def test_disable_user_no_role(self): add_user('test', '*****@*****.**', 'test') add_user('test2', '*****@*****.**', 'test2') with self.client: token = get_user_token(self.client, '*****@*****.**', 'test') response = self.client.patch( '/api/auth/disable', headers={'Authorization': f'Bearer {token}'}, content_type='application/json', data=json.dumps({'email': '*****@*****.**'})) data = json.loads(response.data.decode()) self.assertEqual('MissingRoleError', data['error']) self.assertEqual( "This endpoint requires all the following roles: ['admin']", data['message']) self.assertEqual(403, data['status_code']) token2 = login_user(self.client, '*****@*****.**', 'test2')['auth_token'] response2 = self.client.get( '/api/auth/status', headers={'Authorization': f'Bearer {token2}'}) data = json.loads(response2.data.decode()) self.assertEqual(200, response2.status_code) self.assertTrue(data['email']) self.assertTrue(data['username']) self.assertTrue(data['is_active'])
def test_add_user_invalid_json_keys_no_password(self): """ Ensure error is thrown if the JSON object does not have a password key. """ add_user('test', '*****@*****.**', 'test') # update user user = User.query.filter_by(email='*****@*****.**').first() user.admin = True db.session.commit() with self.client: token = get_user_token(self.client, '*****@*****.**', 'test') response = self.client.post( '/api/users/', data=json.dumps({ 'username': '******', 'email': '*****@*****.**' }), content_type='application/json', headers={'Authorization': f'Bearer {token}'}) data = json.loads(response.data.decode()) self.assertEqual(response.status_code, 400) self.assertIn("Input payload validation failed", data['message']) self.assertIn("'password' is a required property", data['errors']['password'])
def test_add_user_duplicate_email(self): add_user('testuser', '*****@*****.**', 'Downf0ryourRIGHTtoParty!') duplicate_user = User( username='******', email='*****@*****.**', password='******', ) db.session.add(duplicate_user) self.assertRaises(IntegrityError, db.session.commit)
def test_single_user_incorrect_id(self): """Ensure error is thrown if the id does not exist.""" add_user('test_me', '*****@*****.**', 'Downf0ryourRIGHTtoParty!') with self.client: token = get_user_token(self.client, '*****@*****.**', 'Downf0ryourRIGHTtoParty!') response = self.client.get( f'/api/users/999', content_type='application/json', headers={'Authorization': f'Bearer {token}'}) data = json.loads(response.data.decode()) self.assertEqual(response.status_code, 404) self.assertIn('User Not Found by Id 999', data['message'])
def test_registered_user_login(self): with self.client: add_user('test', '*****@*****.**', 'test') response = self.client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') data = json.loads(response.data.decode()) self.assertIn('test', data['username']) self.assertTrue(data['email']) self.assertTrue(data['auth_token']) self.assertTrue(response.content_type == 'application/json') self.assertEqual(response.status_code, 200)
def test_user_registration_duplicate_username(self): add_user('test', '*****@*****.**', 'test') with self.client: response = self.client.post( '/api/auth/register', data=json.dumps({ 'username': '******', 'email': '[email protected]', 'password': '******' }), content_type='application/json', ) data = json.loads(response.data.decode()) self.assertEqual(response.status_code, 409) self.assertIn('Username already exists: test', data['message'])
def test_add_user_duplicate_email(self): """Ensure error is thrown if the email already exists.""" user = add_user('test', '*****@*****.**', 'test') user.admin = True db.session.commit() with self.client: token = get_user_token(self.client, '*****@*****.**', 'test') self.client.post('/api/users/', data=json.dumps({ 'username': '******', 'email': '*****@*****.**', 'password': '******', }), content_type='application/json', headers={'Authorization': f'Bearer {token}'}) token_two = get_user_token(self.client, '*****@*****.**', 'test') response = self.client.post( '/api/users/', data=json.dumps({ 'username': '******', 'email': '*****@*****.**', 'password': '******', }), content_type='application/json', headers={'Authorization': f'Bearer {token_two}'}) data = json.loads(response.data.decode()) self.assertEqual(response.status_code, 409) self.assertIn('Email already in use: [email protected]', data['message'])
def test_refresh_early_refresh_error(self): add_user('test', '*****@*****.**', 'test') with self.client: resp_login = self.client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') token = json.loads(resp_login.data.decode())['auth_token'] response = self.client.get( '/api/auth/refresh', headers={'Authorization': f'Bearer {token}'}) data = json.loads(response.data.decode()) self.assertEqual(401, data['status_code']) self.assertEqual('EarlyRefreshError', data['error'])
