def test_create_user_duplicate_fail(self):
email = "*****@*****.**"
name = "Ima Test",
group_name = "Ima Test Group",
hashed_password = '******'
admin = True
user.create(self.database, email, name, group_name, hashed_password,
admin)
with pytest.raises(psycopg2.errors.UniqueViolation):
user.create(self.database, email, name, group_name,
hashed_password, admin)
def setUp(self):
self.app = expungeservice.create_app('development')
self.client = self.app.test_client()
with self.app.app_context():
expungeservice.request.before()
self.db_cleanup()
user.create(g.database, self.email, self.name, self.group_name,
self.hashed_password, False)
user.create(g.database, self.admin_email, self.admin_name,
self.admin_group_name, self.hashed_admin_password,
True)
expungeservice.request.teardown(None)
def test_is_admin_auth_token(self):
admin_email = 'pytest_admin_user@auth_test.com'
admin_name = 'AuthTest Name'
admin_group_name = 'AuthTest Group Name'
admin_password = '******'
hashed_admin_password = generate_password_hash(admin_password)
with self.app.app_context():
expungeservice.request.before()
user.create(g.database, admin_email, admin_name,
admin_group_name, hashed_admin_password, True)
expungeservice.request.teardown(None)
response = self.generate_auth_token(admin_email, admin_password)
response = self.client.get(
'/api/test/admin_protected',
headers={
'Authorization': 'Bearer {}'.format(
response.get_json()['auth_token'])
})
assert(response.status_code == 200)
def post(self):
"""
Create a new user with provided email, password, and admin flag.
- If required fields are missing in the request, return 400
- Password must be 8 or more characters long. Otherwise return 422
- Email must not already be in use by an existing user.
Otherwise return 422
- If success, return 201 with the new user's email, admin flag,
and creation timestamp.
"""
data = request.get_json()
if data is None:
error(400, "No json data in request body")
# print("data received by Users.post():", data)
check_data_fields(data,
['email', 'name', 'group_name', 'password', 'admin'])
if len(data['password']) < 8:
error(422, 'New password is less than 8 characters long!')
password_hash = generate_password_hash(data['password'])
try:
create_user_result = user.create(g.database,
email=data['email'],
name=data['name'],
group_name=data['group_name'],
password_hash=password_hash,
admin=data['admin'])
except UniqueViolation:
error(422, 'User with that email address already exists')
response_data = {
'email': create_user_result['email'],
'admin': create_user_result['admin'],
'timestamp': create_user_result['date_created'],
}
# user_id is not required by the frontend here so it is not included.
# other endpoints may expose the user_id e.g. for other admin
# user-management operations.
return jsonify(response_data), 201
def post(self):
"""
Create a new user with provided email, password, and admin flag.
- If required fields are missing in the request, return 400
- Password must be 8 or more characters long. Otherwise return 422
- Email must not already be in use by an existing user.
Otherwise return 422
- If success, return 201 with the new user's email, admin flag,
and creation timestamp.
"""
data = request.get_json()
if data is None:
error(400, "No json data in request body")
check_data_fields(data,
["email", "name", "group_name", "password", "admin"])
if len(data["password"]) < 8:
error(422, "New password is less than 8 characters long!")
password_hash = generate_password_hash(data["password"])
try:
create_user_result = user.create(g.database,
email=data["email"],
name=data["name"],
group_name=data["group_name"],
password_hash=password_hash,
admin=data["admin"])
except UniqueViolation:
error(422, "User with that email address already exists")
response_data = {
"user_id": create_user_result["user_id"],
"email": create_user_result["email"],
"admin": create_user_result["admin"],
"name": create_user_result["name"],
"group_name": create_user_result["group_name"],
"timestamp": create_user_result["date_created"]
}
return jsonify(response_data), 201
def test_create_user_success(self):
email = "*****@*****.**"
name = "Ima Test"
group_name = "Ima Test Group"
hashed_password = "******"
admin = True
create_result = user.create(self.database, email, name, group_name,
hashed_password, admin)
assert create_result['email'] == email
assert create_result['hashed_password'] == hashed_password
assert create_result['name'] == name
assert create_result['group_name'] == group_name
assert create_result['admin'] == admin
assert create_result['user_id']
assert create_result['auth_id']
assert create_result['date_created']
assert create_result['date_modified']
self.verify_user_data(email, name, group_name, hashed_password, admin)
def setUp(self):
self.app = expungeservice.create_app('development')
self.client = self.app.test_client()
self.app.add_url_rule(
'/api/test/user_protected', view_func=UserProtectedView.as_view(
'user_protected'))
self.app.add_url_rule(
'/api/test/admin_protected', view_func=AdminProtectedView.as_view(
'admin_protected'))
with self.app.app_context():
expungeservice.request.before()
self.db_cleanup()
db_create_user_result = user.create(
g.database, self.email, self.name, self.group_name,
self.hashed_password, False)
self.ids[self.email] = db_create_user_result['user_id']
expungeservice.request.teardown(None)