def test_delete_widget_no_admin_token(client, db, admin, user):
response = login_user(client, email=ADMIN_EMAIL)
assert "access_token" in response.json
access_token = response.json["access_token"]
response = create_widget(client, access_token)
assert response.status_code == HTTPStatus.CREATED
response = login_user(client, email=EMAIL)
assert "access_token" in response.json
access_token = response.json["access_token"]
response = delete_widget(client, access_token, widget_name=DEFAULT_NAME)
assert response.status_code == HTTPStatus.FORBIDDEN
assert "message" in response.json and response.json["message"] == FORBIDDEN
def test_create_widget_no_admin_token(client, db, user):
response = login_user(client, email=EMAIL)
assert "access_token" in response.json
access_token = response.json["access_token"]
response = create_widget(client, access_token)
assert response.status_code == HTTPStatus.FORBIDDEN
assert "message" in response.json and response.json["message"] == FORBIDDEN
def test_update_widget(client, db, admin):
response = login_user(client, email=ADMIN_EMAIL)
assert "access_token" in response.json
access_token = response.json["access_token"]
response = create_widget(client, access_token)
assert response.status_code == HTTPStatus.CREATED
response = update_widget(
client,
access_token,
widget_name=DEFAULT_NAME,
info_url=UPDATED_URL,
deadline_str=UPDATED_DEADLINE,
)
assert response.status_code == HTTPStatus.OK
response = retrieve_widget(client, access_token, widget_name=DEFAULT_NAME)
assert response.status_code == HTTPStatus.OK
assert "name" in response.json and response.json["name"] == DEFAULT_NAME
assert "info_url" in response.json and response.json[
"info_url"] == UPDATED_URL
assert "deadline" in response.json and UPDATED_DEADLINE in response.json[
"deadline"]
assert "owner" in response.json and "email" in response.json["owner"]
assert response.json["owner"]["email"] == ADMIN_EMAIL
def test_update_octocat(client, db, admin):
response = login_user(client, email=ADMIN_EMAIL)
assert "access_token" in response.json
access_token = response.json["access_token"]
response = create_octocat(client, access_token)
assert response.status_code == HTTPStatus.CREATED
response = update_octocat(
client,
access_token,
octocat_name=DEFAULT_CAT_NAME,
url=UPDATED_URL,
age=UPDATED_AGE,
)
print(f"---------------{response.json}")
assert response.status_code == HTTPStatus.OK
response = retrieve_octocat(client,
access_token,
octocat_name=DEFAULT_CAT_NAME)
assert response.status_code == HTTPStatus.OK
assert "name" in response.json and response.json["name"] == DEFAULT_CAT_NAME
assert "age" in response.json and response.json["age"] == UPDATED_AGE
assert "url" in response.json and response.json["url"] == UPDATED_URL
def test_login_email_does_not_exist(client, db):
response = login_user(client)
assert response.status_code == HTTPStatus.UNAUTHORIZED
assert "status" in response.json and response.json["status"] == "fail"
assert "message" in response.json and response.json[
"message"] == UNAUTHORIZED
assert "access_token" not in response.json
def test_create_widget_invalid_deadline(client, db, admin, deadline_str):
response = login_user(client, email=ADMIN_EMAIL)
assert "access_token" in response.json
access_token = response.json["access_token"]
response = create_widget(client, access_token, deadline_str=deadline_str)
assert response.status_code == HTTPStatus.BAD_REQUEST
assert "message" in response.json and response.json["message"] == BAD_REQUEST
assert "errors" in response.json and "deadline" in response.json["errors"]
def test_retrieve_widget_does_not_exist(client, db, user):
response = login_user(client, email=EMAIL)
assert "access_token" in response.json
access_token = response.json["access_token"]
response = retrieve_widget(client, access_token, widget_name=DEFAULT_NAME)
assert response.status_code == HTTPStatus.NOT_FOUND
assert ("message" in response.json
and f"{DEFAULT_NAME} not found in database"
in response.json["message"])
def test_auth_user(client, db):
register_user(client)
response = login_user(client)
assert "access_token" in response.json
access_token = response.json["access_token"]
response = get_user(client, access_token)
assert response.status_code == HTTPStatus.OK
assert "email" in response.json and response.json["email"] == EMAIL
assert "admin" in response.json and not response.json["admin"]
def test_create_widget_already_exists(client, db, admin):
response = login_user(client, email=ADMIN_EMAIL)
assert "access_token" in response.json
access_token = response.json["access_token"]
response = create_widget(client, access_token)
assert response.status_code == HTTPStatus.CREATED
response = create_widget(client, access_token)
assert response.status_code == HTTPStatus.CONFLICT
name_conflict = f"Widget name: {DEFAULT_NAME} already exists, must be unique."
