def test_can_delete(db, monkeypatch):
db.create_all()
user = User(email="*****@*****.**")
user.save()
def fake_request():
return {"user": user}
monkeypatch.setattr("starlette_audit.tables.get_request", fake_request)
obj = MyModel(name="foo")
obj.save()
id = obj.id
obj.delete()
logs = AuditLog.query.filter(AuditLog.entity_type == "mymodel",
AuditLog.entity_type_id == id).all()
# all logs should remain intact after deleting
assert len(logs) == 2
assert logs[0].data == {"id": id, "name": "foo"}
assert logs[0].extra_data == {}
assert logs[0].operation == "INSERT"
assert logs[0].created_by_id == user.id
assert logs[1].data == {"id": id, "name": "foo"}
assert logs[1].extra_data == {}
assert logs[1].operation == "DELETE"
assert logs[1].created_by_id == user.id
def test_can_update(db, monkeypatch):
db.create_all()
user = User(email="*****@*****.**")
user.save()
def fake_request():
return {"user": user}
monkeypatch.setattr("starlette_audit.tables.get_request", fake_request)
obj = MyModel(name="foo")
obj.save()
obj.name = "bar"
obj.save()
id = obj.id
logs = AuditLog.query.filter(AuditLog.entity_type == "mymodel",
AuditLog.entity_type_id == id).all()
assert len(logs) == 2
assert logs[1].data == {"id": id, "name": "bar"}
assert logs[1].extra_data == {}
assert logs[1].operation == "UPDATE"
assert logs[1].created_by_id == user.id
def user():
data = {"email": "*****@*****.**", "first_name": "Test", "last_name": "User"}
try:
return db_session.query(User).query.filter(User.email == data["email"]).one()
except:
usr = User(**data)
usr.set_password("password")
db_session.add(usr)
db_session.commit()
return usr
def test_scoped_endpoints(session):
user = User(email="*****@*****.**")
user.set_password("password")
read_scope = Scope(code="read")
write_scope = Scope(code="write")
session.add_all([user, read_scope, write_scope])
session.flush()
app = create_app()
with TestClient(app) as client:
assert client.get("/unauthed").status_code == 200
assert client.get("/authed").status_code == 403
assert client.get("/read").status_code == 403
assert client.get("/write").status_code == 403
login = client.post("/auth/login",
data={
"email": "*****@*****.**",
"password": "******"
})
assert login.status_code == 302
assert client.get("/unauthed").status_code == 403
assert client.get("/authed").status_code == 200
assert client.get("/read").status_code == 403
assert client.get("/write").status_code == 403
user.scopes.append(read_scope)
session.add(user)
session.flush()
assert client.get("/unauthed").status_code == 403
assert client.get("/authed").status_code == 200
assert client.get("/read").status_code == 200
assert client.get("/write").status_code == 403
user.scopes.append(write_scope)
session.add(user)
session.flush()
assert client.get("/unauthed").status_code == 403
assert client.get("/authed").status_code == 200
assert client.get("/read").status_code == 200
assert client.get("/write").status_code == 200
def test_model_data():
user = User(**data)
assert user.email == "*****@*****.**"
assert user.first_name == "Me"
assert user.last_name == "Jones"
assert user.is_active is True
assert user.password is None
def user():
data = {"email": "*****@*****.**", "first_name": "Test", "last_name": "User"}
try:
return User.query.filter(User.email == data["email"]).one()
except:
usr = User(**data)
usr.set_password("password")
usr.save()
return usr
def user():
from starlette_auth.tables import User # noqa isort:skip
data = {
"email": "*****@*****.**",
"first_name": "Test",
"last_name": "User"
}
try:
return User.query.filter(email == data["email"]).one()
except:
usr = User(**data)
usr.set_password("password")
usr.save()
return usr
def test_password():
user = User(**data)
user.set_password("password")
assert user.check_password("password")
def test_str():
user = User(**data)
assert str(user) == "*****@*****.**"
def test_display_name():
user = User(**data)
assert user.display_name == "Me Jones"
def user():
test_user = User(email="*****@*****.**")
test_user.set_password("password")
test_user.save()
return test_user
def get_user(self, conn):
return User(first_name="tom", last_name="jones", is_active=False)