def test_delete(self):
headers = {'Authorization': self.token}
t_data = deepcopy(self.test_data)
t_data['username'] = '******'
t_data['email'] = '*****@*****.**'
t_data['password'] = '******'
t_user = User(**t_data)
t_user.save()
user = User.get_by_id(self.id)
response = test_app.delete(f'/api/v1/user/{str(t_user.id)}',
headers=headers,
content_type='application/json')
tools.assert_equals(response.status_code, 500)
tools.assert_equals(json.loads(response.data)['data'],
{'msg': 'user don\'t has authority'})
user.level = 9
user.save()
response = test_app.delete(f'/api/v1/user/{str(t_user.id)}',
headers=headers,
content_type='application/json')
json_resp = json.loads(response.data)
tools.assert_equals(response.status_code, 200)
tools.assert_equals(json_resp.get('data'),
{'msg': 'SUCCESS'})
def test_article_delete(self):
"""
测试edited_article的delete接口
1、测试登录认证
2、测试权限问题,普通用户不能提交
"""
user = User.get_by_id(self.user_id)
user.level = 1
user.save()
headers = {'Authorization': self.token}
t_data = deepcopy(self.test_data2)
t_user_data = deepcopy(self.test_data1)
t_article = Article.get_by_id(str(self.article_id_list[-1]))
t_user_data['username'] = '******'
t_user_data['email'] = '*****@*****.**'
t_user = User(**t_user_data)
t_user.save()
t_data['author'] = str(t_user.id)
t_data.pop('added')
data = json.dumps(t_data)
response = test_app.delete(f'/api/v1/article/{str(t_article.id)}',
data=data,
headers=headers,
content_type='application/json')
tools.assert_equals(response.status_code, 500)
tools.assert_equals(json.loads(response.data)['data'],
{'msg': 'user don\'t has authority'})
user = User.get_by_id(self.user_id)
user.level = 9
user.save()
response = test_app.delete(f'/api/v1/article/{str(t_article.id)}',
data=data,
headers=headers,
content_type='application/json')
json_resp = json.loads(response.data)
tools.assert_equals(response.status_code, 200)
tools.assert_is_not_none(json_resp.get('data'))
t_user.delete()
def test_delete_one():
"""
Tests cube deletion through API
"""
# Insert cube
cube_id = store(Cube(5))
# Must get cube back
cube = get(cube_id)
assert cube
# Now delete cube
response = test_app.delete('/cubes/%s' % cube_id)
_check_status_code(response)
_check_content_type(response)
# null result because cube doesn't exist anymore.
cube = get(cube_id)
eq_(cube, None)
def test_delete_all():
"""
Tests cube deletion through API
"""
# Insert some cubes
for i in range(10):
store(Cube(dimension=i + 1))
# Inserted ten, so must retrieve 10
cubes = get_all()
eq_(len(cubes), 10)
# Delete them all
response = test_app.delete('/cubes')
_check_content_type(response)
_check_status_code(response)
# Collection must be empty
cubes = get_all()
eq_(len(cubes), 0)
def test_crag_confirmation():
"""
Tests confirmation functionality and associated deletion permissions of the crag endpoint.
"""
login_jwts = confirmation_fixture()
# Create Area
area_d = dict(name="Nahetal")
area_rv = test_app.post('%sareas/' % api_prefix, data=area_d,
headers=[('loginJWT', login_jwts['login_jwt_author'])])
check_content_type(area_rv.headers)
eq_(area_rv.status_code, 201)
area_resp = json.loads(area_rv.data)['data']
# Try to POST confirmed not being admin or mod
d = dict(name="Alter Steinbruch", area_id='%s' % area_resp['id'], confirmed=True)
rv = test_app.post(endpoint, data=d, headers=[('loginJWT', login_jwts['login_jwt_author'])])
check_content_type(rv.headers)
eq_(rv.status_code, 401)
check_error_code(rv.data, "056")
# POST
d = dict(name="Alter Steinbruch", area_id='%s' % area_resp['id'])
rv = test_app.post(endpoint, data=d, headers=[('loginJWT', login_jwts['login_jwt_author'])])
check_content_type(rv.headers)
eq_(rv.status_code, 201)
resp = json.loads(rv.data)['data']
# GET (empty) collection
rv = test_app.get(endpoint)
check_content_type(rv.headers)
eq_(rv.status_code, 200)
eq_(len(json.loads(rv.data)['data']), 0)
# GET (empty) single
rv = test_app.get('%s%s' % (endpoint, resp['id']))
check_content_type(rv.headers)
eq_(rv.status_code, 404)
check_error_code(rv.data, "034")
# Try to DELETE by user
rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=[('loginJWT', login_jwts['login_jwt_user'])])
check_content_type(rv.headers)
eq_(rv.status_code, 401)
check_error_code(rv.data, '047')
# DELETE by admin
rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=[('loginJWT', login_jwts['login_jwt_admin'])])
check_content_type(rv.headers)
eq_(rv.status_code, 204)
# POST again
d = dict(name="Alter Steinbruch", area_id='%s' % area_resp['id'])
rv = test_app.post(endpoint, data=d, headers=[('loginJWT', login_jwts['login_jwt_author'])])
check_content_type(rv.headers)
eq_(rv.status_code, 201)
resp = json.loads(rv.data)['data']
# Try to confirm by author
d = dict(name="Alter Steinbruch", area_id='%s' % area_resp['id'], confirmed=True)
rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=[('loginJWT', login_jwts['login_jwt_author'])])