assert "message" in response.json and response.json["message"] == name_conflict
def test_delete_widget(client, db, admin):
response = login_user(client, email=ADMIN_EMAIL)
assert "access_token" in response.json
access_token = response.json["access_token"]
response = create_widget(client, access_token)
assert response.status_code == HTTPStatus.CREATED
response = delete_widget(client, access_token, widget_name=DEFAULT_NAME)
assert response.status_code == HTTPStatus.NO_CONTENT
response = retrieve_widget(client, access_token, widget_name=DEFAULT_NAME)
assert response.status_code == HTTPStatus.NOT_FOUND
def test_retrieve_octocat_non_admin_user(client, db, admin, user):
response = login_user(client, email=ADMIN_EMAIL)
assert "access_token" in response.json
access_token = response.json["access_token"]
response = create_octocat(client, access_token)
assert response.status_code == HTTPStatus.CREATED
response = login_user(client, email=EMAIL)
assert "access_token" in response.json
access_token = response.json["access_token"]
response = retrieve_octocat(client,
access_token,
octocat_name=DEFAULT_CAT_NAME)
assert response.status_code == HTTPStatus.OK
assert "name" in response.json and response.json["name"] == DEFAULT_CAT_NAME
assert "url" in response.json and response.json["url"] == DEFAULT_URL
assert "age" in response.json and response.json["age"] == DEFAULT_AGE
def test_create_widget_invalid_name(client, db, admin, widget_name):
response = login_user(client, email=ADMIN_EMAIL)
assert "access_token" in response.json
access_token = response.json["access_token"]
response = create_widget(client, access_token, widget_name=widget_name)
assert response.status_code == HTTPStatus.BAD_REQUEST
assert "message" in response.json and response.json[
"message"] == BAD_REQUEST
assert "errors" in response.json and "name" in response.json["errors"]
name_error = f"'{widget_name}' contains one or more invalid characters."
assert name_error in response.json["errors"]["name"]
def test_create_widget_invalid_url(client, db, admin, info_url):
response = login_user(client, email=ADMIN_EMAIL)
assert "access_token" in response.json
access_token = response.json["access_token"]
response = create_widget(client, access_token, info_url=info_url)
assert response.status_code == HTTPStatus.BAD_REQUEST
assert "message" in response.json and response.json[
"message"] == BAD_REQUEST
assert "errors" in response.json and "info_url" in response.json["errors"]
assert f"{info_url} is not a valid URL." in response.json["errors"][
"info_url"]
def test_logout_auth_token_expired(client, db):
register_user(client)
response = login_user(client)
assert "access_token" in response.json
access_token = response.json["access_token"]
time.sleep(6)
response = logout_user(client, access_token)
assert response.status_code == HTTPStatus.UNAUTHORIZED
assert "message" in response.json and response.json["message"] == TOKEN_EXPIRED
assert "WWW-Authenticate" in response.headers
assert response.headers["WWW-Authenticate"] == WWW_AUTH_EXPIRED_TOKEN
def test_create_widget_valid_deadline(client, db, admin, deadline_str):
response = login_user(client, email=ADMIN_EMAIL)
assert "access_token" in response.json
access_token = response.json["access_token"]
response = create_widget(client, access_token, deadline_str=deadline_str)
assert response.status_code == HTTPStatus.CREATED
assert "status" in response.json and response.json["status"] == "success"
success = f"New widget added: {DEFAULT_NAME}."
