def test_not_admin(client, not_admin):
auth_header = {'Authorization': not_admin}
response = client.post(test_url,
headers=auth_header,
json=valid_data,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Invalid JWT Credentials' in response.json['description']
response = client.put(f'{test_url}/1',
headers=auth_header,
json={'color': 'purple'},
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Invalid JWT Credentials' in response.json['description']
response = client.delete(f'{test_url}/1',
headers=auth_header,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Invalid JWT Credentials' in response.json['description']
def test_missing_other_token_fields(client, bad_token):
# this test is for if any fields in the token
# that are NOT checked by PyJWT are missing
# ex: 'sub', 'user'
auth_header = {'Authorization': create_token(bad_token)}
response = client.post(test_url,
headers=auth_header,
json=valid_data,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert response.json['description'] == 'Invalid JWT Credentials'
response = client.put(f'{test_url}/1',
headers=auth_header,
json={'color': 'purple'},
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert response.json['description'] == 'Invalid JWT Credentials'
response = client.delete(f'{test_url}/1',
headers=auth_header,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert response.json['description'] == 'Invalid JWT Credentials'
def test_expired_token(client, expired_token):
auth_header = {'Authorization': expired_token}
response = client.post(test_url,
headers=auth_header,
json=valid_data,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Error Decoding Token' in response.json['description']
response = client.put(f'{test_url}/1',
headers=auth_header,
json={'color': 'purple'},
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Error Decoding Token' in response.json['description']
response = client.delete(f'{test_url}/1',
headers=auth_header,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Error Decoding Token' in response.json['description']
def test_missing_required_token_fields(client, bad_token):
# this test is for if any fields in the token
# that are automatically checked by PyJWT are missing
# ex: 'exp', 'iat', 'nbf'
auth_header = {'Authorization': bad_token}
missing_claim = re.compile(
'Error Decoding Token: Token is missing the "(\w+)" claim')
response = client.post(test_url,
headers=auth_header,
json=valid_data,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert missing_claim.match(response.json['description'])
response = client.put(f'{test_url}/1',
headers=auth_header,
json={'color': 'purple'},
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert missing_claim.match(response.json['description'])
response = client.delete(f'{test_url}/1',
headers=auth_header,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert missing_claim.match(response.json['description'])
def test_delete_foreign_key(client, url, key):
prepopulate()
# prepopulate should have created the thing
response = client.get(url, as_response=True)
assert response.status_code == 200
# thing should be referenced as ForeignKey in Potions
response = client.get(f'/v1/potions?{key}=1', as_response=True)
assert response.status_code == 200
assert len(response.json['results']) >= 1
matched_potions = len(response.json['results'])
# if you delete PotionType/Potency with Potion referencing it
# should throw an error & not delete
response = client.delete(url, headers=valid_token, as_response=True)
assert response.status_code == 400
# delete should not have removed the thing
response = client.get(url, as_response=True)
assert response.status_code == 200
response = client.get(f'/v1/potions?{key}=1', as_response=True)
assert response.status_code == 200
assert len(response.json['results']) == matched_potions
delete_all()
def test_no_token(client, header):
response = client.post(test_url,
headers=header,
json=valid_data,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Missing Authorization Header' in response.json['description']
response = client.put(f'{test_url}/1',
headers=header,
json={'color': 'purple'},
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Missing Authorization Header' in response.json['description']
response = client.delete(f'{test_url}/1', headers=header, as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Missing Authorization Header' in response.json['description']
def test_invalid_token_format(client, bad_token):
bad_token = {'Authorization': bad_token}
response = client.post(test_url,
headers=bad_token,
json=valid_data,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Invalid Authorization Header' in response.json['description']
response = client.put(f'{test_url}/1',
headers=bad_token,
json={'color': 'purple'},
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Invalid Authorization Header' in response.json['description']
response = client.delete(f'{test_url}/1',
headers=bad_token,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Invalid Authorization Header' in response.json['description']
def delete(route):
client.delete(f'{route}/1',
headers=valid_token,
expected_statuses=[204])
response = client.get(route)
assert len(response['results']) == 0
def test_delete_all(client, url):
response = client.delete(url, headers=valid_token, as_response=True)
assert response.status_code == 405