def test_user_detail_no_user_administrator(client):
create_user()
create_user(username="******", role=2, no_role=True)
header = get_access_token_header(username="******")
resp = client.get("auth/users/adminis/", headers=header)
assert resp.status == BADPARAMETER and resp.get_json(
)['msg'] == NO_USER_FOUND
def test_user_detail_reporter(client):
create_user()
create_user(username="******", role=2, no_role=True)
create_user(username="******", role=3, no_role=True)
header = get_access_token_header(username="******")
resp = client.get("auth/users/testadmin/", headers=header)
assert resp.status == FORBIDDEN and resp.get_json()['msg'] == ADMINS_ONLY
def test_user_detail_administrator_view_admin(client):
create_user()
create_user(username="******", role=2, no_role=True)
header = get_access_token_header(username="******")
resp = client.get("auth/users/admin/", headers=header)
assert resp.status == FORBIDDEN and resp.get_json(
)['msg'] == INSUFFICIENT_CREDENTIALS
def test_user_list_admin_role(client):
create_user(username="******", role=2, no_role=True)
create_user(username="******", role=3)
header = get_access_token_header(username="******")
resp = client.get("auth/users/", headers=header)
result = resp.get_json()
assert resp.status == OK and len(result['data']) == 1 and \
not (any(x for x in result['data'] if x['username'] == 'admin'))
def test_edit_user_change_role(client):
header = get_access_token_header()
create_user(username="******", role=2, no_role=True)
resp = client.put("auth/users/tester/",
headers=header,
json={"role": "Reporter"})
header = get_access_token_header(username="******")
result = client.get("auth/users/me/", headers=header)
assert resp.status == INSERTED and result.get_json()['role'] == "Reporter"
def test_edit_user_change_pass_force_password(client):
create_user(username="******",
password="******",
password_change=True,
role=2)
header = get_access_token_header(username="******")
data = {
"password": "******",
"confirm_password": "******",
"current_password": "******"
}
resp = client.put("auth/users/tester/", headers=header, json=data)
result = client.get("auth/users/me/", headers=header)
assert resp.status == INSERTED and result.get_json(
)['force_password_change'] == False
def test_simple_json_fetch():
response = client.get('/json_data')
assert response.is_json
assert response.json['test'] == 'data'
def test_user_list_not_admin(client):
create_user(username="******", role=2, no_role=True)
create_user(username="******", role=3)
header = get_access_token_header(username="******")
resp = client.get("auth/users/", headers=header)
assert resp.status == OK and len(resp.get_json()['data']) == 1
def test_user_list_not_authenticated(client):
assert client.get("auth/users/").status == UNAUTHORIZED
def test_self_detail(client):
header = get_access_token_header()
resp = client.get("auth/users/me/", headers=header)
assert resp.status == OK and resp.get_json()['username'] == "admin"
def test_self_detail_no_user(client):
header = get_access_token_header(username="******")
resp = client.get("auth/users/me/", headers=header)
assert resp.status == NO_CONTENT
def test_user_detail_user_superuser(client):
header = get_access_token_header()
resp = client.get("auth/users/admin/", headers=header)
assert resp.status == OK
def test_user_detail_user_superuser_view_others(client):
header = get_access_token_header()
create_user(username="******", no_role=True)
resp = client.get("auth/users/testadmin/", headers=header)
assert resp.status == OK
def test_user_detail_no_user_superuser(client):
header = get_access_token_header()
resp = client.get("auth/users/adminis/", headers=header)
assert resp.status == BADPARAMETER and resp.get_json(
)['msg'] == NO_USER_FOUND
