def test_delete_user(self): with self.app.app_context(): user = UsersModel("test4", "*****@*****.**") user.hash_password("test4") user.save_to_db() res = self.client.post("/api/login", data={"email": "*****@*****.**", "password": "******"}) self.assertEqual(200, res.status_code) token = json.loads(res.data)["token"] res = self.client.delete("/api/user/[email protected]", headers={ "Authorization": 'Basic ' + base64.b64encode((token + ":").encode('ascii')).decode('ascii') }) # veiem que s'esborra correctament self.assertEqual(200, res.status_code) res = self.client.get("/api/users") self.assertEqual(200, res.status_code) self.assertEqual(None, json.loads(res.data)["users"]) # tornem a crear un usuari amb les mateixes dades i ens deixa user = UsersModel("test4", "*****@*****.**") user.hash_password("test4") user.save_to_db() res = self.client.post("/api/login", data={"email": "*****@*****.**", "password": "******"}) self.assertEqual(200, res.status_code)
def basic_setup(self): self.user = UsersModel("test", "*****@*****.**", role=Roles.Admin) self.user.hash_password("test") self.user.save_to_db() self.user2 = UsersModel("test2", "*****@*****.**", role=Roles.User) self.user2.hash_password("test2") self.user2.save_to_db() self.book = BooksModel(1, 100, 1, "book1") self.book.save_to_db() self.book2 = BooksModel(2, 50, 13.1, "book2") self.book2.save_to_db() res = self.client.post("/api/login", data={ "email": self.user.email, "password": "******" }) self.token = json.loads(res.data)["token"] res = self.client.post("/api/login", data={ "email": self.user2.email, "password": "******" }) self.token2 = json.loads(res.data)["token"]
def test_add_same_email(self): with self.app.app_context(): to_add = UsersModel('test', '*****@*****.**') to_add.hash_password('password') UsersModel.save_to_db(to_add) to_add = UsersModel('test_not_same', '*****@*****.**') to_add.hash_password('password') with self.assertRaises(Exception): UsersModel.save_to_db(to_add)
def post(self): data = parse_user() check_constraints_user(data) with lock: user = UsersModel.find_by_username(data["username"]) if user: return { "message": f"An user with same username {data['username']} already exists" }, 409 user = UsersModel.find_by_email(data["email"]) if user: return { "message": f"An user with same email {data['email']} already exists" }, 409 password = data.pop("password") try: user = UsersModel(**data) user.hash_password(password) user.save_to_db() verify = VerifyModel(user.id) verify.save_to_db() verify.send_email(user.email, request.url_root) except Exception as e: return {"message": str(e)}, 500 return user.json(), 201
def test_get_entry(self): with self.app.app_context(): user = UsersModel("test", "test") user.hash_password("test") user.save_to_db() book = BooksModel(1, 1, 1, "test") book.save_to_db() book2 = BooksModel(2, 1, 1, "test") book2.save_to_db() book3 = BooksModel(3, 1, 1, "test") book3.save_to_db() entry = LibraryModel(book.isbn, user.id, LibraryType.Bought, State.Pending) entry.save_to_db() entry2 = LibraryModel(book2.isbn, user.id, LibraryType.WishList, State.Pending) entry2.save_to_db() entry3 = LibraryModel(book3.isbn, user.id, LibraryType.Bought, State.Reading) entry3.save_to_db() res = self.client.post("api/login", data={"email": user.email, "password": "******"}) token = json.loads(res.data)["token"] res = self.client.get(f"api/userLibrary/{user.email}", headers={ "Authorization": 'Basic ' + base64.b64encode((token + ":").encode('ascii')).decode('ascii') }) self.assertEqual(200, res.status_code) expectedRes = list(map(lambda e: e.json(), [entry, entry3])) self.assertEqual(expectedRes, json.loads(res.data)["library"])
def test_add(self): with self.app.app_context(): to_add = UsersModel('test', '*****@*****.**') to_add.hash_password('password') UsersModel.save_to_db(to_add) self.assertEqual( UsersModel.find_by_username('test').username, to_add.username)
def test_library_visibility_modification_other_user(self): with self.app.app_context(): self.basic_setup() user2 = UsersModel("test2", "test2") user2.hash_password("test2") user2.save_to_db() library = self.entry = LibraryModel(self.book.isbn, user2.id, LibraryType.Bought) library.save_to_db() res = self.client.delete( f"api/library/{user2.email}/visibility/{self.book.isbn}", headers={ "Authorization": 'Basic ' + base64.b64encode( (self.token + ":").encode('ascii')).decode('ascii') }) self.assertEqual(401, res.status_code) # Checks visibility doesn't change self.assertEqual( self.entry.visible, LibraryModel.find_by_id_and_isbn(self.user.id, self.book.isbn).visible)