assert "message" in response.json and response.json["message"] == success
location = f"http://localhost/api/v1/widgets/{DEFAULT_NAME}"
assert "Location" in response.headers and response.headers["Location"] == location
def test_logout_token_blacklisted(client, db):
register_user(client)
response = login_user(client)
assert "access_token" in response.json
access_token = response.json["access_token"]
response = logout_user(client, access_token)
assert response.status_code == HTTPStatus.OK
response = logout_user(client, access_token)
assert response.status_code == HTTPStatus.UNAUTHORIZED
assert "message" in response.json and response.json["message"] == TOKEN_BLACKLISTED
assert "WWW-Authenticate" in response.headers
assert response.headers["WWW-Authenticate"] == WWW_AUTH_BLACKLISTED_TOKEN
def test_login(client, db):
register_user(client)
response = login_user(client)
assert response.status_code == HTTPStatus.OK
assert "status" in response.json and response.json["status"] == "success"
assert "message" in response.json and response.json["message"] == SUCCESS
assert "access_token" in response.json
access_token = response.json["access_token"]
result = User.decode_access_token(access_token)
assert result.success
user_dict = result.value
assert not user_dict["admin"]
user = User.find_by_public_id(user_dict["public_id"])
assert user and user.email == EMAIL
def test_create_octocat_valid_name(client, db, admin, octocat_name):
response = login_user(client, email=ADMIN_EMAIL)
assert "access_token" in response.json
access_token = response.json["access_token"]
response = create_octocat(client, access_token, octocat_name=octocat_name)
assert response.status_code == HTTPStatus.CREATED
assert "status" in response.json and response.json["status"] == "success"
success = f"New octocat added: {octocat_name}."
assert "message" in response.json and response.json["message"] == success
location = f"http://localhost/api/v1/octocats/{octocat_name}"
assert "Location" in response.headers and response.headers["Location"] == location
def test_logout(client, db):
register_user(client)
response = login_user(client)
assert "access_token" in response.json
access_token = response.json["access_token"]
blacklist = BlacklistedToken.query.all()
assert len(blacklist) == 0
response = logout_user(client, access_token)
assert response.status_code == HTTPStatus.OK
assert "status" in response.json and response.json["status"] == "success"
assert "message" in response.json and response.json["message"] == SUCCESS
blacklist = BlacklistedToken.query.all()
assert len(blacklist) == 1
assert access_token == blacklist[0].token
def test_authuser_status_valid_user_expired_token(self, client, db):
""" AuthUserStatus endpoint should return 401 and message for expired token. """
user = dict(user_name="great_user",
email="*****@*****.**",
password="******")
register_user(client, **user)
response = login_user(client, **user)
assert "access_token" in response.json
access_token = response.json["access_token"]
sleep(6)
response = get_user(client, access_token)
assert response.status_code == 401
def test_update_widget_does_not_exist_invalid_name(client, db, admin):
response = login_user(client, email=ADMIN_EMAIL)
assert "access_token" in response.json
access_token = response.json["access_token"]
widget_name = "abc!23"
response = update_widget(
client,
access_token,
widget_name=widget_name,
info_url=UPDATED_URL,
deadline_str=UPDATED_DEADLINE,
)
assert response.status_code == HTTPStatus.BAD_REQUEST
name_error = f"'{widget_name}' contains one or more invalid characters."
assert name_error in response.json["message"]
def test_authuser_status_valid_user(self, client, db):
""" AuthUserStatus endpoint should return 200 and user data for logged in user. """
user = dict(user_name="great_user",
email="*****@*****.**",
password="******")
register_user(client, **user)
response = login_user(client, **user)
assert "access_token" in response.json
access_token = response.json["access_token"]
response = get_user(client, access_token)
assert response.status_code == 200
assert "email" in response.json and response.json["email"] == user[
"email"]
assert "is_admin" in response.json and not response.json["is_admin"]
def test_authlogout_valid_user(self, client, db):
""" AuthLogout endpoint should return 200 and message for user with valid token. """
user = dict(user_name="great_user",
email="*****@*****.**",
password="******")
register_user(client, **user)
response = login_user(client, **user)
assert "access_token" in response.json
access_token = response.json["access_token"]
response = logout_user(client, access_token, **user)
assert response.status_code == 200
blacklist = BlacklistedTokens.query.all()
assert len(blacklist) == 1
assert access_token == blacklist[0].token
def test_create_widget_bundle_errors(client, db, admin):
response = login_user(client, email=ADMIN_EMAIL)
