def test_record_api_patch_fail(self): make_api(self.api, "Test", MyTestModel, MyTestSchema) with self.app.test_client() as c: # wrong content type patch_data = {"data": {"attributes": {"title": "Alice's Adventures in Wonderland"}, "type": "my-tests"}} response = c.patch( "/my-tests/{}".format(self.d1), data=json.dumps(patch_data), headers={"Content-Type": "application/json"}, ) self.assertEqual(response.status_code, 415) self.assertEqual(response.headers["Accept-Patch"], "application/vnd.api+json") # non validating patch patch_data = {"data": {"attributes": {"title": "Too short"}, "type": "my-tests"}} response = c.patch( "/my-tests/{}".format(self.d1), data=json.dumps(patch_data), headers={"Content-Type": "application/vnd.api+json"}, ) self.assertEqual(response.status_code, 415) # patch non existing item patch_data = {"data": {"attributes": {"title": "Long enough"}, "type": "my-tests"}} response = c.patch( "/my-tests/199", data=json.dumps(patch_data), headers={"Content-Type": "application/vnd.api+json"} ) self.assertEqual(response.status_code, 404)
def test_record_api_delete_fail(self): make_api(self.api, 'Test', MyTestModel, MyTestSchema) with self.app.test_client() as c: # delete non existing item response = c.delete('/my-tests/199') self.assertEqual(response.status_code, 404)
def test_record_api_delete_fail(self): make_api(self.api, "Test", MyTestModel, MyTestSchema) with self.app.test_client() as c: # delete non existing item response = c.delete("/my-tests/199") self.assertEqual(response.status_code, 404)
def test_record_api_patch_fail(self): make_api(self.api, 'Test', MyTestModel, MyTestSchema) with self.app.test_client() as c: # wrong content type patch_data = { "data": { "attributes": { "title": "Alice's Adventures in Wonderland" }, "type": "my-tests" } } response = c.patch('/my-tests/{}'.format(self.d1), data=json.dumps(patch_data), headers={'Content-Type': 'application/json'}) self.assertEqual(response.status_code, 415) self.assertEqual(response.headers['Accept-Patch'], 'application/vnd.api+json') # non validating patch patch_data = { "data": { "attributes": { "title": "Too short" }, "type": "my-tests" } } response = c.patch( '/my-tests/{}'.format(self.d1), data=json.dumps(patch_data), headers={'Content-Type': 'application/vnd.api+json'}) self.assertEqual(response.status_code, 415) # patch non existing item patch_data = { "data": { "attributes": { "title": "Long enough" }, "type": "my-tests" } } response = c.patch( '/my-tests/199', data=json.dumps(patch_data), headers={'Content-Type': 'application/vnd.api+json'}) self.assertEqual(response.status_code, 404)
def test_record_api_post_fail(self): make_api(self.api, "Test", MyTestModel, MyTestSchema) with self.app.test_client() as c: # wrong content type post_data = { "data": { "attributes": {"title": "Dennis the Menace", "author": "Hank Ketcham", "owner_id": "2"}, "type": "my-tests", } } response = c.post("/my-tests", data=json.dumps(post_data), headers={"Content-Type": "application/json"}) self.assertEqual(response.status_code, 415) self.assertEqual(response.headers["Accept-Patch"], "application/vnd.api+json") # non validating content post_data = {"data": {"attributes": {"title": "Too short", "owner_id": "2"}, "type": "my-tests"}} response = c.post( "/my-tests", data=json.dumps(post_data), headers={"Content-Type": "application/vnd.api+json"} ) self.assertEqual(response.status_code, 415)
def test_record_api_post_fail(self): make_api(self.api, 'Test', MyTestModel, MyTestSchema) with self.app.test_client() as c: # wrong content type post_data = { "data": { "attributes": { "title": "Dennis the Menace", "author": "Hank Ketcham", "owner_id": "2", }, "type": "my-tests" } } response = c.post('/my-tests', data=json.dumps(post_data), headers={'Content-Type': 'application/json'}) self.assertEqual(response.status_code, 415) self.assertEqual(response.headers['Accept-Patch'], 'application/vnd.api+json') # non validating content post_data = { "data": { "attributes": { "title": "Too short", "owner_id": "2", }, "type": "my-tests" } } response = c.post( '/my-tests', data=json.dumps(post_data), headers={'Content-Type': 'application/vnd.api+json'}) self.assertEqual(response.status_code, 415)
