class TestCircle: """ Class for testing user api-functionality. """ user = test_me.TestUser helper = test_helper.TestHelper circle = test_circle.TestCircle tokens = authentication.get_mock_user() def test_organization(self, client): """ Test the exceptions for /organizations. """ self.helper.set_up(test_helper, client) for token in self.tokens: self.user.me_post(test_me, client, token) jwt_token = self.helper.login(test_helper, client, token) self.user.me_organizations_post(test_me, client, jwt_token) id = self.circle.get_organization_id(test_circle, client, jwt_token) circle_id = self.circle.get_circle_id(test_circle, client, jwt_token, id) partner_id = self.circle.get_partner_id(test_circle, client, id, jwt_token) role_id = self.circle.get_role_id(test_circle, client, jwt_token, circle_id) fields = { 'exp': datetime.utcnow() - timedelta(seconds=60), 'sub': 'mock_user_001' } encoded = jwt.encode(fields, 'top_secret', algorithm='HS256') expired_token = encoded.decode('utf-8') self.circle_get_no_login(client, circle_id) self.circle_get_expired_token(client, circle_id, expired_token) self.circle_get_not_found(client, jwt_token) self.circle_put_no_login(client, circle_id) self.circle_put_no_param(client, circle_id, jwt_token) self.circle_put_wrong_param(client, circle_id, jwt_token) self.circle_put_expired_token(client, expired_token, circle_id) self.circle_put_not_found(client, jwt_token) self.circle_post_roles_no_login(client, circle_id) self.circle_post_roles_no_param(client, circle_id, jwt_token) self.circle_post_roles_wrong_param(client, circle_id, jwt_token) self.circle_post_roles_expired_token(client, expired_token, circle_id) self.circle_post_roles_not_found(client, jwt_token) self.circle_get_roles_no_login(client, circle_id) self.circle_get_roles_expired_token(client, expired_token, circle_id) self.circle_get_roles_not_found(client, jwt_token) self.circle_put_subcircles_no_login(client, role_id) self.circle_put_subcircles_no_param(client, circle_id, jwt_token) self.circle_put_subcircles_wrong_param(client, circle_id, jwt_token) self.circle_put_subcircles_expired_token(client, circle_id, expired_token) self.circle_put_subcircles_not_found(client, jwt_token) self.circle_get_members_no_login(client, circle_id) self.circle_get_members_expired_token(client, circle_id, expired_token) self.circle_get_members_not_found(client, jwt_token) self.circle_put_partner_no_login(client, circle_id, partner_id) self.circle_put_partner_no_param(client, circle_id, jwt_token, partner_id) self.circle_put_partner_wrong_param(client, circle_id, jwt_token, partner_id) self.circle_put_partner_expired_token(client, expired_token, circle_id, partner_id) self.circle_put_partner_not_found_circle_id( client, jwt_token, circle_id) self.circle_put_partner_not_found_partner_id( client, jwt_token, partner_id) self.circle_delete_partner_no_login(client, circle_id, partner_id) def circle_get_no_login(self, client, circle_id): """ Test if the get requests without a valid token returns a 400 status code. """ assert client.get('/circles/' + circle_id).status == '400 BAD REQUEST' def circle_get_expired_token(self, client, circle_id, expired_token): """ Test if the get requests with an expired token returns a 401 status code. """ assert client.get('/circles/' + circle_id, headers={ 'Authorization': 'Bearer ' + expired_token}).status == '401 ' \ 'UNAUTHORIZED' def circle_get_not_found(self, client, jwt_token): """ Test if the get requests to a non-existing circle returns a 404 status code. """ assert client.get('/circles/' + '0', headers={ 'Authorization': 'Bearer ' + jwt_token }).status == '404 NOT FOUND' def circle_put_no_login(self, client, circle_id): """ Test if the put request without a valid token returns a 400 status code. """ assert client.put('/circles/' + circle_id, headers={}, data={'name': 'Name2', 'purpose': 'Purpose2', 'strategy': 'Strategy2'})\ .status == '400 BAD REQUEST' def circle_put_no_param(self, client, circle_id, token): """ Test if the put request with a missing body returns a 400 status code. """ assert client.put('/circles/' + circle_id, headers={ 'Authorization': 'Bearer ' + token}, data={}) \ .status == '400 BAD REQUEST' def circle_put_wrong_param(self, client, circle_id, token): """ Test if the put request without a correct body returns a 400 status code. """ assert client.put('/circles/' + circle_id, headers={ 'Authorization': 'Bearer ' + token}, data={'purpose': 'Purpose2', 'strategy': 'Strategy2'}) \ .status == '400 BAD REQUEST' def circle_put_expired_token(self, client, expired_token, circle_id): """ Test if the put requests with an expired token returns a 401 status code. """ assert client.put('/circles/' + circle_id, headers={ 'Authorization': 'Bearer ' + expired_token}, data={'name': 'Name2', 'purpose': 'Purpose2', 'strategy': 'Strategy2'})\ .status == '401 UNAUTHORIZED' def circle_put_not_found(self, client, jwt_token): """ Test if the put requests to a non-existing circle returns a 404 status code. """ assert client.put('/circles/' + '0', headers={ 'Authorization': 'Bearer ' + jwt_token}, data={'name': 'Name2', 'purpose': 'Purpose2', 'strategy': 'Strategy2'})\ .status == '404 NOT FOUND' def circle_post_roles_no_login(self, client, circle_id): """ Test if the post request without a valid token returns a 400 status code. """ assert client.post('/circles/' + circle_id + '/roles', headers={}, data={'name': 'NewRole', 'purpose': 'This is a new Role added to a ' 'Circle.'}).status \ == '400 BAD REQUEST' def circle_post_roles_no_param(self, client, circle_id, token): """ Test if the post request with a missing body returns a 400 status code. """ assert client.post('/circles/' + circle_id + '/roles', headers={ 'Authorization': 'Bearer ' + token}, data={}).status \ == '400 BAD REQUEST' def circle_post_roles_wrong_param(self, client, circle_id, token): """ Test if the post request without a correct body returns a 400 status code. """ assert client.post('/circles/' + circle_id + '/roles', headers={ 'Authorization': 'Bearer ' + token}, data={'purpose': 'This is a new Role added to a ' 'Circle.'}).status \ == '400 BAD REQUEST' def circle_post_roles_expired_token(self, client, expired_token, circle_id2): """ Test if the post requests with an expired token returns a 401 status code. """ assert client.post('/circles/' + circle_id2 + '/roles', headers={ 'Authorization': 'Bearer ' + expired_token}, data={'name': 'NewRole', 'purpose': 'This is a new Role added to a ' 'Circle.'