def test_delUser(self): p = User(1, 'Perceval', 'De Galle', '*****@*****.**', 'sloubi', paths='') db.session.add(p) db.session.commit() self.login('*****@*****.**', 'sloubi') rv = self.app.delete('/users/1') assert 'User [email protected] deleted' in rv.data rv = self.app.get('/users/1') assert "404 Not Found" in rv.data or "401 Unauthorized" in rv.data p2 = User(2, 'Karadoc', 'De Vanne', '*****@*****.**', 'jambon', paths='') db.session.add(p2) db.session.commit() rv = self.app.delete('/users/2') assert "401 Unauthorized" in rv.data
def test_get_other_user(client: FlaskClient): user = users.add(User('*****@*****.**', 'poaa')) user.active = True other_user = users.add( User(email='*****@*****.**', password='******', first_name='Tibor', last_name='Mikita', phone='+421111222333', street='Kosicka', zip_code='06601', city='Humenne', country=Country.SK, date_of_birth=datetime.date(1994, 5, 25))) other_user.active = True r = client.post('/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json') payload = r.json access_token = payload['access_token'] r = client.get(f'/api/users/{other_user.id}', headers={'Authorization': f'Bearer {access_token}'}) payload = r.json assert r.status_code == status.HTTP_400_BAD_REQUEST assert payload['message'] == 'You cannot get user profile of other person.'
def seed_db(): """Seeds the database.""" event_desc = EventDescriptor(id=1, name="Seed Events Name", description="Seed db Event from {1}") db.session.add(event_desc) group = Group(name="Group Name") db.session.add(group) user1 = User(username='******', email="*****@*****.**", password="******", cellphone_number="98983510", cellphone_cc="+598") user2 = User(username='******', email="*****@*****.**", password="******") user3 = User(username='******', email="*****@*****.**", password="******") db.session.add(user1) db.session.add(user2) db.session.add(user3) user_group_association1 = UserGroupAssociation(user=user1, group=group) db.session.add(user_group_association1) user_group_association2 = UserGroupAssociation(user=user2, group=group) db.session.add(user_group_association2) user_group_association3 = UserGroupAssociation(user=user3, group=group) db.session.add(user_group_association3) db.session.commit()
def create_users(csvfile, dep_id): if not (User.query.filter(User.email == "*****@*****.**").first()): user = User(name="Главный", surname="Самый", email="*****@*****.**", phone="+79215729636", password=generate_password_hash("1234")) db.session.add(user) db.session.commit() user_dep_id = UserDepartment(user_id=user.id, department_id=Department.query.filter( Department.name == "Московское").first().id, post="Руководитель Федерального Отделения", employment_date=datetime.date.today(), dismissal_date=None) db.session.add(user_dep_id) db.session.commit() with open(csvfile, newline='') as csvfile: r = csv.reader(csvfile, delimiter=';') for row in r: db.session.add( User(name=row[1], surname=row[0], email=row[2], phone=row[3], password=generate_password_hash("1234"))) db.session.commit() if row[4] == "": row[4] = None if row[5] == "": row[5] = None if len(row) > 6: if row[6] == "": row[6] = None if row[7] == "": row[7] = None db.session.add( UserDepartment(user_id=User.query.filter(User.email == row[2]).first().id, department_id=int(dep_id), post="Пользователь", employment_date=row[4], dismissal_date=row[5])) db.session.commit()
def test_getUser(self): p = User(1, 'Perceval', 'De Galle', '*****@*****.**', 'sloubi', paths='') db.session.add(p) db.session.commit() rv = self.app.get('/users/1') assert "401 Unauthorized" in rv.data self.login('*****@*****.**', 'sloubi') rv = self.app.get('/users/1') assert '{"email": "*****@*****.**", "firstName": "Perceval", "id": 1, "lastName": "De Galle", "password": "******"}' in rv.data rv = self.app.get('/users/2') assert "404 Not Found" in rv.data p2 = User(2, 'Karadoc', 'De Vanne', '*****@*****.**', 'jambon', paths='') db.session.add(p2) db.session.commit() rv = self.app.get('/users/2') assert "403 Forbidden" in rv.data
def test_update_category_no_admin_or_worker(client): category = categories.add(Category(name='Mans')) user = users.add(User(email='*****@*****.**', password='******')) user.active = True assert category.id assert user.role != UserRole.ADMIN and user.role != UserRole.WORKER r = client.post( '/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json' ) payload = r.json access_token = payload['access_token'] r = client.put(f'/api/categories/{category.id}', data=json.dumps({ 'name': 'Men' }), headers={'Authorization': f'Bearer {access_token}'}) payload = r.json assert r.status_code == status.HTTP_403_FORBIDDEN assert payload['message'] == 'You do not have permission to perform this action.'