check_content_type(rv.headers)
eq_(rv.status_code, 401)
check_error_code(rv.data, '048')
# Confirm by admin
d = dict(name="Alter Steinbruch", area_id='%s' % area_resp['id'], confirmed=True)
rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=[('loginJWT', login_jwts['login_jwt_admin'])])
check_content_type(rv.headers)
eq_(rv.status_code, 201)
# GET one element collection
rv = test_app.get(endpoint)
check_content_type(rv.headers)
eq_(rv.status_code, 200)
eq_(len(json.loads(rv.data)['data']), 1)
# GET single
rv = test_app.get('%s%s' % (endpoint, resp['id']))
check_content_type(rv.headers)
eq_(rv.status_code, 200)
# Try to DELETE by author
rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=[('loginJWT', login_jwts['login_jwt_author'])])
check_content_type(rv.headers)
eq_(rv.status_code, 401)
check_error_code(rv.data, '046')
# DELETE by admin
rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=[('loginJWT', login_jwts['login_jwt_admin'])])
check_content_type(rv.headers)
eq_(rv.status_code, 204)
def test_crag_endpoints():
"""
Tests CRUD functionality of the crag endpoint.
"""
# Create test user and login JWT
d = dict(nickname="Jule", email="*****@*****.**", password="******", installAdmin=True)
rv = test_app.post('%susers/' % api_prefix, data=d)
check_content_type(rv.headers)
eq_(rv.status_code, 201)
resp = json.loads(rv.data)['data']
eq_(resp['nickname'], "Jule")
eq_(resp['email'], "*****@*****.**")
ok_(datetime.now() >= datetime.strptime(resp['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))
encoded_credentials = base64.b64encode('[email protected]:secret123!')
h = [('Authorization', 'Basic %s' % encoded_credentials)]
rv = test_app.get('%slogin/' % api_prefix, headers=h)
eq_(rv.status_code, 200)
login_jwt = json.loads(rv.data)['data']['loginJWT']
h = [('loginJWT', login_jwt)]
# GET (empty) collection
rv = test_app.get(endpoint)
check_content_type(rv.headers)
resp = json.loads(rv.data)['data']
eq_(rv.status_code, 200)
eq_(len(resp), 0)
# POST without existing area
d = dict(name="Alter Steinbruch", confirmed=True)
rv = test_app.post(endpoint, data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 400)
# Create Area
area_d = dict(name="Nahetal", confirmed=True)
area_rv = test_app.post('%sareas/' % api_prefix, data=area_d, headers=h)
check_content_type(area_rv.headers)
eq_(area_rv.status_code, 201)
area_resp = json.loads(area_rv.data)['data']
# POST
d = dict(name="Alter Steinbruch", area_id='%s' % area_resp['id'], confirmed=True)
rv = test_app.post(endpoint, data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 201)
resp = json.loads(rv.data)['data']
eq_(resp['name'], "Alter Steinbruch")
eq_(resp['area']['name'], area_resp['name'])
eq_(len(resp['blocks']), 0)
ok_(datetime.now() >= datetime.strptime(resp['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))
# GET (populated) collection
rv = test_app.get(endpoint)
check_content_type(rv.headers)
resp = json.loads(rv.data)['data']
eq_(rv.status_code, 200)
eq_(len(resp), 1)
# GET non existing single
rv = test_app.get('%s%s' % (endpoint, 42))
check_content_type(rv.headers)
eq_(rv.status_code, 404)
check_error_code(rv.data, "034")
# GET single
rv = test_app.get('%s%s' % (endpoint, resp[0]['id']))
check_content_type(rv.headers)
eq_(rv.status_code, 200)
resp = json.loads(rv.data)['data']
eq_(resp['name'], "Alter Steinbruch")
ok_(datetime.now() >= datetime.strptime(resp['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))
# PUT
d = dict(name="Klein Bleau", area_id='%s' % area_resp['id'])
rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 201)
resp = json.loads(rv.data)['data']
eq_(resp['name'], "Klein Bleau")
ok_(datetime.strptime(resp['time_updated'][:-6], '%a, %d %b %Y %H:%M:%S') >= datetime.strptime(
resp['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))
# GET (updated) single
rv = test_app.get('%s%s' % (endpoint, resp['id']))
check_content_type(rv.headers)
eq_(rv.status_code, 200)
resp = json.loads(rv.data)['data']
eq_(resp['name'], "Klein Bleau")
# PUT non existing
d = dict(name="Klein Bleau", area_id='%s' % area_resp['id'])
rv = test_app.put('%s%s' % (endpoint, 42), data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 404)
check_error_code(rv.data, "070")
# POST duplicate
rv = test_app.post(endpoint, data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 500)
# DELETE single
rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 204)
# DELETE non existing single
rv = test_app.delete('%s%s' % (endpoint, 42), headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 404)
check_error_code(rv.data, "035")
# GET (empty) collection
rv = test_app.get(endpoint)
check_content_type(rv.headers)
resp = json.loads(rv.data)['data']
eq_(rv.status_code, 200)
eq_(len(resp), 0)
def test_boulder_confirmation():
"""
Tests confirmation functionality and associated deletion permissions of the boulder endpoint.
