def test_delUser(self):
p = User(1,
'Perceval',
'De Galle',
'*****@*****.**',
'sloubi',
paths='')
db.session.add(p)
db.session.commit()
self.login('*****@*****.**', 'sloubi')
rv = self.app.delete('/users/1')
assert 'User [email protected] deleted' in rv.data
rv = self.app.get('/users/1')
assert "404 Not Found" in rv.data or "401 Unauthorized" in rv.data
p2 = User(2,
'Karadoc',
'De Vanne',
'*****@*****.**',
'jambon',
paths='')
db.session.add(p2)
db.session.commit()
rv = self.app.delete('/users/2')
assert "401 Unauthorized" in rv.data
def test_get_other_user(client: FlaskClient):
user = users.add(User('*****@*****.**', 'poaa'))
user.active = True
other_user = users.add(
User(email='*****@*****.**',
password='******',
first_name='Tibor',
last_name='Mikita',
phone='+421111222333',
street='Kosicka',
zip_code='06601',
city='Humenne',
country=Country.SK,
date_of_birth=datetime.date(1994, 5, 25)))
other_user.active = True
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
r = client.get(f'/api/users/{other_user.id}',
headers={'Authorization': f'Bearer {access_token}'})
payload = r.json
assert r.status_code == status.HTTP_400_BAD_REQUEST
assert payload['message'] == 'You cannot get user profile of other person.'
def seed_db():
"""Seeds the database."""
event_desc = EventDescriptor(id=1,
name="Seed Events Name",
description="Seed db Event from {1}")
db.session.add(event_desc)
group = Group(name="Group Name")
db.session.add(group)
user1 = User(username='******',
email="*****@*****.**",
password="******",
cellphone_number="98983510",
cellphone_cc="+598")
user2 = User(username='******', email="*****@*****.**", password="******")
user3 = User(username='******', email="*****@*****.**", password="******")
db.session.add(user1)
db.session.add(user2)
db.session.add(user3)
user_group_association1 = UserGroupAssociation(user=user1, group=group)
db.session.add(user_group_association1)
user_group_association2 = UserGroupAssociation(user=user2, group=group)
db.session.add(user_group_association2)
user_group_association3 = UserGroupAssociation(user=user3, group=group)
db.session.add(user_group_association3)
db.session.commit()
def create_users(csvfile, dep_id):
if not (User.query.filter(User.email == "*****@*****.**").first()):
user = User(name="Главный", surname="Самый", email="*****@*****.**", phone="+79215729636",
password=generate_password_hash("1234"))
db.session.add(user)
db.session.commit()
user_dep_id = UserDepartment(user_id=user.id, department_id=Department.query.filter(
Department.name == "Московское").first().id, post="Руководитель Федерального Отделения",
employment_date=datetime.date.today(), dismissal_date=None)
db.session.add(user_dep_id)
db.session.commit()
with open(csvfile, newline='') as csvfile:
r = csv.reader(csvfile, delimiter=';')
for row in r:
db.session.add(
User(name=row[1], surname=row[0], email=row[2], phone=row[3], password=generate_password_hash("1234")))
db.session.commit()
if row[4] == "":
row[4] = None
if row[5] == "":
row[5] = None
if len(row) > 6:
if row[6] == "":
row[6] = None
if row[7] == "":
row[7] = None
db.session.add(
UserDepartment(user_id=User.query.filter(User.email == row[2]).first().id, department_id=int(dep_id),
post="Пользователь", employment_date=row[4], dismissal_date=row[5]))
db.session.commit()
def test_getUser(self):
p = User(1,
'Perceval',
'De Galle',
'*****@*****.**',
'sloubi',
paths='')
db.session.add(p)
db.session.commit()
rv = self.app.get('/users/1')
assert "401 Unauthorized" in rv.data
self.login('*****@*****.**', 'sloubi')
rv = self.app.get('/users/1')
assert '{"email": "*****@*****.**", "firstName": "Perceval", "id": 1, "lastName": "De Galle", "password": "******"}' in rv.data
rv = self.app.get('/users/2')
assert "404 Not Found" in rv.data
p2 = User(2,
'Karadoc',
'De Vanne',
'*****@*****.**',
'jambon',
paths='')
db.session.add(p2)
db.session.commit()
rv = self.app.get('/users/2')
assert "403 Forbidden" in rv.data
def test_update_category_no_admin_or_worker(client):
category = categories.add(Category(name='Mans'))
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
assert category.id
assert user.role != UserRole.ADMIN and user.role != UserRole.WORKER
r = client.post(
'/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json'
)
payload = r.json
access_token = payload['access_token']
r = client.put(f'/api/categories/{category.id}',
data=json.dumps({
'name': 'Men'
}),
headers={'Authorization': f'Bearer {access_token}'})
payload = r.json
assert r.status_code == status.HTTP_403_FORBIDDEN
assert payload['message'] == 'You do not have permission to perform this action.'
