Пример #1
0
 def test_get_favorites_pass2__wrong(self):
     """Forced case where a users uses the password of another user."""
     user1 = add_user(USER1, PASS1)
     user2 = add_user(None, PASS2)  # noqa: F841
     resp = open_with_auth(self.app, API_ENDPOINT.format('favorites/'),
                           'GET', user1.email, PASS2, None, None)
     assert resp.status_code == UNAUTHORIZED
Пример #2
0
    def setup_method(self):
        super(TestUserSchema, self).setup_method()
        # Setup the same mock database data for every test
        self.user1 = add_user(
            **USER_TEST_DICT,
            id='cfe57aa6-76c6-433d-93fe-443363978904',
        )
        self.addr1 = add_address(
            self.user1,
            id='e8c4607a-a271-423f-981b-1aaefdac87e8',
        )

        self.order1 = Order.create(delivery_address=self.addr1, user=self.user1,
                                   uuid='4cefa833-2f45-4662-b2fc-083ddad4f7a3',
                                   created_at=datetime(2017, 5, 1, 3, 5, 57),
                                   )
        self.order2 = Order.create(delivery_address=self.addr1, user=self.user1,
                                   uuid='8d449938-5745-4489-ab32-89dc8178e347',
                                   created_at=datetime(2017, 5, 1, 11, 16, 25),
                                   )

        # User 2 has no relationships, just a plain user
        self.user2 = add_user(
            first_name="Monty",
            last_name="Python",
            email="*****@*****.**",
            password="******",
            id='94495ece-559b-4b3a-87ed-799259c921bf',
        )
Пример #3
0
    def test_get_users_list_authenticated_not_admin__unauthorized(self):
        add_user(None, TEST_USER_PSW)

        user = add_user(None, TEST_USER_PSW)
        resp = open_with_auth(self.app, API_ENDPOINT.format('users/'), 'GET',
                              user.email, TEST_USER_PSW, None, None)

        assert user.admin is False
        assert resp.status_code == UNAUTHORIZED
Пример #4
0
    def test_create_order__failure_user_auth(self):
        Item.create(
            uuid='429994bf-784e-47cc-a823-e0c394b823e8',
            name='mario',
            price=20.20,
            description='svariati mariii',
            availability=4,
            category='scarpe',
        )
        Item.create(
            uuid='577ad826-a79d-41e9-a5b2-7955bcf03499',
            name='GINO',
            price=30.20,
            description='svariati GINIIIII',
            availability=10,
            category='scarpe',
        )
        user = add_user('*****@*****.**',
                        TEST_USER_PSW,
                        id='e736a9a6-448b-4b92-9e38-4cf745b066db')
        other_user = add_user('*****@*****.**',
                              TEST_USER_PSW,
                              id='d41ad9db-9d60-45c6-9fa6-51f66cd3d99a')
        add_address(user=user, id='8473fbaa-94f0-46db-939f-faae898f001c')

        order = {
            'relationships': {
                'items': [{
                    'id': '429994bf-784e-47cc-a823-e0c394b823e8',
                    'type': 'item',
                    'quantity': 4
                }, {
                    'id': '577ad826-a79d-41e9-a5b2-7955bcf03499',
                    'type': 'item',
                    'quantity': 10
                }],
                'delivery_address': {
                    'type': 'address',
                    'id': '8473fbaa-94f0-46db-939f-faae898f001c'
                },
                'user': {
                    'type': 'user',
                    'id': str(other_user.uuid)
                }
            }
        }
        data = format_jsonapi_request('order', order)

        path = 'orders/'
        resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'POST',
                              user.email, TEST_USER_PSW, 'application/json',
                              json.dumps(data))

        assert resp.status_code == UNAUTHORIZED
        assert len(Order.select()) == 0
        assert len(OrderItem.select()) == 0
Пример #5
0
    def test_delete_user__success(self):
        email = '*****@*****.**'
        add_user(email, TEST_USER_PSW)

        user_path = 'users/'
        resp = open_with_auth(self.app, API_ENDPOINT.format(user_path),
                              'DELETE', email, TEST_USER_PSW, None, None)

        assert resp.status_code == NO_CONTENT
        assert User.select().count() == 0
Пример #6
0
    def test_get_users_otherme__success(self):
        email = '*****@*****.**'
        add_user(email, TEST_USER_PSW)

        email2 = '*****@*****.**'

        resp = open_with_auth(self.app, API_ENDPOINT.format('users/me/'), 'GET',
                              email2, TEST_USER_PSW, None, None)