"""
login_jwts = confirmation_fixture()
# Create Area
area_d = dict(name="Eifel")
area_rv = test_app.post('%sareas/' % api_prefix, data=area_d,
headers=[('loginJWT', login_jwts['login_jwt_author'])])
check_content_type(area_rv.headers)
eq_(area_rv.status_code, 201)
area_resp = json.loads(area_rv.data)['data']
# Create Crag
crag_d = dict(name="Glees", area_id='%s' % area_resp['id'])
crag_rv = test_app.post('%scrags/' % api_prefix, data=crag_d,
headers=[('loginJWT', login_jwts['login_jwt_author'])])
check_content_type(crag_rv.headers)
eq_(crag_rv.status_code, 201)
crag_resp = json.loads(crag_rv.data)['data']
# Create Block
block_d = dict(name="Bleausard", crag_id='%s' % crag_resp['id'])
block_rv = test_app.post('%sblocks/' % api_prefix, data=block_d,
headers=[('loginJWT', login_jwts['login_jwt_author'])])
check_content_type(block_rv.headers)
eq_(block_rv.status_code, 201)
block_resp = json.loads(block_rv.data)['data']
# Try to POST confirmed not being admin or mod
d = dict(name="Es", grade="7b+", block_id='%s' % block_resp['id'], confirmed=True)
rv = test_app.post(endpoint, data=d, headers=[('loginJWT', login_jwts['login_jwt_author'])])
check_content_type(rv.headers)
eq_(rv.status_code, 401)
check_error_code(rv.data, "058")
# POST
d = dict(name="Es", grade="7b+", block_id='%s' % block_resp['id'])
rv = test_app.post(endpoint, data=d, headers=[('loginJWT', login_jwts['login_jwt_author'])])
check_content_type(rv.headers)
eq_(rv.status_code, 201)
resp = json.loads(rv.data)['data']
# GET (empty) collection
rv = test_app.get(endpoint)
check_content_type(rv.headers)
eq_(rv.status_code, 200)
eq_(len(json.loads(rv.data)['data']), 0)
# GET (empty) single
rv = test_app.get('%s%s' % (endpoint, resp['id']))
check_content_type(rv.headers)
eq_(rv.status_code, 404)
check_error_code(rv.data, "032")
# Try to DELETE by user
rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=[('loginJWT', login_jwts['login_jwt_user'])])
check_content_type(rv.headers)
eq_(rv.status_code, 401)
check_error_code(rv.data, '053')
# DELETE by admin
rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=[('loginJWT', login_jwts['login_jwt_admin'])])
check_content_type(rv.headers)
eq_(rv.status_code, 204)
# POST again
d = dict(name="Es", grade="7b+", block_id='%s' % block_resp['id'])
rv = test_app.post(endpoint, data=d, headers=[('loginJWT', login_jwts['login_jwt_author'])])
check_content_type(rv.headers)
eq_(rv.status_code, 201)
resp = json.loads(rv.data)['data']
# Try to confirm by author
d = dict(name="Es", grade="7b+", block_id='%s' % block_resp['id'], confirmed=True)
rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=[('loginJWT', login_jwts['login_jwt_author'])])
check_content_type(rv.headers)
eq_(rv.status_code, 401)
check_error_code(rv.data, '054')
# Confirm by admin
d = dict(name="Es", grade="7b+", block_id='%s' % block_resp['id'], confirmed=True)
rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=[('loginJWT', login_jwts['login_jwt_admin'])])
check_content_type(rv.headers)
eq_(rv.status_code, 201)
# GET one element collection
rv = test_app.get(endpoint)
check_content_type(rv.headers)
eq_(rv.status_code, 200)
eq_(len(json.loads(rv.data)['data']), 1)
# GET single
rv = test_app.get('%s%s' % (endpoint, resp['id']))
check_content_type(rv.headers)
eq_(rv.status_code, 200)
# Try to DELETE by author
rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=[('loginJWT', login_jwts['login_jwt_author'])])
check_content_type(rv.headers)
eq_(rv.status_code, 401)
check_error_code(rv.data, '052')
# DELETE by admin
rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=[('loginJWT', login_jwts['login_jwt_admin'])])
check_content_type(rv.headers)
eq_(rv.status_code, 204)
def test_boulder_endpoints():
"""
Tests CRUD functionality of the boulder endpoint.