def test_update_category_empty_json(client):
category = categories.add(Category(name='Mans'))
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
r = client.post(
'/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json'
)
payload = r.json
access_token = payload['access_token']
assert category.name == 'Mans'
r = client.put(
f'/api/categories/{category.id}',
data=json.dumps({}),
headers={'Authorization': f'Bearer {access_token}'},
content_type='application/json'
)
payload = r.json
assert r.status_code == status.HTTP_400_BAD_REQUEST
assert payload['message'] == 'Invalid payload.'
def test_delete_category_with_products(client):
category = categories.add(Category(name='Men'))
categories.add_product(category, Product(name='Product 1', price=1.99))
categories.add_product(category, Product(name='Product 2', price=2.99))
categories.add_product(category, Product(name='Product 3', price=3.99))
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
assert category.id
r = client.post(
'/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json'
)
payload = r.json
access_token = payload['access_token']
r = client.delete(f'/api/categories/{category.id}',
headers={'Authorization': f'Bearer {access_token}'})
payload = r.json
assert r.status_code == status.HTTP_400_BAD_REQUEST
assert payload['message'] == 'Category contains products.'
def add_user(_):
post_data = request.get_json()
if not post_data:
raise InvalidPayload()
username = post_data.get('username')
email = post_data.get('email')
password = post_data.get('password')
try:
user = User.first(or_(User.username == username, User.email == email))
if not user:
userModel = User(username=username, email=email, password=password)
db.session.add(userModel)
db.session.commit()
response_object = {
'status': 'success',
'message': f'{email} was added!'
}
return response_object, 201
else:
raise BusinessException(
message='Sorry. That email or username already exists.')
except (exc.IntegrityError, ValueError):
db.session.rollback()
raise InvalidPayload()
def add_social_user(role: UserRole = UserRole.USER,
email: str = None,
username: str = None,
password: str = None) -> User:
"""
Generates a fake social user to add in DB
"""
if email is None:
email = data_generator.email()
if username is None:
username = data_generator.email()
if password is None:
password = data_generator.email()
user = User(email=email,
username=username,
password=password,
name=data_generator.full_name(),
created_at=datetime.now(),
role=role,
social_type=SocialAuth.FACEBOOK.value,
social_id=data_generator.identifier(),
social_access_token=Cryptographic.token_urlsafe())
db.session.add(user)
db.session.commit()
return user
def test_add_user_duplicate_email(self):
add_user('justatest', '*****@*****.**', 'password')
duplicate_user = User(username='******',
email='*****@*****.**',
password='******')
db.session.add(duplicate_user)
self.assertRaises(IntegrityError, db.session.commit)
def test_set_zip_code_long(app):
user = User('*****@*****.**', 'blah')
with pytest.raises(ValueError) as e:
user.zip_code = '066666'
assert str(e.value) == 'ZIP code must contain 5 numbers.'
def test_set_zip_code_invalid_type(app):
user = User('*****@*****.**', 'blah')
with pytest.raises(TypeError) as e:
user.zip_code = 56601
assert str(e.value) == 'ZIP code must be string.'
def test_set_last_name_invalid_type(app):
user = User('*****@*****.**', 'blah')
with pytest.raises(TypeError) as e:
user.last_name = 555
assert str(e.value) == 'Last name must be string.'
def test_unset_role(app):
user = User('*****@*****.**', 'blah')
with pytest.raises(TypeError) as e:
user.role = None
assert 'Role must be integer value from this set: ' in str(e.value)
def test_set_role_invalid_type(app):
user = User('*****@*****.**', 'blah')
with pytest.raises(TypeError) as e:
user.role = "ADMIN"
assert 'Role must be integer value from this set: ' in str(e.value)
def user(userId):
permission = ManageUserPermission(userId)
user = User.query.filter(User.id == userId).first()
if user is None:
abort(404)
else:
if permission.can():
if request.method == 'GET':
return json.dumps(user.to_json())
elif request.method == 'DELETE':
db.session.delete(user)
db.session.commit()
return 'User {} deleted'.format(user.email)
elif request.method == 'PUT':
data = json.loads(request.data)
if data['id'] != current_user.id:
abort(403)
else:
update_user = User(data['id'], data['firstName'],
data['lastName'], data['email'],
data['password'], data['paths'])
db.session.delete(user)
db.session.add(update_user)
db.session.commit()
return "Success"
else:
abort(403)
def test_set_city_invalid_type(app):
user = User('*****@*****.**', 'blah')
with pytest.raises(TypeError) as e:
user.city = 555
assert str(e.value) == 'City must be string.'