def test_get_all_transactions_no_admin(self): with self.app.app_context(): user = UsersModel("test", "*****@*****.**", role=Roles.User) user.hash_password("test") user.save_to_db() res = self.client.post("/api/login", data={ "email": user.email, "password": "******" }) token = json.loads(res.data)["token"] book = BooksModel(1, 1, 1, "book1") book.save_to_db() book2 = BooksModel(2, 2, 13.1, "book2") book2.save_to_db() isbns = [book.isbn, book2.isbn] prices = [book.precio, book2.precio] quantities = [1, 1] TransactionsModel.save_transaction(user.id, isbns, prices, quantities) res = self.client.get( "/api/allTransactions", headers={ "Authorization": 'Basic ' + base64.b64encode( (token + ":").encode('ascii')).decode('ascii') }) self.assertEqual(403, res.status_code)
def test_library_visibility_modification_other_user(self): with self.app.app_context(): self.basic_setup() user2 = UsersModel("test2", "test2") user2.hash_password("test2") user2.save_to_db() library = self.entry = LibraryModel(self.book.isbn, user2.id, LibraryType.Bought) library.save_to_db() new_data = { "state": State.Finished.name, "library_type": LibraryType.WishList.name } res = self.client.put( f"/api/library/{user2.email}/{self.book.isbn}", data=new_data, headers={ "Authorization": 'Basic ' + base64.b64encode( (self.token + ":").encode('ascii')).decode('ascii') }) self.assertEqual(401, res.status_code) self.assertEqual( self.entry.state, LibraryModel.find_by_id_and_isbn(self.user.id, self.book.isbn).state) self.assertEqual( self.entry.library_type, LibraryModel.find_by_id_and_isbn(self.user.id, self.book.isbn).library_type)
def user_loader(username, password): print(username, password) Users = UsersModel() logged_user = Users.authenticate(username, password) if logged_user: return {'username': logged_user['name']} else: return None
def admin_setup(self): password = "******" self.admin = UsersModel("admin", "*****@*****.**", Roles.Admin) self.admin.hash_password(password) self.admin.save_to_db() res = self.client.post("/api/login", data={"email": self.admin.email, "password": password}) self.token = json.loads(res.data)["token"]
def test_post_entry_without_login(self): with self.app.app_context(): user = UsersModel("test", "test") user.hash_password("test2") user.save_to_db() res = self.client.post(f"api/library/{user.email}") self.assertEqual(401, res.status_code)
def test_modify_without_login(self): with self.app.app_context(): user = UsersModel("test", "*****@*****.**") user.hash_password("test") user.save_to_db() data_new = {'username': '******', 'password': '******'} res = self.client.put(f"/api/user/{user.email}", data=data_new) self.assertEqual(401, res.status_code)
def test_get_invalid_validation(self): with self.app.app_context(): user = UsersModel("test2", "test2") user.hash_password("test2") user.save_to_db() res = self.client.get(f"/api/recovery/fails") self.assertEqual(404, res.status_code) self.assertEqual("Password Recovery with ['key':fails] is invalid", json.loads(res.data)["message"])
def test_put_recovery_not_requested(self): with self.app.app_context(): user = UsersModel("test", "test") user.hash_password("test") user.save_to_db() new_password = "******" res = self.client.put(f"/api/recovery/notImportant", data={"new_password": new_password}) self.assertEqual(403, res.status_code)
def basic_setup(self): password = "******" self.admin = UsersModel("admin", "admin", Roles.Admin) self.admin.hash_password(password) self.admin.save_to_db() self.user = UsersModel("test", "test") self.user.hash_password("test") self.user.save_to_db() self.book = BooksModel(2, 2, 2, "test") self.book.save_to_db() res = self.client.post("/api/login", data={ "email": self.admin.email, "password": password }) self.token = json.loads(res.data)["token"]
def test_get_users(self): with self.app.app_context(): user = UsersModel("test5", "*****@*****.**") user.hash_password("test5") user.save_to_db() res = self.client.get("/api/users") self.assertEqual(200, res.status_code) list_users = list(map(lambda u: u.json(), UsersModel.query.all())) self.assertEqual(list_users, json.loads(res.data)["users"])
def test_delete_but_keep(self): with self.app.app_context(): to_add = UsersModel('test', '*****@*****.**') to_add.hash_password('password') UsersModel.save_to_db(to_add) UsersModel.delete_from_db(UsersModel.find_by_username('test')) keeps = len( UsersModel.query.filter_by(username='******', state=False).all()) self.assertNotEqual(keeps, 0)
def basic_setup(self): self.user = UsersModel("test123", "*****@*****.**") self.user.hash_password("Test1234") self.user.save_to_db() res = self.client.post("/api/login", data={ "email": self.user.email, "password": "******" }) self.token = json.loads(res.data)["token"]
def test_post_recovery(self): with self.app.app_context(), mail.record_messages() as outbox: user = UsersModel("test", "*****@*****.**") user.hash_password("test") user.save_to_db() res = self.client.post(f"/api/recovery", data={"email": user.email}) self.assertEqual(201, res.status_code) self.assertEqual(1, len(outbox)) self.assertEqual(user.json(), json.loads(res.data)["user"])