"""
# Create test user and login JWT
d = dict(nickname="Jule", email="*****@*****.**", password="******", installAdmin=True)
rv = test_app.post('%susers/' % api_prefix, data=d)
check_content_type(rv.headers)
eq_(rv.status_code, 201)
resp = json.loads(rv.data)['data']
eq_(resp['nickname'], "Jule")
eq_(resp['email'], "*****@*****.**")
ok_(datetime.now() >= datetime.strptime(resp['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))
encoded_credentials = base64.b64encode('[email protected]:secret123!')
h = [('Authorization', 'Basic %s' % encoded_credentials)]
rv = test_app.get('%slogin/' % api_prefix, headers=h)
eq_(rv.status_code, 200)
login_jwt = json.loads(rv.data)['data']['loginJWT']
h = [('loginJWT', login_jwt)]
# GET (empty) collection
rv = test_app.get(endpoint)
check_content_type(rv.headers)
resp = json.loads(rv.data)['data']
eq_(rv.status_code, 200)
eq_(len(resp), 0)
# POST without existing block
d = dict(name="Es", confirmed=True)
rv = test_app.post(endpoint, data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 400)
# Create Area
area_d = dict(name="Eifel", confirmed=True)
area_rv = test_app.post('%sareas/' % api_prefix, data=area_d, headers=h)
check_content_type(area_rv.headers)
eq_(area_rv.status_code, 201)
area_resp = json.loads(area_rv.data)['data']
# Create Crag
crag_d = dict(name="Glees", area_id='%s' % area_resp['id'], confirmed=True)
crag_rv = test_app.post('%scrags/' % api_prefix, data=crag_d, headers=h)
check_content_type(crag_rv.headers)
eq_(crag_rv.status_code, 201)
crag_resp = json.loads(crag_rv.data)['data']
# Create Block
block_d = dict(name="Bleausard", crag_id='%s' % crag_resp['id'], confirmed=True)
block_rv = test_app.post('%sblocks/' % api_prefix, data=block_d, headers=h)
check_content_type(block_rv.headers)
eq_(block_rv.status_code, 201)
block_resp = json.loads(block_rv.data)['data']
# POST with invalid grade
d = dict(name="Es", grade="42B+", block_id='%s' % block_resp['id'], confirmed=True)
rv = test_app.post(endpoint, data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 400)
check_error_code(rv.data, "059")
# POST
d = dict(name="Es", grade="7b+", block_id='%s' % block_resp['id'], confirmed=True)
rv = test_app.post(endpoint, data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 201)
resp = json.loads(rv.data)['data']
eq_(resp['name'], "Es")
eq_(resp['grade'], "7B+")
eq_(resp['block']['name'], block_resp['name'])
ok_(datetime.now() >= datetime.strptime(resp['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))
# GET (populated) collection
rv = test_app.get(endpoint)
check_content_type(rv.headers)
resp = json.loads(rv.data)['data']
eq_(rv.status_code, 200)
eq_(len(resp), 1)
# GET non existing single
rv = test_app.get('%s%s' % (endpoint, 42))
check_content_type(rv.headers)
eq_(rv.status_code, 404)
check_error_code(rv.data, "032")
# GET single
rv = test_app.get('%s%s' % (endpoint, resp[0]['id']))
check_content_type(rv.headers)
eq_(rv.status_code, 200)
resp = json.loads(rv.data)['data']
eq_(resp['name'], "Es")
ok_(datetime.now() >= datetime.strptime(resp['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))
# PUT with invalid grade
d = dict(name="The bittersweet moment of losing", grade="42b", block_id='%s' % block_resp['id'],
rock_type="Vulkangestein", rock_texture="rauh", height=4.5, beta="Direct", landing_area="Perfekt")
rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 400)
check_error_code(rv.data, "060")
# PUT
d = dict(name="The bittersweet moment of losing", grade="8b", block_id='%s' % block_resp['id'],
rock_type="Vulkangestein", rock_texture="rauh", height=4.5, beta="Direct", landing_area="Perfekt")
rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 201)
resp = json.loads(rv.data)['data']
eq_(resp['name'], "The bittersweet moment of losing")
eq_(resp['grade'], "8B")
eq_(resp['rock_type'], "Vulkangestein")
eq_(resp['rock_texture'], "rauh")
eq_(resp['beta'], "Direct")
eq_(resp['landing_area'], "Perfekt")
eq_(resp['height'], 4.5)
ok_(datetime.strptime(resp['time_updated'][:-6], '%a, %d %b %Y %H:%M:%S') >= datetime.strptime(
resp['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))
# GET (updated) single
rv = test_app.get('%s%s' % (endpoint, resp['id']))
check_content_type(rv.headers)
eq_(rv.status_code, 200)
resp = json.loads(rv.data)['data']
eq_(resp['name'], "The bittersweet moment of losing")
eq_(resp['grade'], "8B")
eq_(resp['rock_type'], "Vulkangestein")
eq_(resp['rock_texture'], "rauh")
eq_(resp['beta'], "Direct")
eq_(resp['landing_area'], "Perfekt")
eq_(resp['height'], 4.5)
# PUT non existing
d = dict(name="The bittersweet moment of losing", grade="8b", block_id='%s' % block_resp['id'],
rock_type="Vulkangestein", rock_texture="rauh", height=4.5, beta="Direct", landing_area="Perfekt")
rv = test_app.put('%s%s' % (endpoint, 42), data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 404)
check_error_code(rv.data, "071")
# POST duplicate
rv = test_app.post(endpoint, data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 500)
# DELETE single
rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 204)
# DELETE non existing single
rv = test_app.delete('%s%s' % (endpoint, 42), headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 404)
check_error_code(rv.data, "033")
# GET (empty) collection
rv = test_app.get(endpoint)
check_content_type(rv.headers)
resp = json.loads(rv.data)['data']
eq_(rv.status_code, 200)
eq_(len(resp), 0)
def test_area_confirmation():
"""
Tests confirmation functionality and associated deletion permissions of the area endpoint.
