def test_get_session(app):
test_client = app.test_client()
login(test_client)
response = test_client.get('/session')
assert response.status_code == 204
test_client = app.test_client()
response = test_client.get('/session')
assert response.status_code == 401
def test_authorization(app):
test_client = app.test_client()
login(test_client, email='*****@*****.**',
password='******') ## normal role
response = json_call(test_client.post,
'/cats', {
'name': 'Dr. Kitty McMoewMoew',
'pattern': 'Tabby',
'age': 7
},
headers={'X-Requested-With': 'requests'})
assert response.status_code == 403
login(test_client, email='*****@*****.**',
password='******') ## admin role
response = json_call(test_client.post,
'/cats', {
'name': 'Dr. Kitty McMoewMoew',
'pattern': 'Tabby',
'age': 7
},
headers={'X-Requested-With': 'requests'})
assert response.status_code == 201
def test_filter_by_pattern(app):
test_client = app.test_client()
login(test_client)
response = json_call(test_client.get, '/cats?pattern=Tabby')
assert response.status_code == 200
assert response.json['count'] == 2
assert response.json['page'] == 1
assert response.json['total_pages'] == 1
assert len(response.json['data']) == 2
assert dict_contains(
response.json['data'][0], {
'id': 1,
'name': 'Ada',
'age': 5,
'pattern': 'Tabby',
'updated_at': iso_regex,
'created_at': iso_regex
})
assert dict_contains(
response.json['data'][1], {
'id': 2,
'name': 'Leo',
'age': 2,
'pattern': 'Tabby',
'updated_at': iso_regex,
'created_at': iso_regex
})
def test_greater_less_than(app):
test_client = app.test_client()
login(test_client)
response = json_call(test_client.get, '/cats?pattern=Tabby&age__gt=2')
assert response.status_code == 200
assert response.json['count'] == 1
assert response.json['page'] == 1
assert response.json['total_pages'] == 1
assert len(response.json['data']) == 1
assert response.json['data'][0]['name'] == 'Ada'
response = json_call(test_client.get, '/cats?pattern=Tabby&age__gte=2')
assert response.status_code == 200
assert response.json['count'] == 2
assert response.json['page'] == 1
assert response.json['total_pages'] == 1
assert len(response.json['data']) == 2
response = json_call(test_client.get, '/cats?pattern=Tabby&age__lte=2')
assert response.status_code == 200
assert response.json['count'] == 1
assert response.json['page'] == 1
assert response.json['total_pages'] == 1
assert len(response.json['data']) == 1
assert response.json['data'][0]['name'] == 'Leo'
response = json_call(test_client.get, '/cats?age__lt=3')
assert response.status_code == 200
assert response.json['count'] == 1
assert response.json['page'] == 1
assert response.json['total_pages'] == 1
assert len(response.json['data']) == 1
assert response.json['data'][0]['name'] == 'Leo'
def test_is_operator(app):
test_client = app.test_client()
login(test_client)
## setup
response = json_call(test_client.post,
'/cats', {
'name': 'Dr. Kitty McMoewMoew',
'pattern': 'Tabby'
},
headers={'X-Requested-With': 'requests'})
assert response.status_code == 201
response = json_call(test_client.get, '/users/1')
assert response.status_code == 200
user = response.json
user['active'] = False
response = json_call(test_client.put,
'/users/1',
user,
headers={'X-Requested-With': 'requests'})
assert response.status_code == 200
## is null
response = json_call(test_client.get, '/cats?age__is=null')
assert response.status_code == 200
assert response.json['count'] == 1
assert response.json['page'] == 1
assert response.json['total_pages'] == 1