'FolderNode': ['create', 'read', 'update', 'delete'], 'DocumentNode': ['create', 'read', 'update', 'delete'], 'Document': ['create', 'read', 'update', 'delete'], 'ContentNode': ['read'] }, WBRoleModel.anonymous_role_name: { 'User': ['read'], 'Node': ['read'], 'FolderNode': ['read'], 'DocumentNode': ['read'], 'Document': ['read'], 'ContentNode': ['read'] } }) make_api(api, 'User', UserModel, UserSchema, api_authorizers=[api_acl.authorize]) make_api(api, 'Node', NodeModel, NodeSchema, api_authorizers=[api_acl.authorize]) # FIXME: add record_authorizer make_api(api, 'FolderNode', FolderNodeModel, FolderNodeSchema, api_authorizers=[api_acl.authorize]) # FIXME: add record_authorizer make_api(api, 'DocumentNode', DocumentNodeModel, DocumentNodeSchema, api_authorizers=[api_acl.authorize]) # FIXME: add record_authorizer make_api(api, 'Document', DocumentModel, DocumentSchema, api_authorizers=[api_acl.authorize]) # FIXME: add record_authorizer make_api(api, 'ContentNode', NodeModel, ContentNodeSchema, api_authorizers=[api_acl.authorize])#,
def test_record_api(self): make_api(self.api, "Test", MyTestModel, MyTestSchema) with self.app.test_client() as c: # get all response = c.get("/my-tests") self.assertEqual(response.status_code, 200) self.assertEqual( response.data, '{"data": [{"attributes": {"owner": {"data": {"attributes": {"username": "******"}, "type": "users", "id": "1"}}, "owner-id": 1, "author": "Lewis Caroll", "title": "Alice in Wonderland"}, "type": "my-tests", "id": "1"}, {"attributes": {"owner": {"data": {"attributes": {"username": "******"}, "type": "users", "id": "2"}}, "owner-id": 2, "author": "Stephen Hillenburg", "title": "SpongeBob"}, "type": "my-tests", "id": "2"}, {"attributes": {"owner": {"data": {"attributes": {"username": "******"}, "type": "users", "id": "3"}}, "owner-id": 3, "author": "Martin Handford", "title": "O\\u00f9 est Charlie?"}, "type": "my-tests", "id": "3"}]}\n', ) # get one response = c.get("/my-tests/{}".format(self.d1)) self.assertEqual(response.status_code, 200) self.assertEqual( response.data, '{"data": {"attributes": {"owner": {"data": {"attributes": {"username": "******"}, "type": "users", "id": "1"}}, "owner-id": 1, "author": "Lewis Caroll", "title": "Alice in Wonderland"}, "type": "my-tests", "id": "1"}}\n', ) # patch patch_data = {"data": {"attributes": {"title": "Alice's Adventures in Wonderland"}, "type": "my-tests"}} response = c.patch( "/my-tests/{}".format(self.d1), data=json.dumps(patch_data), headers={"Content-Type": "application/vnd.api+json"}, ) self.assertEqual(response.status_code, 204) self.assertEqual(response.headers["Content-Location"], "/my-tests/{}".format(self.d1)) # check if patch was successful response = c.get("/my-tests/{}".format(self.d1)) self.assertEqual(response.status_code, 200) self.assertEqual( response.data, '{"data": {"attributes": {"owner": {"data": {"attributes": {"username": "******"}, "type": "users", "id": "1"}}, "owner-id": 1, "author": "Lewis Caroll", "title": "Alice\'s Adventures in Wonderland"}, "type": "my-tests", "id": "1"}}\n', ) # delete response = c.delete("/my-tests/{}".format(self.d1)) self.assertEqual(response.status_code, 204) self.assertEqual(response.data, "") # get non existing item / check if delete was successful response = c.get("/my-tests/{}".format(self.d1)) self.assertEqual(response.status_code, 404) # post post_data = { "data": { "attributes": {"title": "Dennis the Menace", "author": "Hank Ketcham", "owner_id": "2"}, "type": "my-tests", } } response = c.post( "/my-tests", data=json.dumps(post_data), headers={"Content-Type": "application/vnd.api+json"} ) self.assertEqual(response.status_code, 200) self.assertEqual(response.headers["Content-Location"], "/my-tests/4") # check if post was successful response = c.get(response.headers["Content-Location"]) self.assertEqual(response.status_code, 200) self.assertEqual( response.data, '{"data": {"attributes": {"owner": {"data": {"attributes": {"username": "******"}, "type": "users", "id": "2"}}, "owner-id": 2, "author": "Hank Ketcham", "title": "Dennis the Menace"}, "type": "my-tests", "id": "4"}}\n', )
