def test_add_two_users_with_same_email(self, api_client: ApiClient):
"""Test that it is impossible to create two users with same email
Steps:
- Make request to application with path /api/add_user and JSON in valid format
- Make another request to application with path /api/add_user
but different username and password
Expected results:
Status code for the first request is in 200-300 range
Status code for the first request is in 400-500 range
"""
username, email, password = make.auth_data()
username2, _, password2 = make.auth_data(email=email)
with allure.step(
'Add the first user and check status code is in range 200 to 300'
):
response = api_client.add_user(username=username,
email=email,
password=password)
attach_http(response, '1')
assert response.status_code in range(200, 300)
with allure.step(
'Add the second user and check status code is in range 400 to 500'
):
response2 = api_client.add_user(username=username2,
email=email,
password=password2)
attach_http(response2, '2')
assert response2.status_code in range(400, 500)
def test_added_users(self, username, email, password,
api_client: ApiClient):
"""Tests that users blocked
Steps:
- Make request to application with path /api/add_user and JSON in valid format
- Make request to application with path /api/block_user/<username>
- Make request to application with path /api/block_user/<username> again
Expected results:
Status code for the first request is in 200-300 range
Status code for the second request is 200
Status code for the third request is 304
"""
response = api_client.add_user(username=username,
email=email,
password=password)
attach_http(response, '1')
if response.status_code not in range(200, 300):
raise Exception('there was error with add_user function')
with allure.step('Block user'):
response2 = api_client.block_user(username)
attach_http(response2, '2')
assert response2.status_code == status_codes.OK
with allure.step('Block user again'):
response3 = api_client.block_user(username)
attach_http(response3, '3')
assert response3.status_code == status_codes.NOT_CHANGED
def test_valid_credentials(self, username, email, password,
api_client: ApiClient):
"""Test add_user API function with valid credentials
Steps:
- Make request to application with path /api/add_user. JSON in valid format like
{"username": "******", "email": "*****@*****.**", "password": "******"}
Expected results:
Response status code is 201
"""
response = api_client.add_user(username=username,
email=email,
password=password)
assert response.status_code == 201
def test_add_user_negative(self, username, email, password,
mysql_client: MysqlClient,
api_client: ApiClient):
"""Test status code of API function 'add_user'
Steps:
Call 'add_user' with some credentials and check record with these credentials in the users' table
Expected results:
Status code is 400 and record with these credentials no exists in the users' table
or another status code and the record exists
"""
response = api_client.add_user(username, email, password)
record = mysql_client.get_record(username)
assert response.status_code == 400 and record is None \
or record == Record(username, email, password, 1, 0, None)
def test_authorize_after_add(self, authorization_page: AuthorizationPage,
api_client: ApiClient):
"""Test that user, created by API, can authorize properly
Steps:
- Make request to application with path /api/add_user and JSON in valid format
- Try to authorize with the same credentials
Expected results:
Response status code is 200 for API request
User succeed to authorize
"""
username, email, password = make.auth_data()
response = api_client.add_user(username=username,
email=email,
password=password)
assert response.status_code in range(200, 300)
try:
authorization_page.authorize(username=username, password=password)
except WebDriverException as err:
raise AssertionError from err
def test_integrity(self, username, email, password,
authorization_page: AuthorizationPage,
api_client: ApiClient):
"""Test integrity of add_user API function and authorization
Steps:
- Make request to application with path /api/add_user and JSON in valid format like
{"username": "******", "email": "*****@*****.**", "password": "******"}
- Try to authorize to the site with the same credentials
Expected results:
If request to /api/add_user has status code 400 or more,
user mustn't be able to authorize to the site with these credentials
In other cases user must be able to authorize to the site with these credentials
"""
response = api_client.add_user(username=username,
email=email,
password=password)
if response.status_code >= 400:
with allure.step(
"'add_user' not succeed. Check that authorization will not succeed"
):
with pytest.raises(AuthorizationError):
authorization_page.authorize(username=username,
password=password)
else:
with allure.step(
"'add_user' succeed. Check that authorization will succeed"
):
try:
authorization_page.authorize(username=username,
password=password)
except AuthorizationError as err:
allure.attach.file(
authorization_page.make_screenshot(
'not_succeed_authorization'),
attachment_type=allure.attachment_type.PNG,
name='not_succeed_authorization.png')
raise AssertionError from err # to mark test as failed, not broken
def test_scenario_single_user(self, api_client: ApiClient,
mysql_client: MysqlClient,
authorization_page: AuthorizationPage):
"""Test scenario for API
Steps:
0 Generate credentials
1 Add user via API
2 Delete user via API
3 Add user via API
4 Accept user via API
5 Block user via API
6 Accept user via API
7 Authorize user via API
8 Logout
9 Block user via API
0 Try to authorize user
Expected results:
Step 1: database table has record with these credentials and values `access` = 1,
`active` = 0, `start_active_time` = None
Step 2: record does not exist for this username
Steps 3-4: database table has record with these credentials and values `access` = 1,
`active` = 0, `start_active_time` = None
Step 5: `access` = 0, no other changes
Step 6: `access` = 1, no other changes
Step 7: User succeeds to authorize, `active` changed to 1, start_active_time changed
and almost equal time.time(), no other changes
Step 8: `active` = 0, no other changes
Step 9: `access` = 0, no other changes
Step 10: User doesn't succeed to authorize, the record doesn't changed