assert len(response.json['data']) == 1
assert response.json['data'][0]['name'] == 'Dr. Kitty McMoewMoew'
## isnot null
response = json_call(test_client.get, '/cats?age__isnot=null')
assert response.status_code == 200
assert response.json['count'] == 3
assert response.json['page'] == 1
assert response.json['total_pages'] == 1
assert len(response.json['data']) == 3
## is true
response = json_call(test_client.get, '/users?active__is=true')
assert response.status_code == 200
assert response.json['count'] == 3
assert response.json['page'] == 1
assert response.json['total_pages'] == 1
assert len(response.json['data']) == 3
## is false
response = json_call(test_client.get, '/users?active__is=false')
assert response.status_code == 200
assert response.json['count'] == 1
assert response.json['page'] == 1
assert response.json['total_pages'] == 1
assert len(response.json['data']) == 1
assert response.json['data'][0]['email'] == '*****@*****.**'
def test_pagination(app):
test_client = app.test_client()
login(test_client)
response = json_call(test_client.get, '/cats?$page_size=1')
assert response.status_code == 200
assert response.json['count'] == 3
assert response.json['page'] == 1
assert response.json['total_pages'] == 3
assert len(response.json['data']) == 1
assert dict_contains(
response.json['data'][0], {
'id': 1,
'name': 'Ada',
'age': 5,
'pattern': 'Tabby',
'updated_at': iso_regex,
'created_at': iso_regex
})
response = json_call(test_client.get, '/cats?$page=2&$page_size=1')
assert response.status_code == 200
assert response.json['count'] == 3
assert response.json['page'] == 2
assert response.json['total_pages'] == 3
assert len(response.json['data']) == 1
assert dict_contains(
response.json['data'][0], {
'id': 2,
'name': 'Leo',
'age': 2,
'pattern': 'Tabby',
'updated_at': iso_regex,
'created_at': iso_regex
})
response = json_call(test_client.get, '/cats?$page=3&$page_size=1')
assert response.status_code == 200
assert response.json['count'] == 3
assert response.json['page'] == 3
assert response.json['total_pages'] == 3
assert len(response.json['data']) == 1
assert dict_contains(
response.json['data'][0], {
'id': 3,
'name': 'Wilhelmina',
'age': 4,
'pattern': 'Calico',
'updated_at': iso_regex,
'created_at': iso_regex
})
def test_delete(app):
test_client = app.test_client()
login(test_client)
response = test_client.delete('/cats/2',
headers={'X-Requested-With': 'requests'})
assert response.status_code == 204
response = test_client.get('/cats/2')
assert response.status_code == 404
response = json_call(test_client.delete,
'/cats/1234', {},
headers={'X-Requested-With': 'requests'})
assert response.status_code == 404
def test_field_selection(app):
test_client = app.test_client()
login(test_client)
response = json_call(test_client.get, '/cats?$fields=name,pattern')
assert response.status_code == 200
assert response.json['count'] == 3
assert response.json['page'] == 1
assert response.json['total_pages'] == 1
assert len(response.json['data']) == 3
assert response.json['data'][0] == {'name': 'Ada', 'pattern': 'Tabby'}
assert response.json['data'][1] == {'name': 'Leo', 'pattern': 'Tabby'}
assert response.json['data'][2] == {
'name': 'Wilhelmina',
'pattern': 'Calico'
}
def test_equality(app):
test_client = app.test_client()
login(test_client)
response = json_call(test_client.get, '/cats?pattern=Tabby')
assert response.status_code == 200
assert response.json['count'] == 2
assert response.json['page'] == 1
assert response.json['total_pages'] == 1