def test_get_user(self): with self.app.app_context(): user = UsersModel("test", "*****@*****.**") user.hash_password("test") user.save_to_db() res = self.client.get("/api/user/[email protected]") self.assertEqual(200, res.status_code) self.assertEqual(user.json(), json.loads(res.data)["user"]) res = self.client.get("/api/user/doesntexist") self.assertEqual(404, res.status_code)
def test_get_validation(self): with self.app.app_context(): user = UsersModel("test", "test") user.hash_password("test") user.save_to_db() recovery = PasswordRecoveryModel(user.id) recovery.save_to_db() res = self.client.get(f"/api/recovery/{recovery.key}") self.assertEqual(200, res.status_code) self.assertEqual(recovery.json(), json.loads(res.data)["recovery"])
def test_get_entry_invalid_parameter(self): with self.app.app_context(): user = UsersModel("test", "test") user.hash_password("test4") user.save_to_db() res = self.client.post("api/login", data={"email": user.email, "password": "******"}) token = json.loads(res.data)["token"] res = self.client.get(f"api/userLibrary/{user.email}", data={"library_type": "Potato"}, headers={ "Authorization": 'Basic ' + base64.b64encode((token + ":").encode('ascii')).decode('ascii') }) self.assertEqual(409, res.status_code)
def test_put_recovery_expired(self): with self.app.app_context(): user = UsersModel("test", "test") user.hash_password("test") user.save_to_db() recovery = PasswordRecoveryModel(user.id) recovery.time -= 2 * PasswordRecoveryModel.VALID_UNTIL recovery.save_to_db() new_password = "******" res = self.client.put(f"/api/recovery/{recovery.key}", data={"new_password": new_password}) self.assertEqual(403, res.status_code)
def basic_setup(self): self.user = UsersModel("test", "*****@*****.**") self.user.hash_password("test") self.user.save_to_db() self.book = BooksModel(1, 1, 1, "book1") self.book.save_to_db() res = self.client.post("/api/login", data={ "email": self.user.email, "password": "******" }) self.token = json.loads(res.data)["token"]
def test_put_recovery(self): with self.app.app_context(): user = UsersModel("test", "test") user.hash_password("test") user.save_to_db() recovery = PasswordRecoveryModel(user.id) recovery.save_to_db() new_password = "******" res = self.client.put(f"/api/recovery/{recovery.key}", data={"new_password": new_password}) self.assertEqual(200, res.status_code) self.assertEqual(user.json(), json.loads(res.data)["user"]) self.assertTrue(user.check_password(new_password))
def test_login_user(self): with self.app.app_context(): user = UsersModel("test3", "*****@*****.**") user.hash_password("test3") user.save_to_db() res = self.client.post("/api/login", data={ "email": "*****@*****.**", "password": "******" }) self.assertEqual(200, res.status_code) self.assertEqual( user, UsersModel.verify_auth_token(json.loads(res.data)["token"]))
def test_get_transactions_without_login(self): with self.app.app_context(): user = UsersModel('test', '*****@*****.**') user.hash_password('test') UsersModel.save_to_db(user) book = BooksModel(1, 1, 1.0, "titulo") book.save_to_db() # no login dataTransaction = {} res = self.client.post("/api/transaction", data=dataTransaction) self.assertEqual(401, res.status_code)
class UsersController: users_model = UsersModel() def __init__(self, jsonify, abort): self.jsonify = jsonify self.abort = abort def get(self, user_id): try: user = self.users_model.get(user_id) return self.jsonify(user) except: self.abort(500, 'Server error') def get_all(self): try: users = self.users_model.get_all() return self.jsonify(users) except: self.abort(500, 'Server error') def create(self, data): try: user = self.users_model.create(data) return self.jsonify(user) except: self.abort(500, 'Server error') def delete(self, user_id): try: user = self.users_model.delete(user_id) return self.jsonify(user) except: self.abort(500, 'Server error') def delete_all(self): try: self.users_model.delete_all() return self.jsonify({'message': 'success'}) except: self.abort(500, 'Server error') def update(self, data, user_id): try: user = self.users_model.update(data, user_id) return self.jsonify(user) except: self.abort(500, 'Server error')
def test_recovery_mail(self): with self.app.app_context(), mail.record_messages() as outbox: user = UsersModel("test", "*****@*****.**") user.hash_password("test") user.save_to_db() recovery = PasswordRecoveryModel(user.id) recovery.save_to_db() root = "http://test.com/" recovery.send_email(user.email, root) self.assertEqual(1, len(outbox)) self.assertEqual("Password recovery", outbox[0].subject) self.assertEqual(user.email, outbox[0].recipients[0]) self.assertTrue( f"http://test.com/reset?key={recovery.key}" in outbox[0].body)