def test_add_user_not_admin(self): add_user('test', '*****@*****.**', 'test') with self.client: # user login token = get_user_token(self.client, '*****@*****.**', 'test') response = self.client.post( '/api/users/', data=json.dumps({ 'username': '******', 'email': '*****@*****.**', 'password': '******' }), content_type='application/json', headers={'Authorization': f'Bearer {token}'}) data = json.loads(response.data.decode()) self.assertTrue(data == 'You do not have permission to do that.') self.assertEqual(response.status_code, 401)
def test_invalid_status_inactive(self): add_user('test', '*****@*****.**', 'test') # update user user = User.query.filter_by(email='*****@*****.**').first() user.is_active = False db.session.commit() with self.client: resp_login = self.client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') data = json.loads(resp_login.data.decode()) self.assertIn("The user is not valid or has had access revoked", data['message']) self.assertEqual(resp_login.status_code, 403)
def test_add_user(self): user = add_user('testuser', '*****@*****.**', 'test') self.assertTrue(user.id) self.assertEqual(user.username, 'testuser') self.assertEqual(user.email, '*****@*****.**') self.assertTrue(user.is_active) self.assertTrue(user.password) self.assertFalse(user.admin)
def test_valid_logout(self): add_user('test', '*****@*****.**', 'test') with self.client: # user login resp_login = self.client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') # valid token logout token = json.loads(resp_login.data.decode())['auth_token'] response = self.client.get( '/api/auth/logout', headers={'Authorization': f'Bearer {token}'}) data = json.loads(response.data.decode()) self.assertTrue(data['message'] == 'Successfully logged out.') self.assertEqual(response.status_code, 200)
def test_disable_user(self): add_user('test', '*****@*****.**', 'test', 'admin') add_user('test2', '*****@*****.**', 'test2') with self.client: token = get_user_token(self.client, '*****@*****.**', 'test') response = self.client.patch( '/api/auth/disable', headers={'Authorization': f'Bearer {token}'}, content_type='application/json', data=json.dumps({'email': '*****@*****.**'})) token2 = login_user(self.client, '*****@*****.**', 'test2') data = json.loads(response.data.decode()) response2 = self.client.get( '/api/auth/status', headers={'Authorization': f'Bearer {token2}'}) data = json.loads(response2.data.decode()) self.assertEqual(401, data['status_code']) self.assertEqual('InvalidTokenHeader', data['error'])
def test_user_status(self): add_user('test', '*****@*****.**', 'test') with self.client: resp_login = self.client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') token = json.loads(resp_login.data.decode())['auth_token'] response = self.client.get( '/api/auth/status', headers={'Authorization': f'Bearer {token}'}) data = json.loads(response.data.decode()) self.assertTrue(data is not None) self.assertTrue(data['username'] == 'test') self.assertTrue(data['email'] == '*****@*****.**') self.assertTrue(data['is_active'] is True) self.assertFalse(data['admin']) self.assertEqual(response.status_code, 200)
def test_add_user_inactive(self): add_user('test', '*****@*****.**', 'test') # update user user = User.query.filter_by(email='*****@*****.**').first() user.is_active = False db.session.commit() with self.client: token = get_user_token(self.client, '*****@*****.**', 'test') response = self.client.post( '/api/users/', data=json.dumps({ 'username': '******', 'email': '*****@*****.**', 'password': '******' }), content_type='application/json', headers={'Authorization': f'Bearer {token}'}) data = json.loads(response.data.decode()) self.assertTrue(data == 'Provide a valid auth token.') self.assertEqual(response.status_code, 401)
def test_single_user_no_auth(self): """Ensure get single user behaves correctly.""" user = add_user('test_me', '*****@*****.**', 'Downf0ryourRIGHTtoParty!') with self.client: response = self.client.get(f'/api/users/{user.id}') data = json.loads(response.data.decode()) self.assertEqual(response.status_code, 401) self.assertIn( "JWT token not found in headers under 'Authorization'", data['message'])