assert len(response.json['data']) == 2
response = json_call(test_client.get, '/cats?pattern__ne=Tabby')
assert response.status_code == 200
assert response.json['count'] == 1
assert response.json['page'] == 1
assert response.json['total_pages'] == 1
assert len(response.json['data']) == 1
assert response.json['data'][0]['name'] == 'Wilhelmina'
def test_retrieve(app):
test_client = app.test_client()
login(test_client)
response = json_call(test_client.get, '/cats/2')
assert response.status_code == 200
assert dict_contains(
response.json, {
'id': 2,
'name': 'Leo',
'age': 2,
'pattern': 'Tabby',
'updated_at': iso_regex,
'created_at': iso_regex
})
response = json_call(test_client.get, '/cats/1234')
assert response.status_code == 404
def test_in_operator(app):
test_client = app.test_client()
login(test_client)
response = json_call(test_client.get, '/cats?name__in=Ada&name__in=Leo')
assert response.status_code == 200
assert response.json['count'] == 2
assert response.json['page'] == 1
assert response.json['total_pages'] == 1
assert len(response.json['data']) == 2
response = json_call(test_client.get,
'/cats?name__notin=Ada&name__notin=Leo')
assert response.status_code == 200
assert response.json['count'] == 1
assert response.json['page'] == 1
assert response.json['total_pages'] == 1
assert len(response.json['data']) == 1
assert response.json['data'][0]['name'] == 'Wilhelmina'
def test_ip_login_attempts(app):
auth_log_entry_model = app.auth.auth_log_entry_model
with app.app_context():
for i in range(0, 100):
db.session.add(
auth_log_entry_model(type='failed_login_attempt',
email='*****@*****.**',
ip='127.0.0.1',
timestamp=datetime.utcnow(),
user_agent='Curl or something'))
db.session.commit()
test_client = app.test_client()
response = json_call(test_client.post,
'/session',
email='*****@*****.**',
password='******')
assert response.status_code == 401
assert response.json['errors'][0] == 'Too Many Login Attempts'
def test_logout(app):
test_client = app.test_client()
login(test_client)
response = test_client.get('/session')
assert response.status_code == 204
response = test_client.delete('/session')
assert response.status_code == 204
assert 'Set-Cookie' in response.headers
assert response.headers[
'Set-Cookie'] == 'session=deleted; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly'
with app.app_context():
token = db.session.query(app.auth.token_model).one()
assert isinstance(token.revoked_at, datetime)
response = test_client.get('/session')
assert response.status_code == 401
def test_create(app):
test_client = app.test_client()
login(test_client)
response = json_call(test_client.post,
'/cats', {
'name': 'Dr. Kitty McMoewMoew',
'pattern': 'Tabby',
'age': 7
},
headers={'X-Requested-With': 'requests'})
assert response.status_code == 201
assert dict_contains(
response.json, {
'id': 4,
'name': 'Dr. Kitty McMoewMoew',
'pattern': 'Tabby',
'age': 7,
'updated_at': iso_regex,
'created_at': iso_regex
})
def test_max_sessions(app):
token_model = app.auth.token_model
with app.app_context():
for i in range(0, 10):
db.session.add(
token_model(type='session',
user_id=1,
expires_at=datetime.utcnow() + timedelta(hours=12),
ip='127.0.0.1',
user_agent='Curl or something'))
db.session.commit()
test_client = app.test_client()
response = json_call(test_client.post,
'/session',
email='*****@*****.**',
password='******')
assert response.status_code == 401
assert response.json['errors'][
0] == 'Maximum number of user sessions reached.'