"""
username, email, password = make.auth_data()
with allure.step('Add user'):
api_client.add_user(username=username,
email=email,
password=password)
record = mysql_client.get_record(username)
assert record is not None
assert record == Record(username, email, password, 1, 0, None)
with allure.step('Del user'):
api_client.del_user(username=username)
assert mysql_client.get_record(
username) is None # record not exists
with allure.step('Add user'):
api_client.add_user(username=username,
email=email,
password=password)
record = mysql_client.get_record(username)
assert record is not None
assert record == Record(username, email, password, 1, 0, None)
with allure.step('Accept user'):
api_client.accept_user(username=username)
record = mysql_client.get_record(username)
assert record is not None
assert record == Record(username, email, password, 1, 0,
None) # no changes
with allure.step('Block user'):
api_client.block_user(username=username)
record = mysql_client.get_record(username)
assert record is not None
assert record == Record(username, email, password, 0, 0,
None) # access = 0
with allure.step('Accept user'):
api_client.accept_user(username=username)
record = mysql_client.get_record(username)
assert record is not None
assert record == Record(username, email, password, 1, 0, None)
with allure.step('Authorize user'):
main_page = authorization_page.authorize(username, password)
record = mysql_client.get_record(username)
start_time = time.time()
assert record is not None
assert record == Record(username, email, password, 1, 1,
start_time) # active = 1
with allure.step('Logout'):
main_page.logout()
assert record is not None
assert record == Record(username, email, password, 1, 0,
start_time) # active = 0
with allure.step('Block user'):
api_client.block_user(username=username)
record = mysql_client.get_record(username)
assert record is not None
assert record == Record(username, email, password, 0, 0,
start_time) # access = 0
with allure.step('Authorize user (who is blocked)'):
with pytest.raises(AuthorizationError):
authorization_page.authorize(username, password)
record = mysql_client.get_record(username)
assert record is not None
assert record == Record(username, email, password, 0, 0,
start_time) # no changes
def test_scenario2(api_client: ApiClient):
"""Test scenario with several requests
Steps:
0 Generate credentials
1 Delete user via del_user API function (user not exists)
2 Block user via block_user API function (user not exists)
3 Accept user via accept_user API function (user not exists)
4 Add user via add_user API function with credentials
5 Accept user via accept_user API function
6 Block user via block_user API function
7 Block user via block_user API function
8 Accept user via accept_user API function
9 Accept user via accept_user API function
0 Delete user via del_user API function
1 Add user via add_user API function with the same credentials
2 Add user via add_user API function
3 Add user via add_user API function with different email
4 Add user via add_user API function with different username
Expected results:
Steps 1-3 fail, status code 404
Step 4 succeed, status code 201
Step 5 status code 304
Step 6 status code 200
Step 7 status code 304
Step 8 status code 200
Step 9 status code 304
Step 10 status code 204
Step 11 status code 201
Step 12 status code 304
Step 13 status code 304
Step 14 status code 304
"""
username = '******'
email = '*****@*****.**'
password = '******'
with allure.step(f"Del user {username} who doesn't exist"):
response = api_client.del_user(username)
attach_http(response)
assert response.status_code == status_codes.NOT_EXIST
with allure.step(f"Block user {username} who doesn't exist"):
response = api_client.block_user(username)
attach_http(response)
assert response.status_code == status_codes.NOT_EXIST
with allure.step(f"Accept user {username} who doesn't exist"):
response = api_client.accept_user(username)
attach_http(response)
assert response.status_code == status_codes.NOT_EXIST
with allure.step(
f'Add user with credentials ({username}, {email}, {password})'):
response = api_client.add_user(username=username,
email=email,
password=password)
attach_http(response)
assert response.status_code == status_codes.CREATED
with allure.step(f"Accept user {username}"):
response = api_client.accept_user(username)
attach_http(response)
assert response.status_code == status_codes.NOT_CHANGED
with allure.step(f"Block user {username}"):
response = api_client.block_user(username)
attach_http(response)
assert response.status_code == status_codes.OK
with allure.step(f"Block user {username} again"):
response = api_client.block_user(username)
attach_http(response)
assert response.status_code == status_codes.NOT_CHANGED
with allure.step(f"Accept user {username}"):
response = api_client.accept_user(username)
attach_http(response)
assert response.status_code == status_codes.OK
with allure.step(f"Accept user {username}"):
response = api_client.accept_user(username)
attach_http(response)
assert response.status_code == status_codes.NOT_CHANGED
with allure.step(f"Del user {username}"):
response = api_client.del_user(username)
attach_http(response)
assert response.status_code == status_codes.DELETED
with allure.step(
f'Add user with credentials ({username}, {email}, {password})'):
response = api_client.add_user(username=username,
email=email,
password=password)
attach_http(response)
assert response.status_code == status_codes.CREATED
with allure.step(
f'Try to add user with credentials ({username}, {email}, {password})'
):
response = api_client.add_user(username=username,
email=email,
password=password)
attach_http(response)
assert response.status_code == status_codes.NOT_CHANGED
with allure.step(
f'Try to add user with credentials ({username}, {email}, {password})'
):
response = api_client.add_user(username=username,
email='a' + email,
password=password)
attach_http(response)
assert response.status_code == status_codes.NOT_CHANGED
with allure.step(
f'Try to add user with credentials ({username}, {email}, {password})'
):
response = api_client.add_user(username='******' + username,
email=email,
password=password)
attach_http(response)
assert response.status_code == status_codes.NOT_CHANGED
