': 'cookies'}
bad_headers_bad_content_type = {'cookies': 'cookies'}
bad_headers_good_content_type = {'content-type': 'application/json'}
bad_data_type = {
'first_name': 'Chocolate',
'last_name': 'Chip',
'address_one': '123 Cookie Lane',
'address_two': '',
'city': 'Cookieville',
'state': 'TN',
'zip_code': '37201',
'email': '*****@*****.**',
'password': '******',
'activation_code': '0342QB6FWP9ZY5J',
'primary_color': '',
'secondary_color': '',
'practice': '',
}
good_create_data = {
'first_name': 'Chocolate',
'last_name': 'Chip',
'address_one': '123 Cookie Lane',
'city': 'Cookieville',
'state': 'TN',
'zip_code': '37201',
'email': '*****@*****.**',
'password': '******',
'activation_code': 'DPJE3XFBVM271HC',
}
good_edit_data = {
'first_name': 'Chocolate',
'last_name': 'Chip',
'address_one': '123 Cookie Lane',
'city': 'Cookieville2',
'state': 'TN',
'zip_code': '37201',
'email': '*****@*****.**',
}
bad_auth_data = {
'email': '*****@*****.**',
'password': '******',
}
good_auth_data = {
'email': '*****@*****.**',
'password': '******',
}
def setup_method(self, method):
""" setup any state tied to the execution of the given method in a
class. setup_method is invoked for every test method of a class.
"""
os.environ['DATABASE_URL'] = 'sqlite:////tmp/test.db'
from cagenix import db
from cagenix.users.models import User
self.user = User(first_name='Chocolate', last_name='Chip', email='*****@*****.**', activation_code='DPJE3XFBVM271HC', password=encrypt_password('cookies'))
self.user.gen_secret()
db.session.add(self.user)
db.session.commit()
def teardown_method(self, method):
os.environ['DATABASE_URL'] = 'sqlite:////tmp/test.db'
from cagenix import db
from cagenix.users.models import User
user = User.by_email('*****@*****.**')
if user:
db.session.delete(user)
db.session.commit()
def test_bad_method(self):
url = self.api_url_base + 'create'
request = requests.get(url, headers=self.bad_headers_bad_content_type, data=self.bad_data)
assert request.status_code == 403
def test_bad_or_no_content_type(self):
url = self.api_url_base + 'create'
response = {
'request': None,
'response': {
'error': 'Content-type not set or Content-type not application/json'
}
}
request = requests.post(url, headers=self.bad_headers_bad_content_type, data=self.bad_data)
assert request.status_code == 405
assert response == json.loads(request.text)
def test_practitioner_create_bad_data(self):
headers = {
'content-type': 'application/json',
}
url = self.api_url_base + 'create'
response = {
'request': {
'cookies': 'cookies'
},
'response': {
'error': "additional property 'cookies' not defined by 'properties' or 'patternProperties' are not allowed in field '_data'"
}
}
status_code, request = make_post_request(headers, self.bad_data, url)
assert status_code == 400
assert response == json.loads(request)
def test_practitioner_create_bad_data_type(self):
headers = {
'content-type': 'application/json',
}
url = self.api_url_base + 'create'
response = {
'request': {
'activation_code': '0342QB6FWP9ZY5J',
'address_one': '123 Cookie Lane',
'address_two': '',
'city': 'Cookieville',
'email': '*****@*****.**',
'first_name': 'Chocolate',
'last_name': 'Chip',
'practice': '',
'primary_color': '',
'secondary_color': '',
'state': 'TN',
'zip_code': '37201'
},
'response': {
'error': "Value u'' for field 'practice' is not of type integer"
}
}
status_code, request = make_post_request(headers, self.bad_data_type, url)
assert status_code == 400
assert response == json.loads(request)
def test_practitioner_create(self):
headers = {
'content-type': 'application/json',
}
url = self.api_url_base + 'create'
response = {
'request': {
'first_name': 'Chocolate',
'last_name': 'Chip',
'address_one': '123 Cookie Lane',
'city': 'Cookieville',
'state': 'TN',
'zip_code': '37201',
'email': '*****@*****.**',
'activation_code': 'DPJE3XFBVM271HC',
},
'response': {
'practitioner_id': 2
}
}
status_code, request = make_post_request(headers, self.good_create_data, url)
assert status_code == 201
assert response == json.loads(request)
def test_practitioner_good_edit(self):
os.environ['DATABASE_URL'] = 'sqlite:////tmp/test.db'
from cagenix import db
self.user.activated = True
db.session.add(self.user)
db.session.commit()
url = self.api_url_base + str(self.user.id)
response = {
'request': {
'first_name': 'Chocolate',
'last_name': 'Chip',
'address_one': '123 Cookie Lane',
'city': 'Cookieville2',
'state': 'TN',
'zip_code': '37201',
'email': '*****@*****.**',
},
'response': {
'practitioner_id': 2,
'active': True
}
}
headers = make_headers(self.good_edit_data, self.user.email, self.user.secret)
status_code, request = make_put_request(headers, self.good_edit_data, url)
assert status_code == 200
assert response == json.loads(request)
def test_practitioner_get(self):
os.environ['DATABASE_URL'] = 'sqlite:////tmp/test.db'
from cagenix import db
self.user.activated = True
db.session.add(self.user)
db.session.commit()
url = self.api_url_base + str(self.user.id) + '?'