def test_update(app):
test_client = app.test_client()
login(test_client)
response = json_call(test_client.get, '/cats/2')
assert response.status_code == 200
assert dict_contains(
response.json, {
'id': 2,
'name': 'Leo',
'age': 2,
'pattern': 'Tabby',
'updated_at': iso_regex,
'created_at': iso_regex
})
cat = response.json
cat['age'] = 3
previous_updated_at = cat['updated_at']
response = json_call(test_client.put,
'/cats/2',
cat,
headers={'X-Requested-With': 'requests'})
assert response.status_code == 200
assert dict_contains(
response.json, {
'id': 2,
'name': 'Leo',
'age': 3,
'pattern': 'Tabby',
'updated_at': iso_regex,
'created_at': iso_regex
})
assert response.json['updated_at'] > previous_updated_at
response = json_call(test_client.put,
'/cats/1234', {},
headers={'X-Requested-With': 'requests'})
assert response.status_code == 404
def test_login_fail(app):
test_client = app.test_client()
response = json_call(test_client.post,
'/session',
email='*****@*****.**',
password='******')
assert response.status_code == 401
response = json_call(test_client.post,
'/session',
email='*****@*****.**',
password='******')
assert response.status_code == 401
with app.app_context():
log_entry = db.session.query(app.auth.auth_log_entry_model).first()
assert log_entry.type == 'failed_login_attempt'
assert log_entry.email == '*****@*****.**'
assert log_entry.user_id == None
assert log_entry.ip == '127.0.0.1'
assert isinstance(log_entry.timestamp, datetime)
assert log_entry.user_agent == 'werkzeug/0.14.1'
def test_login(app):
test_client = app.test_client()
response = json_call(test_client.post,
'/session',
email='*****@*****.**',
password='******')
assert response.status_code == 201
assert 'Set-Cookie' in response.headers
cookie_regex = r'session=[^;]+;\sExpires=[A-Za-z]{3},\s[0-9]{2}\s[A-Za-z]{3}\s[0-9]{4}\s[0-9]{2}:[0-9]{2}:[0-9]{2}\sGMT;\sHttpOnly'
matches = re.match(cookie_regex, response.headers['Set-Cookie'])
assert matches != None
with app.app_context():
log_entry = db.session.query(app.auth.auth_log_entry_model).first()
assert log_entry.type == 'login'
assert log_entry.email == '*****@*****.**'
assert log_entry.user_id == 1
assert log_entry.ip == '127.0.0.1'
assert isinstance(log_entry.timestamp, datetime)
assert log_entry.user_agent == 'werkzeug/0.14.1'
def test_order_by_pattern(app):
test_client = app.test_client()
login(test_client)
## asc
response = json_call(test_client.get, '/cats?$order_by=pattern')
assert response.status_code == 200
assert response.json['count'] == 3
assert response.json['page'] == 1
assert response.json['total_pages'] == 1
assert len(response.json['data']) == 3
assert dict_contains(
response.json['data'][0], {
'id': 3,
'name': 'Wilhelmina',
'age': 4,
'pattern': 'Calico',
'updated_at': iso_regex,
'created_at': iso_regex
})
assert dict_contains(
response.json['data'][1], {
'id': 1,
'name': 'Ada',
'age': 5,
'pattern': 'Tabby',
'updated_at': iso_regex,
'created_at': iso_regex
})
assert dict_contains(
response.json['data'][2], {
'id': 2,
'name': 'Leo',
'age': 2,
'pattern': 'Tabby',
'updated_at': iso_regex,
'created_at': iso_regex
})
## desc
response = json_call(test_client.get, '/cats?$order_by=-pattern')
assert response.status_code == 200
assert response.json['count'] == 3
assert response.json['page'] == 1
assert response.json['total_pages'] == 1
assert len(response.json['data']) == 3
assert dict_contains(
response.json['data'][0], {
'id': 1,
'name': 'Ada',
'age': 5,
'pattern': 'Tabby',
'updated_at': iso_regex,
'created_at': iso_regex
})
assert dict_contains(
response.json['data'][1], {
'id': 2,
'name': 'Leo',
'age': 2,
'pattern': 'Tabby',
'updated_at': iso_regex,
'created_at': iso_regex
})
assert dict_contains(
response.json['data'][2], {
'id': 3,
'name': 'Wilhelmina',
'age': 4,
'pattern': 'Calico',
'updated_at': iso_regex,
'created_at': iso_regex
})
def test_string_search_operators(app):
test_client = app.test_client()
login(test_client)