def test_record_api_with_acl_user_2(self): add_session_management_urls(self.app) make_api( self.api, "Test", MyTestModel, MyTestSchema, record_authorizer=IsOwner(), api_authorizers=[my_test_acl.authorize], ) with self.app.test_client() as c: response = c.post("/authenticate", data={"username": "******", "password": "******"}) response = json.loads(response.data) session_id = response["session_id"] secret = response["session_secret"] # get all Bob's records headers = HMACAuthenticator.get_authorization_headers(session_id, secret, "/my-tests") response = c.get("/my-tests", headers=headers) self.assertEqual(response.status_code, 200) self.assertEqual( response.data, '{"data": [{"attributes": {"owner": {"data": {"attributes": {"username": "******"}, "type": "users", "id": "2"}}, "owner-id": 2, "author": "Stephen Hillenburg", "title": "SpongeBob"}, "type": "my-tests", "id": "2"}]}\n', ) # get one allowed record headers = HMACAuthenticator.get_authorization_headers(session_id, secret, "/my-tests/{}".format(self.d2)) response = c.get("/my-tests/{}".format(self.d2), headers=headers) self.assertEqual(response.status_code, 200) self.assertEqual( response.data, '{"data": {"attributes": {"owner": {"data": {"attributes": {"username": "******"}, "type": "users", "id": "2"}}, "owner-id": 2, "author": "Stephen Hillenburg", "title": "SpongeBob"}, "type": "my-tests", "id": "2"}}\n', ) # patch records patch_data = json.dumps({"data": {"attributes": {"title": "SpongeBob SquarePants"}, "type": "my-tests"}}) headers = HMACAuthenticator.get_authorization_headers( session_id, secret, "/my-tests/{}".format(self.d2), method="PATCH", content_type="application/vnd.api+json", body=patch_data, ) headers["Content-Type"] = "application/vnd.api+json" response = c.patch("/my-tests/{}".format(self.d2), data=patch_data, headers=headers) self.assertEqual(response.status_code, 405) # delete own file headers = HMACAuthenticator.get_authorization_headers( session_id, secret, "/my-tests/{}".format(self.d2), method="DELETE" ) response = c.delete("/my-tests/{}".format(self.d2), headers=headers) self.assertEqual(response.status_code, 405) # post post_data = json.dumps( { "data": { "attributes": {"title": "Dennis the Menace", "author": "Hank Ketcham", "owner_id": "2"}, "type": "my-tests", } } ) headers = HMACAuthenticator.get_authorization_headers( session_id, secret, "/my-tests", method="POST", content_type="application/vnd.api+json", body=post_data ) headers["Content-Type"] = "application/vnd.api+json" response = c.post("/my-tests", data=post_data, headers=headers) self.assertEqual(response.status_code, 405)
def test_record_api_with_acl_user_1(self): add_session_management_urls(self.app) make_api( self.api, "Test", MyTestModel, MyTestSchema, record_authorizer=IsOwner(), api_authorizers=[my_test_acl.authorize], ) with self.app.test_client() as c: response = c.post("/authenticate", data={"username": "******", "password": "******"}) response = json.loads(response.data) session_id = response["session_id"] secret = response["session_secret"] # get all Alice's records headers = HMACAuthenticator.get_authorization_headers(session_id, secret, "/my-tests") response = c.get("/my-tests", headers=headers) self.assertEqual(response.status_code, 200) self.assertEqual( response.data, '{"data": [{"attributes": {"owner": {"data": {"attributes": {"username": "******"}, "type": "users", "id": "1"}}, "owner-id": 1, "author": "Lewis Caroll", "title": "Alice in Wonderland"}, "type": "my-tests", "id": "1"}]}\n', ) # get one allowed record headers = HMACAuthenticator.get_authorization_headers(session_id, secret, "/my-tests/{}".format(self.d1)) response = c.get("/my-tests/{}".format(self.d1), headers=headers) self.assertEqual(response.status_code, 200) self.assertEqual( response.data, '{"data": {"attributes": {"owner": {"data": {"attributes": {"username": "******"}, "type": "users", "id": "1"}}, "owner-id": 