"""
login_jwts = confirmation_fixture()
# Try to POST confirmed not being admin or mod
d = dict(name="Nahetal", confirmed=True)
rv = test_app.post(endpoint, data=d, headers=[('loginJWT', login_jwts['login_jwt_author'])])
check_content_type(rv.headers)
eq_(rv.status_code, 401)
check_error_code(rv.data, "055")
# POST
d = dict(name="Nahetal")
rv = test_app.post(endpoint, data=d, headers=[('loginJWT', login_jwts['login_jwt_author'])])
check_content_type(rv.headers)
eq_(rv.status_code, 201)
resp = json.loads(rv.data)['data']
# GET (empty) collection
rv = test_app.get(endpoint)
check_content_type(rv.headers)
eq_(rv.status_code, 200)
eq_(len(json.loads(rv.data)['data']), 0)
# GET (empty) single
rv = test_app.get('%s%s' % (endpoint, resp['id']))
check_content_type(rv.headers)
eq_(rv.status_code, 404)
check_error_code(rv.data, "028")
# Try to DELETE by user
rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=[('loginJWT', login_jwts['login_jwt_user'])])
check_content_type(rv.headers)
eq_(rv.status_code, 401)
check_error_code(rv.data, '044')
# DELETE by admin
rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=[('loginJWT', login_jwts['login_jwt_admin'])])
check_content_type(rv.headers)
eq_(rv.status_code, 204)
# POST again
d = dict(name="Nahetal")
rv = test_app.post(endpoint, data=d, headers=[('loginJWT', login_jwts['login_jwt_author'])])
check_content_type(rv.headers)
eq_(rv.status_code, 201)
resp = json.loads(rv.data)['data']
# Try to confirm by author
d = dict(name="Nahetal", confirmed=True)
rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=[('loginJWT', login_jwts['login_jwt_author'])])
check_content_type(rv.headers)
eq_(rv.status_code, 401)
check_error_code(rv.data, '045')
# Confirm by admin
d = dict(name="Nahetal", confirmed=True)
rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=[('loginJWT', login_jwts['login_jwt_admin'])])
check_content_type(rv.headers)
eq_(rv.status_code, 201)
# GET one element collection
rv = test_app.get(endpoint)
check_content_type(rv.headers)
eq_(rv.status_code, 200)
eq_(len(json.loads(rv.data)['data']), 1)
# GET single
rv = test_app.get('%s%s' % (endpoint, resp['id']))
check_content_type(rv.headers)
eq_(rv.status_code, 200)
# Try to DELETE by author
rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=[('loginJWT', login_jwts['login_jwt_author'])])
check_content_type(rv.headers)
eq_(rv.status_code, 401)
check_error_code(rv.data, '043')
# DELETE by admin
rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=[('loginJWT', login_jwts['login_jwt_admin'])])
check_content_type(rv.headers)
eq_(rv.status_code, 204)
def test_user_endpoints():
"""
Tests CRUD functionality of the user endpoint.
"""
# GET (empty) collection
rv = test_app.get(endpoint)
check_content_type(rv.headers)
resp = json.loads(rv.data)['data']
eq_(rv.status_code, 200)
eq_(len(resp), 0)
# POST with missing parameter
d = dict()
rv = test_app.post(endpoint, data=d)
check_content_type(rv.headers)
eq_(rv.status_code, 400)
# POST
d = dict(nickname="Jule", email="*****@*****.**", password="******")
rv = test_app.post(endpoint, data=d)
check_content_type(rv.headers)
eq_(rv.status_code, 201)
resp = json.loads(rv.data)['data']
eq_(resp['nickname'], "Jule")
eq_(resp['email'], "*****@*****.**")
ok_(datetime.now() >= datetime.strptime(resp['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))
# GET (populated) collection
rv = test_app.get(endpoint)
check_content_type(rv.headers)
resp = json.loads(rv.data)['data']
eq_(rv.status_code, 200)
eq_(len(resp), 1)
# Get single
rv = test_app.get('%s%s' % (endpoint, resp[0]['id']))
check_content_type(rv.headers)
eq_(rv.status_code, 200)
resp = json.loads(rv.data)['data']
eq_(resp['nickname'], "Jule")
eq_(resp['email'], "*****@*****.**")
ok_(datetime.now() >= datetime.strptime(resp['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))
# Post duplicate
rv = test_app.post(endpoint, data=d)
check_content_type(rv.headers)
eq_(rv.status_code, 500)
# POST without nickname or first & lastname
d = dict(email="*****@*****.**", passwort="secret")
rv = test_app.post(endpoint, data=d)
check_content_type(rv.headers)
eq_(rv.status_code, 400)
check_error_code(rv.data, "008")
# POST with invalid email
d = dict(nickname="Jimmy", email="jimmywebb.de", password="******")
rv = test_app.post(endpoint, data=d)
check_content_type(rv.headers)
eq_(rv.status_code, 400)
check_error_code(rv.data, "009")
# POST with invalid sex
d = dict(nickname="Jimmy", email="*****@*****.**", password="******", sex="humbug")
rv = test_app.post(endpoint, data=d)
check_content_type(rv.headers)
eq_(rv.status_code, 400)
check_error_code(rv.data, "026")
# Get put permission jwt
encoded_credentials = base64.b64encode('[email protected]:secret123!')
