def post(cls):
"""Post method"""
user_data = user_schema.load(request.get_json())
if UserModel.find_by_username(user_data.username):
return {
"message": "A user with that username already exists."
}, 400
user_data.password = generate_password_hash(user_data.password)
user_data.is_admin = False
user_data.is_staff = False
try:
user_data.save_to_db()
user = UserModel.find_by_username(user_data.username)
user_profile = UserProfileModel(user_id=user.id)
user_profile.save_to_db()
expires = datetime.timedelta(days=1)
access_token = create_access_token(identity=user.id,
fresh=True,
expires_delta=expires)
except:
return {"message": "An error occurred creating the user."}, 500
return (
{
"message": "User created successfully.",
"access_token": access_token,
"username": user.username,
"user": user.id,
},
201,
)
def post(cls):
"""Register a user"""
claims = get_jwt_claims()
if not claims["is_admin"]:
return (
{
"message": "You don't have permission to perform this action."
},
403,
)
user_data = user_schema.load(request.get_json())
if UserModel.find_by_username(user_data.username):
return {"message": "A user with that username already exists."}, 400
user_data.password = generate_password_hash(user_data.password)
try:
user_data.save_to_db()
user = UserModel.find_by_username(user_data.username)
user_profile = UserProfileModel(user_id=user.id)
user_profile.save_to_db()
except:
return {"message": "An error occurred creating the user."}, 500
return {"message": "User created successfully."}, 201
def test_user_is_saved_in_db(self):
"""Test if the user has been successfully saved in the database"""
user = UserModel(username="******", password="******")
user.save_to_db()
found_user = UserModel.find_by_username("test")
self.assertIsNotNone(found_user)
def test_userprofile_is_saved_in_db(self):
"""Test if the user profile has been successfully saved in the database
after creating a new user"""
user = UserModel(username="******", password="******")
user.save_to_db()
userprofile = UserProfileModel(user_id=user.id)
userprofile.save_to_db()
found_userprofile = UserProfileModel.find_by_username(user.username)
self.assertIsNotNone(found_userprofile)
def create_admin(self):
"""Create a user model and a user profile model
and save them to the database"""
with app.app_context():
hashed_pass = generate_password_hash(self.password)
user = UserModel(
username=self.username,
password=hashed_pass,
is_admin=True,
is_staff=True,
)
user.save_to_db()
user_profile = UserProfileModel(user_id=user.id)
user_profile.save_to_db()
def put(cls, user_id):
"""Change username, password or promote the user
to be the admin or staff"""
claims = get_jwt_claims()
if not claims["is_admin"]:
return (
{
"message": "You don't have permission to perform this action."
},
403,
)
user = UserModel.find_by_id(user_id)
if not user:
return {"message": "User not found."}, 404
user_data = user_schema.load(request.get_json())
user.username = user_data.username
user.password = generate_password_hash(user_data.password)
user.is_staff = user_data.is_staff
user.is_admin = user.is_admin
try:
user.save_to_db()
except:
return (
{"message": "An error has occurred updating the user profile."},
500,
)
return user_schema.dump(user), 200
def __then_user_object_is_saved_in_db(self):
user = UserModel.find_all()[-1]
is_password_correct = check_password_hash(user.password,
self.data["password"])
self.assertEqual(user.username, self.data["username"])
self.assertTrue(is_password_correct)
def test_user_is_deleted_from_db(self):
"""Test if the user has been successfully deleted from the database"""
user = self._create_sample_user("test")
user.delete_from_db()
found_user = UserModel.find_by_username("test")
self.assertIsNone(found_user)
def test_find_all(self):
"""Test if all the users which exist in the database are returned"""
user1 = self._create_sample_user("test1")
user2 = self._create_sample_user("user2")
found_users = UserModel.find_all()
self.assertIn(user1, found_users)
self.assertIn(user2, found_users)
def test_does_not_register_user_if_already_exists(self):
users_number = len(UserModel.find_all())
self.__given_test_user_is_created()
self.__given_existing_data_is_prepared()
self.__when_post_request_is_sent("register", self.data)
self.__then_status_code_is_400_bad_request()
self.__then_no_new_user_is_registered(users_number)
def get(cls):
"""Get method"""
return (
{
"users":
[user_schema.dump(user) for user in UserModel.find_all()]
},
200,
)
def test_delete_method_deletes_user_from_db(self):
"""Test if delete method deletes the user from the database"""
self.client.delete(
path=f"admin/users/{self.user.id}",
headers={
"Content-Type": "application/json",
"Authorization": f"Bearer {self.admin_access_token}",
},
)
training = UserModel.find_by_id(self.user.id)
self.assertIsNone(training)
def get(cls, user_id):
"""Get the user"""
claims = get_jwt_claims()
if not claims["is_admin"]:
return (
{
"message": "You don't have permission to perform this action."