}).status \ == '401 UNAUTHORIZED' def circle_post_roles_not_found(self, client, jwt_token): """ Test if the put requests to a non-existing circle returns a 404 status code. """ assert client.post('/circles/' + '0' + '/roles', headers={ 'Authorization': 'Bearer ' + jwt_token}, data={'name': 'NewRole', 'purpose': 'This is a new Role added to a ' 'Circle.'}).status \ == '404 NOT FOUND' def circle_get_roles_no_login(self, client, circle_id): """ Test if the get request without a valid token returns a 400 status code. """ assert client.get('/circles/' + circle_id + '/roles', headers={}, data={}).status == '400 BAD REQUEST' def circle_get_roles_expired_token(self, client, expired_token, circle_id2): """ Test if the get requests with an expired token returns a 401 status code. """ assert client.get('/circles/' + circle_id2 + '/roles', headers={ 'Authorization': 'Bearer ' + expired_token }).status == '401 UNAUTHORIZED' def circle_get_roles_not_found(self, client, jwt_token): """ Test if the get requests to a non-existing circle returns a 404 status code. """ assert client.get('/circles/' + '0' + '/roles', headers={ 'Authorization': 'Bearer ' + jwt_token }).status == '404 NOT FOUND' def circle_put_subcircles_no_login(self, client, role_id): """ Test if the put request without a valid token returns a 400 status code. """ assert client.put('/roles/' + role_id + '/circle', headers={}, data={'name': 'NewRole', 'purpose': 'This is a new Role added to a ' 'Circle.', 'strategy': 'NewStrategy'})\ .status == '400 BAD REQUEST' def circle_put_subcircles_no_param(self, client, role_id, token): """ Test if the put request with a missing body returns a 400 status code. """ assert client.put('/roles/' + role_id + '/circle', headers={ 'Authorization': 'Bearer ' + token}, data={}).status ==\ '204 NO CONTENT' def circle_put_subcircles_wrong_param(self, client, role_id, token): """ Test if the put request without a correct body returns a 400 status code. """ assert client.put('/roles/' + role_id + '/circle', headers={ 'Authorization': 'Bearer ' + token}, data={'name': 'NewRole', 'strategy': 'NewStrategy'})\ .status == '204 NO CONTENT' def circle_put_subcircles_expired_token(self, client, role_id, expired_token): """ Test if the put requests with an expired token returns a 401 status code. """ assert client.put('roles/' + role_id + '/circle', headers={ 'Authorization': 'Bearer ' + expired_token}, data={'name': 'NewRole', 'strategy': 'NewStrategy'})\ .status == '401 UNAUTHORIZED' def circle_put_subcircles_not_found(self, client, jwt_token): """ Test if the put requests to a non-existing circle returns a 404 status code. """ assert client.put('/roles/' + '0' + '/circle', headers={ 'Authorization': 'Bearer ' + jwt_token}, data={'name': 'NewRole', 'strategy': 'NewStrategy'})\ .status == '404 NOT FOUND' def circle_get_members_no_login(self, client, circle_id): """ Test if the get request without a valid token returns a 400 status code. """ assert client.get('/circles/' + circle_id + '/members', headers={}).status == '400 BAD REQUEST' def circle_get_members_expired_token(self, client, circle_id, expired_token): """ Test if the get requests with an expired token returns a 401 status code. """ assert client.get('/circles/' + circle_id + '/members', headers={ 'Authorization': 'Bearer ' + expired_token}).status == '401 ' \ 'UNAUTHORIZED' def circle_get_members_not_found(self, client, jwt_token): """ Test if the get requests to a non-existing circle returns a 404 status code. """ assert client.get('/circles/' + '0' + '/members', headers={ 'Authorization': 'Bearer ' + jwt_token }).status == '404 NOT FOUND' def circle_put_partner_no_login(self, client, circle_id, partner_id): """ Test if the put request without a valid token returns a 400 status code. """ assert client.put('/circles/' + circle_id + '/members/' + partner_id, headers={}, data={'firstname': 'Manuel', 'lastname': 'Neuer', 'email': '*****@*****.**'}).status \ == '400 BAD REQUEST' def circle_put_partner_no_param(self, client, circle_id, jwt_token, partner_id): """ Test if the put request with a missing body returns a 400 status code. """ assert client.put('/circles/' + circle_id + '/members/' + partner_id, headers={ 'Authorization': 'Bearer ' + jwt_token }, data={}).status == '204 NO CONTENT' def circle_put_partner_wrong_param(self, client, circle_id, jwt_token, partner_id): """ Test if the put request without a correct body returns a 400 status code. """ assert client.put('/circles/' + circle_id + '/members/' + partner_id, headers={'Authorization': 'Bearer ' + jwt_token}, data={'purpose': 'Purpose2', 'strategy': 'Strategy2'})\ .status == '204 NO CONTENT' def circle_put_partner_expired_token(self, client, expired_token, circle_id, partner_id): """ Test if the put requests with an expired token returns a 401 status code. """ assert client.put('/circles/' + circle_id + '/members/' + partner_id, headers={'Authorization': 'Bearer ' + expired_token}, data={'name': 'Name2', 'purpose': 'Purpose2', 'strategy': 'Strategy2'})\ .status == '401 UNAUTHORIZED' def circle_put_partner_not_found_circle_id(self, client, jwt_token, circle_id): """ Test if the put requests to a non-existing circle returns a 404 status code. """ assert client.put('/circles/' + circle_id + '/members/' + '0', headers={ 'Authorization': 'Bearer ' + jwt_token }, data={ 'name': 'Name3', 'purpose': 'Purpose3', 'strategy': 'Strategy3' }).status == '404 NOT FOUND' def circle_put_partner_not_found_partner_id(self, client, jwt_token, partner_id): """ Test if the put requests to a non-existing circle returns a 404 status code. """ assert client.put('/circles/' + '0' + '/members/' + partner_id, headers={ 'Authorization': 'Bearer ' + jwt_token }, data={ 'name': 'Name3', 'purpose': 'Purpose3', 'strategy': 'Strategy3' }).status == '404 NOT FOUND' def circle_delete_partner_no_login(self, client, circle_id, partner_id): """ Test if the delete request without a valid token returns a 400 status code. """ assert client.delete('/circles/' + circle_id + '/members/' + partner_id, headers={}).status == '400 BAD REQUEST' def circle_delete_partner_expired_token(self, client, circle_id, expired_token, partner_id): """ Test if the delete request with an expired token returns a 401 status code. """ assert client.delete('/circles/' + circle_id + '/members/' + partner_id, headers={'Authorization': 'Bearer ' + expired_token}).status \ == '401 UNAUTHORIZED' def circle_delete_partner_not_found_circle_id(self, client, jwt_token, circle_id): """ Test if the delete request to a non-existing partner returns a 404 status code. """ assert client.delete('/circles/' + circle_id + '/members/' + '0', headers={'Authorization': 'Bearer ' + jwt_token}).status \ == '404 NOT FOUND' def circle_delete_partner_not_found_partner_id(self, client, jwt_token, partner_id): """ Test if the delete request to a non-existing circle returns a 404 status code. """ assert client.delete('/circles/' + '0' + '/members/' + partner_id, headers={'Authorization': 'Bearer ' + jwt_token}).status \ == '404 NOT FOUND'