assert "access_token" in response.json
access_token = response.json["access_token"]
response = create_widget(
client,
access_token,
widget_name="widget name",
info_url="www.widget.info",
deadline_str="1/1/1970",
)
assert response.status_code == HTTPStatus.BAD_REQUEST
assert "message" in response.json and response.json[
"message"] == BAD_REQUEST
assert "errors" in response.json and "name" in response.json["errors"]
assert ("info_url" in response.json["errors"]
and "deadline" in response.json["errors"])
def test_retrieve_paginated_octocat_list(client, db, admin):
response = login_user(client, email=ADMIN_EMAIL)
assert "access_token" in response.json
access_token = response.json["access_token"]
# ADD SEVEN octocat INSTANCES TO DATABASE
for i in range(0, len(NAMES)):
response = create_octocat(
client,
access_token,
octocat_name=NAMES[i],
url=URLS[i],
age=AGES[i],
)
assert response.status_code == HTTPStatus.CREATED
# REQUEST PAGINATED LIST OF OCTOCATS: 5 PER PAGE, PAGE #1
response = retrieve_octocat_list(client, access_token, page=1, per_page=5)
assert response.status_code == HTTPStatus.OK
# VERIFY PAGINATION ATTRIBUTES FOR PAGE #1
assert "has_prev" in response.json and not response.json["has_prev"]
assert "has_next" in response.json and response.json["has_next"]
assert "page" in response.json and response.json["page"] == 1
assert "total_pages" in response.json and response.json["total_pages"] == 2
assert "items_per_page" in response.json and response.json[
"items_per_page"] == 5
assert "total_items" in response.json and response.json["total_items"] == 7
assert "items" in response.json and len(response.json["items"]) == 5
# VERIFY ATTRIBUTES OF OCTOCATS #1-5
for i in range(0, len(response.json["items"])):
item = response.json["items"][i]
assert "name" in item and item["name"] == NAMES[i]
assert "url" in item and item["url"] == URLS[i]
assert "age" in item and item["age"] == AGES[i]
# REQUEST PAGINATED LIST OF OCTOCATS: 5 PER PAGE, PAGE #2
response = retrieve_octocat_list(client, access_token, page=2, per_page=5)
assert response.status_code == HTTPStatus.OK
# VERIFY PAGINATION ATTRIBUTES FOR PAGE #2
assert "has_prev" in response.json and response.json["has_prev"]
assert "has_next" in response.json and not response.json["has_next"]
assert "page" in response.json and response.json["page"] == 2
assert "total_pages" in response.json and response.json["total_pages"] == 2
assert "items_per_page" in response.json and response.json[
"items_per_page"] == 5
assert "total_items" in response.json and response.json["total_items"] == 7
assert "items" in response.json and len(response.json["items"]) == 2
# VERIFY ATTRIBUTES OF OCTOCATS #6-7
for i in range(5, response.json["total_items"]):
item = response.json["items"][i - 5]
assert "name" in item and item["name"] == NAMES[i]
assert "url" in item and item["url"] == URLS[i]
assert "age" in item and item["age"] == AGES[i]
# REQUEST PAGINATED LIST OF OCTOCATS: 10 PER PAGE, PAGE #1
response = retrieve_octocat_list(client, access_token, page=1, per_page=10)
assert response.status_code == HTTPStatus.OK
# VERIFY PAGINATION ATTRIBUTES FOR PAGE #1
assert "has_prev" in response.json and not response.json["has_prev"]
assert "has_next" in response.json and not response.json["has_next"]
assert "page" in response.json and response.json["page"] == 1
assert "total_pages" in response.json and response.json["total_pages"] == 1
assert "items_per_page" in response.json and response.json[
"items_per_page"] == 10
assert "total_items" in response.json and response.json["total_items"] == 7
assert "items" in response.json and len(response.json["items"]) == 7
# VERIFY ATTRIBUTES OF OCTOCATS #1-7
for i in range(0, len(response.json["items"])):
item = response.json["items"][i]
assert "name" in item and item["name"] == NAMES[i]
assert "url" in item and item["url"] == URLS[i]
assert "age" in item and item["age"] == AGES[i]
# REQUEST PAGINATED LIST OF OCTOCATS: DEFAULT PARAMETERS
response = retrieve_octocat_list(client, access_token)
assert response.status_code == HTTPStatus.OK
# VERIFY PAGINATION ATTRIBUTES FOR PAGE #1
assert "has_prev" in response.json and not response.json["has_prev"]
assert "has_next" in response.json and not response.json["has_next"]
assert "page" in response.json and response.json["page"] == 1
assert "total_pages" in response.json and response.json["total_pages"] == 1
assert "items_per_page" in response.json and response.json[
"items_per_page"] == 10
assert "total_items" in response.json and response.json["total_items"] == 7
assert "items" in response.json and len(response.json["items"]) == 7
# VERIFY ATTRIBUTES OF OCTOCATS #1-7
for i in range(0, len(response.json["items"])):
item = response.json["items"][i]
assert "name" in item and item["name"] == NAMES[i]
assert "url" in item and item["url"] == URLS[i]
assert "age" in item and item["age"] == AGES[i]
