def test_put_user_image__failure(server): token = util.create_jwt(99, server.config.secret) data = FormData() # No such user _, response = server.app.test_client.put( '/users/99/images/profile', data=data, headers={ 'Authorization': token, }) assert response.status == 404 # Forbidden (the user is trying to update another user's image) _, response = server.app.test_client.put( '/users/3/images/profile', data=data, headers={ 'Authorization': token, }) assert response.status == 403 # Invalid image name token = util.create_jwt(3, server.config.secret) _, response = server.app.test_client.put( '/users/3/images/$%^&*(', data=data, headers={ 'Authorization': token, }) assert response.status == 400
def test_delete_membership__failure(server): # Presidents can't delete President memberships _, response = server.app.test_client.get('/users/founder') founder_id = response.json['id'] founder_token = util.create_jwt(founder_id, server.config.secret) _, response = server.app.test_client.get('/users/pres2') pres2_id = response.json['id'] _, response = server.app.test_client.delete( '/memberships/testclub?user_id=' + str(pres2_id), headers={'Authorization': founder_token}) assert response.status == 403 # Admins can't delete memberships other than Member memberships _, response = server.app.test_client.get('/users/admin') admin_id = response.json['id'] admin_token = util.create_jwt(admin_id, server.config.secret) _, response = server.app.test_client.delete( '/memberships/testclub?user_id=' + str(founder_id), headers={'Authorization': admin_token}) assert response.status == 403 # Members can't delete other memberships _, response = server.app.test_client.get('/users/member') member_id = response.json['id'] member_token = util.create_jwt(member_id, server.config.secret) _, response = server.app.test_client.get('/users/founder') founder_id = response.json['id'] _, response = server.app.test_client.delete( '/memberships/testclub?user_id=' + str(founder_id), headers={'Authorization': member_token}) assert response.status == 403 # a regular member cannot delete all members _, response = server.app.test_client.delete( '/memberships/testclub', headers={'Authorization': member_token}) assert response.status == 403 # Invalid ID _, response = server.app.test_client.delete( '/memberships/testclub?user_id=99', headers={'Authorization': founder_token}) assert response.status == 400 # Invalid club _, response = server.app.test_client.delete( '/memberships/doesnotexist?user_id=' + str(member_id), headers={'Authorization': founder_token}) assert response.status == 404
def test_get_memberships__success(server): _, response = server.app.test_client.get('/users/founder') user_id = response.json['id'] token = util.create_jwt(user_id, server.config.secret) # get all memberships _, response = server.app.test_client.get( '/memberships/testclub', headers={'Authorization': token}) assert response.status == 200 # check that the four memberships were obtained # (founder, admin, member, pres2, admin2, and member2's memberships) assert len(response.json) == 6 # get founder's membership _, response = server.app.test_client.get( '/memberships/testclub?user_id=' + str(user_id), headers={'Authorization': token}) membership = response.json[0] assert membership['user_id'] == user_id assert membership['full_name'] == 'Test Guy' assert membership['username'] == 'founder' assert isinstance(membership['created_at'], int) # get member's membership _, response = server.app.test_client.get( '/memberships/testclub?user_id=' + str(user_id + 1), headers={'Authorization': token})
def test_paginate_clubs__success(server): # get founder's id to post a club _, response = server.app.test_client.get('/users/founder') user_id = response.json['id'] token = util.create_jwt(user_id, server.config.secret) # add dummy data to search for in database club_info = [['UBC Launch Pad', 'software engineering team'], ['envision', 'something'], ['UBC biomed', 'something else']] for name, desc in club_info: server.app.test_client.post('/clubs', data=json.dumps({ 'name': name, 'description': desc, 'website_url': '', 'twitter_url': '', 'facebook_url': '', 'instagram_url': '', }), headers={'Authorization': token}) _, response = server.app.test_client.get('/clubs/search?page=0&size=2') assert response.status == 200 body = response.json assert body.get('result_count') == 3 assert body.get('page') == 0 assert body.get('total_pages') == 2
def test_put_user__failure(server): username = '******' token = util.create_jwt(1, server.config.secret) _, response = server.app.test_client.put(f'/users/{username}', data=json.dumps({'garbage': True}), headers={'Authorization': token}) assert response.status == 400
