def test_cors(flask_client, admin_token):
"""
Test Cross Origin Requests settings
"""
saved_cors = settings.config.web_enableCrossOriginRequests
try:
settings.config.web_enableCrossOriginRequests = False
resp = api.get_options('')
assert 'Access-Control-Allow-Origin' not in resp.headers
assert 'Access-Control-Max-Age' not in resp.headers
api.users_list(admin_token)
assert 'Access-Control-Allow-Origin' not in api.last_response.headers
settings.config.web_enableCrossOriginRequests = True
resp = api.get_options('')
assert resp.headers['Access-Control-Allow-Origin'] == '*'
assert 'Access-Control-Max-Age' in resp.headers
resp = api.get_options('users')
# Actualy this is just plain response but with headers added in after-request flask hook
assert resp.headers['Access-Control-Allow-Origin'] == '*'
api.users_list(admin_token)
assert api.last_response.headers['Access-Control-Allow-Origin'] == '*'
finally:
settings.config.web_enableCrossOriginRequests = saved_cors
def test_expired_token(mock_now, admin_token):
"""
Mock time so jwt should be expired.
"""
mock_now.return_value = datetime.datetime.now(
timezone.utc) + settings.config.token_expiration_delta
api.users_list(admin_token, expected_statuses=[501])
def test_users_list_empty_params(user, admin_token):
"""
Test empty list params list
"""
api.create_user(admin_token, user)
assert len(api.users_list(admin_token)) == 1 + DEFAULT_USERS
api.users_list(admin_token, page='-1',
expected_statuses=[501,
400]) # 400 for auto exc of transmute
def test_user_crud(random_user, admin_token):
"""
Create user, get user list, delete user.
"""
random_user['group'] = 'full'
new_user_id = api.create_user(admin_token, random_user)['id']
data = api.users_list(admin_token)
assert len(data) == 1 + DEFAULT_USERS
for resp_user in data:
if resp_user['email'] == random_user['email']:
break
else:
assert False, f'Created user [{random_user}] not found in the list [{data}]'
api.delete_user(admin_token, new_user_id)
assert len(api.users_list(admin_token)) == DEFAULT_USERS
def test_delete_fail(user_id, admin_token):
"""
Tries to delete user in empty DB.
"""
data = api.users_list(admin_token)
log.debug('empty db users ' + str(data))
existed_users = set()
for user in data:
existed_users.add(user['id'])
log.debug('existed id ' + str(existed_users))
while str(user_id) in existed_users:
user_id += 1
api.delete_user(admin_token, user_id, expected_statuses=[400])
def test_users_list_columns(users, admin_token):
"""
Creates users and check API request user list
"""
for user in users:
api.create_user(admin_token, user)
data = api.users_list(admin_token)
assert len(data) == len(users) + DEFAULT_USERS
user_dict = {user['email']: user for user in data}
for user in users:
assert user['email'] in user_dict
list_user = user_dict[user['email']]
assert list_user['name'] == user['name']
assert list_user['group'] == user['group']
assert 'password' not in list_user
assert 'password_hash' not in list_user
def test_admin_auth_success(admin_token):
"""
Get jwt for admin default user and use it.
"""
assert len(admin_token) > 20
assert len(api.users_list(admin_token)) == DEFAULT_USERS
def test_users_list_wrong_per_page(admin_token):
"""
Reguest user list with per_page=0
"""
api.users_list(admin_token, per_page=0, expected_statuses=[501])
def test_users_list_empty(admin_token):
"""
Empty db returns empty user list
"""
assert len(api.users_list(admin_token)) == DEFAULT_USERS
def test_users_list_nonadmin_token(full_token):
"""
Users list with non-admin token
"""
api.users_list(full_token, expected_statuses=[403])
def test_users_list_wrong_token(wrong_token):
"""
Users list with wrong token
"""
api.users_list(wrong_token, expected_statuses=[401])