def test_update_category_empty_json(client): category = categories.add(Category(name='Mans')) user = users.add(User(email='*****@*****.**', password='******')) user.active = True user.role = UserRole.ADMIN r = client.post( '/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json' ) payload = r.json access_token = payload['access_token'] assert category.name == 'Mans' r = client.put( f'/api/categories/{category.id}', data=json.dumps({}), headers={'Authorization': f'Bearer {access_token}'}, content_type='application/json' ) payload = r.json assert r.status_code == status.HTTP_400_BAD_REQUEST assert payload['message'] == 'Invalid payload.'
def test_delete_category_with_products(client): category = categories.add(Category(name='Men')) categories.add_product(category, Product(name='Product 1', price=1.99)) categories.add_product(category, Product(name='Product 2', price=2.99)) categories.add_product(category, Product(name='Product 3', price=3.99)) user = users.add(User(email='*****@*****.**', password='******')) user.active = True user.role = UserRole.ADMIN assert category.id r = client.post( '/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json' ) payload = r.json access_token = payload['access_token'] r = client.delete(f'/api/categories/{category.id}', headers={'Authorization': f'Bearer {access_token}'}) payload = r.json assert r.status_code == status.HTTP_400_BAD_REQUEST assert payload['message'] == 'Category contains products.'
def add_user(_): post_data = request.get_json() if not post_data: raise InvalidPayload() username = post_data.get('username') email = post_data.get('email') password = post_data.get('password') try: user = User.first(or_(User.username == username, User.email == email)) if not user: userModel = User(username=username, email=email, password=password) db.session.add(userModel) db.session.commit() response_object = { 'status': 'success', 'message': f'{email} was added!' } return response_object, 201 else: raise BusinessException( message='Sorry. That email or username already exists.') except (exc.IntegrityError, ValueError): db.session.rollback() raise InvalidPayload()
def add_social_user(role: UserRole = UserRole.USER, email: str = None, username: str = None, password: str = None) -> User: """ Generates a fake social user to add in DB """ if email is None: email = data_generator.email() if username is None: username = data_generator.email() if password is None: password = data_generator.email() user = User(email=email, username=username, password=password, name=data_generator.full_name(), created_at=datetime.now(), role=role, social_type=SocialAuth.FACEBOOK.value, social_id=data_generator.identifier(), social_access_token=Cryptographic.token_urlsafe()) db.session.add(user) db.session.commit() return user
def test_add_user_duplicate_email(self): add_user('justatest', '*****@*****.**', 'password') duplicate_user = User(username='******', email='*****@*****.**', password='******') db.session.add(duplicate_user) self.assertRaises(IntegrityError, db.session.commit)
def test_set_zip_code_long(app): user = User('*****@*****.**', 'blah') with pytest.raises(ValueError) as e: user.zip_code = '066666' assert str(e.value) == 'ZIP code must contain 5 numbers.'
def test_set_zip_code_invalid_type(app): user = User('*****@*****.**', 'blah') with pytest.raises(TypeError) as e: user.zip_code = 56601 assert str(e.value) == 'ZIP code must be string.'
def test_set_last_name_invalid_type(app): user = User('*****@*****.**', 'blah') with pytest.raises(TypeError) as e: user.last_name = 555 assert str(e.value) == 'Last name must be string.'
def test_unset_role(app): user = User('*****@*****.**', 'blah') with pytest.raises(TypeError) as e: user.role = None assert 'Role must be integer value from this set: ' in str(e.value)
def test_set_role_invalid_type(app): user = User('*****@*****.**', 'blah') with pytest.raises(TypeError) as e: user.role = "ADMIN" assert 'Role must be integer value from this set: ' in str(e.value)
def user(userId): permission = ManageUserPermission(userId) user = User.query.filter(User.id == userId).first() if user is None: abort(404) else: if permission.can(): if request.method == 'GET': return json.dumps(user.to_json()) elif request.method == 'DELETE': db.session.delete(user) db.session.commit() return 'User {} deleted'.format(user.email) elif request.method == 'PUT': data = json.loads(request.data) if data['id'] != current_user.id: abort(403) else: update_user = User(data['id'], data['firstName'], data['lastName'], data['email'], data['password'], data['paths']) db.session.delete(user) db.session.add(update_user) db.session.commit() return "Success" else: abort(403)
def test_set_city_invalid_type(app): user = User('*****@*****.**', 'blah') with pytest.raises(TypeError) as e: user.city = 555 assert str(e.value) == 'City must be string.'
