def test_auth_token_no_existent_in_the_database_anymore_returning_400_status_code( client, session): """ GIVEN a Flask application WHEN the '/auth/token/' URL is requested (GET) with a token deleted from database THEN check the response HTTP 400 response """ tokens = create_tokens('test') token_id = tokens['access']['model'].id # delete the token from app.model import Token token = session.query(Token).filter_by(id=token_id).one() session.delete(token) session.commit() # revoking the refresh token url = '/auth/token' response = client.get( url, content_type='application/json', headers={'Authorization': 'Bearer ' + tokens['access']['enconded']}) assert response.status_code == 401 assert response.json['msg'] == 'Token has been revoked'
def test_auth_unrevoke_an_existent_token_returning_200_status_code( client, session, auth): """ GIVEN a Flask application WHEN the '/auth/token/<id>' URL is requested (PUT) THEN check the response is valid and and for unrevoked token """ tokens = create_tokens('test') # revoking the refresh token revoke_token(tokens['refresh']['model'], 'test') # request for unrevoking the refresh token url = '/auth/token/{}'.format(tokens['refresh']['model'].id) data = {'revoke': False} response = client.put( url, content_type='application/json', data=json.dumps(data), headers={'Authorization': 'Bearer ' + tokens['access']['enconded']}) assert response.status_code == 200 assert response.json['status'] == 'success' assert response.json['message'] == 'Token unrevoked' assert not is_token_revoked(tokens['refresh']['decoded'])
def test_auth_revoke_that_not_existent_in_the_database_anymore_returning_404_status_code( client, session): """ GIVEN a Flask application WHEN the '/auth/token/<id>' URL is requested (PUT) with a token deleted from database THEN check the response HTTP 404 response """ tokens = create_tokens('test') token_id = tokens['refresh']['model'].id # delete the token from app.model import Token token = session.query(Token).filter_by(id=token_id).one() session.delete(token) session.commit() # revoking the refresh token url = '/auth/token/{}'.format(token_id) data = {'revoke': True} response = client.put( url, content_type='application/json', data=json.dumps(data), headers={'Authorization': 'Bearer ' + tokens['access']['enconded']}) assert response.status_code == 404 assert response.json['status'] == 'fail' assert response.json['message'] == 'The specified token was not found'
def test_patch_account_without_request_content_type_returning_400_status_code(client, session): """ GIVEN a Flask application WHEN the '/account' URL is requested (PATH) without the request content type THEN check the response HTTP 400 response """ user = create_user(session) tokens = create_tokens(user.username) endpoint = '/account' response = client.patch(endpoint, headers={'Authorization': 'Bearer ' + tokens['access']['enconded']}) assert response.status_code == 400 assert response.json['status'] == 'fail' assert response.json['message'] == 'bad request'
def test_auth_revoke_without_request_content_type_returning_400_status_code( client, session, auth): """ GIVEN a Flask application WHEN the '/auth/token/<id>' URL is requested (PUT) without request content type THEN check the response HTTP 400 response """ tokens = create_tokens('test') # revoking the refresh token url = '/auth/token/{}'.format(tokens['refresh']['model'].id) response = client.put( url, headers={'Authorization': 'Bearer ' + tokens['access']['enconded']}) assert response.status_code == 400 assert response.json['status'] == 'fail' assert response.json['message'] == 'bad request'
def test_patch_account_with_password_length_smaller_than_3_character_returning_400_status_code(client, session): """ GIVEN a Flask application WHEN the '/account' URL is requested (PATCH) with invalid password value THEN check the response HTTP 400 response """ user = create_user(session) tokens = create_tokens(user.username) endpoint = '/account' data = {'password': "******"} response = client.patch(endpoint, data=json.dumps(data), content_type='application/json', headers={'Authorization': 'Bearer ' + tokens['access']['enconded']}) assert response.status_code == 400 assert response.json['status'] == 'fail' assert {"password": "******"} in response.json['data']
