def test_delete_user(self):
# Need to be an admin to delete
self.login_admin_user()
# Create user to be deleted, done within test to avoid interfering with tests on number of users
email = "*****@*****.**"
user_to_be_deleted = createUserWithPassword(email, "unused", Bcrypt())
# Give this user a submission
with createApp().app_context():
sess = GlobalDB.db().session
sub = SubmissionFactory(user_id=user_to_be_deleted.user_id)
sess.add(sub)
sess.commit()
sub_id = sub.submission_id
input = {"email": email}
response = self.app.post_json(
"/v1/delete_user/",
input,
headers={"x-session-id": self.session_id})
self.assertEqual(response.status_code, 200)
with createApp().app_context():
sess = GlobalDB.db().session
# Check that user is not in database
result = sess.query(User).filter(
User.user_id == user_to_be_deleted.user_id).all()
self.assertEqual(len(result), 0)
# Check that submission has no user
sub_after_delete = sess.query(Submission).filter(
Submission.submission_id == sub_id).one()
self.assertIsNone(sub_after_delete.user_id)
def test_finalize_wrong_user(self):
"""Test finalizing a job as the wrong user."""
# Jobs were submitted with the id for "approved user," so lookup
# as "admin user" should fail.
self.logout()
self.login_approved_user()
postJson = {"upload_id": self.uploadId}
response = self.app.post_json(
"/v1/finalize_job/",
postJson,
expect_errors=True,
headers={"x-session-id": self.session_id})
self.check_response(response, StatusCode.CLIENT_ERROR,
"Cannot finalize a job for a different agency")
# Give submission this user's cgac code
with createApp().app_context():
sess = GlobalDB.db().session
submission = sess.query(Submission).filter(
Submission.submission_id == self.submission_id).one()
submission.cgac_code = sess.query(User).filter(
User.email ==
self.test_users['approved_email']).one().cgac_code
sess.commit()
response = self.app.post_json(
"/v1/finalize_job/",
postJson,
expect_errors=True,
headers={"x-session-id": self.session_id})
self.check_response(response, StatusCode.OK)
self.logout()
def test_skip_guide(self):
""" Set skip guide to True and check value in DB """
self.login_approved_user()
params = {"skip_guide": True}
response = self.app.post_json(
"/v1/set_skip_guide/",
params,
headers={"x-session-id": self.session_id})
self.check_response(response, StatusCode.OK,
"skip_guide set successfully")
self.assertTrue(response.json["skip_guide"])
with createApp().app_context():
sess = GlobalDB.db().session
user = sess.query(User).filter(
User.email == self.test_users['approved_email']).one()
self.assertTrue(user.skip_guide)
def setUpClass(cls):
"""Set up class-wide resources like submissions and jobs."""
super(UserTests, cls).setUpClass()
with createApp().app_context():
sess = GlobalDB.db().session
# Add submissions to one of the users
# Delete existing submissions for approved user
sess.query(Submission).filter(
Submission.user_id == cls.approved_user_id).delete()
sess.commit()
for i in range(0, 5):
sub = Submission(user_id=cls.approved_user_id)
sub.reporting_start_date = datetime(2015, 10, 1)
sub.reporting_end_date = datetime(2015, 12, 31)
sess.add(sub)
sess.commit()
# Add submissions for agency user
sess.query(Submission).filter(
Submission.user_id == cls.agency_user_id).delete()
sess.commit()
for i in range(0, 6):
sub = Submission(user_id=cls.agency_user_id)
sub.reporting_start_date = datetime(2015, 10, 1)
sub.reporting_end_date = datetime(2015, 12, 31)
sub.cgac_code = "SYS"
sess.add(sub)
sess.commit()
if i == 0:
cls.submission_id = sub.submission_id
# Add job to first submission
job = Job(submission_id=cls.submission_id,
job_status_id=cls.jobStatusDict['running'],
job_type_id=cls.jobTypeDict['file_upload'],
file_type_id=cls.fileTypeDict['appropriations'])
sess.add(job)
sess.commit()
cls.uploadId = job.job_id
def setUp(self):
"""Set up broker unit tests."""
app = createApp()
app.config["TESTING"] = True
self.app = TestApp(app)
def setUp(self):
"""Set up broker unit tests."""
app = createApp()
app.config['TESTING'] = True
self.app = TestApp(app)
from dataactcore.interfaces.function_bag import createUserWithPassword
from flask_bcrypt import Bcrypt
from dataactbroker.app import createApp
with createApp().app_context():
createUserWithPassword("email", "defaultPass", Bcrypt(), 7, "999")
def test_password_reset_email(self):
"""Test password reset email."""
self.logout()
email = self.test_users["password_reset_email"]
postJson = {"email": email}
response = self.app.post_json(
"/v1/reset_password/",
postJson,
headers={"x-session-id": self.session_id})
self.check_response(response, StatusCode.OK)
# Test password reset for unapproved user and locked user
with createApp().app_context():
sess = GlobalDB.db().session
user = sess.query(User).filter(User.email == email).one()
user.user_status_id = self.userStatusDict['awaiting_approval']
sess.commit()
response = self.app.post_json(
"/v1/reset_password/",
postJson,
headers={"x-session-id": self.session_id},
expect_errors=True)
self.check_response(response, StatusCode.CLIENT_ERROR)
user.user_status_id = self.userStatusDict['approved']
user.is_active = False
sess.commit()
response = self.app.post_json(
"/v1/reset_password/",
postJson,
headers={"x-session-id": self.session_id},
expect_errors=True)
self.check_response(response, StatusCode.CLIENT_ERROR)
# Test route to confirm tokens
token = sesEmail.createToken(
self.test_users["password_reset_email"], "password_reset")
postJson = {"token": token}
response = self.app.post_json(
"/v1/confirm_password_token/",
postJson,
headers={"x-session-id": self.session_id})
self.check_response(response, StatusCode.OK, "success")
self.assertEqual(response.json["errorCode"], sesEmail.LINK_VALID)
postJson = {"user_email": email, "password": self.user_password}
response = self.app.post_json(
"/v1/set_password/",
postJson,
headers={"x-session-id": self.session_id})
self.check_response(response, StatusCode.OK,
"Password successfully changed")
user = sess.query(User).filter(User.email == email).one()
self.assertTrue(user.password_hash)
# Call again, should error
postJson = {"user_email": email, "password": self.user_password}
response = self.app.post_json(
"/v1/set_password/",
postJson,
headers={"x-session-id": self.session_id},
expect_errors=True)
self.check_response(response, StatusCode.LOGIN_REQUIRED)
