def test_disable_user_no_role(self):
add_user('test', '*****@*****.**', 'test')
add_user('test2', '*****@*****.**', 'test2')
with self.client:
token = get_user_token(self.client, '*****@*****.**', 'test')
response = self.client.patch(
'/api/auth/disable',
headers={'Authorization': f'Bearer {token}'},
content_type='application/json',
data=json.dumps({'email': '*****@*****.**'}))
data = json.loads(response.data.decode())
self.assertEqual('MissingRoleError', data['error'])
self.assertEqual(
"This endpoint requires all the following roles: ['admin']",
data['message'])
self.assertEqual(403, data['status_code'])
token2 = login_user(self.client, '*****@*****.**',
'test2')['auth_token']
response2 = self.client.get(
'/api/auth/status',
headers={'Authorization': f'Bearer {token2}'})
data = json.loads(response2.data.decode())
self.assertEqual(200, response2.status_code)
self.assertTrue(data['email'])
self.assertTrue(data['username'])
self.assertTrue(data['is_active'])
def test_add_user_invalid_json_keys_no_password(self):
"""
Ensure error is thrown if the JSON object
does not have a password key.
"""
add_user('test', '*****@*****.**', 'test')
# update user
user = User.query.filter_by(email='*****@*****.**').first()
user.admin = True
db.session.commit()
with self.client:
token = get_user_token(self.client, '*****@*****.**', 'test')
response = self.client.post(
'/api/users/',
data=json.dumps({
'username': '******',
'email': '*****@*****.**'
}),
content_type='application/json',
headers={'Authorization': f'Bearer {token}'})
data = json.loads(response.data.decode())
self.assertEqual(response.status_code, 400)
self.assertIn("Input payload validation failed", data['message'])
self.assertIn("'password' is a required property",
data['errors']['password'])
def test_add_user_duplicate_email(self):
add_user('testuser', '*****@*****.**', 'Downf0ryourRIGHTtoParty!')
duplicate_user = User(
username='******',
email='*****@*****.**',
password='******',
)
db.session.add(duplicate_user)
self.assertRaises(IntegrityError, db.session.commit)
def test_single_user_incorrect_id(self):
"""Ensure error is thrown if the id does not exist."""
add_user('test_me', '*****@*****.**', 'Downf0ryourRIGHTtoParty!')
with self.client:
token = get_user_token(self.client, '*****@*****.**',
'Downf0ryourRIGHTtoParty!')
response = self.client.get(
f'/api/users/999',
content_type='application/json',
headers={'Authorization': f'Bearer {token}'})
data = json.loads(response.data.decode())
self.assertEqual(response.status_code, 404)
self.assertIn('User Not Found by Id 999', data['message'])
def test_registered_user_login(self):
with self.client:
add_user('test', '*****@*****.**', 'test')
response = self.client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
data = json.loads(response.data.decode())
self.assertIn('test', data['username'])
self.assertTrue(data['email'])
self.assertTrue(data['auth_token'])
self.assertTrue(response.content_type == 'application/json')
self.assertEqual(response.status_code, 200)
def test_user_registration_duplicate_username(self):
add_user('test', '*****@*****.**', 'test')
with self.client:
response = self.client.post(
'/api/auth/register',
data=json.dumps({
'username': '******',
'email': '[email protected]',
'password': '******'
}),
content_type='application/json',
)
data = json.loads(response.data.decode())
self.assertEqual(response.status_code, 409)
self.assertIn('Username already exists: test', data['message'])
def test_add_user_duplicate_email(self):
"""Ensure error is thrown if the email already exists."""
user = add_user('test', '*****@*****.**', 'test')
user.admin = True
db.session.commit()
with self.client:
token = get_user_token(self.client, '*****@*****.**', 'test')
self.client.post('/api/users/',
data=json.dumps({
'username':
'******',
'email':
'*****@*****.**',
'password':
'******',
}),
content_type='application/json',
headers={'Authorization': f'Bearer {token}'})
token_two = get_user_token(self.client, '*****@*****.**', 'test')
response = self.client.post(
'/api/users/',
data=json.dumps({
'username': '******',
'email': '*****@*****.**',
'password': '******',
}),
content_type='application/json',
headers={'Authorization': f'Bearer {token_two}'})
data = json.loads(response.data.decode())
self.assertEqual(response.status_code, 409)
self.assertIn('Email already in use: [email protected]',
data['message'])
def test_refresh_early_refresh_error(self):
add_user('test', '*****@*****.**', 'test')
with self.client:
resp_login = self.client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
token = json.loads(resp_login.data.decode())['auth_token']
response = self.client.get(
'/api/auth/refresh',
headers={'Authorization': f'Bearer {token}'})
data = json.loads(response.data.decode())
self.assertEqual(401, data['status_code'])
self.assertEqual('EarlyRefreshError', data['error'])
def test_add_user_not_admin(self):
add_user('test', '*****@*****.**', 'test')
with self.client:
# user login
token = get_user_token(self.client, '*****@*****.**', 'test')
response = self.client.post(
'/api/users/',
data=json.dumps({
'username': '******',
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json',
headers={'Authorization': f'Bearer {token}'})
data = json.loads(response.data.decode())
self.assertTrue(data == 'You do not have permission to do that.')