1, "author": "Lewis Caroll", "title": "Alice in Wonderland"}, "type": "my-tests", "id": "1"}}\n', ) # get a forbidden record headers = HMACAuthenticator.get_authorization_headers(session_id, secret, "/my-tests/{}".format(self.d2)) response = c.get("/my-tests/{}".format(self.d2), headers=headers) self.assertEqual(response.status_code, 403) # patch Alice's records patch_data = json.dumps( {"data": {"attributes": {"title": "Alice's Adventures in Wonderland"}, "type": "my-tests"}} ) headers = HMACAuthenticator.get_authorization_headers( session_id, secret, "/my-tests/{}".format(self.d1), method="PATCH", content_type="application/vnd.api+json", body=patch_data, ) headers["Content-Type"] = "application/vnd.api+json" response = c.patch("/my-tests/{}".format(self.d1), data=patch_data, headers=headers) self.assertEqual(response.status_code, 204) self.assertEqual(response.headers["Content-Location"], "/my-tests/{}".format(self.d1)) # patch someone else's record: this is forbidden (because not owner) patch_data = json.dumps({"data": {"attributes": {"title": "SpongeBob SquarePants"}, "type": "my-tests"}}) headers = HMACAuthenticator.get_authorization_headers( session_id, secret, "/my-tests/{}".format(self.d2), method="PATCH", content_type="application/vnd.api+json", body=patch_data, ) headers["Content-Type"] = "application/vnd.api+json" response = c.patch("/my-tests/{}".format(self.d2), data=patch_data, headers=headers) self.assertEqual(response.status_code, 403, response.data) # delete own file headers = HMACAuthenticator.get_authorization_headers( session_id, secret, "/my-tests/{}".format(self.d1), method="DELETE" ) response = c.delete("/my-tests/{}".format(self.d1), headers=headers) self.assertEqual(response.status_code, 204) self.assertEqual(response.data, "") # delete someone else file headers = HMACAuthenticator.get_authorization_headers( session_id, secret, "/my-tests/{}".format(self.d2), method="DELETE" ) response = c.delete("/my-tests/{}".format(self.d2), headers=headers) self.assertEqual(response.status_code, 403) # post post_data = json.dumps( { "data": { "attributes": {"title": "Dennis the Menace", "author": "Hank Ketcham", "owner_id": "2"}, "type": "my-tests", } } ) headers = HMACAuthenticator.get_authorization_headers( session_id, secret, "/my-tests", method="POST", content_type="application/vnd.api+json", body=post_data ) headers["Content-Type"] = "application/vnd.api+json" response = c.post("/my-tests", data=post_data, headers=headers) self.assertEqual(response.status_code, 200) self.assertEqual(response.headers["Content-Location"], "/my-tests/4")
def test_record_api_with_acl_user_2(self): add_session_management_urls(self.app) make_api(self.api, 'Test', MyTestModel, MyTestSchema, record_authorizer=IsOwner(), api_authorizers=[my_test_acl.authorize]) with self.app.test_client() as c: response = c.post('/authenticate', data={ 'username': '******', 'password': '******' }) response = json.loads(response.data) session_id = response['session_id'] secret = response['session_secret'] # get all Bob's records headers = HMACAuthenticator.get_authorization_headers( session_id, secret, '/my-tests') response = c.get('/my-tests', headers=headers) self.assertEqual(response.status_code, 200) self.assertEqual( response.data, '{"data": [{"attributes": {"owner": {"data": {"attributes": {"username": "******"}, "type": "users", "id": "2"}}, "owner-id": 2, "author": "Stephen Hillenburg", "title": "SpongeBob"}, "type": "my-tests", "id": "2"}]}\n' ) # get one allowed record headers = HMACAuthenticator.get_authorization_headers( session_id, secret, '/my-tests/{}'.format(self.d2)) response = c.get('/my-tests/{}'.format(self.d2), headers=headers) self.assertEqual(response.status_code, 200) self.assertEqual( response.data, '{"data": {"attributes": {"owner": {"data": {"attributes": {"username": "******"}, "type": "users", "id": "2"}}, "owner-id": 2, "author": "Stephen Hillenburg", "title": "SpongeBob"}, "type": "my-tests", "id": "2"}}\n' ) # patch records patch_data = json.dumps({ "data": { "attributes": { "title": "SpongeBob SquarePants" }, "type": "my-tests" } }) headers = HMACAuthenticator.get_authorization_headers( session_id, secret, '/my-tests/{}'.format(self.d2), method='PATCH', content_type='application/vnd.api+json', body=patch_data) headers['Content-Type'] = 'application/vnd.api+json' response = c.patch('/my-tests/{}'.format(self.d2), data=patch_data, headers=headers) self.assertEqual(response.status_code, 405) # delete own file headers = HMACAuthenticator.get_authorization_headers( session_id, secret, '/my-tests/{}'.format(self.d2), method='DELETE') response = c.delete('/my-tests/{}'.format(self.d2), headers=headers) self.assertEqual(response.status_code, 405) # post post_data = json.dumps({ "data": { "attributes": { "title": "Dennis the Menace", "author": "Hank Ketcham", "owner_id": "2", }, "type": "my-tests" } }) headers = HMACAuthenticator.get_authorization_headers( session_id, secret, '/my-tests', method='POST', content_type='application/vnd.api+json', body=post_data) headers['Content-Type'] = 'application/vnd.api+json' response = c.post('/my-tests', data=post_data, headers=headers) self.assertEqual(response.status_code, 405)
def test_record_api_with_acl_user_1(self): add_session_management_urls(self.app) make_api(self.api, 'Test', MyTestModel, MyTestSchema, record_authorizer=IsOwner(), api_authorizers=[my_test_acl.authorize]) with self.app.test_client() as c: response = c.post('/authenticate', data={ 'username': '******', 'password': '******' }) response = json.loads(response.data) session_id = response['session_id'] secret = response['session_secret'] # get all Alice's records headers = HMACAuthenticator.get_authorization_headers( session_id, secret, '/my-tests') response = c.get('/my-tests', headers=headers) self.assertEqual(response.status_code, 200) self.assertEqual( response.data, '{"data": [{"attributes": {"owner": {"data": {"attributes": {"username": "******"}, "type": "users", "id": "1"}}, "owner-id": 1, "author": "Lewis Caroll", "title": "Alice in Wonderland"}, "type": "my-tests", "id": "1"}]}\n' ) # get one allowed record headers = HMACAuthenticator.get_authorization_headers( session_id, secret, '/my-tests/{}'.format(self.d1)) response = c.get('/my-tests/{}'.format(self.d1), headers=headers) self.assertEqual(response.status_code, 200) self.assertEqual( response.data, '{"data": {"attributes": {"owner": {"data": {"attributes": {"username": "******"}, "type": "users", "id": "1"}}, "owner-id": 1, "author": "Lewis Caroll", "title": "Alice in Wonderland"}, "type": "my-tests", "id": "1"}}\n' ) # get a forbidden record headers = HMACAuthenticator.get_authorization_headers( session_id, secret, '/my-tests/{}'.format(self.d2)) response = c.get('/my-tests/{}'.format(self.d2), headers=headers) self.assertEqual(response.status_code, 403) # patch Alice's records patch_data = json.dumps({ "data": { "attributes": { "title": "Alice's Adventures in Wonderland" }, "type": "my-tests" } }) headers = HMACAuthenticator.get_authorization_headers( session_id, secret, '/my-tests/{}'.format(self.d1), method='PATCH', content_type='application/vnd.api+json', body=patch_data) headers['Content-Type'] = 'application/vnd.api+json' response = c.patch('/my-tests/{}'.format(self.d1), data=patch_data, headers=headers) self.assertEqual(response.status_code, 204) self.assertEqual(response.headers['Content-Location'], '/my-tests/{}'.format(self.d1)) # patch someone else's record: this is forbidden (because not owner) patch_data = json.dumps({ "data": { "attributes": { "title": "SpongeBob SquarePants" }, "type": "my-tests" } }) headers = HMACAuthenticator.get_authorization_headers( session_id, secret, '/my-tests/{}'.format(self.d2), method='PATCH', content_type='application/vnd.api+json', body=patch_data) headers['Content-Type'] = 'application/vnd.api+json' response = c.patch('/my-tests/{}'.format(self.d2), data=patch_data, headers=headers) self.assertEqual(response.status_code, 403, response.data) # delete own file headers = HMACAuthenticator.get_authorization_headers( session_id, secret, '/my-tests/{}'.format(self.d1), method='DELETE') response = c.delete('/my-tests/{}'.format(self.d1), headers=headers) self.assertEqual(response.status_code, 204) self.assertEqual(response.data, '') # delete someone else file headers = HMACAuthenticator.get_authorization_headers( session_id, secret, '/my-tests/{}'.format(self.d2), method='DELETE') response = c.delete('/my-tests/{}'.format(self.d2), headers=headers) self.assertEqual(response.status_code, 403) # post post_data = json.dumps({ "data": { "attributes": { "title": "Dennis the Menace", "author": "Hank Ketcham", "owner_id": "2", }, "type": "my-tests" } }) headers = HMACAuthenticator.get_authorization_headers( session_id, secret, '/my-tests', method='POST', content_type='application/vnd.api+json', body=post_data) headers['Content-Type'] = 'application/vnd.api+json' response = c.post('/my-tests', data=post_data, headers=headers) self.assertEqual(response.status_code, 200) self.assertEqual(response.headers['Content-Location'], '/my-tests/4')
def test_record_api(self): make_api(self.api, 'Test', MyTestModel, MyTestSchema) with self.app.test_client() as c: # get all response = c.get('/my-tests') self.assertEqual(response.status_code, 200) self.assertEqual( response.data, '{"data": [{"attributes": {"owner": {"data": {"attributes": {"username": "******"}, "type": "users", "id": "1"}}, "owner-id": 1, "author": "Lewis Caroll", "title": "Alice in Wonderland"}, "type": "my-tests", "id": "1"}, {"attributes": {"owner": {"data": {"attributes": {"username": "******"}, "type": "users", "id": "2"}}, "owner-id": 2, "author": "Stephen Hillenburg", "title": "SpongeBob"}, "type": "my-tests", "id": "2"}, {"attributes": {"owner": {"data": {"attributes": {"username": "******"}, "type": "users", "id": "3"}}, "owner-id": 3, "author": "Martin Handford", "title": "O\\u00f9 est Charlie?"}, "type": "my-tests", "id": "3"}]}\n' ) # get one response = c.get('/my-tests/{}'.format(self.d1)) self.assertEqual(response.status_code, 200) self.assertEqual( response.data, '{"data": {"attributes": {"owner": {"data": {"attributes": {"username": "******"}, "type": "users", "id": "1"}}, "owner-id": 1, "author": "Lewis Caroll", "title": "Alice in Wonderland"}, "type": "my-tests", "id": "1"}}\n' ) # patch patch_data = { "data": { "attributes": { "title": "Alice's Adventures in Wonderland" }, "type": "my-tests" } } response = c.patch( '/my-tests/{}'.format(self.d1), data=json.dumps(patch_data), headers={'Content-Type': 'application/vnd.api+json'}) self.assertEqual(response.status_code, 204) self.assertEqual(response.headers['Content-Location'], '/my-tests/{}'.format(self.d1)) # check if patch was successful response = c.get('/my-tests/{}'.format(self.d1)) self.assertEqual(response.status_code, 200) self.assertEqual( response.data, '{"data": {"attributes": {"owner": {"data": {"attributes": {"username": "******"}, "type": "users", "id": "1"}}, "owner-id": 1, "author": "Lewis Caroll", "title": "Alice\'s Adventures in Wonderland"}, "type": "my-tests", "id": "1"}}\n' ) # delete response = c.delete('/my-tests/{}'.format(self.d1)) self.assertEqual(response.status_code, 204) self.assertEqual(response.data, '') # get non existing item / check if delete was successful response = c.get('/my-tests/{}'.format(self.d1)) self.assertEqual(response.status_code, 404) # post post_data = { "data": { "attributes": { "title": "Dennis the Menace", "author": "Hank Ketcham", "owner_id": "2", }, "type": "my-tests" } } response = c.post( '/my-tests', data=json.dumps(post_data), headers={'Content-Type': 'application/vnd.api+json'}) self.assertEqual(response.status_code, 200) self.assertEqual(response.headers['Content-Location'], '/my-tests/4') # check if post was successful response = c.get(response.headers['Content-Location']) self.assertEqual(response.status_code, 200) self.assertEqual( response.data, '{"data": {"attributes": {"owner": {"data": {"attributes": {"username": "******"}, "type": "users", "id": "2"}}, "owner-id": 2, "author": "Hank Ketcham", "title": "Dennis the Menace"}, "type": "my-tests", "id": "4"}}\n' )