def test_get_membership__failure(server): # club does not exist _, response = server.app.test_client.get('/users/founder') user_id = response.json['id'] token = util.create_jwt(user_id, server.config.secret) _, response = server.app.test_client.get( '/memberships/doesnotexist?user_id=3', headers={'Authorization': token}) assert response.status == 404
def test_delete_club__success(server): # deleting clubs requires President privileges # therefore use the founder's ID to successfully delete the club _, response = server.app.test_client.get('/users/founder') editor_id = response.json['id'] token = util.create_jwt(editor_id, server.config.secret) _, response = server.app.test_client.delete( '/clubs/newtest', headers={'Authorization': token}) assert response.status == 204
def test_delete_club__failure(server): # get user's id of a Member membership _, response = server.app.test_client.get('/users/member') user_id = response.json['id'] token = util.create_jwt(user_id, server.config.secret) # fail when a user with a Member membership tries to delete the club _, response = server.app.test_client.delete( '/clubs/newtest', headers={'Authorization': token}) assert response.status == 403
def test_delete_user_image__success(server): # get image for user whose name is founder _, response = server.app.test_client.get('/users/founder') user_id = response.json['id'] token = util.create_jwt(user_id, server.config.secret) _, response = server.app.test_client.delete( '/users/' + str(user_id) + '/images/profile', headers={ 'Authorization': token, }) assert response.status == 200
def test_delete_user_image__failure(server): token = util.create_jwt(99, server.config.secret) # No such image _, response = server.app.test_client.delete( '/users/99/images/profile', headers={ 'Authorization': token, }) assert response.status == 404 # Forbidden (user is trying to delete another user's image) _, response = server.app.test_client.delete( '/users/3/images/profile', headers={ 'Authorization': token, }) assert response.status == 403
def test_put_user_image__success(server): # Upload image for user whose name is founder _, response = server.app.test_client.get('/users/founder') user_id = response.json['id'] token = util.create_jwt(user_id, server.config.secret) data = FormData() data.add_field('image', open('tests/testdata/large-logo.png', 'rb')) _, response = server.app.test_client.put( '/users/' + str(user_id) + '/images/profile', data=data, headers={ 'Authorization': token, }) assert response.status == 200
def test_delete_membership__success(server): # any member can delete his/her own membership _, response = server.app.test_client.get('/users/member2') member2_id = response.json['id'] member2_token = util.create_jwt(member2_id, server.config.secret) _, response = server.app.test_client.delete( '/memberships/testclub?user_id=' + str(member2_id), headers={'Authorization': member2_token}) assert response.status == 201 # Admin can delete Member memberships _, response = server.app.test_client.get('/users/admin') admin_id = response.json['id'] admin_token = util.create_jwt(admin_id, server.config.secret) _, response = server.app.test_client.get('/users/member') member_id = response.json['id'] _, response = server.app.test_client.delete( '/memberships/testclub?user_id=' + str(member_id), headers={'Authorization': admin_token}) assert response.status == 201 # Presidents can delete members that are not Presidents _, response = server.app.test_client.get('/users/founder') founder_id = response.json['id'] founder_token = util.create_jwt(founder_id, server.config.secret) _, response = server.app.test_client.get('/users/admin2') admin2_id = response.json['id'] _, response = server.app.test_client.delete( '/memberships/testclub?user_id=' + str(admin2_id), headers={'Authorization': founder_token}) assert response.status == 201 # Delete all members _, response = server.app.test_client.delete( '/memberships/testclub', headers={'Authorization': founder_token}) assert response.status == 201
def test_put_user__success(server): username = '******' token = util.create_jwt(1, server.config.secret) _, response = server.app.test_client.put( f'/users/{username}', data=json.dumps({ 'full_name': 'New Name', 'email': '*****@*****.**', }), headers={'Authorization': token}) assert response.status == 200 assert response.json['username'] == username assert response.json['full_name'] == 'New Name' assert response.json['email'] == '*****@*****.**' assert response.json['id'] == 1 assert isinstance(response.json['created_at'], int)