def test_invalid_logout_expired_token(self): add_user('test', '*****@*****.**', 'test') current_app.config['JWT_ACCESS_LIFESPAN'] = {'seconds': -1} current_app.config['JWT_REFRESH_LIFESPAN'] = {'seconds': -1} with self.client: resp_login = self.client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') # invalid token logout token = json.loads(resp_login.data.decode())['auth_token'] response = self.client.get( '/api/auth/logout', headers={'Authorization': f'Bearer {token}'}) data = json.loads(response.data.decode()) self.assertEqual(True, data) self.assertTrue( data['message'] == 'Signature expired. Please log in again.') self.assertEqual(response.status_code, 401)
def test_all_users(self): """Ensure get all users behaves correctly.""" add_user('test_me', '*****@*****.**', 'Downf0ryourRIGHTtoParty!') add_user('fletcher', '*****@*****.**', 'Downf0ryourRIGHTtoParty!') with self.client: token = get_user_token(self.client, '*****@*****.**', 'Downf0ryourRIGHTtoParty!') response = get_url_with_token(self.client, '/api/users/', token) data = json.loads(response.data.decode()) self.assertEqual(response.status_code, 200) self.assertEqual(len(data), 2) self.assertIn('test_me', data[0]['username']) self.assertIn('*****@*****.**', data[0]['email']) self.assertTrue(data[0]['is_active']) self.assertFalse(data[0]['admin']) self.assertIn('fletcher', data[1]['username']) self.assertIn('*****@*****.**', data[1]['email']) self.assertTrue(data[1]['is_active']) self.assertFalse(data[1]['admin'])
def test_add_user_duplicate_username(self): """Ensure error is thrown if the email already exists.""" add_user('test', '*****@*****.**', 'test') # update user user = User.query.filter_by(email='*****@*****.**').first() user.admin = True db.session.commit() with self.client: resp_login = self.client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') token = json.loads(resp_login.data.decode())['auth_token'] self.client.post('/api/users/', data=json.dumps({ 'username': '******', 'email': '*****@*****.**', 'password': '******', }), content_type='application/json', headers={'Authorization': f'Bearer {token}'}) token_two = json.loads(resp_login.data.decode())['auth_token'] response = self.client.post( '/api/users/', data=json.dumps({ 'username': '******', 'email': '*****@*****.**', 'password': '******', }), content_type='application/json', headers={'Authorization': f'Bearer {token_two}'}) data = json.loads(response.data.decode()) self.assertEqual(response.status_code, 409) self.assertIn('Username already in use: test_me', data['message'])
def test_add_user(self): """Ensure a new user can be added to the database.""" add_user('test', '*****@*****.**', 'test') # update user user = User.query.filter_by(email='*****@*****.**').first() user.admin = True db.session.commit() with self.client: token = get_user_token(self.client, '*****@*****.**', 'test') response = self.client.post( '/api/users/', data=json.dumps({ 'username': '******', 'email': '*****@*****.**', 'password': '******', }), content_type='application/json', headers={'Authorization': f'Bearer {token}'}) data = json.loads(response.data.decode()) self.assertEqual(response.status_code, 201) self.assertIn('*****@*****.**', data['email']) self.assertNotIn('password', data)
def test_invalid_logout_inactive(self): add_user('test', '*****@*****.**', 'test') # update user with self.client: resp_login = self.client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') token = json.loads(resp_login.data.decode())['auth_token'] user = User.query.filter_by(email='*****@*****.**').first() user.is_active = False db.session.commit() response = self.client.get( '/api/auth/logout', headers={'Authorization': f'Bearer {token}'}) data = json.loads(response.data.decode()) self.assertIn("The user is not valid or has had access revoked", data['message']) self.assertEqual(response.status_code, 401)
def test_single_user(self): """Ensure get single user behaves correctly.""" user = add_user('test_me', '*****@*****.**', 'Downf0ryourRIGHTtoParty!') with self.client: token = get_user_token(self.client, '*****@*****.**', 'Downf0ryourRIGHTtoParty!') response = self.client.get( f'/api/users/{user.id}', content_type='application/json', headers={'Authorization': f'Bearer {token}'}) data = json.loads(response.data.decode()) self.assertEqual(response.status_code, 200) self.assertIn('test_me', data['username']) self.assertIn('*****@*****.**', data['email'])
def test_to_json(self): user = add_user('testuser', '*****@*****.**', 'Downf0ryourRIGHTtoParty!') self.assertTrue(isinstance(user.to_json(), dict))
def test_passwords_are_random(self): user_one = add_user('testuser', '*****@*****.**', 'Downf0ryourRIGHTtoParty!') user_two = add_user('testuser2', '*****@*****.**', 'Downf0ryourRIGHTtoParty!') self.assertNotEqual(user_one.password, user_two.password)