def test_delete_without_permissions(app, client):
utils = Utils(app, client)
guid = utils.get_guid()
headers = {'Authorization': f'Bearer {utils.generate_access_token()}'}
resp = client.delete(f'/api/users/{guid}', headers=headers)
assert resp.status_code == 403
assert json.loads(resp.data.decode()).get('message') == 'Access Denied!'
def test_admin_update_without_data(app, client):
utils = Utils(app, client)
guid = utils.get_guid()
headers = {
'Authorization': f'Bearer {utils.generate_admin_access_token()}'
}
resp = client.put(f'/api/users/{guid}', headers=headers)
assert resp.status_code == 200
def test_admin_update_non_existing_role(app, client):
utils = Utils(app, client)
guid = utils.get_guid()
headers = {
'Authorization': f'Bearer {utils.generate_admin_access_token()}'
}
resp = client.put(f'/api/users/{guid}',
headers=headers,
json={'role': 'invalid'})
assert resp.status_code == 400
assert json.loads(resp.data.decode()).get('message') == 'Invalid Role'
def test_admin_update(app, client):
utils = Utils(app, client)
guid = utils.get_guid()
data = {'displayName': 'My new display name!'}
headers = {
'Authorization': f'Bearer {utils.generate_admin_access_token()}'
}
resp = client.put(f'/api/users/{guid}', headers=headers, json=data)
assert resp.status_code == 200
assert json.loads(resp.data.decode()).get('data').get(
'displayName') == data.get('displayName')
def test_get(app, client):
utils = Utils(app, client)
guid = utils.get_guid()
headers = {
'Authorization': f'Bearer {utils.generate_admin_access_token()}'
}
resp = client.get(f'/api/users/{guid}', headers=headers)
assert resp.status_code == 200
assert json.loads(
resp.data.decode()).get('data').get('email') == '*****@*****.**'
assert json.loads(
resp.data.decode()).get('data').get('displayName') == 'test'
assert not json.loads(resp.data.decode()).get('data').get('2fa')
def test_admin_update_enable_2fa(app, client):
utils = Utils(app, client)
guid = utils.get_guid()
headers = {
'Authorization': f'Bearer {utils.generate_admin_access_token()}'
}
resp = client.put(f'/api/users/{guid}',
headers=headers,
json={'totp_enabled': True})
assert resp.status_code == 400
assert json.loads(resp.data.decode()).get(
'message') == 'You are not allowed to enable 2FA.'
def test_admin_update_disable_2fa(app, client):
utils = Utils(app, client)
utils.enable_2fa()
guid = utils.get_guid()
headers = {
'Authorization': f'Bearer {utils.generate_admin_access_token()}'
}
# check if 2fa is enabled
resp = client.get(f'/api/users/{guid}', headers=headers)
assert json.loads(resp.data.decode()).get('data').get('2fa')
# disable 2fa
resp = client.put(f'/api/users/{guid}',
headers=headers,
json={'totp_enabled': False})
assert resp.status_code == 200
assert not json.loads(resp.data.decode()).get('data').get('2fa')
def test_delete(app, client):
utils = Utils(app, client)
# create user to delete
data = {
'username': '******',
'password': '******',
'email': '*****@*****.**',
'role': 'user'
}
headers = {
'Authorization': f'Bearer {utils.generate_admin_access_token()}'
}
resp = client.post('/api/users', headers=headers, json=data)
assert resp.status_code == 201
guid = utils.get_guid('new_user')
resp = client.delete(f'/api/users/{guid}', headers=headers)
assert resp.status_code == 200
assert json.loads(
resp.data.decode()).get('data') == 'Successfully deleted user!'