## contains
response = json_call(test_client.get, '/users?email__contains=houston')
assert response.status_code == 200
assert response.json['count'] == 1
assert response.json['page'] == 1
assert response.json['total_pages'] == 1
assert len(response.json['data']) == 1
assert response.json['data'][0]['email'] == '*****@*****.**'
## like
response = json_call(test_client.get, '/users?email__like=%%houston%%')
assert response.status_code == 200
assert response.json['count'] == 1
assert response.json['page'] == 1
assert response.json['total_pages'] == 1
assert len(response.json['data']) == 1
assert response.json['data'][0]['email'] == '*****@*****.**'
## like is case sensitive
response = json_call(test_client.get, '/cats?name__like=%%wilhelmina%%')
assert response.status_code == 200
assert response.json['count'] == 0
assert response.json['page'] == 1
assert response.json['total_pages'] == 0
assert len(response.json['data']) == 0
## notlike
response = json_call(test_client.get, '/users?email__notlike=%%houston%%')
assert response.status_code == 200
assert response.json['count'] == 3
assert response.json['page'] == 1
assert response.json['total_pages'] == 1
assert len(response.json['data']) == 3
## ilike
response = json_call(test_client.get, '/cats?name__ilike=%%wilhelmina%%')
assert response.status_code == 200
assert response.json['count'] == 1
assert response.json['page'] == 1
assert response.json['total_pages'] == 1
assert len(response.json['data']) == 1
assert response.json['data'][0]['name'] == 'Wilhelmina'
## notilike
response = json_call(test_client.get,
'/cats?name__notilike=%%wilhelmina%%')
assert response.status_code == 200
assert response.json['count'] == 2
assert response.json['page'] == 1
assert response.json['total_pages'] == 1
assert len(response.json['data']) == 2
## startswith
response = json_call(test_client.get, '/cats?name__startswith=Wil')
assert response.status_code == 200
assert response.json['count'] == 1
assert response.json['page'] == 1
assert response.json['total_pages'] == 1
assert len(response.json['data']) == 1
assert response.json['data'][0]['name'] == 'Wilhelmina'
## endswith
response = json_call(test_client.get, '/cats?name__endswith=da')
assert response.status_code == 200
assert response.json['count'] == 1
assert response.json['page'] == 1
assert response.json['total_pages'] == 1
assert len(response.json['data']) == 1
assert response.json['data'][0]['name'] == 'Ada'
def test_requires_login(app):
test_client = app.test_client()
response = json_call(test_client.get, '/cats')
assert response.status_code == 401
def test_csrf(app):
test_client = app.test_client()
login(test_client)
## POST
response = json_call(test_client.post, '/cats', {
'name': 'Dr. Kitty McMoewMoew',
'pattern': 'Tabby',
'age': 7
})
assert response.status_code == 401
response = json_call(test_client.post,
'/cats', {
'name': 'Dr. Kitty McMoewMoew',
'pattern': 'Tabby',
'age': 7
},
headers={'x-requested-with': 'requests'})
assert response.status_code == 201
assert dict_contains(
response.json, {
'id': 4,
'name': 'Dr. Kitty McMoewMoew',
'pattern': 'Tabby',
'age': 7,
'updated_at': iso_regex,
'created_at': iso_regex
})
## PUT
response = json_call(test_client.get, '/cats/2')
assert response.status_code == 200
cat = response.json
cat['age'] = 3
response = json_call(test_client.put, '/cats/2', cat)
assert response.status_code == 401
response = json_call(test_client.put,
'/cats/2',
cat,
headers={'X-Requested-With': 'requests'})
assert response.status_code == 200
assert dict_contains(
response.json, {
'id': 2,
'name': 'Leo',
'age': 3,
'pattern': 'Tabby',
'updated_at': iso_regex,
'created_at': iso_regex
})
## DELETE
response = test_client.delete('/cats/2')
assert response.status_code == 401
response = test_client.delete('/cats/2',
headers={'X-Requested-With': 'requests'})
assert response.status_code == 204
response = test_client.get('/cats/2')
assert response.status_code == 404