class TestOrganization: """ Class for testing Organization api-functionality. """ user = test_me.TestUser helper = test_helper.TestHelper tokens = authentication.get_mock_user() def test_organization(self, client): """ Set up the Database and checks the functionality for a given set of mock users. """ self.helper.set_up(test_helper, client) for token in self.tokens: self.user.me_post(test_me, client, token) jwt_token = self.helper.login(test_helper, client, token) self.user.me_organizations_post(test_me, client, jwt_token) id = self.get_organization_id(client, jwt_token) self.get_organization(client, jwt_token, id) self.put_organization(client, jwt_token, id) self.delete_organization(client, jwt_token, id) self.user.me_organizations_post(test_me, client, jwt_token) id2 = self.get_organization_id(client, jwt_token) self.get_organization_members(client, jwt_token, id2) self.get_organization_admins(client, jwt_token, id2) self.post_organization_invitation(client, jwt_token, id2) self.get_organization_invitations(client, jwt_token, id2) def get_organization_id(self, client, token): """ Helper Method for getting an organization ID for further tests. :return Organization-ID as String. """ data = client.get('/me/organizations', headers={ 'Authorization': 'Bearer ' + token }).json[0]['id'] organization_id = str(data) return organization_id def get_organization(self, client, token, id): """ Test if get request to API gets executed. """ assert client.get('/organizations/' + id, headers={ 'Authorization': 'Bearer ' + token }).status == '200 OK' def put_organization(self, client, token, id): """ Test if put request to API gets executed. """ assert client.put('/organizations/' + id, headers={ 'Authorization': 'Bearer ' + token }, data={ 'is_deleted': 'False', 'name': 'Tolli Empire', 'id': '1' }).status == '200 OK' def delete_organization(self, client, token, id): """ Test if the delete request gets executed. """ assert client.delete('/organizations/' + id, headers={ 'Authorization': 'Bearer ' + token }).status == '204 NO CONTENT' def get_organization_members(self, client, token, id): """ Get all organization members for further testing. :return JSON object with all members. """ response = client.get('/organizations/' + id + '/members', headers={'Authorization': 'Bearer ' + token}) json_response = response.json return json_response def get_organization_admins(self, client, token, id): """ Test if the get request for Admins of an organization gets executed. :return JSON Object with all admins of an Organization. """ assert client.get('/organizations/' + id + '/admins', headers={ 'Authorization': 'Bearer ' + token }).status == '200 OK' return client.get('/organizations/' + id + '/admins', headers={'Authorization': 'Bearer ' + token}) def get_organization_invitations(self, client, token, id): """ Test if the get request for Invitations gets executed. """ assert client.get('/organizations/' + id + '/invitations', headers={ 'Authorization': 'Bearer ' + token }).status == '200 OK' def post_organization_invitation(self, client, token, id): """ Post a Mock Invitation to an Organization. """ return client.post('/organizations/' + id + '/invitations', headers={'Authorization': 'Bearer ' + token}, data={ 'email': '*****@*****.**', 'organization_id': id })
class TestOrganizationException: """ Test API for exceptions. """ helper = test_helper.TestHelper user = test_me.TestUser organization = test_organization.TestOrganization tokens = authentication.get_mock_user() def test_organization_exceptions(self, client): """ Set up the Database and checks the functionality for a given set of mock users. """ self.helper.set_up(test_helper, client) for jwt_token in self.tokens: self.user.me_post(test_me, client, jwt_token) jwt_token = self.helper.login(test_helper, client, jwt_token) self.user.me_organizations_post(test_me, client, jwt_token) id = self.organization.get_organization_id(test_organization, client, jwt_token) fields = { 'exp': datetime.utcnow() - timedelta(seconds=60), 'sub': 'mock_user_001' } encoded = jwt.encode(fields, 'top_secret', algorithm='HS256') expired_token = encoded.decode('utf-8') self.organization_post_not_allowed(client, id) self.organization_get_no_login(client, id) self.organization_get_expired_token(client, id, expired_token) self.organization_get_not_found(client, jwt_token) self.organization_put_no_login(client, id) self.organization_put_no_param(client, jwt_token, id) self.organization_put_wrong_params(client, jwt_token, id) self.organization_put_expired_token(client, expired_token, id) self.organization_put_not_found(client, jwt_token) self.organization_del_no_login(client, id) self.organization_del_no_param(client, jwt_token, id) self.organization_del_expired_token(client, expired_token, id) self.organization_del_not_found(client, jwt_token) self.organization_get_members_no_login(client, id) self.organization_get_members_expired_token( client, id, expired_token) self.organization_get_members_not_found(client, jwt_token) self.organization_get_admins_no_login(client, id) self.organization_get_admins_expired_token(client, id, expired_token) self.organization_get_admins_not_found(client, jwt_token) self.organization_post_invitation_no_login(client, id) self.organization_post_invitation_expired_token( client, id, expired_token) self.organization_post_invitation_not_found(client, jwt_token) self.organization_get_invitation_no_login(client, id) self.organization_get_invitation_expired_token( client, id, expired_token) self.organization_get_invitation_not_found(client, jwt_token) def organization_post_not_allowed(self, client, id): """ Test if the organization api returns the expected http status-code when posting. """ assert client.post('/organizations/' + id).status == '405 METHOD NOT ALLOWED' def organization_get_no_login(self, client, id): """ Test if the organization api returns the expected http status-code for getting without an authorization token. """ assert client.get('/organizations/' + id).status == '400 BAD REQUEST' def organization_get_expired_token(self, client, id, expired_token): """ Test if the get requests with an expired token returns a 401 status code. """ assert client.get('/organizations/' + id, headers={ 'Authorization': 'Bearer ' + expired_token})\ .status == '401 UNAUTHORIZED' def organization_get_not_found(self, client, jwt_token): """ Test if the get requests to a non-existing organization returns a 404 status code. """ assert client.get('/organizations/' + '0', headers={'Authorization': 'Bearer ' + jwt_token})\ .status == '404 NOT FOUND' def organization_put_no_login(self, client, id): """ Test if the organization api returns the expected http status-code for putting without an authorization token. """ assert client.put('/organizations/' + id, headers={}, data={ 'name': 'Daisy' }).status == '400 BAD REQUEST' def organization_put_wrong_params(self, client, jwt_token, id): """ Test if the organization api returns the expected http status-code when putting with wrong parameters. """ assert client.put('/organizations/' + id, headers={'Authorization': 'Bearer ' + jwt_token}, data={'firstname': 'Daisy', 'lastname': 'Ducks', 'email': '*****@*****.**'}).status == \ '400 BAD REQUEST' def organization_put_no_param(self, client, jwt_token, id): """ Test if the organization api returns the expected http status-code when putting without parameters. """ assert client.put('/organizations/' + id, headers={ 'Authorization': 'Bearer ' + jwt_token }, data={}).status == '400 BAD REQUEST' def organization_put_expired_token(self, client, expired_token, id): """ Test if the put requests with an expired token returns a 401 status code. """ assert client.put('/organizations/' + id, headers={ 'Authorization': 'Bearer ' + expired_token}, data={'firstname': 'Daisy', 'lastname': 'Ducks', 'email': '*****@*****.**'}).status == \ '401 UNAUTHORIZED' def organization_put_not_found(self, client, jwt_token): """ Test if the put requests to a non-existing organization returns a 404 status code. """ assert client.put('/organizations/' + '0', headers={ 'Authorization': 'Bearer ' + jwt_token}, data={'firstname': 'Daisy', 'lastname': 'Ducks', 'email': '*****@*****.**'}).status == \ '404 NOT FOUND' def organization_del_no_login(self, client, id): """ Test if the organization api returns the expected http status-code for deleting without an authorization token. """ assert client.delete('/organizations/' + id, headers={}, data={'name': 'Daisy'}).status == \ '400 BAD REQUEST' def organization_del_no_param(self, client, jwt_token, id): """ Test if the organization api returns the expected http status-code when deleting without parameters. """ assert client.delete('/organizations/' + id, headers={ 'Authorization': 'Bearer ' + jwt_token }, data={}).status == '204 NO CONTENT' def organization_del_expired_token(self, client, expired_token, id): """ Test if the del requests with an expired token returns a 401 status code. """ assert client.delete('/organizations/' + id, headers={ 'Authorization': 'Bearer ' + expired_token }, data={}).status == '401 UNAUTHORIZED' def organization_del_not_found(self, client, jwt_token): """ Test if the put requests to a non-existing organization returns a 404 status code. """ assert client.delete('/organizations/' + '0', headers={ 'Authorization': 'Bearer ' + jwt_token }, data={}).status == '404 NOT FOUND' def organization_get_members_no_login(self, client, id): """ Test if the organization api returns the expected http status-code for getting without an authorization token. """ assert client.get('/organizations/' + id + '/members', headers={}).status == '400 BAD REQUEST' def organization_get_members_expired_token(self, client, id, expired_token): """ Test if the get requests with an expired token returns a 401 status code. """ assert client.get('/organizations/' + id + '/members', headers={ 'Authorization': 'Bearer ' + expired_token }, data={}).status == '401 UNAUTHORIZED' def organization_get_members_not_found(self, client, jwt_token): """ Test if the get requests to a non-existing organization returns a 404 status code. """ assert client.get('/organizations/' + '0' + '/members', headers={ 'Authorization': 'Bearer ' + jwt_token }, data={}).status == '404 NOT FOUND' def organization_get_admins_no_login(self, client, id): """ Test if the organization api returns a valid http status-code for getting without an authorization token. """ assert client.get('/organizations/' + id + '/admins', headers={}).status == '400 BAD REQUEST' def organization_get_admins_expired_token(self, client, id, expired_token): """ Test if the get requests with an expired token returns a 401 status code. """ assert client.get('/organizations/' + id + '/admins', headers={ 'Authorization': 'Bearer ' + expired_token }, data={}).status == '401 UNAUTHORIZED' def organization_get_admins_not_found(self, client, jwt_token): """ Test if the get requests to a non-existing organization returns a 404 status code. """ assert client.get('/organizations/' + '0' + '/admins', headers={ 'Authorization': 'Bearer ' + jwt_token }, data={}).status == '404 NOT FOUND' def organization_post_invitation_no_login(self, client, id): """ Test if the organization api returns a valid http status-code for getting without an authorization token. """ assert client.post('/organizations/' + id + '/invitations', headers={}, data={ 'email': '*****@*****.**', 'organization_id': id}).status == '400 BAD ' \ 'REQUEST' def organization_post_invitation_expired_token(self, client, id, expired_token): """ Test if the post requests with an expired token returns a 401 status code. """ assert client.post('/organizations/' + id + '/invitations', headers={ 'Authorization': 'Bearer ' + expired_token}, data={ 'email': '*****@*****.**', 'organization_id': id})\ .status == '401 UNAUTHORIZED' def organization_post_invitation_not_found(self, client, jwt_token): """ Test if the post requests to a non-existing organization returns a 404 status code. """ assert client.post('/organizations/' + '0' + '/invitations', headers={ 'Authorization': 'Bearer ' + jwt_token}, data={ 'email': '*****@*****.**', 'organization_id': id})\ .status == '404 NOT FOUND' def organization_get_invitation_no_login(self, client, id): """ Test if the organization api returns a valid http status-code for getting without an authorization token. """ assert client.get('/organizations/' + id + '/invitations', headers={}).status == '400 BAD REQUEST' def organization_get_invitation_expired_token(self, client, id, expired_token): """ Test if the get requests with an expired token returns a 401 status code. """ assert client.get('/organizations/' + id + '/invitations', headers={ 'Authorization': 'Bearer ' + expired_token }, data={}).status == '401 UNAUTHORIZED' def organization_get_invitation_not_found(self, client, jwt_token): """ Test if the get requests to a non-existing organization returns a 404 status code. """ assert client.get('/organizations/' + '0' + '/invitations', headers={ 'Authorization': 'Bearer ' + jwt_token }, data={}).status == '404 NOT FOUND'
