def test_create_user_duplicate_fail(self): email = "*****@*****.**" name = "Ima Test", group_name = "Ima Test Group", hashed_password = '******' admin = True user.create(self.database, email, name, group_name, hashed_password, admin) with pytest.raises(psycopg2.errors.UniqueViolation): user.create(self.database, email, name, group_name, hashed_password, admin)
def setUp(self): self.app = expungeservice.create_app('development') self.client = self.app.test_client() with self.app.app_context(): expungeservice.request.before() self.db_cleanup() user.create(g.database, self.email, self.name, self.group_name, self.hashed_password, False) user.create(g.database, self.admin_email, self.admin_name, self.admin_group_name, self.hashed_admin_password, True) expungeservice.request.teardown(None)
def test_is_admin_auth_token(self): admin_email = 'pytest_admin_user@auth_test.com' admin_name = 'AuthTest Name' admin_group_name = 'AuthTest Group Name' admin_password = '******' hashed_admin_password = generate_password_hash(admin_password) with self.app.app_context(): expungeservice.request.before() user.create(g.database, admin_email, admin_name, admin_group_name, hashed_admin_password, True) expungeservice.request.teardown(None) response = self.generate_auth_token(admin_email, admin_password) response = self.client.get( '/api/test/admin_protected', headers={ 'Authorization': 'Bearer {}'.format( response.get_json()['auth_token']) }) assert(response.status_code == 200)
def post(self): """ Create a new user with provided email, password, and admin flag. - If required fields are missing in the request, return 400 - Password must be 8 or more characters long. Otherwise return 422 - Email must not already be in use by an existing user. Otherwise return 422 - If success, return 201 with the new user's email, admin flag, and creation timestamp. """ data = request.get_json() if data is None: error(400, "No json data in request body") # print("data received by Users.post():", data) check_data_fields(data, ['email', 'name', 'group_name', 'password', 'admin']) if len(data['password']) < 8: error(422, 'New password is less than 8 characters long!') password_hash = generate_password_hash(data['password']) try: create_user_result = user.create(g.database, email=data['email'], name=data['name'], group_name=data['group_name'], password_hash=password_hash, admin=data['admin']) except UniqueViolation: error(422, 'User with that email address already exists') response_data = { 'email': create_user_result['email'], 'admin': create_user_result['admin'], 'timestamp': create_user_result['date_created'], } # user_id is not required by the frontend here so it is not included. # other endpoints may expose the user_id e.g. for other admin # user-management operations. return jsonify(response_data), 201
def post(self): """ Create a new user with provided email, password, and admin flag. - If required fields are missing in the request, return 400 - Password must be 8 or more characters long. Otherwise return 422 - Email must not already be in use by an existing user. Otherwise return 422 - If success, return 201 with the new user's email, admin flag, and creation timestamp. """ data = request.get_json() if data is None: error(400, "No json data in request body") check_data_fields(data, ["email", "name", "group_name", "password", "admin"]) if len(data["password"]) < 8: error(422, "New password is less than 8 characters long!") password_hash = generate_password_hash(data["password"]) try: create_user_result = user.create(g.database, email=data["email"], name=data["name"], group_name=data["group_name"], password_hash=password_hash, admin=data["admin"]) except UniqueViolation: error(422, "User with that email address already exists") response_data = { "user_id": create_user_result["user_id"], "email": create_user_result["email"], "admin": create_user_result["admin"], "name": create_user_result["name"], "group_name": create_user_result["group_name"], "timestamp": create_user_result["date_created"] } return jsonify(response_data), 201
def test_create_user_success(self): email = "*****@*****.**" name = "Ima Test" group_name = "Ima Test Group" hashed_password = "******" admin = True create_result = user.create(self.database, email, name, group_name, hashed_password, admin) assert create_result['email'] == email assert create_result['hashed_password'] == hashed_password assert create_result['name'] == name assert create_result['group_name'] == group_name assert create_result['admin'] == admin assert create_result['user_id'] assert create_result['auth_id'] assert create_result['date_created'] assert create_result['date_modified'] self.verify_user_data(email, name, group_name, hashed_password, admin)
def setUp(self): self.app = expungeservice.create_app('development') self.client = self.app.test_client() self.app.add_url_rule( '/api/test/user_protected', view_func=UserProtectedView.as_view( 'user_protected')) self.app.add_url_rule( '/api/test/admin_protected', view_func=AdminProtectedView.as_view( 'admin_protected')) with self.app.app_context(): expungeservice.request.before() self.db_cleanup() db_create_user_result = user.create( g.database, self.email, self.name, self.group_name, self.hashed_password, False) self.ids[self.email] = db_create_user_result['user_id'] expungeservice.request.teardown(None)