def test_get_project_fail(temp_app, temp_db):
'''Tests various failure cases when getting a project'''
# Tests trying to get nonexistent project
login_res = login_mackland(temp_app)
auth_token = login_res['accessToken']
res = get_project(0, auth_token, temp_app)
res_data = json.loads(res.data)
assert res.status_code == 400
assert res_data['error'] == 'Project does not exist'
# Tests trying to get a project created by a different user
res = get_project(1, auth_token, temp_app)
res_data = json.loads(res.data)
assert res.status_code == 403
assert res_data['error'] == 'Forbidden: project belongs to another user'
# Tests trying to get a project with no auth header
res = temp_app.get('/project/1')
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'No authentication provided'
# Tests trying to get a project with no auth token
res = temp_app.get('/project/1', headers=dict(Authorization='Bearer '))
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'No authentication provided'
# Tests trying to get a project with an expired token
token = generate_expired_token('access',
temp_app.application.config['SECRET_KEY'])
res = get_project(1, token, temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'Invalid token'
# Tests trying to get a project with a token signed with the wrong key
token = generate_invalid_token('access')
res = get_project(1, token, temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'Invalid token'
# Tests trying to use a refresh token to access projects
token = encode_auth_token('refresh', 1, datetime.timedelta(days=3),
temp_app.application.config['SECRET_KEY'])
res = get_project(1, token.decode(), temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'Invalid token type'
def test_get_shared_project_fail(temp_app, temp_db):
''' Tests various failure cases getting a shared project '''
# get a project that exists, but isn't shared
res = temp_app.get('/project/shared/1')
res_data = json.loads(res.data)
assert res.status_code == 403
assert res_data['error'] == 'Forbidden: Project is private'
# get a project that doesn't exist
res = temp_app.get('/project/shared/100')
res_data = json.loads(res.data)
assert res.status_code == 404
assert res_data['error'] == 'Project does not exist'
def test_get_dog(temp_app, temp_db):
"""Tests to make sure getting a specific dog works."""
res = temp_app.get('/api/dogs/normie')
res_data = json.loads(res.data)
assert res.status_code == 200, 'The response should have a status code of 200 - OK.'
assert isinstance(res_data, dict), 'The data should be a json dict.'
assert '_id' not in res_data
def test_get_nonexistent_dog(temp_app, temp_db):
"""Tests to see if lookup of nonexistent dog fails properly."""
res = temp_app.get('api/dogs/bob')
res_data = json.loads(res.data)
assert res.status_code == 404, 'The response should be 404 -- NOT FOUND'
assert isinstance(res_data, dict), 'The data should be a json dict.'
assert 'error' in res_data
def test_get_dogs(temp_app, temp_db):
"""Tests to make sure getting all dogs works."""
res = temp_app.get('/api/dogs')
res_data = json.loads(res.data)
assert res.status_code == 200, 'The response should have a status code of 200 - OK.'
assert isinstance(res_data, list), 'The data should be a json list.'
assert '_id' not in res_data[0]
def test_get_shared_project(temp_app, temp_db):
''' Tests getting a shared project '''
res = temp_app.get('/project/shared/2')
res_data = json.loads(res.data)
assert res.status_code == 200
assert isinstance(res_data['project'], dict)
assert 'id' not in res_data
assert 'name' not in res_data
def test_get_projects_fail(temp_app, temp_db):
'''Tests getting projects with various failure cases'''
# Tests trying to get projects with no auth header
res = temp_app.get('/projects')
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'No authentication provided'
# Tests trying to get projects with no auth header
res = temp_app.get('/projects', headers=dict(Authorization='Bearer '))
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'No authentication provided'
# Tests trying to get projects with an expired token
token = generate_expired_token('access',
temp_app.application.config['SECRET_KEY'])
res = get_projects(token, temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'Invalid token'
# Tests trying to get projects with a token signed with the wrong key
token = generate_invalid_token('access')
res = get_projects(token, temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'Invalid token'
# Tests trying to use a refresh token to access projects
token = encode_auth_token('refresh', 1, datetime.timedelta(days=3),
temp_app.application.config['SECRET_KEY'])
res = get_projects(token.decode(), temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'Invalid token type'
def test_authenticate_fail(temp_app, temp_db):
'''Tests various failure cases when verifying a jwt'''
# Tests verifying with no auth header
res = temp_app.get('auth/authenticate')
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'No authentication provided'
# Tests verifying with no auth token
res = get_authenticate('', temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'No authentication provided'
# Tests trying to verify with an expired token
auth_token = generate_expired_token(
'refresh', temp_app.application.config['SECRET_KEY'])
res = get_authenticate(auth_token, temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'Invalid token'
# Tests trying to verify with a token signed with the wrong key
auth_token = generate_invalid_token('refresh')
res = get_authenticate(auth_token, temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'Invalid token'
# Tests trying to use an access token to refresh
token = encode_auth_token('access', 1, datetime.timedelta(days=3),
temp_app.application.config['SECRET_KEY'])
res = get_authenticate(token.decode(), temp_app)
res_data = json.loads(res.data)
assert res.status_code == 401
assert res_data['error'] == 'Invalid token type'