h = [('Authorization', 'Basic %s' % encoded_credentials)]
d = dict(action='put')
rv = test_app.post('%sprotected-action-permission/' % api_prefix, headers=h, data=d)
eq_(rv.status_code, 200)
put_jwt = json.loads(rv.data)['data']['paJWT']
# Login and get JWT
encoded_credentials = base64.b64encode('[email protected]:secret123!')
h = [('Authorization', 'Basic %s' % encoded_credentials)]
rv = test_app.get('%slogin/' % api_prefix, headers=h)
eq_(rv.status_code, 200)
login_jwt = json.loads(rv.data)['data']['loginJWT']
# PUT without login token
d = dict(nickname="Der Jan", email="*****@*****.**")
h = [('paJWT', put_jwt)]
rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=h)
check_content_type(rv.headers)
check_error_code(rv.data, "013")
# PUT without permission token
d = dict(nickname="Der Jan", email="*****@*****.**")
h = [('loginJWT', login_jwt)]
rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=h)
check_content_type(rv.headers)
check_error_code(rv.data, "006")
# PUT with invalid permission
h = [('paJWT', 'iAmAnIvalidToken')]
d = dict(nickname="Der Jan", email="*****@*****.**")
rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 401)
check_error_code(rv.data, "023")
# PUT without nickname or first & lastname
d = dict(firstname="Jan", email="*****@*****.**")
h = [('paJWT', put_jwt), ('loginJWT', login_jwt)]
rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 400)
check_error_code(rv.data, "003")
# PUT with invalid email
d = dict(nickname="Jan", email="jan@hojerde")
rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 400)
check_error_code(rv.data, "004")
# PUT with invalid sex
d = dict(nickname="Jan", email="*****@*****.**", sex="humbug")
rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 400)
check_error_code(rv.data, "027")
# PUT unprotected fields
d = dict(nickname="Der Jan", email="*****@*****.**", firstname="Jan", lastname="Hojer",
birthday="1993-02-01", size=1.94, sex='male')
h = [('loginJWT', login_jwt)]
rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 201)
resp = json.loads(rv.data)['data']
eq_(resp['nickname'], "Der Jan")
eq_(resp['email'], "*****@*****.**")
eq_(resp['firstname'], "Jan")
eq_(resp['lastname'], "Hojer")
eq_(resp['size'], 1.94)
eq_(resp['sex'], "male")
eq_(datetime.strptime(resp['birthday'][:-6], '%a, %d %b %Y %H:%M:%S'), datetime(1993, 02, 01, 0, 0, 0))
ok_(datetime.now() >= datetime.strptime(resp['time_updated'][:-6], '%a, %d %b %Y %H:%M:%S'))
ok_(datetime.strptime(resp['time_updated'][:-6], '%a, %d %b %Y %H:%M:%S') >= datetime.strptime(
resp['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))
try:
resp['refreshedJWT']
ok_(False)
except KeyError:
ok_(True)
# PUT protected fields (only password)
d = dict(nickname="Der Jan", email="*****@*****.**", password="******")
h = [('paJWT', put_jwt), ('loginJWT', login_jwt)]
rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 201)
resp = json.loads(rv.data)['data']
eq_(resp['nickname'], "Der Jan")
eq_(resp['email'], "*****@*****.**")
ok_(datetime.now() >= datetime.strptime(resp['time_updated'][:-6], '%a, %d %b %Y %H:%M:%S'))
ok_(datetime.strptime(resp['time_updated'][:-6], '%a, %d %b %Y %H:%M:%S') >= datetime.strptime(
resp['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))
try:
resp['refreshedJWT']
ok_(False)
except KeyError:
ok_(True)
# PUT protected fields
d = dict(nickname="Der Jan", email="*****@*****.**", password="******")
rv = test_app.put('%s%s' % (endpoint, resp['id']), data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 201)
resp = json.loads(rv.data)
eq_(resp['data']['nickname'], "Der Jan")
eq_(resp['data']['email'], "*****@*****.**")
ok_(datetime.now() >= datetime.strptime(resp['data']['time_updated'][:-6], '%a, %d %b %Y %H:%M:%S'))
ok_(datetime.strptime(resp['data']['time_updated'][:-6], '%a, %d %b %Y %H:%M:%S') >= datetime.strptime(
resp['data']['time_created'][:-6], '%a, %d %b %Y %H:%M:%S'))
ok_(isinstance(resp['refreshedJWT'], unicode))
login_jwt = resp['refreshedJWT']
# PUT non existing
d = dict(nickname="Der Jan", email="*****@*****.**", firstname="Jan", lastname="Hojer",
birthday="1993-02-01", size=1.94, sex='male')
h = [('loginJWT', login_jwt)]
rv = test_app.put('%s%s' % (endpoint, 42), data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 404)
check_error_code(rv.data, "080")
# PUT duplicate
d = dict(nickname="Adam", email="*****@*****.**", password="******")
rv = test_app.post(endpoint, data=d)
check_content_type(rv.headers)
eq_(rv.status_code, 201)
d = dict(nickname="Adam", email="*****@*****.**")
h = [('loginJWT', login_jwt)]
