def test_delete_user_itself(_not_logged_in_client):
user_name = "temp_user"
with session_scope() as db_session:
user = User()
user.user = user_name
user.argon_password = "******"
user.email = "*****@*****.**"
_assert_create_user(db_session, _not_logged_in_client, user)
confirmation_token = generate_confirmation_token(user.email)
response = _not_logged_in_client.get(
f"/user/confirm/{confirmation_token}")
assert response.status_code == 200
# login with new user
resp = _not_logged_in_client.post("/login",
json={
"user": f"{user.user}",
"password":
f"{user.argon_password}"
})
assert resp.status_code == 200
assert resp.json == {
"success": "Authenticated",
"username": f"{user.user}"
}
# # try to delete another user
response = _not_logged_in_client.delete(
"/user/demo", content_type="application/json")
assert response.status_code == 403
# user deletes itself
response = _not_logged_in_client.delete(
f"/user/{user_name}", content_type="application/json")
assert response.status_code == 200
def test_create_and_confirm_user(_not_logged_in_client):
user_name = "test_register2"
email = "*****@*****.**"
with session_scope() as db_session:
try:
# creates a user
user = User()
user.user = user_name
user.argon_password = "******"
user.email = email
_assert_create_user(db_session, _not_logged_in_client, user)
# confirms the user
confirmation_token = generate_confirmation_token(user.email)
response = _not_logged_in_client.get(
f"/user/confirm/{confirmation_token}")
assert response.status_code == 200
observed_user = db_session.query(User).filter(
User.user == user.user).first()
assert observed_user.user == user.user
assert observed_user.enabled, "Enabled field is not true"
assert observed_user.confirmed, "Confirmed field is not true"
assert observed_user.confirmed_on is not None
finally:
# cleans the database
_clean_test_users(db_session, user_name)
def test_create_user(_not_logged_in_client):
payload = {"confirmation_url": "http://phenopolis.org/confirm/"}
response = _not_logged_in_client.post("/user",
json=payload,
content_type="application/json")
assert response.status_code == 400
assert response.json.get("error") == "Missing user name"
payload["user"] = "******"
response = _not_logged_in_client.post("/user",
json=payload,
content_type="application/json")
assert response.status_code == 400
assert response.json.get("error") == "Missing password"
payload["argon_password"] = "******"
response = _not_logged_in_client.post("/user",
json=payload,
content_type="application/json")
assert response.status_code == 400
assert response.json.get("error") == "Missing email"
user_name = "test_register1"
with session_scope() as db_session:
try:
user = User()
user.user = user_name
user.argon_password = "******"
user.email = "*****@*****.**"
_assert_create_user(db_session, _not_logged_in_client, user)
finally:
# cleans the database
_clean_test_users(db_session, user_name)
def test_create_user_without_callbackurl(_not_logged_in_client):
user_name = "demo"
user = User()
user.user = user_name
user.argon_password = "******"
user.email = "*****@*****.**"
payload = user.as_dict()
response = _not_logged_in_client.post("/user",
json=payload,
content_type="application/json")
assert response.status_code == 400
def test_create_user_with_used_username(_not_logged_in_client):
user_name = "demo"
user = User()
user.user = user_name
user.argon_password = "******"
user.email = "*****@*****.**"
payload = user.as_dict()
payload["confirmation_url"] = "http://phenopolis.org/confirm/"
response = _not_logged_in_client.post("/user",
json=payload,
content_type="application/json")
assert response.status_code == 500
def test_create_user_without_email(_not_logged_in_client):
user_name = "test_register4"
with session_scope() as db_session:
try:
user = User()
user.user = user_name
user.argon_password = "******"
response = _not_logged_in_client.post(
"/user", json=user.as_dict(), content_type="application/json")
assert response.status_code == 400
finally:
# cleans the database
_clean_test_users(db_session, user_name)
def test_create_user_with_explicit_enabled_and_confirmed_flags(
_not_logged_in_client):
user_name = "test_register3"
with session_scope() as db_session:
try:
user = User()
user.user = user_name
user.argon_password = "******"
user.email = "*****@*****.**"
user.enabled = True
user.confirmed = True
_assert_create_user(db_session, _not_logged_in_client, user)
finally:
# cleans the database
_clean_test_users(db_session, user_name)
def test_create_user_with_used_email(_not_logged_in_client):
user_name = "test_register5"
with session_scope() as db_session:
try:
user = User()
user.user = user_name
user.argon_password = "******"
user.email = "*****@*****.**"
payload = user.as_dict()
payload["confirmation_url"] = "http://phenopolis.org/confirm/"
response = _not_logged_in_client.post(
"/user", json=payload, content_type="application/json")
assert response.status_code == 500
finally:
# cleans the database
_clean_test_users(db_session, user_name)
def test_delete_user(_admin_client):
user_name = "test_register6"
with session_scope() as db_session:
user = User()
user.user = user_name
user.argon_password = "******"
user.email = "*****@*****.**"
_assert_create_user(db_session, _admin_client, user)
# deletes user
response = _admin_client.delete(f"/user/{user_name}",
content_type="application/json")
assert response.status_code == 200
# confirms it does not exist
o_user = db_session.query(User).filter(User.user == user_name).first()
assert o_user is None, "Deletion was not successful"
# try to delete non-existent user
response = _admin_client.delete("/user/not_me",
content_type="application/json")
assert response.status_code == 404
def create_user():
try:
payload = _get_json_payload()
if CONFIRMATION_URL not in payload:
raise PhenopolisException("Please, provide a confirmation URL",
400)
confirmation_url = payload.pop(CONFIRMATION_URL)
new_user = User(**payload)
_check_user_valid(new_user)
# encode password
new_user.argon_password = argon2.hash(new_user.argon_password)
# this is the default, but to avoid a misuse of the API that circumvents user registration it forces these
# two flags to False
new_user.confirmed = False
new_user.enabled = False
try:
# persist users
user_id = new_user.user
with session_scope() as db_session:
db_session.add(new_user)
_add_config_from_admin(db_session, new_user)
# sends confirmation email
_send_confirmation_email(new_user,
confirmation_url=confirmation_url)
response = jsonify(success=True,
message="User was created",
id=user_id)
except Exception as e:
application.logger.exception(e)
response = jsonify(success=False, message=str(e))
response.status_code = 500
except PhenopolisException as e:
application.logger.error(str(e))
response = jsonify(success=False, error=str(e))
response.status_code = e.http_status
return response