def test_delete_without_permissions(app, client): utils = Utils(app, client) public_id = utils.get_public_id() headers = {'Authorization': f'Bearer {utils.generate_access_token()}'} resp = client.delete(f'/api/users/{public_id}', headers=headers) assert resp.status_code == 403 assert json.loads(resp.data.decode()).get('message') == 'Access Denied!'
def test_admin_update_without_data(app, client): utils = Utils(app, client) public_id = utils.get_public_id() headers = { 'Authorization': f'Bearer {utils.generate_admin_access_token()}' } resp = client.put(f'/api/users/{public_id}', headers=headers) assert resp.status_code == 200
def test_admin_update_non_existing_role(app, client): utils = Utils(app, client) public_id = utils.get_public_id() headers = { 'Authorization': f'Bearer {utils.generate_admin_access_token()}' } resp = client.put(f'/api/users/{public_id}', headers=headers, json={'role': 'invalid'}) assert resp.status_code == 400 assert json.loads(resp.data.decode()).get('message') == 'Invalid Role'
def test_admin_update(app, client): utils = Utils(app, client) public_id = utils.get_public_id() data = {'displayName': 'My new display name!'} headers = { 'Authorization': f'Bearer {utils.generate_admin_access_token()}' } resp = client.put(f'/api/users/{public_id}', headers=headers, json=data) assert resp.status_code == 200 assert json.loads(resp.data.decode()).get('data').get( 'displayName') == data.get('displayName')
def test_get(app, client): utils = Utils(app, client) public_id = utils.get_public_id() headers = { 'Authorization': f'Bearer {utils.generate_admin_access_token()}' } resp = client.get(f'/api/users/{public_id}', headers=headers) assert resp.status_code == 200 assert json.loads( resp.data.decode()).get('data').get('email') == '*****@*****.**' assert json.loads( resp.data.decode()).get('data').get('displayName') == 'test' assert not json.loads(resp.data.decode()).get('data').get('2fa')
def test_admin_update_enable_2fa(app, client): utils = Utils(app, client) public_id = utils.get_public_id() headers = { 'Authorization': f'Bearer {utils.generate_admin_access_token()}' } resp = client.put(f'/api/users/{public_id}', headers=headers, json={'totp_enabled': True}) assert resp.status_code == 400 assert json.loads(resp.data.decode()).get( 'message') == 'You are not allowed to enable 2FA.'
def test_admin_update_disable_2fa(app, client): utils = Utils(app, client) utils.enable_2fa() public_id = utils.get_public_id() headers = { 'Authorization': f'Bearer {utils.generate_admin_access_token()}' } # check if 2fa is enabled resp = client.get(f'/api/users/{public_id}', headers=headers) assert json.loads(resp.data.decode()).get('data').get('2fa') # disable 2fa resp = client.put(f'/api/users/{public_id}', headers=headers, json={'totp_enabled': False}) assert resp.status_code == 200 assert not json.loads(resp.data.decode()).get('data').get('2fa')
def test_delete(app, client): utils = Utils(app, client) # create user to delete data = { 'username': '******', 'password': '******', 'email': '*****@*****.**', 'role': 'user' } headers = { 'Authorization': f'Bearer {utils.generate_admin_access_token()}' } resp = client.post('/api/users', headers=headers, json=data) assert resp.status_code == 201 public_id = utils.get_public_id('new_user') resp = client.delete(f'/api/users/{public_id}', headers=headers) assert resp.status_code == 200 assert json.loads( resp.data.decode()).get('data') == 'Successfully deleted user!'