def test_get_users_admin(self): ''' Ensure get users behaves correctly. ''' _, auth = self.get_user_and_auth(permission="admin") created = datetime.datetime.utcnow() + datetime.timedelta(-30) user_1 = add_random_user(created_at=created) user_2 = add_random_user() response, data = self.send_get("/users", headers=auth) self.assertEqual(response.status_code, 200) self.assertEqual(len(data['data']['users']), 3) self.assertIn('success', data['status']) self.assertIn(user_1.username, data['data']['users'][2]['username']) self.assertIn(user_2.username, data['data']['users'][1]['username']) self.assertIn(user_1.email, data['data']['users'][2]['email']) self.assertIn(user_2.email, data['data']['users'][1]['email']) self.assertEqual(user_1.admin, data['data']['users'][2]['admin']) self.assertEqual(user_2.admin, data['data']['users'][1]['admin']) self.assertTrue('created_at' in data['data']['users'][2]) self.assertTrue('created_at' in data['data']['users'][1])
def test_passwords_are_random(self): ''' Ensure equal passwords are encrypted randomly. ''' user_1 = add_random_user() user_2 = add_random_user() self.assertNotEqual(user_1.password, user_2.password)
def get_user_and_auth(self, permission="user"): ''' Helper for getting the header with auth token ''' if permission == "admin": user = add_random_user(admin=True) else: user = add_random_user() credentials = dict(username=user.username, password="******") _, login_data = self.send_post("/auth/login", credentials) return user, dict(Authorization="Bearer " + login_data["data"]["auth_token"])
def test_decode_auth_token(self): ''' Ensure the decrypted auth token includes the correct user id. ''' user = add_random_user() auth_token = user.encode_auth_token(user.id) self.assertEqual(user.decode_auth_token(auth_token), user.id)
def test_encode_auth_token(self): ''' Ensure the auth token behaves correctly. ''' user = add_random_user() auth_token = user.encode_auth_token(user.id) self.assertTrue(isinstance(auth_token, bytes))
def test_add_user_duplicate_email(self): ''' Ensure an exception is thrown if user with existing email is added ''' user_1 = add_random_user() user_2 = User(username="******", email=user_1.email, password="******") db.session.add(user_2) self.assertRaises(IntegrityError, db.session.commit)
def test_add_user(self): ''' Ensures the User model is correct ''' user = add_random_user() self.assertTrue(user.id) self.assertEqual(user.username, user.username) self.assertEqual(user.email, user.email) self.assertTrue(user.password) self.assertTrue(user.active) self.assertTrue(user.created_at) self.assertFalse(user.admin)
def test_get_user_other(self): ''' Ensure the users can bot retrieve informations of other users. ''' new_user = add_random_user() user, auth = self.get_user_and_auth(permission="user") response, data = self.send_get("/users/" + str(new_user.id), headers=auth) self.assertEqual(response.status_code, 401) self.assertIn("You don't have the necessary permissions.", data["message"]) self.assertIn('error', data['status'])
def test_delete_user_by_user(self): ''' Ensure an user can not delete a user. ''' new_user = add_random_user() _, auth = self.get_user_and_auth(permission="user") response, data = self.send_delete("/users/" + str(new_user.id), headers=auth) self.assertTrue(data["status"] == "error") self.assertTrue( data["message"] == "You don't have the necessary permissions.") self.assertEqual(response.status_code, 401)
def test_delete_user_by_admin(self): ''' Ensure an admin can delete a user. ''' new_user = add_random_user() _, auth = self.get_user_and_auth(permission="admin") response, data = self.send_delete("/users/" + str(new_user.id), headers=auth) self.assertEqual(response.status_code, 200) self.assertIn(new_user.username + " successfully deleted.", data['message']) self.assertIn('success', data['status'])
def test_post_admin_login(self): ''' Ensure that a dmin can login and gets permissions ''' user = add_random_user(admin=True) credentials = dict(username=user.username, password="******") response, data = self.send_post("/auth/login", credentials) self.assertTrue(data["status"] == "success") self.assertTrue(data["message"] == "Successfully logged in.") self.assertTrue(data["data"]["auth_token"]) self.assertTrue(data["data"]["admin"]) self.assertTrue(response.content_type == "application/json") self.assertEqual(response.status_code, 200)
def test_valid_logout(self): ''' Ensure that the user can logout. ''' user = add_random_user() credentials = dict(username=user.username, password="******") _, login_data = self.send_post("/auth/login", credentials) auth = dict(Authorization='Bearer ' + login_data["data"]["auth_token"]) response, data = self.send_get("/auth/logout", headers=auth) self.assertTrue(login_data['status'] == 'success') self.assertTrue(data['message'] == 'Successfully logged out.') self.assertEqual(response.status_code, 200)
def test_admin_get_user(self): ''' Ensure admin can access details of users. ''' user = add_random_user() _, auth = self.get_user_and_auth(permission="admin") response, data = self.send_get("/users/" + str(user.id), headers=auth) self.assertEqual(response.status_code, 200) self.assertIn('User found.', data['message']) self.assertIn('success', data['status']) self.assertIn(user.username, data['data']['username']) self.assertIn(user.email, data['data']['email']) self.assertEqual(user.admin, data['data']['admin']) self.assertTrue('created_at' in data['data'])