        assert resp.status_code == UNAUTHORIZED
Пример #7
0
    def test_update_order__failure_not_own_order(self):
        item1 = Item.create(
            uuid='429994bf-784e-47cc-a823-e0c394b823e8',
            name='mario',
            price=20.20,
            description='svariati mariii',
            availability=5,
            category='scarpe',
        )
        item2 = Item.create(
            uuid='577ad826-a79d-41e9-a5b2-7955bcf03499',
            name='GINO',
            price=30.20,
            description='svariati GINIIIII',
            availability=2,
            category='accessori',
        )

        user = add_user('*****@*****.**', TEST_USER_PSW)
        addr = add_address(user=user,
                           id='429994bf-784e-47cc-a823-e0c394b823e8')

        order = Order.create(delivery_address=addr,
                             user=user).add_item(item1, 2).add_item(item2)

        post_data = {
            'relationships': {
                'items': [{
                    'id': '429994bf-784e-47cc-a823-e0c394b823e8',
                    'type': 'item',
                    'quantity': 5
                }, {
                    'id': '577ad826-a79d-41e9-a5b2-7955bcf03499',
                    'type': 'item',
                    'quantity': 1
                }],
                'delivery_address': {
                    'type': 'address',
                    'id': '429994bf-784e-47cc-a823-e0c394b823e8'
                },
                'user': {
                    'type': 'user',
                    'id': '90c3e1c1-b51c-4224-b69d-17f84f6a8dfc'
                }
            }
        }
        post_data = format_jsonapi_request('order', post_data)
        user_B = add_user('*****@*****.**', TEST_USER_PSW)
        path = 'orders/{}'.format(order.uuid)
        resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'PATCH',
                              user_B.email, TEST_USER_PSW, 'application/json',
                              json.dumps(post_data))

        assert resp.status_code == UNAUTHORIZED
Пример #8
0
    def test_delete_alien_favorites__fail(self):
        user1 = add_user(USER1, PASS1)
        user2 = add_user(USER2, PASS2)
        item = add_item()
        favorite = add_favorite(user2, item)
        user_path = 'favorites/{}'.format(str(favorite.uuid))
        resp = open_with_auth(self.app, API_ENDPOINT.format(user_path),
                              'DELETE', user1.email, PASS1, None, None)

        assert resp.status_code == NOT_FOUND
        assert Favorite.select().count() == 1
Пример #9
0
    def test_delete_user_other_user__fail(self):
        user_A = add_user('*****@*****.**', TEST_USER_PSW)
        user_B = add_user('*****@*****.**', TEST_USER_PSW)

        path = 'users/'
        resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'DELETE',
                              user_B.uuid, TEST_USER_PSW, None, None)

        assert resp.status_code == UNAUTHORIZED
        assert User.get(User.email == user_A.email)
        assert User.exists(user_A.email)
        assert User.select().count() == 2
Пример #10
0
    def test_patch_user_other_user__fail(self):
        email = '*****@*****.**'
        add_user(email, TEST_USER_PSW)

        email2 = '*****@*****.**'

        post_data = format_jsonapi_request('user', {'first_name': 'new-first-name'})
        content_type = 'application/json'
        user_path = 'users/'
        resp = open_with_auth(self.app, API_ENDPOINT.format(user_path), 'PATCH',
                              email2, TEST_USER_PSW, content_type, json.dumps(post_data))
        assert resp.status_code == UNAUTHORIZED
Пример #11
0
    def test_get_users_list__success(self):
        user = add_admin_user('*****@*****.**', TEST_USER_PSW)
        add_user('*****@*****.**', TEST_USER_PSW,
                 id='4373d5d7-cae5-42bc-b218-d6fc6d18626f')
        add_user('*****@*****.**', TEST_USER_PSW,
                 id='9630b105-ca99-4a27-a51d-ab3430bf52d1')

        resp = open_with_auth(self.app, API_ENDPOINT.format('users/'), 'GET',
                              user.email, TEST_USER_PSW, None, None)