self.assertEqual(response.status_code, 401)
def test_invalid_status_inactive(self):
add_user('test', '*****@*****.**', 'test')
# update user
user = User.query.filter_by(email='*****@*****.**').first()
user.is_active = False
db.session.commit()
with self.client:
resp_login = self.client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
data = json.loads(resp_login.data.decode())
self.assertIn("The user is not valid or has had access revoked",
data['message'])
self.assertEqual(resp_login.status_code, 403)
def test_add_user(self):
user = add_user('testuser', '*****@*****.**', 'test')
self.assertTrue(user.id)
self.assertEqual(user.username, 'testuser')
self.assertEqual(user.email, '*****@*****.**')
self.assertTrue(user.is_active)
self.assertTrue(user.password)
self.assertFalse(user.admin)
def test_valid_logout(self):
add_user('test', '*****@*****.**', 'test')
with self.client:
# user login
resp_login = self.client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
# valid token logout
token = json.loads(resp_login.data.decode())['auth_token']
response = self.client.get(
'/api/auth/logout',
headers={'Authorization': f'Bearer {token}'})
data = json.loads(response.data.decode())
self.assertTrue(data['message'] == 'Successfully logged out.')
self.assertEqual(response.status_code, 200)
def test_disable_user(self):
add_user('test', '*****@*****.**', 'test', 'admin')
add_user('test2', '*****@*****.**', 'test2')
with self.client:
token = get_user_token(self.client, '*****@*****.**', 'test')
response = self.client.patch(
'/api/auth/disable',
headers={'Authorization': f'Bearer {token}'},
content_type='application/json',
data=json.dumps({'email': '*****@*****.**'}))
token2 = login_user(self.client, '*****@*****.**', 'test2')
data = json.loads(response.data.decode())
response2 = self.client.get(
'/api/auth/status',
headers={'Authorization': f'Bearer {token2}'})
data = json.loads(response2.data.decode())
self.assertEqual(401, data['status_code'])
self.assertEqual('InvalidTokenHeader', data['error'])
def test_user_status(self):
add_user('test', '*****@*****.**', 'test')
with self.client:
resp_login = self.client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
token = json.loads(resp_login.data.decode())['auth_token']
response = self.client.get(
'/api/auth/status',
headers={'Authorization': f'Bearer {token}'})
data = json.loads(response.data.decode())
self.assertTrue(data is not None)
self.assertTrue(data['username'] == 'test')
self.assertTrue(data['email'] == '*****@*****.**')
self.assertTrue(data['is_active'] is True)
self.assertFalse(data['admin'])
self.assertEqual(response.status_code, 200)
def test_add_user_inactive(self):
add_user('test', '*****@*****.**', 'test')
# update user
user = User.query.filter_by(email='*****@*****.**').first()
user.is_active = False
db.session.commit()
with self.client:
token = get_user_token(self.client, '*****@*****.**', 'test')
response = self.client.post(
'/api/users/',
data=json.dumps({
'username': '******',
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json',
headers={'Authorization': f'Bearer {token}'})
data = json.loads(response.data.decode())
self.assertTrue(data == 'Provide a valid auth token.')
self.assertEqual(response.status_code, 401)
def test_single_user_no_auth(self):
"""Ensure get single user behaves correctly."""
user = add_user('test_me', '*****@*****.**',
'Downf0ryourRIGHTtoParty!')
with self.client:
response = self.client.get(f'/api/users/{user.id}')
data = json.loads(response.data.decode())
self.assertEqual(response.status_code, 401)
self.assertIn(
"JWT token not found in headers under 'Authorization'",
data['message'])
def test_invalid_logout_expired_token(self):
add_user('test', '*****@*****.**', 'test')
current_app.config['JWT_ACCESS_LIFESPAN'] = {'seconds': -1}
current_app.config['JWT_REFRESH_LIFESPAN'] = {'seconds': -1}
with self.client:
resp_login = self.client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
# invalid token logout
token = json.loads(resp_login.data.decode())['auth_token']
response = self.client.get(
'/api/auth/logout',
headers={'Authorization': f'Bearer {token}'})
data = json.loads(response.data.decode())
self.assertEqual(True, data)
self.assertTrue(
data['message'] == 'Signature expired. Please log in again.')
