예제 #1
0
def test_delete_all_helper(client):
    # starts empty
    resp = client.get(POTION_TYPE, as_response=True)
    assert resp.status_code == 200
    if resp.json['results']:
        delete_all()
        resp = client.get(POTION_TYPE, as_response=True)
        assert resp.status_code == 200

    assert resp.json['results'] == EMPTY

    # add some potions
    client.post(POTION_TYPE,
                headers=valid_token,
                json=[{
                    'related_stat': 'Health',
                    'color': 'red'
                }, {
                    'related_stat': 'Mana',
                    'color': 'blue'
                }])
    resp = client.get(POTION_TYPE, as_response=True)
    assert resp.status_code == 200
    assert len(resp.json['results']) == 2

    # use helper to delete from DB
    delete_all()

    # immediately run get again, should be empty
    resp = client.get(POTION_TYPE, as_response=True)
    assert resp.status_code == 200
    assert resp.json['results'] == EMPTY
def test_post_bad_json(client, url):
    response = client.post(url, headers=valid_token, json=1, as_response=True)
    assert response.status_code == 400
    assert response.json['title'] == 'Invalid Content'

    response = client.post(url, headers=valid_token, json={'invalid':'invalid'}, as_response=True)
    assert response.status_code == 400
    assert response.json['title'] == 'Invalid Content'
예제 #3
0
def test_not_admin(client, not_admin):
    auth_header = {'Authorization': not_admin}

    response = client.post(test_url,
                           headers=auth_header,
                           json=valid_data,
                           as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert 'Invalid JWT Credentials' in response.json['description']

    response = client.put(f'{test_url}/1',
                          headers=auth_header,
                          json={'color': 'purple'},
                          as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert 'Invalid JWT Credentials' in response.json['description']

    response = client.delete(f'{test_url}/1',
                             headers=auth_header,
                             as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert 'Invalid JWT Credentials' in response.json['description']
예제 #4
0
def test_expired_token(client, expired_token):
    auth_header = {'Authorization': expired_token}

    response = client.post(test_url,
                           headers=auth_header,
                           json=valid_data,
                           as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert 'Error Decoding Token' in response.json['description']

    response = client.put(f'{test_url}/1',
                          headers=auth_header,
                          json={'color': 'purple'},
                          as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert 'Error Decoding Token' in response.json['description']

    response = client.delete(f'{test_url}/1',
                             headers=auth_header,
                             as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert 'Error Decoding Token' in response.json['description']
예제 #5
0
def test_missing_other_token_fields(client, bad_token):
    # this test is for if any fields in the token
    # that are NOT checked by PyJWT are missing
    #   ex: 'sub', 'user'
    auth_header = {'Authorization': create_token(bad_token)}

    response = client.post(test_url,
                           headers=auth_header,
                           json=valid_data,
                           as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert response.json['description'] == 'Invalid JWT Credentials'

    response = client.put(f'{test_url}/1',
                          headers=auth_header,
                          json={'color': 'purple'},
                          as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert response.json['description'] == 'Invalid JWT Credentials'

    response = client.delete(f'{test_url}/1',
                             headers=auth_header,
                             as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert response.json['description'] == 'Invalid JWT Credentials'
예제 #6
0
def test_missing_required_token_fields(client, bad_token):
    # this test is for if any fields in the token
    # that are automatically checked by PyJWT are missing
    #   ex: 'exp', 'iat', 'nbf'
    auth_header = {'Authorization': bad_token}
    missing_claim = re.compile(
        'Error Decoding Token: Token is missing the "(\w+)" claim')

    response = client.post(test_url,
                           headers=auth_header,
                           json=valid_data,
                           as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert missing_claim.match(response.json['description'])

    response = client.put(f'{test_url}/1',
                          headers=auth_header,
                          json={'color': 'purple'},
                          as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert missing_claim.match(response.json['description'])

    response = client.delete(f'{test_url}/1',
                             headers=auth_header,
                             as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert missing_claim.match(response.json['description'])
def test_potion_type_duplicate_color(client):
    prepopulate()

    response = client.post('/v1/potions/types', headers=valid_token, json={'related_stat':'sleep', 'color':'red'}, as_response=True)
    assert response.status_code == 400

    delete_all()
def test_methods_without_params(client, url):
    prepopulate()

    response = client.put(f'{url}/1', headers=valid_token, as_response=True)
    assert response.status_code == 400

    response = client.post(url, headers=valid_token, as_response=True)
    assert response.status_code == 400
예제 #9
0
def test_valid_auth_token(client):
    delete_all()
    response = client.post(
        test_url,
        headers={'Authorization': create_token(token, adjust_times=True)},
        json=valid_data,
        as_response=True)
    assert response.status_code == 201
    delete_all()
예제 #10
0
def test_bearer_case_insensitive(client, bearer_case):
    delete_all()
    token_value = create_token(token,
                               adjust_times=True)[7:]  # removes 'Bearer '
    response = client.post(
        test_url,
        headers={'Authorization': f'{bearer_case} {token_value}'},
        json=valid_data,
        as_response=True)
    assert response.status_code == 201
def test_invalid_value_type(client, url, bad_value):
    prepopulate()

    response = client.put(f'{url}/1', headers=valid_token, json=bad_value, as_response=True)
    assert response.status_code in [400,404]

    response = client.post(url, headers=valid_token, json=bad_value, as_response=True)
    assert response.status_code in [400,404]

    delete_all()
예제 #12
0
def test_no_token(client, header):
    response = client.post(test_url,
                           headers=header,
                           json=valid_data,
                           as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert 'Missing Authorization Header' in response.json['description']

    response = client.put(f'{test_url}/1',
                          headers=header,
                          json={'color': 'purple'},
                          as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert 'Missing Authorization Header' in response.json['description']

    response = client.delete(f'{test_url}/1', headers=header, as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert 'Missing Authorization Header' in response.json['description']
예제 #13
0
def test_invalid_token_format(client, bad_token):
    bad_token = {'Authorization': bad_token}
    response = client.post(test_url,
                           headers=bad_token,
                           json=valid_data,
                           as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert 'Invalid Authorization Header' in response.json['description']

    response = client.put(f'{test_url}/1',
                          headers=bad_token,
                          json={'color': 'purple'},
                          as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert 'Invalid Authorization Header' in response.json['description']

    response = client.delete(f'{test_url}/1',
                             headers=bad_token,
                             as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert 'Invalid Authorization Header' in response.json['description']
예제 #14
0
 def create(route, test_value):
     response = client.post(route, headers=valid_token, json=test_value)
     test_value.update({'id': 1})
     value_equals(f'{route}/1', test_value)
     assert response['results'][0]['id'] == 1
def test_post_unknown_foreign_key(client):
    prepopulate()
    # can't create a valid potion if the potency/type don't exist!
    response = client.post('/v1/potions', headers=valid_token, json={'potency_id':9000, 'type_id':9000}, as_response=True)
    assert response.status_code == 400
def test_post_to_id(client, url):
    response = client.post(f'{url}/1', headers=valid_token, json={'invalid':'invalid'}, as_response=True)
    assert response.status_code == 405