def update(route, test_value, update_value):
client.put(f'{route}/1',
headers=valid_token,
json=update_value,
expected_statuses=[204])
test_value.update(update_value)
value_equals(route, test_value)
def test_put_bad_json(client, url):
prepopulate()
# invalid json
response = client.put(f'{url}/1', headers=valid_token, json=1, as_response=True)
assert response.status_code == 400
# invalid key
response = client.put(f'{url}/1', headers=valid_token, json={'invalid':'invalid'}, as_response=True)
assert response.status_code == 404
delete_all()
def test_not_admin(client, not_admin):
auth_header = {'Authorization': not_admin}
response = client.post(test_url,
headers=auth_header,
json=valid_data,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Invalid JWT Credentials' in response.json['description']
response = client.put(f'{test_url}/1',
headers=auth_header,
json={'color': 'purple'},
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Invalid JWT Credentials' in response.json['description']
response = client.delete(f'{test_url}/1',
headers=auth_header,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Invalid JWT Credentials' in response.json['description']
def test_expired_token(client, expired_token):
auth_header = {'Authorization': expired_token}
response = client.post(test_url,
headers=auth_header,
json=valid_data,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Error Decoding Token' in response.json['description']
response = client.put(f'{test_url}/1',
headers=auth_header,
json={'color': 'purple'},
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Error Decoding Token' in response.json['description']
response = client.delete(f'{test_url}/1',
headers=auth_header,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Error Decoding Token' in response.json['description']
def test_missing_other_token_fields(client, bad_token):
# this test is for if any fields in the token
# that are NOT checked by PyJWT are missing
# ex: 'sub', 'user'
auth_header = {'Authorization': create_token(bad_token)}
response = client.post(test_url,
headers=auth_header,
json=valid_data,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert response.json['description'] == 'Invalid JWT Credentials'
response = client.put(f'{test_url}/1',
headers=auth_header,
json={'color': 'purple'},
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert response.json['description'] == 'Invalid JWT Credentials'
response = client.delete(f'{test_url}/1',
headers=auth_header,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert response.json['description'] == 'Invalid JWT Credentials'
def test_missing_required_token_fields(client, bad_token):
# this test is for if any fields in the token
# that are automatically checked by PyJWT are missing
# ex: 'exp', 'iat', 'nbf'
auth_header = {'Authorization': bad_token}
missing_claim = re.compile(
'Error Decoding Token: Token is missing the "(\w+)" claim')
response = client.post(test_url,
headers=auth_header,
json=valid_data,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert missing_claim.match(response.json['description'])
response = client.put(f'{test_url}/1',
headers=auth_header,
json={'color': 'purple'},
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert missing_claim.match(response.json['description'])
response = client.delete(f'{test_url}/1',
headers=auth_header,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert missing_claim.match(response.json['description'])
def test_methods_without_params(client, url):
prepopulate()
response = client.put(f'{url}/1', headers=valid_token, as_response=True)
assert response.status_code == 400
response = client.post(url, headers=valid_token, as_response=True)
assert response.status_code == 400
def test_put_unknown_foreign_key(client):
prepopulate()
potion_exists = client.get('/v1/potions/1', as_response=True)
assert potion_exists.status_code == 200
response = client.put('/v1/potions/1', headers=valid_token, json={'potency_id':9000, 'type_id':9000}, as_response=True)
assert response.status_code == 404
delete_all()
def test_invalid_value_type(client, url, bad_value):
prepopulate()
response = client.put(f'{url}/1', headers=valid_token, json=bad_value, as_response=True)
assert response.status_code in [400,404]
response = client.post(url, headers=valid_token, json=bad_value, as_response=True)
assert response.status_code in [400,404]
delete_all()
def test_put_multiple(client):
# an error in a previous version of the update code in base.py
# would cause all items to be updated instead of only the item
# with the given id
prepopulate()
resp = client.get(POTION_TYPE)
assert len(resp['results']) == 3
client.put(f'{POTION_TYPE}/1',
headers=valid_token,
json={'color': 'purple'})
resp = client.get(POTION_TYPE)
assert len(resp['results']) == 3
colors = set(r['color'] for r in resp['results'])
assert set(['purple', 'blue', 'green']) == colors
delete_all()
def test_no_token(client, header):
response = client.post(test_url,
headers=header,
json=valid_data,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Missing Authorization Header' in response.json['description']
response = client.put(f'{test_url}/1',
headers=header,
json={'color': 'purple'},
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Missing Authorization Header' in response.json['description']
response = client.delete(f'{test_url}/1', headers=header, as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Missing Authorization Header' in response.json['description']
def test_invalid_token_format(client, bad_token):
bad_token = {'Authorization': bad_token}
response = client.post(test_url,
headers=bad_token,
json=valid_data,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Invalid Authorization Header' in response.json['description']
response = client.put(f'{test_url}/1',
headers=bad_token,
json={'color': 'purple'},
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Invalid Authorization Header' in response.json['description']
response = client.delete(f'{test_url}/1',
headers=bad_token,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Invalid Authorization Header' in response.json['description']
def test_put_all(client, url):
response = client.put(url, headers=valid_token, json={'invalid':'invalid'}, as_response=True)
assert response.status_code == 405