        assert resp.status_code == OK
        expected_result = EXPECTED_RESULTS['get_users_list__success']
        assert_valid_response(resp.data, expected_result)
Пример #12
0
 def test_get_favorites2__success(self):
     user = add_user(USER1, PASS1)
     user2 = add_user(USER2, PASS2)
     item = add_item()
     item2 = add_item()
     item3 = add_item()
     add_favorite(user, item)
     add_favorite(user2, item2)
     add_favorite(user, item3)
     resp = open_with_auth(self.app, API_ENDPOINT.format('favorites/'),
                           'GET', user.email, PASS1, None, None)
     assert resp.status_code == OK
     expected_result = EXPECTED_RESULTS['get_favorites2__success']
     assert_valid_response(resp.data, expected_result)
Пример #13
0
    def test_post_new_user_email_exists__fail(self):
        add_user('*****@*****.**', TEST_USER_PSW)
        user = format_jsonapi_request('user', {
            'first_name': 'Mario',
            'last_name': 'Rossi',
            'email': '*****@*****.**',
            'password': '******',
        })
        resp = self.app.post(API_ENDPOINT.format('users/'),
                             data=json.dumps(user),
                             content_type='application/json')

        assert resp.status_code == CONFLICT
        assert json.loads(resp.data)['message'] == 'email already present.'
        assert User.select().count() == 1
Пример #14
0
    def test_update_order__failure_non_existing(self):
        user = add_user('*****@*****.**', TEST_USER_PSW)
        addr = add_address(user=user,
                           id='429994bf-784e-47cc-a823-e0c394b823e8')
        Order.create(delivery_address=addr, user=user)

        order_uuid = str(uuid4())

        order = {
            'relationships': {
                'items': [
                    {
                        'id': '429994bf-784e-47cc-a823-e0c394b823e8',
                        'type': 'item',
                        'quantity': 5
                    },
                ],
            }
        }
        data = format_jsonapi_request('order', order)

        path = 'orders/{}'.format(order_uuid)
        resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'PATCH',
                              '*****@*****.**', TEST_USER_PSW,
                              'application/json', json.dumps(data))

        assert resp.status_code == NOT_FOUND
Пример #15
0
    def test_update_order_empty_items_list__fail(self):
        item1 = Item.create(
            uuid='429994bf-784e-47cc-a823-e0c394b823e8',
            name='mario',
            price=20.20,
            description='svariati mariii',
            availability=2,
            category='scarpe',
        )
        user = add_user('*****@*****.**', TEST_USER_PSW)
        addr = add_address(user=user,
                           id='429994bf-784e-47cc-a823-e0c394b823e8')

        order = Order.create(delivery_address=addr,
                             user=user).add_item(item1, 2)

        order_uuid = str(order.uuid)

        order_data = {
            "order": {
                "uuid": order_uuid,
                'items': [],
                'delivery_address': '429994bf-784e-47cc-a823-e0c394b823e8',
                'user': str(user.uuid)
            }
        }
        path = 'orders/{}'.format(order_uuid)
        resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'PATCH',
                              '*****@*****.**', TEST_USER_PSW,
                              'application/json', json.dumps(order_data))

        assert resp.status_code == BAD_REQUEST
        assert len(order.order_items) == 1
Пример #16
0
    def test_put_address__success(self):
        addr_id = '943d754e-5826-4d5c-b878-47edc478b789'
        user = add_user('*****@*****.**',
                        '123',
                        id='943d754e-5826-4d5c-b878-47edc478b789')
        add_address(user,
                    city="Firenze",
                    post_code='50132',
                    address="Via Rossi 10",
                    id=addr_id)
        addr1 = new_addr(user,
                         city="Roma",
                         post_code="10000",
                         address="Via Bianchi 20")

        addr1 = format_jsonapi_request('address', addr1)

        resp = open_with_auth(self.app,
                              '/addresses/{}'.format(addr_id),
                              'PATCH',
                              user.email,
                              TEST_USER_PSW,
                              data=json.dumps(addr1),
                              content_type='application/json')

        assert resp.status_code == OK
        upd_addr = Address.get(Address.uuid == addr_id).json()
        expected_result = EXPECTED_RESULTS['put_address__success']
        # Check that the response data is what is expected and is also
        # the same as what has ben actually saved
        assert_valid_response(resp.data, expected_result)
        assert expected_result == json.loads(upd_addr)
Пример #17
0
    def test_update_order__non_existing_items(self):
        item1 = Item.create(
            uuid='429994bf-784e-47cc-a823-e0c394b823e8',
            name='mario',
            price=20.20,
            description='svariati mariii',
            availability=2,
            category='scarpe',
        )
        item2 = Item.create(
            uuid='577ad826-a79d-41e9-a5b2-7955bcf03499',
            name='GINO',
            price=30.20,
            description='svariati GINIIIII',
            availability=1,
            category='accessori',
        )

        user = add_user('*****@*****.**', TEST_USER_PSW)
        addr = add_address(user=user)
        add_address(user=user, id='429994bf-784e-47cc-a823-e0c394b823e8')