self.assertEqual(response.status_code, 401)
def test_all_users(self):
"""Ensure get all users behaves correctly."""
add_user('test_me', '*****@*****.**', 'Downf0ryourRIGHTtoParty!')
add_user('fletcher', '*****@*****.**',
'Downf0ryourRIGHTtoParty!')
with self.client:
token = get_user_token(self.client, '*****@*****.**',
'Downf0ryourRIGHTtoParty!')
response = get_url_with_token(self.client, '/api/users/', token)
data = json.loads(response.data.decode())
self.assertEqual(response.status_code, 200)
self.assertEqual(len(data), 2)
self.assertIn('test_me', data[0]['username'])
self.assertIn('*****@*****.**', data[0]['email'])
self.assertTrue(data[0]['is_active'])
self.assertFalse(data[0]['admin'])
self.assertIn('fletcher', data[1]['username'])
self.assertIn('*****@*****.**', data[1]['email'])
self.assertTrue(data[1]['is_active'])
self.assertFalse(data[1]['admin'])
def test_add_user_duplicate_username(self):
"""Ensure error is thrown if the email already exists."""
add_user('test', '*****@*****.**', 'test')
# update user
user = User.query.filter_by(email='*****@*****.**').first()
user.admin = True
db.session.commit()
with self.client:
resp_login = self.client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
token = json.loads(resp_login.data.decode())['auth_token']
self.client.post('/api/users/',
data=json.dumps({
'username':
'******',
'email':
'*****@*****.**',
'password':
'******',
}),
content_type='application/json',
headers={'Authorization': f'Bearer {token}'})
token_two = json.loads(resp_login.data.decode())['auth_token']
response = self.client.post(
'/api/users/',
data=json.dumps({
'username': '******',
'email': '*****@*****.**',
'password': '******',
}),
content_type='application/json',
headers={'Authorization': f'Bearer {token_two}'})
data = json.loads(response.data.decode())
self.assertEqual(response.status_code, 409)
self.assertIn('Username already in use: test_me', data['message'])
def test_add_user(self):
"""Ensure a new user can be added to the database."""
add_user('test', '*****@*****.**', 'test')
# update user
user = User.query.filter_by(email='*****@*****.**').first()
user.admin = True
db.session.commit()
with self.client:
token = get_user_token(self.client, '*****@*****.**', 'test')
response = self.client.post(
'/api/users/',
data=json.dumps({
'username': '******',
'email': '*****@*****.**',
'password': '******',
}),
content_type='application/json',
headers={'Authorization': f'Bearer {token}'})
data = json.loads(response.data.decode())
self.assertEqual(response.status_code, 201)
self.assertIn('*****@*****.**', data['email'])
self.assertNotIn('password', data)
def test_invalid_logout_inactive(self):
add_user('test', '*****@*****.**', 'test')
# update user
with self.client:
resp_login = self.client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
token = json.loads(resp_login.data.decode())['auth_token']
user = User.query.filter_by(email='*****@*****.**').first()
user.is_active = False
db.session.commit()
response = self.client.get(
'/api/auth/logout',
headers={'Authorization': f'Bearer {token}'})
data = json.loads(response.data.decode())
self.assertIn("The user is not valid or has had access revoked",
data['message'])
self.assertEqual(response.status_code, 401)
def test_single_user(self):
"""Ensure get single user behaves correctly."""
user = add_user('test_me', '*****@*****.**',
'Downf0ryourRIGHTtoParty!')
with self.client:
token = get_user_token(self.client, '*****@*****.**',
'Downf0ryourRIGHTtoParty!')
response = self.client.get(
f'/api/users/{user.id}',
content_type='application/json',
headers={'Authorization': f'Bearer {token}'})
data = json.loads(response.data.decode())
self.assertEqual(response.status_code, 200)
self.assertIn('test_me', data['username'])
self.assertIn('*****@*****.**', data['email'])
def test_to_json(self):
user = add_user('testuser', '*****@*****.**',
'Downf0ryourRIGHTtoParty!')
self.assertTrue(isinstance(user.to_json(), dict))
def test_passwords_are_random(self):
user_one = add_user('testuser', '*****@*****.**',
'Downf0ryourRIGHTtoParty!')
user_two = add_user('testuser2', '*****@*****.**',
'Downf0ryourRIGHTtoParty!')
self.assertNotEqual(user_one.password, user_two.password)