response = {
u'request': {
u'practitioner_id': 2
},
u'response': {
u'city': None,
u'first_name': u'Chocolate',
u'last_name': u'Chip',
u'practice': None,
u'secondary_color': None,
u'address_two': None,
u'primary_color': None,
u'state': None,
u'address_one': None,
u'active': True,
u'activation_code': u'DPJE3XFBVM271HC',
u'email': u'*****@*****.**',
u'zip_code': None
}
}
status_code, request = make_get_request(self.user, url)
assert status_code == 200
assert response == json.loads(request)
def test_practitioner_delete(self):
os.environ['DATABASE_URL'] = 'sqlite:////tmp/test.db'
from cagenix import db
self.user.activated = True
db.session.add(self.user)
db.session.commit()
url = self.api_url_base + str(self.user.id)
response = {
'request': {
'practitioner_id': self.user.id,
},
'response': {
'status': 'Success',
}
}
good_delete_data = {
'practitioner_id': 2,
}
headers = make_headers(good_delete_data, self.user.email, self.user.secret)
status_code, request = make_delete_request(headers, good_delete_data, url)
assert status_code == 200
assert response == json.loads(request)
def test_practitioner_bad_login(self):
os.environ['DATABASE_URL'] = 'sqlite:////tmp/test.db'
from cagenix import db
self.user.activated = True
db.session.add(self.user)
db.session.commit()
headers = {
'content-type': 'application/json',
}
url = self.api_url_base + 'login'
response = {
'request': {
'email': '*****@*****.**',
},
'response': {
'error': 'Authentication Failed'
}
}
status_code, request = make_post_request(headers, self.bad_auth_data, url)
assert status_code == 401
assert response == json.loads(request)
def test_practitioner_good_login(self):
os.environ['DATABASE_URL'] = 'sqlite:////tmp/test.db'
from cagenix import db
self.user.activated = True
db.session.add(self.user)
db.session.commit()
headers = {
'content-type': 'application/json',
}
url = self.api_url_base + 'login'
response = {
'request': {
'email': '*****@*****.**',
},
'response': {
'secret': self.user.secret,
}
}
status_code, request = make_post_request(headers, self.good_auth_data, url)
assert status_code == 200
assert response == json.loads(request)
class TestPatientsAPI:
api_url_base = 'http://127.0.0.1:5000/api/v1/patients/'
def setup_method(self, method):
""" setup any state tied to the execution of the given method in a
class. setup_method is invoked for every test method of a class.