class TestUserExceptions: """ Class for testing exceptions at the /me(/*) endpoint. """ tokens = authentication.get_mock_user() endpoint_me = test_me.TestUser helper = test_helper.TestHelper def test_me_exceptions(self, client): """ Set up the Database and checks the functionality for a given set of mock users. """ self.helper.set_up(test_helper, client) fields = { 'exp': datetime.utcnow() - timedelta(seconds=60), 'sub': 'mock_user_001' } encoded = jwt.encode(fields, 'top_secret', algorithm='HS256') expired_token = encoded.decode('utf-8') self.me_get_no_login(client) self.me_get_expired_token(client, expired_token) self.me_put_no_login(client) self.me_put_expired_token(client, expired_token) self.me_del_no_login(client) self.me_del_expired_token(client, expired_token) self.me_organizations_post_no_login(client) self.me_organizations_post_expired_token(client, expired_token) for token in self.tokens: self.endpoint_me.me_post(test_me, client, token) jwt_token = self.helper.login(test_helper, client, token) self.me_put_no_param(client, jwt_token) self.me_organizations_post_no_param(client, jwt_token) def me_post_no_login(self, client): """ Test if the me-page returns the expected http status-code when posting without an authorization token. """ assert client.post('/me').status == '400 BAD REQUEST' def me_get_no_login(self, client): """ Test if the me-page returns the expected http status-code when getting without an authorization token. """ assert client.get('/me').status == '400 BAD REQUEST' def me_get_expired_token(self, client, expired_token): """ Test if the get requests with an expired token returns a 401 status code. """ assert client.get('/me', headers={ 'Authorization': 'Bearer ' + expired_token}).status == \ '401 UNAUTHORIZED' def me_put_no_login(self, client): """ Test if the me-page returns the expected http status-code when putting without an authorization token. """ assert client.put('/me', headers={}, data={'firstname': 'Daisy', 'lastname': 'Ducks', 'email': '*****@*****.**'}).status == \ '400 BAD REQUEST' def me_put_no_param(self, client, token): """ Test if the me-page returns the expected http status-code when putting. """ assert client.put('/me', headers={ 'Authorization': 'Bearer ' + token }, data={}).status == '400 BAD REQUEST' def me_put_expired_token(self, client, expired_token): """ Test if the put requests with an expired token returns a 401 status code. """ assert client.put('/me', headers={ 'Authorization': 'Bearer ' + expired_token}, data={'firstname': 'Daisy', 'lastname': 'Ducks', 'email': '*****@*****.**'}).status == \ '401 UNAUTHORIZED' def me_del_no_login(self, client): """ Test if the me-page returns the expected http status-code when deleting without an authorization token. """ assert client.delete('/me', headers={}, data={'firstname': 'Daisy', 'lastname': 'Ducks', 'email': '*****@*****.**'}).status == \ '400 BAD REQUEST' def me_del_expired_token(self, client, expired_token): """ Test if the delete requests with an expired token returns a 401 status code. """ assert client.delete('/me', headers={ 'Authorization': 'Bearer ' + expired_token}).status == \ '401 UNAUTHORIZED' def me_organizations_post_no_login(self, client): """ Test if the me-organizations-page returns the expected http status-code when posting without an authorization token. """ assert client.post('/me/organizations', headers={}, data={'name': 'Dagoberts ' + 'Empire'}).status == \ '400 BAD REQUEST' def me_organizations_post_expired_token(self, client, expired_token): """ Test if the post requests with an expired token returns a 401 status code. """ assert client.post('/me/organizations', headers={'Authorization': 'Bearer ' + expired_token}, data={'name': 'Dagoberts ' + 'Empire'}).status == \ '401 UNAUTHORIZED' def me_organizations_post_no_param(self, client, token): """ Test if the me-organizations-page returns the expected http status-code when posting. """ assert client.post('/me/organizations', headers={ 'Authorization': 'Bearer ' + token }, data={}).status == '400 BAD REQUEST'
class TestPartnerException: """ Test API for exceptions. """ partner_helper = test_partners.TestPartners helper = test_helper.TestHelper user1 = test_me.TestUser user2 = test_me.TestUser organization = test_organization.TestOrganization tokens = authentication.get_mock_user() jwtToken = '' jwtToken2 = '' def test_organization_exceptions(self, client): """ Set up the Database and checks the functionality for a given set of mock users. """ self.helper.set_up(test_helper, client) self.helper.set_up(test_helper, client) self.user1.me_post(test_me, client, 'mock_user_001') self.user2.me_post(test_me, client, 'mock_user_002') self.jwtToken = self.helper.login(test_helper, client, 'mock_user_001') self.jwtToken2 = self.helper.login(test_helper, client, 'mock_user_002') self.user1.me_organizations_post(test_me, client, self.jwtToken) organization_id = self.organization.get_organization_id( test_organization, client, self.jwtToken) self.add_user_to_organization(client, self.jwtToken2, organization_id) member_id = self.partner_helper.get_organization_members_id( test_partners, client, self.jwtToken, organization_id) partner_id = self.partner_helper.get_partner(test_partners, client, self.jwtToken, member_id) fields = { 'exp': datetime.utcnow() - timedelta(seconds=60), 'sub': 'mock_user_001' } encoded = jwt.encode(fields, 'top_secret', algorithm='HS256') expired_token = encoded.decode('utf-8') self.partner_post_not_allowed(client, partner_id) self.partner_get_no_login(client, partner_id) self.partner_get_expired_token(client, expired_token, partner_id) self.partner_get_not_found(client, self.jwtToken) self.partner_put_no_login(client, partner_id) self.partner_put_no_param(client, self.jwtToken, partner_id) self.partner_put_wrong_params(client, self.jwtToken, partner_id) self.partner_put_expired_token(client, expired_token, partner_id) self.partner_put_not_found(client, self.jwtToken) self.partner_del_no_login(client, partner_id) self.partner_del_expired_token(client, expired_token, partner_id) self.partner_del_not_found(client, self.jwtToken) self.partner_put_admin_no_login(client, partner_id) self.partner_put_admin_expired_token(client, expired_token, partner_id) self.partner_put_admin_not_found(client, self.jwtToken) self.partner_del_admin_no_login(client, partner_id) self.partner_del_admin_expired_token(client, expired_token, partner_id) self.partner_del_admin_not_found(client, self.jwtToken) def partner_post_not_allowed(self, client, partner_id): """ Test if the partner api returns the expected http status-code when posting. """ assert client.post('/partners/' + partner_id).status == '405 METHOD NOT ALLOWED' def partner_get_no_login(self, client, partner_id): """ Test if the partner api returns the expected http status-code when getting without an authorization token. """ assert client.get('/partners/' + partner_id, headers={}).status == \ '400 BAD REQUEST' def partner_get_expired_token(self, client, expired_token, partner_id): """ Test if the get requests with an expired token returns a 401 status code. """ assert client.get('/partners/' + partner_id, headers={ 'Authorization': 'Bearer ' + expired_token}).status == \ '401 UNAUTHORIZED' def partner_get_not_found(self, client, jwt_token): """ Test if the get requests to a non-existing partner returns a 404 status code. """ assert client.get('/partners/' + '0', headers={ 'Authorization': 'Bearer ' + jwt_token }).status == '404 NOT FOUND' def partner_put_no_login(self, client, partner_id): """ Test if the partner api returns the expected http status-code when putting without an authorization token. """ assert client.put('/partners/' + partner_id, headers={}, data={'firstname': 'Daisy', 'lastname': 'Ducks', 'email': '*****@*****.**'}).status == \ '400 BAD REQUEST' def partner_put_no_param(self, client, token, partner_id): """ Test if the partner api returns the expected http status-code when putting without parameters. """ assert client.put('/partners/' + partner_id, headers={ 'Authorization': 'Bearer ' + token }, data={}).status == '400 BAD REQUEST' def partner_put_wrong_params(self, client, token, partner_id): """ Test if the partner api returns the expected http status-code when putting with wrong parameters. """ assert client.put('/partners/' + partner_id, headers={'Authorization': 'Bearer ' + token}, data={'google_id': 'Daisy', 'lastname': 'Ducks', 'email': '*****@*****.**'}).status == \ '400 BAD REQUEST' def partner_put_expired_token(self, client, expired_token, partner_id): """ Test if the put requests with an expired token returns a 401 status code. """ assert client.put('/partners/' + partner_id, headers={'Authorization': 'Bearer ' + expired_token}, data={'firstname': 'Daisy', 'lastname': 'Ducks', 'email': 'daisy' + str(uuid.uuid4()) + '@tolli.com'}).status == \ '401 UNAUTHORIZED' def partner_put_not_found(self, client, jwt_token): """ Test if the put requests to a non-existing partner returns a 404 status code. """ assert client.put('/partners/' + '0', headers={'Authorization': 'Bearer ' + jwt_token}, data={'firstname': 'Daisy', 'lastname': 'Ducks', 'email': 'daisy' + str(uuid.uuid4()) + '@tolli.com'}).status == \ '404 NOT FOUND' def partner_del_no_login(self, client, partner_id): """ Test if the partner api returns the expected http status-code when deleting without an authorization token. """ assert client.delete('/partners/' + partner_id, headers={}).status == '400 BAD REQUEST' def partner_del_expired_token(self, client, expired_token, partner_id): """ Test if the put requests with an expired token returns a 401 status code. """ assert client.delete('/partners/' + partner_id, headers={ 'Authorization': 'Bearer ' + expired_token}).status == \ '401 UNAUTHORIZED' def partner_del_not_found(self, client, token): """ Test if the delete requests to a non-existing partner returns a 404 status code. """ assert client.delete('/partners/' + '0', headers={ 'Authorization': 'Bearer ' + token }).status == '404 NOT FOUND' def partner_put_admin_no_login(self, client, partner_id): """ Test if the partner api returns the expected http status-code when putting without an authorization token. """ assert client.put('/partners/' + partner_id + '/admin', headers={}).status == '400 BAD REQUEST' def partner_put_admin_expired_token(self, client, expired_token, partner_id): """ Test if the put requests with an expired token returns a 401 status code. """ assert client.put('/partners/' + partner_id + '/admin', headers={ 'Authorization': 'Bearer ' + expired_token}).status == \ '401 UNAUTHORIZED' def partner_put_admin_not_found(self, client, token): """ Test if the partner api returns the expected http status-code when putting without an ID. """ assert client.put('/partners/admin', headers={ 'Authorization': 'Bearer ' + token }).status == '404 NOT FOUND' def partner_del_admin_no_login(self, client, id): """ Test if the partner api returns the expected http status-code when deleting without an authorization token. """ assert client.delete('/partners/' + id + '/admin', headers={}).status == '400 BAD REQUEST' def partner_del_admin_expired_token(self, client, expired_token, partner_id): """ Test if the del requests with an expired token returns a 401 status code. """ assert client.delete('/partners/' + partner_id + '/admin', headers={ 'Authorization': 'Bearer ' + expired_token}).status == \ '401 UNAUTHORIZED' def partner_del_admin_not_found(self, client, token): """ Test if the partner api returns the expected http status-code when deleting without an ID. """ assert client.delete('/partners/' + '0' + '/admin', headers={ 'Authorization': 'Bearer ' + token }).status == '404 NOT FOUND' def partner_operation_with_deleted_user(self, client, token, id): """ Test if the partner api returns the expected http status-code when posting. """ assert client.delete('/partners/' + id, headers={ 'Authorization': 'Bearer ' + token }).status == '200 OK' assert client.put('/partners/' + id, headers={'Authorization': 'Bearer ' + token}, data={'firstname': 'Daisy', 'lastname': 'Ducks', 'email': '*****@*****.**'}).status == \ '400 BAD REQUEST' def add_user_to_organization(self, client, token, id_organization): """ Helper Method adding a User to an Organization """ invitation_response = self.organization.post_organization_invitation( test_organization, client, self.jwtToken, id_organization) invitation_code = invitation_response.json['code'] assert client.get('/invitations/' + invitation_code + '/accept', headers={ 'Authorization': 'Bearer ' + token}).status == \ '200 OK'