def test_post_clubs__success(server): # A user is required to create the club _, response = server.app.test_client.post('/users', data=json.dumps({ 'username': '******', 'full_name': 'Test Guy', 'bio': 'Yeet!', 'email': '*****@*****.**', 'password': '******' })) assert response.status == 201 _, response = server.app.test_client.get('/users/founder') assert response.status == 200 user_id = response.json['id'] token = util.create_jwt(user_id, server.config.secret) # post club using the id of the user from token _, response = server.app.test_client.post('/clubs', data=json.dumps({ 'name': 'test', 'description': 'club called test', 'website_url': 'club.com', 'facebook_url': 'facebook.com/test', 'instagram_url': 'instagram.com/test', 'twitter_url': 'twitter.com/test', }), headers={'Authorization': token}) assert response.status == 201
def test_post_clubs__failure(server): # Get token for founder _, response = server.app.test_client.get('/users/founder') user_id = response.json['id'] token = util.create_jwt(user_id, server.config.secret) _, response = server.app.test_client.post('/clubs', data=json.dumps({ 'name': 'test', 'description': 'club called test', 'website_url': 'club.com', 'facebook_url': 'facebook.com/test', 'instagram_url': 'instagram.com/test', 'twitter_url': 'twitter.com/test', }), headers={'Authorization': token}) assert response.status == 409 assert 'error' in response.json
def test_put_memberships__failure(server): # Club does not exist _, response = server.app.test_client.get('/users/founder') founder_id = response.json['id'] founder_token = util.create_jwt(founder_id, server.config.secret) _, response = server.app.test_client.put( '/memberships/doesnotexist?user_id=3', data=json.dumps({ 'members_role': 'President', 'position': 'VP' }), headers={'Authorization': founder_token}) assert response.status == 400 # User does not exist _, response = server.app.test_client.put( '/memberships/testclub?user_id=99', data=json.dumps({ 'members_role': 'President', 'position': 'VP' }), headers={'Authorization': founder_token}) assert response.status == 400 # User id not provided _, response = server.app.test_client.put( '/memberships/testclub', data=json.dumps({ 'members_role': 'President', 'position': 'VP' }), headers={'Authorization': founder_token}) assert response.status == 400 # Permission denied. A user with an Admin membership cannot # edit a President membership _, response = server.app.test_client.get('/users/admin') admin_id = response.json['id'] admin_token = util.create_jwt(admin_id, server.config.secret) _, response = server.app.test_client.put( '/memberships/testclub?user_id=' + str(founder_id), data=json.dumps({ 'members_role': 'President', 'position': 'some new position' }), headers={'Authorization': admin_token}) assert response.status == 403 # Permission denied. A user with an Admin membership cannot # add a President membership # Create new user to attempt adding into database _, response = server.app.test_client.post( '/users', data=json.dumps({ 'username': '******', 'full_name': 'president guy', 'bio': 'I am president2, rip', 'email': '*****@*****.**', 'password': '******' })) # get his id _, response = server.app.test_client.get('/users/president2') president_id = response.json['id'] # attempt to add President membership _, response = server.app.test_client.put( '/memberships/testclub?user_id=' + str(president_id), data=json.dumps({ 'members_role': 'President', 'position': 'VP' }), headers={'Authorization': admin_token}) assert response.status == 403 # Permission denied. A user with a Membership membership cannot # edit an Admin membership _, response = server.app.test_client.get('/users/member') member_id = response.json['id'] member_token = util.create_jwt(member_id, server.config.secret) _, response = server.app.test_client.put( '/memberships/testclub?user_id=' + str(admin_id), data=json.dumps({ 'members_role': 'President', 'position': 'some new position' }), headers={'Authorization': member_token}) assert response.status == 403 # Permission denied. A user with a Membership membership cannot # add an Admin membership # Create new user to attempt adding into database _, response = server.app.test_client.post( '/users', data=json.dumps({ 'username': '******', 'full_name': 'admin guy', 'bio': 'I am admin2, rip', 'email': '*****@*****.**', 'password': '******' })) # get his id _, response = server.app.test_client.get('/users/admin2') admin_id = response.json['id'] # attempt to add Admin membership _, response = server.app.test_client.put( '/memberships/testclub?user_id=' + str(admin_id), data=json.dumps({ 'members_role': 'Admin', 'position': 'tech lead 2' }), headers={'Authorization': member_token}) assert response.status == 403 # Permission denied. A user with a President membership cannot # edit another President membership # get pres2's id _, response = server.app.test_client.get('/users/pres2') pres2_id = response.json['id'] _, response = server.app.test_client.put( '/memberships/testclub?user_id=' + str(pres2_id), data=json.dumps({ 'members_role': 'President', 'position': 'former tech lead 2' }), headers={'Authorization': founder_token}) assert response.status == 403