"""
os.environ['DATABASE_URL'] = 'sqlite:////tmp/test.db'
from cagenix import db
from cagenix.users.models import User
from cagenix.practices.models import Practice
from cagenix.patients.models import Patient
self.practice = Practice(practice_name='Cookie Dental Clinic', address_one='123 Cookie Lane', city='Cookieville', state='TN', zip_code='37037', phone='+16155555555', active=True)
db.session.add(self.practice)
db.session.commit()
self.user = User(first_name='Chocolate', last_name='Chip', email='*****@*****.**', activation_code='DPJE3XFBVM271HC', password=encrypt_password('cookies'))
self.user.gen_secret()
self.user.activated = True
db.session.add(self.user)
db.session.commit()
self.patient = Patient(first_name='Chocolate', last_name='Chip', address_one='123 Cookie Lane', city='Cookieville', state='TN', zip_code='37201', email='[email protected]', practice=self.practice, dentist=self.user)
db.session.add(self.patient)
db.session.commit()
def teardown_method(self, method):
os.environ['DATABASE_URL'] = 'sqlite:////tmp/test.db'
from cagenix import db
from cagenix.patients.models import Patient
db.session.delete(self.practice)
db.session.delete(self.user)
patient = Patient.by_email('*****@*****.**')
if patient:
db.session.delete(patient)
if self.patient:
db.session.delete(self.patient)
db.session.commit()
def test_patient_create(self):
url = self.api_url_base + 'create'
good_create_data = {
'first_name': 'Chocolate',
'last_name': 'Chip',
'address_one': '123 Cookie Lane',
'city': 'Cookieville',
'state': 'TN',
'zip_code': '37201',
'email': '*****@*****.**',
'practice_id': self.practice.id,
'dentist_id': self.user.id,
}
response = {
'request': {
u'city': u'Cookieville',
u'first_name': u'Chocolate',
u'last_name': u'Chip',
u'dentist_id': 2,
u'practice_id': 1,
u'state': u'TN',
u'address_one': u'123 Cookie Lane',
u'email': u'*****@*****.**',
u'zip_code': u'37201',
u'practice_id': self.practice.id,
u'dentist_id': self.user.id,
},
'response': {
'patient_id': 2
}
}
headers = make_headers(good_create_data, self.user.email, self.user.secret)
status_code, request = make_post_request(headers, good_create_data, url)
assert status_code == 201
assert response == json.loads(request)
def test_patient_delete(self):
url = self.api_url_base + str(self.patient.id)
response = {
'request': {
'patient_id': self.patient.id,
},
'response': {
'status': 'Success',
}
}
good_delete_data = {
'patient_id': self.patient.id,
}
headers = make_headers(good_delete_data, self.user.email, self.user.secret)
status_code, request = make_delete_request(headers, good_delete_data, url)
assert status_code == 200
assert response == json.loads(request)
def test_patient_good_edit(self):
url = self.api_url_base + str(self.patient.id)
good_edit_data = {
u'active': True,
u'first_name': u'Chocolate',
u'last_name': u'Chip',
u'address_one': u'123 Cookie Lane',
u'city': u'Cookieville',
u'state': u'TN',
u'zip_code': u'37201',
u'email': u'[email protected]',
u'choice_one': '',
u'choice_two': '',
u'choice_three': '',
u'practice_id': 1,
u'dentist_id': 2,
}
response = {
'request': {
u'active': True,
u'first_name': u'Chocolate',
u'last_name': u'Chip',
u'address_one': u'123 Cookie Lane',
u'city': u'Cookieville',
u'state': u'TN',
u'zip_code': u'37201',
u'email': u'[email protected]',
u'choice_one': '',
u'choice_two': '',
u'choice_three': '',
u'practice_id': 1,
u'dentist_id': 2,
},
'response': {
'patient_id': 1,
'active': True
}
}
headers = make_headers(good_edit_data, self.user.email, self.user.secret)
status_code, request = make_put_request(headers, good_edit_data, url)
print json.loads(request)
assert status_code == 200
assert response == json.loads(request)
def test_practitioner_get(self):
url = self.api_url_base + str(self.patient.id) + '?'
response = {
u'request': {
u'patient_id': 1
},
u'response': {
u'active': True,
u'first_name': u'Chocolate',
u'last_name': u'Chip',
u'address_one': u'123 Cookie Lane',
u'address_two': None,
u'city': u'Cookieville',
u'state': u'TN',
u'zip_code': u'37201',
u'email': u'[email protected]',
u'choice_one': None,
u'choice_two': None,
u'choice_three': None,
u'practice': 1,
u'practitioner': 2,
}
}
status_code, request = make_get_request(self.user, url)
assert status_code == 200
assert response == json.loads(request)