def add_user_password(role: UserRole = UserRole.USER, email: str = None, username: str = None, password: str = None, created_at: datetime = None, name: str = None) -> tuple(User, str): """ Generates a fake user to add in DB and return User, password tuple """ if email is None: email = data_generator.email() if username is None: username = data_generator.email() if password is None: password = data_generator.email() if created_at is None: created_at = datetime.now() if name is None: name = data_generator.full_name() user = User(email=email, username=username, password=password, name=name, created_at=created_at, role=role) db.session.add(user) db.session.commit() return user, password
def test_set_country_invalid_type(app): user = User('*****@*****.**', 'blah') with pytest.raises(TypeError) as e: user.country = 'SK' assert 'Country must be integer value from this set:' in str(e.value)
def dispatch_request(self): if request.method == 'POST': form = SignupForm() if form.validate_on_submit(): user = User(name=form.name.data, surname=form.surname.data, email=form.email.data, phone=form.phone.data, password=generate_password_hash( form.password.data)) db.session.add(user) db.session.commit() user_dep_id = UserDepartment( user_id=user.id, department_id=Department.query.filter( Department.name == form.department.data).first().id, post="Пользователь", employment_date=datetime.date.today(), dismissal_date=None) db.session.add(user_dep_id) db.session.commit() login_user(LoginUser(user)) else: return render_template('signup.html', form=form) return redirect(url_for('user', user_id=user.id)) return render_template('signup.html', indic=current_user.is_authenticated, form=SignupForm())
def test_set_date_of_birth_invalid_type(app): user = User('*****@*****.**', 'blah') with pytest.raises(TypeError) as e: user.date_of_birth = '19.2.2018' assert str(e.value) == 'Date of birth must be date.'
def test_delete_category(client): category = categories.add(Category(name='Men')) user = users.add(User(email='*****@*****.**', password='******')) user.active = True user.role = UserRole.ADMIN assert category.id r = client.post( '/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json' ) payload = r.json access_token = payload['access_token'] r = client.delete(f'/api/categories/{category.id}', headers={'Authorization': f'Bearer {access_token}'}) payload = r.json assert r.status_code == status.HTTP_200_OK assert payload['message'] == 'Category was successfully deleted.' assert categories.get(category.id) is None
def test_create_password_special_chars(app): with pytest.raises(ValueError) as e: User('*****@*****.**', 'd%#$@') assert str(e.value) == 'Password must have between 4 and 15 chars, ' \ 'it must start with letter and can only be used letters, ' \ 'numbers and underscore.'
def test_add_category(client): user = users.add(User(email='*****@*****.**', password='******')) user.active = True user.role = UserRole.ADMIN r = client.post( '/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json' ) payload = r.json access_token = payload['access_token'] r = client.post( '/api/categories/', data=json.dumps({ 'name': 'Men' }), headers={'Authorization': f'Bearer {access_token}'}, content_type='application/json' ) payload = r.json assert r.status_code == status.HTTP_201_CREATED assert payload['message'] == 'Category was successfully added.'
def test_set_active_invalid_type(app): user = User('*****@*****.**', 'blah') with pytest.raises(TypeError) as e: user.active = 'True' assert str(e.value) == 'Active flag must be boolean.'
def test_update_not_existing_category(client): user = users.add(User(email='*****@*****.**', password='******')) user.active = True user.role = UserRole.ADMIN r = client.post( '/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json' ) payload = r.json access_token = payload['access_token'] not_existing_category_id = 99 r = client.put( f'/api/categories/{not_existing_category_id}', data=json.dumps({ 'name': 'Men' }), headers={'Authorization': f'Bearer {access_token}'} ) payload = r.json assert r.status_code == status.HTTP_404_NOT_FOUND assert payload['message'] == 'Category not found.'
def test_unset_active(app): user = User('*****@*****.**', 'blah') with pytest.raises(TypeError) as e: user.active = None assert str(e.value) == 'Active flag must be boolean.'
def test_add_category_missing_name(client): user = users.add(User(email='*****@*****.**', password='******')) user.active = True user.role = UserRole.ADMIN r = client.post( '/api/auth/login', data=json.dumps({ 'email': '*****@*****.**', 'password': '******' }), content_type='application/json' ) payload = r.json access_token = payload['access_token'] r = client.post( '/api/categories/', data=json.dumps({'foo': 'bar'}), headers={'Authorization': f'Bearer {access_token}'}, content_type='application/json' ) payload = r.json assert r.status_code == status.HTTP_400_BAD_REQUEST assert payload['message'] == 'Invalid payload.'
def post(self): input = request.get_json(force=True) # try: # user = user_schema.load(input) # except Exception as e: # return e.messages, 400 user = user_schema.load(input) if user.errors: return user.errors, 400 if User.find_by_email(input['email']): return {'message': 'email already registered'} try: new_user = User(**input) new_user.set_password(input['password']) new_user.save_to_db() access_token = create_access_token(identity=new_user.email) refresh_token = create_refresh_token(identity=new_user.email) return { 'access_token': access_token, 'refresh_token': refresh_token }, 201 except: return {'message': 'something went wrong'}, 500