},
403,
)
user = UserModel.find_by_id(user_id)
if not user:
return {"message": "User not found."}, 404
return user_schema.dump(user), 200
def test_post_data_in_db(self):
"""Test if the user is saved in the database
after signing them up by the admin"""
data = {"username": "******", "password": "******"}
self.client.post(
path="admin/users/",
headers={
"Content-Type": "application/json",
"Authorization": f"Bearer {self.admin_access_token}",
},
data=json.dumps(data),
)
user = UserModel.find_by_username(data["username"])
self.assertIsNotNone(user)
def test_get_users_data(self):
"""Test if the correct data is returned
if the logged in user is the admin"""
self._create_sample_user()
response = self.client.get(
path="admin/users/",
headers={
"Content-Type": "application/json",
"Authorization": f"Bearer {self.admin_access_token}",
},
)
users_data = user_list_schema.dump(UserModel.find_all())
self.assertEqual(len(response.json["users"]), 2)
self.assertEqual(users_data, response.json["users"])
def delete(cls, user_id: int):
"""Delete method"""
current_user_id = get_jwt_identity()
user = UserModel.find_by_id(user_id)
if not user:
return {"message": "User not found."}, 404
if current_user_id != user_id:
return (
{
"message":
"You don't have permission to perform this action."
},
403,
)
user_profile = UserProfileModel.find_by_user_id(user_id)
user_profile.delete_from_db()
user.delete_from_db()
return {"message": "User deleted."}, 200
def delete(cls, user_id):
"""Delete the user"""
claims = get_jwt_claims()
if not claims["is_admin"]:
return (
{
"message": "You don't have permission to perform this action."
},
403,
)
user = UserModel.find_by_id(user_id)
if not user:
return {"message": "User not found."}, 404
user_profile = UserProfileModel.find_by_user_id(user_id)
user_profile.delete_from_db()
user.delete_from_db()
return {"message": "User deleted."}, 200
def post(cls):
"""Post method"""
current_user_id = get_jwt_identity()
user = UserModel.find_by_id(current_user_id)
json_data = change_password_schema.load(request.get_json())
if check_password_hash(user.password, json_data["old_password"]):
user.password = generate_password_hash(json_data["new_password"])
try:
user.save_to_db()
except:
return (
{
"message": "An error has occurred updating the user."
},
500,
)
return {"message": "Your password has been changed."}, 201
return {"message": "Invalid credentials."}, 401
def get(cls):
"""Get the user list"""
claims = get_jwt_claims()
if not claims["is_admin"]:
return (
{
"message": "You don't have permission to perform this action."
},
403,
)
return (
{
"users": [
user_schema.dump(user) for user in UserModel.find_all()
]
},
200,
)
def post(cls):
"""Post method"""
user_data = user_schema.load(request.get_json())
user = UserModel.find_by_username(user_data.username)
if user and check_password_hash(user.password, user_data.password):
expires = datetime.timedelta(days=1)
access_token = create_access_token(identity=user.id,
fresh=True,
expires_delta=expires)
return (
{
"message": "User logged in successfully.",
"access_token": access_token,
"username": user.username,
"user": user.id,
},
200,
)
return {"message": "Invalid credentials."}, 401
def __then_no_new_user_is_registered(self, previous_number):
new_users_number = len(UserModel.find_all())
self.assertNotEqual(new_users_number, previous_number)
def test_find_all_no_users(self):
"""Test if an empty list is returned
if there are no users in the database"""
found_users = UserModel.find_all()
self.assertEqual(found_users, [])
def test_find_by_id_no_user(self):
"""Test if None is returned
if the user with the given id doesn't exist"""
found_user = UserModel.find_by_id(1)
self.assertIsNone(found_user)
def test_find_by_id(self):
"""Test if the user is found"""
user = self._create_sample_user("test")
found_user = UserModel.find_by_id(user.id)
self.assertEqual(user, found_user)
def test_find_by_username_no_user(self):
"""Test if None is returned
if the user with the given username doesn't exist"""
found_user = UserModel.find_by_username("test")
self.assertIsNone(found_user)
def test_find_by_username(self):
"""Test if the user is found"""
user = self._create_sample_user("test")
found_user = UserModel.find_by_username("test")
self.assertEqual(found_user, user)
def __then_user_object_is_deleted(self):
user = UserModel.find_by_id(self.user.id)
self.assertIsNone(user)
def add_claims_to_jwt(identity):
"""Add claims to JWT token"""
user = UserModel.find_by_id(identity)
if user.is_admin:
return {"is_admin": True}
return {"is_admin": False}
def get(cls, user_id: int):
"""Get method"""
user = UserModel.find_by_id(user_id)
if user:
return user_schema.dump(user), 200
return {"message": "User not found"}, 404
def get(cls):
# refactor later:
users_number = len(UserModel.find_all())
return {"users_number": users_number}, 200