rv = test_app.put('%s%s' % (endpoint, resp['data']['id']), data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 500)
# Get new put permission jwt
encoded_credentials = base64.b64encode('[email protected]:geheim')
h = [('Authorization', 'Basic %s' % encoded_credentials)]
d = dict(action='put')
rv = test_app.post('%sprotected-action-permission/' % api_prefix, headers=h, data=d)
eq_(rv.status_code, 200)
put_jwt = json.loads(rv.data)['data']['paJWT']
d = dict(nickname="Der Jan", email="*****@*****.**")
h = [('loginJWT', login_jwt), ('paJWT', put_jwt)]
rv = test_app.put('%s%s' % (endpoint, resp['data']['id']), data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 500)
# GET (updated) single
rv = test_app.get('%s%s' % (endpoint, resp['data']['id']))
check_content_type(rv.headers)
eq_(rv.status_code, 200)
resp = json.loads(rv.data)['data']
eq_(resp['nickname'], "Der Jan")
eq_(resp['email'], "*****@*****.**")
# Get delete permission jwt
encoded_credentials = base64.b64encode('[email protected]:geheim')
h = [('Authorization', 'Basic %s' % encoded_credentials)]
d = dict(action='delete')
rv = test_app.post('%sprotected-action-permission/' % api_prefix, headers=h, data=d)
eq_(rv.status_code, 200)
delete_jwt = json.loads(rv.data)['data']['paJWT']
# DELETE single without permission
rv = test_app.delete('%s%s' % (endpoint, resp['id']))
check_content_type(rv.headers)
eq_(rv.status_code, 401)
check_error_code(rv.data, "025")
# DELETE single with invalid permission token
h = [('paJWT', 'iAmAnInvalidToken')]
rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 401)
check_error_code(rv.data, "023")
# DELETE single
h = [('paJWT', delete_jwt)]
rv = test_app.delete('%s%s' % (endpoint, resp['id']), headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 204)
# GET (1-length) collection
rv = test_app.get(endpoint)
check_content_type(rv.headers)
resp = json.loads(rv.data)['data']
eq_(rv.status_code, 200)
eq_(len(resp), 1)
def test_items(self):
# register
r = test_app.post('/api/users/register',data={'name':'Test','username':'******','password':'******'})
eq_(r.status_code,200)
assert 'token' in r.data
authorization = {'Authorization':json.loads(r.data)['token']}
# login
r = test_app.post('/api/users/login',data={'username':'******','password':'******'},headers=authorization)
eq_(r.status_code,200)
# get all items
r = test_app.get('/api/items',headers=authorization)
eq_(r.status_code,200)
assert 'items' in r.data
eq_(json.loads(r.data)['items'],[])
# create an item
#r = test_app.post('/api/items',data={'text':'todo item 1'},headers=authorization)
h = {'Content-Type':'application/json','Authorization':authorization['Authorization']}
r = test_app.post('/api/items',data=json.dumps({'item':{'title':'todo item 1'}}),headers=h)
eq_(r.status_code,200)
# create an item
#r = test_app.post('/api/items',data={'text':'todo item 2'},headers=authorization)
r = test_app.post('/api/items',data=json.dumps({'item':{'title':'todo item 2'}}),headers=h)
eq_(r.status_code,200)
# get all items
r = test_app.get('/api/items',headers=authorization)
eq_(r.status_code,200)
assert 'items' in r.data
eq_(json.loads(r.data)['items'],[{'title':'todo item 1','completed':False,'id':1,'uri':'/api/items/1'},{'title':'todo item 2','completed':False,'id':2,'uri':'/api/items/2'}])
# get one item
r = test_app.get('/api/items/1',headers=authorization)
eq_(r.status_code,200)
eq_(json.loads(r.data),{'id':1,'title':'todo item 1','completed':False,'uri':'/api/items/1'})
# get an item that doesn't exist
r = test_app.get('/api/items/10',headers=authorization)
eq_(r.status_code,403)
# put new info for item
r = test_app.put('/api/items/1',data=json.dumps({'item':{'title':'todo item changed','completed':True}}),headers=h)
eq_(r.status_code,200)
eq_(json.loads(r.data),{'id':1,'title':'todo item changed','completed':True,'uri':'/api/items/1'})
# delete an item
r = test_app.delete('/api/items/2',headers=authorization)
eq_(r.status_code,200)
# register a second user
r = test_app.post('/api/users/register',data={'name':'Test2','username':'******','password':'******'})
eq_(r.status_code,200)
assert 'token' in r.data
authorization = {'Authorization':json.loads(r.data)['token']}
# login
r = test_app.post('/api/users/login',data={'username':'******','password':'******'},headers=authorization)
eq_(r.status_code,200)
# get an item that doesn't belong to second user
r = test_app.get('/api/items/1',headers=authorization)
eq_(r.status_code,403)
def test_comments():
"""
Tests CRUD functionality of the comment endpoint.