class TestCircle: """ Class for testing user api-functionality. """ user = test_me.TestUser helper = test_helper.TestHelper tokens = authentication.get_mock_user() def test_organization(self, client): """ Test the endpoint /organization. """ self.helper.set_up(test_helper, client) for token in self.tokens: self.user.me_post(test_me, client, token) jwt_token = self.helper.login(test_helper, client, token) self.user.me_organizations_post(test_me, client, jwt_token) id = self.get_organization_id(client, jwt_token) circle_id = self.get_circle_id(client, jwt_token, id) self.get_circle(client, jwt_token, circle_id) self.put_circle(client, jwt_token, circle_id) self.delete_organization(client, jwt_token, id) self.user.me_organizations_post(test_me, client, jwt_token) id2 = self.get_organization_id(client, jwt_token) circle_id2 = self.get_circle_id(client, jwt_token, id2) self.post_circle_roles(client, jwt_token, circle_id2) self.get_circle_roles(client, jwt_token, circle_id2) role_id = self.get_role_id(client, jwt_token, circle_id2) self.put_circle_subcircles(client, role_id, jwt_token) self.get_circle_members(client, circle_id2, jwt_token) partner_id = self.get_partner_id(client, id2, jwt_token) self.put_circle_partner(client, partner_id, circle_id2, jwt_token) self.delete_circle_partner(client, partner_id, circle_id2, jwt_token) def get_organization_id(self, client, token): """ Helper Method for getting an organization ID for further tests. """ data = client.get('/me/organizations', headers={ 'Authorization': 'Bearer ' + token}).json[0]['id'] organization_id = str(data) return organization_id def get_circle_id(self, client, token, id): """ Helper Method for getting a circle id for further tests. """ data = client.get('/organizations/' + id + '/anchor_circle', headers={ 'Authorization': 'Bearer ' + token}).json['id'] circle_id = str(data) return circle_id def delete_organization(self, client, token, id): """ Test if the delete request gets executed. """ assert client.delete('/organizations/' + id, headers={ 'Authorization': 'Bearer ' + token}).status == '204 NO CONTENT' def get_circle(self, client, token, circle_id): """ Test if get request to API gets executed. """ assert client.get('/circles/' + circle_id, headers={ 'Authorization': 'Bearer ' + token}).status == '200 OK' print('Passed test for getting a Circle.') def put_circle(self, client, token, circle_id): """ Test if put request to API get executed. """ assert client.put('/circles/' + circle_id, headers={ 'Authorization': 'Bearer ' + token}, data={'name': 'Name2', 'purpose': 'Purpose2', 'strategy': 'Strategy2'}).status == '200 OK' def post_circle_roles(self, client, token, circle_id2): """ Test if the post request gets executed. """ assert client.post('/circles/' + circle_id2 + '/roles', headers={ 'Authorization': 'Bearer ' + token}, data={'name': 'NewRole', 'purpose': 'This is a new Role added to a ' 'Circle.'}).status \ == '201 CREATED' def get_circle_roles(self, client, token, circle_id2): """ Test if the get request gets executed. """ assert client.get('/circles/' + circle_id2 + '/roles', headers={ 'Authorization': 'Bearer ' + token}).status == '200 OK' def get_role_id(self, client, token, circle_id2): """ Helper Method for getting the role Id """ response = client.post('/circles/' + circle_id2 + '/roles', headers={ 'Authorization': 'Bearer ' + token}, data={'name': 'NewRole', 'purpose': 'This is a new Role added to ' 'a Circle.'}) data = response.json['id'] role_id = str(data) return role_id def put_circle_subcircles(self, client, role_id, token): """ Helper Method for creating a new subcircle. """ assert client.put('/roles/' + role_id + '/circle', headers={ 'Authorization': 'Bearer ' + token}, data={'name': 'NewRole', 'purpose': 'This is a new Role added to a ' 'Circle.', 'strategy': 'NewStrategy'}).status == \ '204 NO CONTENT' def get_circle_members(self, client, circle_id2, token): """ Test if the get request gets executed. """ assert client.get('/circles/' + circle_id2 + '/members', headers={ 'Authorization': 'Bearer ' + token}).status == '200 OK' def get_partner_id(self, client, id2, token): """ Helper Method for getting the partner id. """ response = client.get('/organizations/' + id2 + '/members', headers={ 'Authorization': 'Bearer ' + token}) data = response.json[0]['id'] partner_id = str(data) return partner_id def put_circle_partner(self, client, partner_id, circle_id2, token): """ Test if the put request gets executed. """ assert client.put('/circles/' + circle_id2 + '/members/' + partner_id, headers={'Authorization': 'Bearer ' + token}, data={'firstname': 'Manuel', 'lastname': 'Neuer', 'email': '*****@*****.**'}).status \ == '204 NO CONTENT' def delete_circle_partner(self, client, partner_id, circle_id2, token): """ Test if the delete request gets executed. """ assert client.delete('/circles/' + circle_id2 + '/members/' + partner_id, headers={'Authorization': 'Bearer ' + token} ).status == '204 NO CONTENT'