def test_put_memberships__success(server): # to put a new membership, we will first need to create a club # to add a membership to. A founder user will be needed to create # the club # get user whose name is founder and get his id to pass in with his token _, response = server.app.test_client.get('/users/founder') founder_id = response.json['id'] founder_token = util.create_jwt(founder_id, server.config.secret) _, response = server.app.test_client.post( '/clubs', data=json.dumps({ 'name': 'testclub', 'description': 'club called test', 'website_url': 'club.com', 'facebook_url': 'facebook.com/test', 'instagram_url': 'instagram.com/test', 'twitter_url': 'twitter.com/test', }), headers={'Authorization': founder_token}) # add an Admin membership to another user # first create user whom we will give an Admin membership to _, response = server.app.test_client.post( '/users', data=json.dumps({ 'username': '******', 'full_name': 'admin guy', 'bio': 'I am an eng student, rip', 'email': '*****@*****.**', 'password': '******' })) # get his id _, response = server.app.test_client.get('/users/admin') admin_id = response.json['id'] # add Admin membership _, response = server.app.test_client.put( '/memberships/testclub?user_id=' + str(admin_id), data=json.dumps({ 'members_role': 'Admin', 'position': 'tech lead' }), headers={'Authorization': founder_token}) assert response.status == 201 # edit same Admin membership _, response = server.app.test_client.put( '/memberships/testclub?user_id=' + str(admin_id), data=json.dumps({ 'members_role': 'Admin', 'position': 'former tech lead' }), headers={'Authorization': founder_token}) assert response.status == 201 # add a Member membership to another user. # use the Admin membership to put entry into the memberships table admin_token = util.create_jwt(admin_id, server.config.secret) _, response = server.app.test_client.get('/users/member') member_id = response.json['id'] _, response = server.app.test_client.put( '/memberships/testclub?user_id=' + str(member_id), data=json.dumps({ 'members_role': 'Member', 'position': 'club member' }), headers={'Authorization': admin_token}) assert response.status == 201 # edit the same Member membership _, response = server.app.test_client.put( '/memberships/testclub?user_id=' + str(member_id), data=json.dumps({ 'members_role': 'Member', 'position': 'former club member' }), headers={'Authorization': admin_token}) assert response.status == 201 # Add President membership using the founder's id. # Create new user to attempt adding into database _, response = server.app.test_client.post( '/users', data=json.dumps({ 'username': '******', 'full_name': 'admin guy', 'bio': 'I am a president, rip', 'email': '*****@*****.**', 'password': '******' })) # get his id _, response = server.app.test_client.get('/users/pres2') pres2_id = response.json['id'] # add President membership _, response = server.app.test_client.put( '/memberships/testclub?user_id=' + str(pres2_id), data=json.dumps({ 'members_role': 'President', 'position': 'tech lead 2' }), headers={'Authorization': founder_token}) assert response.status == 201 # Add another Member and Admin membership to the table for other tests # Create new user to attempt adding into database _, response = server.app.test_client.post( '/users', data=json.dumps({ 'username': '******', 'full_name': 'member guy 2', 'bio': 'I am an admin, rip', 'email': '*****@*****.**', 'password': '******' })) assert response.status == 201 # get his id _, response = server.app.test_client.get('/users/member2') member2_id = response.json['id'] # add Member membership _, response = server.app.test_client.put( '/memberships/testclub?user_id=' + str(member2_id), data=json.dumps({ 'members_role': 'Member', 'position': 'another member' }), headers={'Authorization': founder_token}) assert response.status == 201 # Create new user to attempt adding into database _, response = server.app.test_client.post( '/users', data=json.dumps({ 'username': '******', 'full_name': 'admin guy 2', 'bio': 'I am admin2, rip', 'email': '*****@*****.**', 'password': '******' })) # get his id _, response = server.app.test_client.get('/users/admin2') admin2_id = response.json['id'] # add Member membership _, response = server.app.test_client.put( '/memberships/testclub?user_id=' + str(admin2_id), data=json.dumps({ 'members_role': 'Admin', 'position': 'another admin' }), headers={'Authorization': founder_token}) assert response.status == 201