def test_update_account_with_empty_data_returning_400_status_code( client, session): """ GIVEN a Flask application WHEN the '/account' URL is requested (PUT) with empty data THEN check the response HTTP 400 response """ user = create_user(session) tokens = create_tokens(user.username) endpoint = '/account' data = {} response = client.put( endpoint, data=json.dumps(data), content_type='application/json', headers={'Authorization': 'Bearer ' + tokens['access']['enconded']}) assert response.status_code == 400 assert response.json['status'] == 'fail' assert {'password': '******'} in response.json['data']
def test_patch_account_with_data_well_formatted_returning_200_status_code(client, session, auth): """ GIVEN a Flask application WHEN the '/account' URL is requested (PATCH) THEN check the response is valid """ user = create_user(session) tokens = create_tokens(user.username) endpoint = '/account' data = {'password': "******"} response = client.patch(endpoint, data=json.dumps(data), content_type='application/json', headers={'Authorization': 'Bearer ' + tokens['access']['enconded']}) assert response.status_code == 200 assert response.json['status'] == 'success' assert int(response.json['data']['id']) == user.id
def test_auth_revoke_and_try_access_a_protected_url_returning_200_status_code( client, session, auth): """ GIVEN a Flask application WHEN the '/auth/token' URL is requested (GET) with revoked token THEN check the response HTTP 401 response """ tokens = create_tokens('test') # revoking the refresh token revoke_token(tokens['access']['model'], 'test') # try to access a protected url endpoint = '/auth/token' response = client.get( endpoint, headers={'Authorization': 'Bearer ' + tokens['access']['enconded']}) assert response.status_code == 401 assert response.json['msg'] == 'Token has been revoked'
def test_patch_account_with_an_user_already_excluded_returning_404_status_code(client, session): """ GIVEN a Flask application WHEN the '/account' URL is requested (PATCH) with inexistent user THEN check the response HTTP 404 response """ user = create_user(session) tokens = create_tokens(user.username) # delete the user session.delete(user) session.commit() # request response = client.patch('/account', content_type='application/json', headers={'Authorization': 'Bearer ' + tokens['access']['enconded']}) # asserts assert response.status_code == 404 assert response.json['status'] == 'error' assert response.json['message'] == 'not Found'
def test_delete_with_all_data_passed_returning_200_status_code( client, session): """ GIVEN a Flask application WHEN the '/account' URL is requested (DELETE) THEN check the response is valid """ user = create_user(session) tokens = create_tokens(user.username) endpoint = '/account' # assert user was deleted response = client.delete( endpoint, headers={'Authorization': 'Bearer ' + tokens['access']['enconded']}) assert response.status_code == 201 from app.model import Token tokens = session.query(Token).filter_by(user_identity=user.username, revoked=False).all() assert len(tokens) == 0
def test_delete_with_inexistent_user_id_returning_404_status_code( client, session): """ GIVEN a Flask application WHEN the '/account' URL is requested (DELETE) with inexistent user THEN check the response HTTP 404 response """ user = create_user(session) tokens = create_tokens(user.username) # delete the user session.delete(user) session.commit() # request endpoint = '/account' response = client.delete( endpoint, headers={'Authorization': 'Bearer ' + tokens['access']['enconded']}) assert response.status_code == 404 assert response.json['status'] == 'error' assert response.json['message'] == 'not Found'
def test_auth_list_tokens_of_logged_user_returning_200_status_code( client, session): """ GIVEN a Flask application WHEN the '/auth/token' URL is requested (GET) THEN check the response is valid and for the tokens created """ user = create_user(session) tokens = create_tokens(user.username) # request response = client.get( '/auth/token', content_type='application/json', headers={'Authorization': 'Bearer ' + tokens['access']['enconded']}) # asserts assert response.status_code == 200 assert response.json['status'] == 'success' data = response.json['data'] assert len(data) == 2 assert data[0]['token_type'] == 'access' assert data[0]['jti'] == tokens['access']['decoded']['jti'] assert data[1]['token_type'] == 'refresh' assert data[1]['jti'] == tokens['refresh']['decoded']['jti']