"""
login_jwts = ratings_fixture()
# POST comments
for i in range(3):
h = [('loginJWT', login_jwts[i])]
d = dict(text="Lorem ipsum number %s" % i, entity_id=1)
rv = test_app.post(endpoint, data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 201)
# GET comment list
rv = test_app.get(endpoint)
check_content_type(rv.headers)
eq_(rv.status_code, 200)
resp = json.loads(rv.data)['data']
eq_(len(resp), 3)
# GET single
rv = test_app.get("%s%s" % (endpoint, 1))
check_content_type(rv.headers)
eq_(rv.status_code, 200)
resp = json.loads(rv.data)['data']
eq_(resp['text'], "Lorem ipsum number 0")
# GET non existing single
rv = test_app.get("%s%s" % (endpoint, 42))
check_content_type(rv.headers)
eq_(rv.status_code, 404)
check_error_code(rv.data, "065")
# POST children
h = [('loginJWT', login_jwts[i])]
d = dict(text="This is a child comment", entity_id=1, parent_id=1)
rv = test_app.post(endpoint, data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 201)
child_resp = json.loads(rv.data)['data']
# POST grandchildren
h = [('loginJWT', login_jwts[i])]
d = dict(text="This is a child comment", entity_id=1, parent_id=child_resp['id'])
rv = test_app.post(endpoint, data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 400)
check_error_code(rv.data, "064")
# POST children for non exiting parent
h = [('loginJWT', login_jwts[i])]
d = dict(text="This is a child comment", entity_id=1, parent_id=42)
rv = test_app.post(endpoint, data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 400)
check_error_code(rv.data, "063")
# GET comment list
rv = test_app.get(endpoint)
check_content_type(rv.headers)
eq_(rv.status_code, 200)
resp = json.loads(rv.data)['data']
eq_(len(resp), 4)
# GET comment list for entity
rv = test_app.get('%sentity/1/comments/' % api_prefix)
check_content_type(rv.headers)
eq_(rv.status_code, 200)
resp = json.loads(rv.data)['data']
eq_(len(resp), 3)
# GET comment list for entity without comments
rv = test_app.get('%sentity/42/comments/' % api_prefix)
check_content_type(rv.headers)
eq_(rv.status_code, 200)
resp = json.loads(rv.data)['data']
eq_(len(resp), 0)
# Try to comment on an unconfirmed entity
h = [('loginJWT', login_jwts[i])]
d = dict(text="Lorem ipsum", entity_id=5)
rv = test_app.post(endpoint, data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 400)
check_error_code(rv.data, "062")
# Try to comment on a non existing entity
h = [('loginJWT', login_jwts[i])]
d = dict(text="Lorem ipsum", entity_id=42)
rv = test_app.post(endpoint, data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 404)
check_error_code(rv.data, "061")
# UPDATE as author
h = [('loginJWT', login_jwts[0])]
d = dict(text="New text", entity_id=1)
rv = test_app.put("%s%s" % (endpoint, 1), data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 201)
resp = json.loads(rv.data)['data']
eq_(resp['text'], "New text")
# UPDATE as non author
h = [('loginJWT', login_jwts[1])]
d = dict(text="Newer text", entity_id=1)
rv = test_app.put("%s%s" % (endpoint, 1), data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 401)
check_error_code(rv.data, "069")
# UPDATE non existing
h = [('loginJWT', login_jwts[1])]
d = dict(text="Newer text", entity_id=1)
rv = test_app.put("%s%s" % (endpoint, 42), data=d, headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 404)
check_error_code(rv.data, "068")
# DELETE single as author
h = [('loginJWT', login_jwts[0])]
rv = test_app.delete("%s%s" % (endpoint, 1), headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 204)
# GET now non existing child comment
rv = test_app.get("%s%s" % (endpoint, child_resp['id']))
check_content_type(rv.headers)
eq_(rv.status_code, 404)
check_error_code(rv.data, "065")
# DELETE non existing single as author
h = [('loginJWT', login_jwts[0])]
rv = test_app.delete("%s%s" % (endpoint, 1), headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 404)
check_error_code(rv.data, "066")
# DELETE single as non-author
h = [('loginJWT', login_jwts[2])]
rv = test_app.delete("%s%s" % (endpoint, 2), headers=h)
check_content_type(rv.headers)
eq_(rv.status_code, 401)
check_error_code(rv.data, "067")