class TestUser: """ Class for testing user api-functionality. """ tokens = authentication.get_mock_user() helper = test_helper.TestHelper def test_me(self, client): """ Set up the Database and checks the functionality for a given set of mock users. """ self.helper.set_up(test_helper, client) for token in self.tokens: """ Test /me Endpoint """ self.me_post(client, token) jwt_token = self.helper.login(test_helper, client, token) self.me_get(client, jwt_token) self.me_put(client, jwt_token) self.me_del(client, jwt_token) """ Test /me/organizations Endpoint """ self.me_post(client, token) jwt_token = self.helper.login(test_helper, client, token) self.me_organizations_post(client, jwt_token) self.me_organizations_get(client, jwt_token) def me_post(self, client, token): """ Test if the me-page returns the expected http status-code when posting. """ assert client.post('/register', headers={ 'Authorization': 'Token ' + token}).status == '201 CREATED' def me_get(self, client, token): """ Test if the me-page returns the expected http status-code when getting. """ assert client.get('/me', headers={ 'Authorization': 'Bearer ' + token}).status == '200 OK' def me_put(self, client, token): """ Test if the me-page returns the expected http status-code when putting. """ assert client.put('/me', headers={ 'Authorization': 'Bearer ' + token}, data={'firstname': 'Daisy', 'lastname': 'Ducks', 'email': 'daisy' + str(uuid.uuid4()) + '@tolli.com'}) print('Passed test for updating a user.') def me_del(self, client, token): """ Test if the me-page returns the expected http status-code when deleting. """ assert client.delete('/me', headers={ 'Authorization': 'Bearer ' + token}).status == '204 NO CONTENT' def me_organizations_post(self, client, token): """ Test if the me-organizations-page returns the expected http status-code when posting. """ assert client.post('/me/organizations', headers={ 'Authorization': 'Bearer ' + token}, data={'name': str(uuid.uuid4()) + 'Dagoberts ' + 'Empire'}).status == \ '201 CREATED' def me_organizations_get(self, client, token): """ Test if the me-organizations-page returns the expected http status-code when getting. """ assert client.get('/me/organizations', headers={ 'Authorization': 'Bearer ' + token}, ).status == \ '200 OK'
class TestPartners: """ Class for testing Partner api-functionality. """ user1 = test_me.TestUser user2 = test_me.TestUser organization = test_organization.TestOrganization helper = test_helper.TestHelper tokens = authentication.get_mock_user() jwtToken = '' jwtToken2 = '' def test_partners(self, client): """ Set up the Database and checks the functionality for a given set of mock users. """ self.helper.set_up(test_helper, client) self.user1.me_post(test_me, client, 'mock_user_001') self.user2.me_post(test_me, client, 'mock_user_002') self.jwtToken = self.helper.login(test_helper, client, 'mock_user_001') self.jwtToken2 = self.helper.login(test_helper, client, 'mock_user_002') self.user1.me_organizations_post(test_me, client, self.jwtToken) organization_id = self.organization.get_organization_id( test_organization, client, self.jwtToken) self.add_user_to_organization(client, self.jwtToken2, organization_id) member_id = self.get_organization_members_id(client, self.jwtToken, organization_id) print(member_id) partner_id = self.get_partner(client, self.jwtToken, member_id) self.put_partner(client, self.jwtToken, member_id) self.put_partner_admins(client, self.jwtToken, partner_id) # self.get_partner_metrics(client, self.jwtToken, organization_id) # self.get_partner_checklist(client, self.jwtToken, organization_id) # self.post_partner_checklist(client, self.jwtToken, organization_id) # self.post_partner_metrics(client, self.jwtToken, organization_id) self.delete_partner_admins(client, self.jwtToken, organization_id) self.delete_partner(client, self.jwtToken, organization_id) def get_organization_members_id(self, client, token, id): """ Helper Method for getting an organization ID for further tests. """ response = client.get('/organizations/' + id + '/members', headers={'Authorization': 'Bearer ' + token}) json_response = response.json[1]['id'] return str(json_response) def get_partner(self, client, token, id): """ Test if get request to API gets executed. """ assert client.get('/partners/' + id, headers={ 'Authorization': 'Bearer ' + token }).status == '200 OK' json_response = client.get( '/partners/' + id, headers={'Authorization': 'Bearer ' + token}) partner_id = json_response.json['id'] print('Passed test for getting a Partner:' + str(partner_id)) return str(partner_id) def put_partner(self, client, token, id): """ Test if put request to API gets executed. """ assert client.put('/partners/' + id, headers={'Authorization': 'Bearer ' + token}, data={ 'firstname': 'Daisy', 'lastname': 'Ducks', 'email': 'daisy' + str(uuid.uuid4()) + '@tolli.com' }) print('Passed test for editing a Partner.') def delete_partner(self, client, token, id): """ Test if delete request gets executed. """ assert client.delete('/partners/' + id, headers={ 'Authorization': 'Bearer ' + token }).status == '204 NO CONTENT' def post_partner_metrics(self, client, token, id): """ Test if the post request gets executed. """ # #TODO Implement Metrics # # assert client.get('/organizations/' + id + '/members', headers={ # # 'Authorization': 'Bearer ' + token}).status == '200 OK' # assert client.post('/partners/' + id + '/metrics', headers={ # 'Authorization': 'Bearer ' + token}) == '200 OK' def get_partner_metrics(self, client, token, id): """ Test if the get request gets executed. """ # #TODO Implement Metrics # # assert client.get('/organizations/' + id + '/members', headers={ # # 'Authorization': 'Bearer ' + token}).status == '200 OK' # assert client.get('/partners/' + id + '/metrics', headers={ # 'Authorization': 'Bearer ' + token}) == '200 OK' def put_partner_admins(self, client, token, id): """ Test if the put request gets executed. """ assert client.put('/partners/' + id + '/admin', headers={ 'Authorization': 'Bearer ' + token }).status == '204 NO CONTENT' def delete_partner_admins(self, client, token, id): """ Test if the delete request gets executed. """ assert client.delete('/partners/' + id + '/admin', headers={ 'Authorization': 'Bearer ' + token }).status == '204 NO CONTENT' def post_partner_checklist(self, client, token, id): """ Test if post request get executed. """ # #TODO Implement Checklists # assert client.post('/partners/' + id + '/checklists', headers={ # 'Authorization': 'Bearer ' + token}).status == '200 OK' def get_partner_checklist(self, client, token, id): """ Test if the get request gets executed. """ # #TODO Implement Checklists # assert client.get('/partners/' + id + '/checklists', headers={ # 'Authorization': 'Bearer ' + token}).status == '200 OK' def add_user_to_organization(self, client, token, id_organization): """ Helper Method for adding a user to an organization in order to make test the /admins api functionality. """ invitation_response = self.organization.post_organization_invitation( test_organization, client, self.jwtToken, id_organization) invitation_code = invitation_response.json['code'] assert client.get('/invitations/' + invitation_code + '/accept', headers={ 'Authorization': 'Bearer ' + token}).status == \ '200 OK'