def test_delete_user_itself(_not_logged_in_client): user_name = "temp_user" with session_scope() as db_session: user = User() user.user = user_name user.argon_password = "******" user.email = "*****@*****.**" _assert_create_user(db_session, _not_logged_in_client, user) confirmation_token = generate_confirmation_token(user.email) response = _not_logged_in_client.get( f"/user/confirm/{confirmation_token}") assert response.status_code == 200 # login with new user resp = _not_logged_in_client.post("/login", json={ "user": f"{user.user}", "password": f"{user.argon_password}" }) assert resp.status_code == 200 assert resp.json == { "success": "Authenticated", "username": f"{user.user}" } # # try to delete another user response = _not_logged_in_client.delete( "/user/demo", content_type="application/json") assert response.status_code == 403 # user deletes itself response = _not_logged_in_client.delete( f"/user/{user_name}", content_type="application/json") assert response.status_code == 200
def test_create_and_confirm_user(_not_logged_in_client): user_name = "test_register2" email = "*****@*****.**" with session_scope() as db_session: try: # creates a user user = User() user.user = user_name user.argon_password = "******" user.email = email _assert_create_user(db_session, _not_logged_in_client, user) # confirms the user confirmation_token = generate_confirmation_token(user.email) response = _not_logged_in_client.get( f"/user/confirm/{confirmation_token}") assert response.status_code == 200 observed_user = db_session.query(User).filter( User.user == user.user).first() assert observed_user.user == user.user assert observed_user.enabled, "Enabled field is not true" assert observed_user.confirmed, "Confirmed field is not true" assert observed_user.confirmed_on is not None finally: # cleans the database _clean_test_users(db_session, user_name)
def test_create_user(_not_logged_in_client): payload = {"confirmation_url": "http://phenopolis.org/confirm/"} response = _not_logged_in_client.post("/user", json=payload, content_type="application/json") assert response.status_code == 400 assert response.json.get("error") == "Missing user name" payload["user"] = "******" response = _not_logged_in_client.post("/user", json=payload, content_type="application/json") assert response.status_code == 400 assert response.json.get("error") == "Missing password" payload["argon_password"] = "******" response = _not_logged_in_client.post("/user", json=payload, content_type="application/json") assert response.status_code == 400 assert response.json.get("error") == "Missing email" user_name = "test_register1" with session_scope() as db_session: try: user = User() user.user = user_name user.argon_password = "******" user.email = "*****@*****.**" _assert_create_user(db_session, _not_logged_in_client, user) finally: # cleans the database _clean_test_users(db_session, user_name)
def test_create_user_without_callbackurl(_not_logged_in_client): user_name = "demo" user = User() user.user = user_name user.argon_password = "******" user.email = "*****@*****.**" payload = user.as_dict() response = _not_logged_in_client.post("/user", json=payload, content_type="application/json") assert response.status_code == 400
def test_create_user_with_used_username(_not_logged_in_client): user_name = "demo" user = User() user.user = user_name user.argon_password = "******" user.email = "*****@*****.**" payload = user.as_dict() payload["confirmation_url"] = "http://phenopolis.org/confirm/" response = _not_logged_in_client.post("/user", json=payload, content_type="application/json") assert response.status_code == 500
def test_create_user_without_email(_not_logged_in_client): user_name = "test_register4" with session_scope() as db_session: try: user = User() user.user = user_name user.argon_password = "******" response = _not_logged_in_client.post( "/user", json=user.as_dict(), content_type="application/json") assert response.status_code == 400 finally: # cleans the database _clean_test_users(db_session, user_name)
def test_create_user_with_explicit_enabled_and_confirmed_flags( _not_logged_in_client): user_name = "test_register3" with session_scope() as db_session: try: user = User() user.user = user_name user.argon_password = "******" user.email = "*****@*****.**" user.enabled = True user.confirmed = True _assert_create_user(db_session, _not_logged_in_client, user) finally: # cleans the database _clean_test_users(db_session, user_name)
def test_create_user_with_used_email(_not_logged_in_client): user_name = "test_register5" with session_scope() as db_session: try: user = User() user.user = user_name user.argon_password = "******" user.email = "*****@*****.**" payload = user.as_dict() payload["confirmation_url"] = "http://phenopolis.org/confirm/" response = _not_logged_in_client.post( "/user", json=payload, content_type="application/json") assert response.status_code == 500 finally: # cleans the database _clean_test_users(db_session, user_name)
def test_delete_user(_admin_client): user_name = "test_register6" with session_scope() as db_session: user = User() user.user = user_name user.argon_password = "******" user.email = "*****@*****.**" _assert_create_user(db_session, _admin_client, user) # deletes user response = _admin_client.delete(f"/user/{user_name}", content_type="application/json") assert response.status_code == 200 # confirms it does not exist o_user = db_session.query(User).filter(User.user == user_name).first() assert o_user is None, "Deletion was not successful" # try to delete non-existent user response = _admin_client.delete("/user/not_me", content_type="application/json") assert response.status_code == 404
def create_user(): try: payload = _get_json_payload() if CONFIRMATION_URL not in payload: raise PhenopolisException("Please, provide a confirmation URL", 400) confirmation_url = payload.pop(CONFIRMATION_URL) new_user = User(**payload) _check_user_valid(new_user) # encode password new_user.argon_password = argon2.hash(new_user.argon_password) # this is the default, but to avoid a misuse of the API that circumvents user registration it forces these # two flags to False new_user.confirmed = False new_user.enabled = False try: # persist users user_id = new_user.user with session_scope() as db_session: db_session.add(new_user) _add_config_from_admin(db_session, new_user) # sends confirmation email _send_confirmation_email(new_user, confirmation_url=confirmation_url) response = jsonify(success=True, message="User was created", id=user_id) except Exception as e: application.logger.exception(e) response = jsonify(success=False, message=str(e)) response.status_code = 500 except PhenopolisException as e: application.logger.error(str(e)) response = jsonify(success=False, error=str(e)) response.status_code = e.http_status return response