def add_user_password(role: UserRole = UserRole.USER,
email: str = None,
username: str = None,
password: str = None,
created_at: datetime = None,
name: str = None) -> tuple(User, str):
"""
Generates a fake user to add in DB and return User, password tuple
"""
if email is None:
email = data_generator.email()
if username is None:
username = data_generator.email()
if password is None:
password = data_generator.email()
if created_at is None:
created_at = datetime.now()
if name is None:
name = data_generator.full_name()
user = User(email=email,
username=username,
password=password,
name=name,
created_at=created_at,
role=role)
db.session.add(user)
db.session.commit()
return user, password
def test_set_country_invalid_type(app):
user = User('*****@*****.**', 'blah')
with pytest.raises(TypeError) as e:
user.country = 'SK'
assert 'Country must be integer value from this set:' in str(e.value)
def dispatch_request(self):
if request.method == 'POST':
form = SignupForm()
if form.validate_on_submit():
user = User(name=form.name.data,
surname=form.surname.data,
email=form.email.data,
phone=form.phone.data,
password=generate_password_hash(
form.password.data))
db.session.add(user)
db.session.commit()
user_dep_id = UserDepartment(
user_id=user.id,
department_id=Department.query.filter(
Department.name == form.department.data).first().id,
post="Пользователь",
employment_date=datetime.date.today(),
dismissal_date=None)
db.session.add(user_dep_id)
db.session.commit()
login_user(LoginUser(user))
else:
return render_template('signup.html', form=form)
return redirect(url_for('user', user_id=user.id))
return render_template('signup.html',
indic=current_user.is_authenticated,
form=SignupForm())
def test_set_date_of_birth_invalid_type(app):
user = User('*****@*****.**', 'blah')
with pytest.raises(TypeError) as e:
user.date_of_birth = '19.2.2018'
assert str(e.value) == 'Date of birth must be date.'
def test_delete_category(client):
category = categories.add(Category(name='Men'))
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
assert category.id
r = client.post(
'/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json'
)
payload = r.json
access_token = payload['access_token']
r = client.delete(f'/api/categories/{category.id}',
headers={'Authorization': f'Bearer {access_token}'})
payload = r.json
assert r.status_code == status.HTTP_200_OK
assert payload['message'] == 'Category was successfully deleted.'
assert categories.get(category.id) is None
def test_create_password_special_chars(app):
with pytest.raises(ValueError) as e:
User('*****@*****.**', 'd%#$@')
assert str(e.value) == 'Password must have between 4 and 15 chars, ' \
'it must start with letter and can only be used letters, ' \
'numbers and underscore.'
def test_add_category(client):
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
r = client.post(
'/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json'
)
payload = r.json
access_token = payload['access_token']
r = client.post(
'/api/categories/',
data=json.dumps({
'name': 'Men'
}),
headers={'Authorization': f'Bearer {access_token}'},
content_type='application/json'
)
payload = r.json
assert r.status_code == status.HTTP_201_CREATED
assert payload['message'] == 'Category was successfully added.'
def test_set_active_invalid_type(app):
user = User('*****@*****.**', 'blah')
with pytest.raises(TypeError) as e:
user.active = 'True'
assert str(e.value) == 'Active flag must be boolean.'
def test_update_not_existing_category(client):
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
r = client.post(
'/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json'
)
payload = r.json
access_token = payload['access_token']
not_existing_category_id = 99
r = client.put(
f'/api/categories/{not_existing_category_id}',
data=json.dumps({
'name': 'Men'
}),
headers={'Authorization': f'Bearer {access_token}'}
)
payload = r.json
assert r.status_code == status.HTTP_404_NOT_FOUND
assert payload['message'] == 'Category not found.'
def test_unset_active(app):
user = User('*****@*****.**', 'blah')
with pytest.raises(TypeError) as e:
user.active = None
assert str(e.value) == 'Active flag must be boolean.'
def test_add_category_missing_name(client):
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
r = client.post(
'/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json'
)
payload = r.json
access_token = payload['access_token']
r = client.post(
'/api/categories/',
data=json.dumps({'foo': 'bar'}),
headers={'Authorization': f'Bearer {access_token}'},
content_type='application/json'
)
payload = r.json
assert r.status_code == status.HTTP_400_BAD_REQUEST
assert payload['message'] == 'Invalid payload.'
def post(self):
input = request.get_json(force=True)
# try:
# user = user_schema.load(input)
# except Exception as e:
# return e.messages, 400
user = user_schema.load(input)
if user.errors:
return user.errors, 400
if User.find_by_email(input['email']):
return {'message': 'email already registered'}
try:
new_user = User(**input)
new_user.set_password(input['password'])
new_user.save_to_db()
access_token = create_access_token(identity=new_user.email)
refresh_token = create_refresh_token(identity=new_user.email)
return {
'access_token': access_token,
'refresh_token': refresh_token
}, 201
except:
return {'message': 'something went wrong'}, 500
