def test_get_users_admin(self):
''' Ensure get users behaves correctly. '''
_, auth = self.get_user_and_auth(permission="admin")
created = datetime.datetime.utcnow() + datetime.timedelta(-30)
user_1 = add_random_user(created_at=created)
user_2 = add_random_user()
response, data = self.send_get("/users", headers=auth)
self.assertEqual(response.status_code, 200)
self.assertEqual(len(data['data']['users']), 3)
self.assertIn('success', data['status'])
self.assertIn(user_1.username, data['data']['users'][2]['username'])
self.assertIn(user_2.username, data['data']['users'][1]['username'])
self.assertIn(user_1.email, data['data']['users'][2]['email'])
self.assertIn(user_2.email, data['data']['users'][1]['email'])
self.assertEqual(user_1.admin, data['data']['users'][2]['admin'])
self.assertEqual(user_2.admin, data['data']['users'][1]['admin'])
self.assertTrue('created_at' in data['data']['users'][2])
self.assertTrue('created_at' in data['data']['users'][1])
def test_passwords_are_random(self):
''' Ensure equal passwords are encrypted randomly. '''
user_1 = add_random_user()
user_2 = add_random_user()
self.assertNotEqual(user_1.password, user_2.password)
def get_user_and_auth(self, permission="user"):
''' Helper for getting the header with auth token '''
if permission == "admin":
user = add_random_user(admin=True)
else:
user = add_random_user()
credentials = dict(username=user.username, password="******")
_, login_data = self.send_post("/auth/login", credentials)
return user, dict(Authorization="Bearer " +
login_data["data"]["auth_token"])
def test_decode_auth_token(self):
''' Ensure the decrypted auth token includes the correct user id. '''
user = add_random_user()
auth_token = user.encode_auth_token(user.id)
self.assertEqual(user.decode_auth_token(auth_token), user.id)
def test_encode_auth_token(self):
''' Ensure the auth token behaves correctly. '''
user = add_random_user()
auth_token = user.encode_auth_token(user.id)
self.assertTrue(isinstance(auth_token, bytes))
def test_add_user_duplicate_email(self):
''' Ensure an exception is thrown if user with existing email is added '''
user_1 = add_random_user()
user_2 = User(username="******",
email=user_1.email,
password="******")
db.session.add(user_2)
self.assertRaises(IntegrityError, db.session.commit)
def test_add_user(self):
''' Ensures the User model is correct '''
user = add_random_user()
self.assertTrue(user.id)
self.assertEqual(user.username, user.username)
self.assertEqual(user.email, user.email)
self.assertTrue(user.password)
self.assertTrue(user.active)
self.assertTrue(user.created_at)
self.assertFalse(user.admin)
def test_get_user_other(self):
''' Ensure the users can bot retrieve informations of other users. '''
new_user = add_random_user()
user, auth = self.get_user_and_auth(permission="user")
response, data = self.send_get("/users/" + str(new_user.id),
headers=auth)
self.assertEqual(response.status_code, 401)
self.assertIn("You don't have the necessary permissions.",
data["message"])
self.assertIn('error', data['status'])
def test_delete_user_by_user(self):
''' Ensure an user can not delete a user. '''
new_user = add_random_user()
_, auth = self.get_user_and_auth(permission="user")
response, data = self.send_delete("/users/" + str(new_user.id),
headers=auth)
self.assertTrue(data["status"] == "error")
self.assertTrue(
data["message"] == "You don't have the necessary permissions.")
self.assertEqual(response.status_code, 401)
def test_delete_user_by_admin(self):
''' Ensure an admin can delete a user. '''
new_user = add_random_user()
_, auth = self.get_user_and_auth(permission="admin")
response, data = self.send_delete("/users/" + str(new_user.id),
headers=auth)
self.assertEqual(response.status_code, 200)
self.assertIn(new_user.username + " successfully deleted.",
data['message'])
self.assertIn('success', data['status'])
def test_post_admin_login(self):
''' Ensure that a dmin can login and gets permissions '''
user = add_random_user(admin=True)
credentials = dict(username=user.username, password="******")
response, data = self.send_post("/auth/login", credentials)
self.assertTrue(data["status"] == "success")
self.assertTrue(data["message"] == "Successfully logged in.")
self.assertTrue(data["data"]["auth_token"])
self.assertTrue(data["data"]["admin"])
self.assertTrue(response.content_type == "application/json")
self.assertEqual(response.status_code, 200)
def test_valid_logout(self):
''' Ensure that the user can logout. '''
user = add_random_user()
credentials = dict(username=user.username, password="******")
_, login_data = self.send_post("/auth/login", credentials)
auth = dict(Authorization='Bearer ' + login_data["data"]["auth_token"])
response, data = self.send_get("/auth/logout", headers=auth)
self.assertTrue(login_data['status'] == 'success')
self.assertTrue(data['message'] == 'Successfully logged out.')
self.assertEqual(response.status_code, 200)
def test_admin_get_user(self):
''' Ensure admin can access details of users. '''
user = add_random_user()
_, auth = self.get_user_and_auth(permission="admin")
response, data = self.send_get("/users/" + str(user.id), headers=auth)
self.assertEqual(response.status_code, 200)
self.assertIn('User found.', data['message'])
self.assertIn('success', data['status'])
self.assertIn(user.username, data['data']['username'])
self.assertIn(user.email, data['data']['email'])
self.assertEqual(user.admin, data['data']['admin'])
self.assertTrue('created_at' in data['data'])