def test_create_and_check_jwt__failure(): token = util.create_jwt(12345, 'test secret') assert util.check_jwt(token, 'wrong secret') is None
def test_create_and_check_jwt__success(): user_id = 12345 secret = 'test secret' token = util.create_jwt(user_id, secret) assert util.check_jwt(token, secret) == user_id
def test_put_club__success(server): # updating clubs requires Admin or President privileges # therefore we will get the owners id to get access _, response = server.app.test_client.get('/users/founder') founder_id = response.json['id'] founder_token = util.create_jwt(founder_id, server.config.secret) # test if the club is successfully edited by President _, response = server.app.test_client.put( '/clubs/test', data=json.dumps({ 'name': 'newtest', 'description': 'club with a new description', }), headers={'Authorization': founder_token}) assert response.status == 200 assert response.json['description'] == 'club with a new description' assert response.json['id'] == 1 assert isinstance(response.json['created_at'], int) # test if the club is successfully edited by an Admin # First, create admin user _, response = server.app.test_client.post('/users', data=json.dumps({ 'username': '******', 'full_name': 'admin Guy', 'bio': 'Ayyy I\'m an admin', 'email': '*****@*****.**', 'password': '******' })) _, response = server.app.test_client.get('/users/adminPerson') admin_id = response.json['id'] admin_token = util.create_jwt(admin_id, server.config.secret) # add Admin membership _, response = server.app.test_client.put( '/memberships/newtest?user_id=' + str(admin_id), data=json.dumps({ 'members_role': 'Admin', 'position': 'tech lead' }), headers={'Authorization': founder_token}) assert response.status == 201 # test if the club is successfully edited by Admin _, response = server.app.test_client.put( '/clubs/newtest', data=json.dumps({ 'name': 'newtest', 'description': 'club with a newer description', }), headers={'Authorization': admin_token}) assert response.status == 200 assert response.json['description'] == 'club with a newer description' assert response.json['id'] == 1 assert isinstance(response.json['created_at'], int)
def test_delete_user__success(server): token = util.create_jwt(1, server.config.secret) _, response = server.app.test_client.delete( '/users/test', headers={'Authorization': token}) assert response.status == 204
def test_delete_user__failure(server): token = util.create_jwt(1, server.config.secret) _, response = server.app.test_client.delete( '/users/doesnotexist', headers={'Authorization': token}) assert response.status == 404
def test_put_club__failure(server): # bad json data test: # first get the founder's id to get access _, response = server.app.test_client.get('/users/founder') user_id = response.json['id'] token = util.create_jwt(user_id, server.config.secret) # bad json data _, response = server.app.test_client.put('/clubs/newtest', data=json.dumps({'garbage': True}), headers={'Authorization': token}) assert response.status == 400 # try editing the club with a Member membership # first create user whom we will give a member membership to _, response = server.app.test_client.post('/users', data=json.dumps({ 'username': '******', 'full_name': 'Matthew Gin', 'bio': 'Ayyy I\'m a member', 'email': '*****@*****.**', 'password': '******' })) # get the founder's id and his membership to get access # to add the member to the club _, response = server.app.test_client.get('/users/founder') editor_id = response.json['id'] token = util.create_jwt(editor_id, server.config.secret) # get user's id to add to the club _, response = server.app.test_client.get('/users/member') user_id = response.json['id'] # give user a Member membership to the club _, response = server.app.test_client.put('/memberships/newtest?user_id=' + str(user_id), data=json.dumps({ 'members_role': 'Member', 'position': 'Student' }), headers={'Authorization': token}) # now try editing the club with the Member membership token = util.create_jwt(user_id, server.config.secret) _, response = server.app.test_client.put('/clubs/newtest', data=json.dumps({ 'name': 'newtest', 'description': 'new description', }), headers={'Authorization': token}) assert response.status == 403