def get_token_for_user(self, username, password, failure=False):
"""Shortcut method for creating a user in the test db
and requesting an auth token via the API
"""
test_user = UsersBaseTestCase.create_user(
username=username,
password=password
)
if failure:
headers = UsersBaseTestCase.create_basic_auth_header(
username=username,
password='******'
)
else:
headers = UsersBaseTestCase.create_basic_auth_header(
username=username,
password=password
)
response = self.client.get(
'/api/v0/token',
headers=headers
)
return response
def test_update_other_users_password_fails(self):
"""
A user should NOT be able to change another user's password
"""
# create an authroized user
authorized_username = '******'
authorized_password = '******'
authorized_user = UsersBaseTestCase.create_user(
username=authorized_username,
password=authorized_password
)
# create an unauthroized user
unauthorized_username = '******'
unauthorized_password = '******'
unauthorized_user = UsersBaseTestCase.create_user(
username=unauthorized_username,
password=unauthorized_password
)
headers = dict()
# create the un-auth header
headers.update(
UsersBaseTestCase.create_basic_auth_header(
username=unauthorized_username,
password=unauthorized_password
)
)
# create the json payload
new_password = '******'
data = dict(password=new_password)
json_data = json.dumps(data)
json_data_length = len(json_data)
# update the content headers
headers.update({
'Content-Type': 'application/json',
'Content-Length': json_data_length
})
response = self.client.put(
'/api/v0/users/%s' % (authorized_user.id,),
headers=headers,
data=json_data
)
self.assertEqual(response.status_code, 403)
def authorize_user(self, username, password, failure=False):
"""Shortcut method for creating a user in the test db
and authenticating the user via the API
"""
test_user = UsersBaseTestCase.create_user(
username=username,
password=password
)
headers = dict()
headers['Content-Type'] = 'application/json'
if failure:
data = dict(username=username, password='******')
else:
data = dict(username=username, password=password)
json_data = json.dumps(data)
json_data_length = len(json_data)
headers['Content-Length'] = json_data_length
response = self.client.post(
'/api/v0/authenticate',
headers=headers,
data=json_data
)
return response
def test_get_all_users(self):
num_users = 5
users = UsersBaseTestCase.generate_test_users(num_users)
for user in users:
UsersBaseTestCase.create_user(user['username'], user['password'])
auth_headers = UsersBaseTestCase.create_basic_auth_header(
username=users[0]['username'],
password=users[0]['password']
)
response = self.client.get(
'/api/v0/users',
headers=auth_headers
)
self.assertStatus(response, 200)
data = json.loads(response.data)
users = data['data']
self.assertEqual(len(users), num_users)
def test_get_user_not_found(self):
# create user
test_username = '******'
test_password = '******'
test_user = UsersBaseTestCase.create_user(
username=test_username,
password=test_password
)
# create the auth header
auth_headers = UsersBaseTestCase.create_basic_auth_header(
username=test_username,
password=test_password
)
response = self.client.get(
'/api/v0/users/999', # this user doesn't exist
headers=auth_headers
)
self.assertEqual(response.status_code, 404)
def test_get_user_by_id(self):
# create user
test_username = '******'
test_password = '******'
test_user = UsersBaseTestCase.create_user(
username=test_username,
password=test_password
)
auth_headers = UsersBaseTestCase.create_basic_auth_header(
username=test_username,
password=test_password
)
response = self.client.get(
'/api/v0/users/%s' % (test_user.id,),
headers=auth_headers
)
self.assertEqual(response.status_code, 200)
user = json.loads(response.data)
self.assertEqual(user['username'], test_username)
def test_delete_user_allowed_for_admins(self):
# create user to be deleted
test_username = '******'
test_password = '******'
test_user = UsersBaseTestCase.create_user(
username=test_username,
password=test_password
)
test_user_id = test_user.id
# create admin user
admin_username = '******'
admin_password = '******'
admin_user = UsersBaseTestCase.create_user(
username=admin_username,
password=admin_password
)
admin_user.admin = True
admin_user_id = admin_user.id
headers = dict()
# create the auth header
headers.update(
UsersBaseTestCase.create_basic_auth_header(
username=admin_username,
password=admin_password
)
)
response = self.client.delete(
'/api/v0/users/%s' % (test_user_id,),
headers=headers
)
self.assertEqual(response.status_code, 202)
# try querying for the user should return 404 NOT FOUND
response = self.client.get(
'/api/v0/users/%s' % (test_user_id,),
headers=headers
)
self.assertEqual(response.status_code, 404)
def test_delete_user_method_disallowed_for_non_admins(self):
# create user
test_username = '******'
test_password = '******'
test_user = UsersBaseTestCase.create_user(
username=test_username,
password=test_password
)
test_user_id = test_user.id
# create non-admin user, admin flag defaults to False
regular_username = '******'
regular_password = '******'
regular_user = UsersBaseTestCase.create_user(
username=regular_username,
password=regular_password
)
regular_user_id = regular_user.id
headers = dict()
# create the auth header
headers.update(
UsersBaseTestCase.create_basic_auth_header(
username=regular_username,
password=regular_password
)
)
response = self.client.delete(
'/api/v0/users/%s' % (test_user_id,),
headers=headers
)
self.assertEqual(response.status_code, 403)
# try querying for the user should return 200, the user is still there
response = self.client.get(
'/api/v0/users/%s' % (test_user_id,),
headers=headers
)
self.assertEqual(response.status_code, 200)
def test_update_user_password(self):
"""
A user should be able to change their own password
"""
# create user
test_username = '******'
test_password = '******'
test_user = UsersBaseTestCase.create_user(
username=test_username,
password=test_password
)
headers = dict()
# create the auth header
headers.update(
UsersBaseTestCase.create_basic_auth_header(
username=test_username,
password=test_password
)
)
# create the json payload
new_password = '******'
data = dict(password=new_password)
json_data = json.dumps(data)
json_data_length = len(json_data)
# update the content headers
headers.update({
'Content-Type': 'application/json',
'Content-Length': json_data_length
})
response = self.client.put(
'/api/v0/users/%s' % (test_user.id,),
headers=headers,
data=json_data
)
self.assertEqual(response.status_code, 201)
def test_create_new_user_but_user_exists(self):
# create user
test_username = '******'
test_password = '******'
test_user = UsersBaseTestCase.create_user(
username=test_username,
password=test_password
)
# try to create the same user by sending request
headers = {
'Content-Type': 'application/json'
}
data = dict(username=test_username, password=test_password)
json_data = json.dumps(data)
json_data_length = len(json_data)
headers['Content-Length'] = json_data_length
response = self.client.post(
'/api/v0/users',
headers=headers,
data=json_data
)
self.assertEqual(response.status_code, 403)