        order1 = Order.create(delivery_address=addr, user=user)
        order1.add_item(item1, 2).add_item(item2)
        order_item_before = [o.json() for o in OrderItem.select()]
        # order_uuid = str(order1.uuid)

        order = {
            'relationships': {
                'items': [{
                    'id': '577ad826-a79d-41e9-a5b2-7955bcf00000',
                    'type': 'item',
                    'quantity': 1
                }, {
                    'id': '577ad826-a79d-41e9-a5b2-7955bcf2222',
                    'type': 'item',
                    'quantity': 1
                }, {
                    'id': '577ad826-a79d-41e9-a5b2-7955bcf9999',
                    'type': 'item',
                    'quantity': 2
                }],
                'delivery_address': {
                    'type': 'address',
                    'id': '429994bf-784e-47cc-a823-e0c394b823e8'
                },
                'user': {
                    'type': 'user',
                    'id': '86ba7e70-b3c0-4c9c-8d26-a14f49360e47'
                }
            }
        }
        data = format_jsonapi_request('order', order)
        path = 'orders/{}'.format(order1.uuid)
        resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'PATCH',
                              user.email, TEST_USER_PSW, 'application/json',
                              json.dumps(data))
        order_item_after = [o.json() for o in OrderItem.select()]
        assert resp.status_code == BAD_REQUEST
        assert order_item_before == order_item_after
Пример #18
0
    def test_get_addresses__empty(self):
        user = add_user('*****@*****.**', TEST_USER_PSW)

        resp = open_with_auth(self.app, '/addresses/', 'GET', user.email,
                              TEST_USER_PSW, None, None)
        assert resp.status_code == OK
        assert json.loads(resp.data) == []
Пример #19
0
 def setup_method(self):
     super(TestOrderSchema, self).setup_method()
     # Mock data for tests
     self.user = add_user(
         **USER_TEST_DICT, id='cfe57aa6-76c6-433d-93fe-443363978904',
     )
     self.addr = add_address(
         self.user, id='27e375f4-3d54-458c-91e4-d8a4fdf3b032',
     )
     self.item1 = Item.create(
         uuid='25da606b-dbd3-45e1-bb23-ff1f84a5622a',
         name='Item 1',
         description='Item 1 description',
         price=5.24,
         availability=10,
         category='scarpe',
     )
     self.item2 = Item.create(
         uuid='08bd8de0-a4ac-459d-956f-cf6d8b8a7507',
         name='Item 2',
         description='Item 2 description',
         price=8,
         availability=10,
         category='scarpe',
     )
Пример #20
0
    def test_update_order__failure_non_existing_empty_orders(self):
        user = add_user('*****@*****.**', TEST_USER_PSW)
        add_address(user=user, id='429994bf-784e-47cc-a823-e0c394b823e8')

        uuid = str(uuid4())

        order = {
            "order": {
                'items': [{
                    'id': '429994bf-784e-47cc-a823-e0c394b823e8',
                    'type': 'item',
                    'quantity': 5
                }, {
                    'id': '577ad826-a79d-41e9-a5b2-7955bcf03499',
                    'type': 'item',
                    'quantity': 1
                }],
                'delivery_address':
                '429994bf-784e-47cc-a823-e0c394b823e8',
                'user':
                '******'
            }
        }
        data = format_jsonapi_request('order', order)
        path = '/orders/{}'.format(uuid)
        resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'PATCH',
                              '*****@*****.**', TEST_USER_PSW,
                              'application/json', json.dumps(data))

        assert resp.status_code == NOT_FOUND
Пример #21
0
    def test_get_order__non_existing(self):
        user = add_user(None, TEST_USER_PSW)
        addr = add_address(user=user)
        Order.create(delivery_address=addr, user=user)

        resp = self.app.get('/orders/{}'.format(uuid4()))
        assert resp.status_code == NOT_FOUND
Пример #22
0
    def test_get_orders__success(self):
        item = Item.create(
            uuid='429994bf-784e-47cc-a823-e0c394b823e8',
            name='mario',
            price=20.20,
            description='svariati mariii',
            availability=12,
            category='accessori',
        )
        user = add_user(None,
                        TEST_USER_PSW,
                        id='f3f72634-7054-43ef-9119-9e8f54a9531e')
        addr = add_address(user=user,
                           id='85c6cba6-3ddd-4847-9d07-1337ff4e8506')
        Order.create(delivery_address=addr,
                     user=user,
                     uuid='06451e0a-8fa2-40d2-8c51-1af50d369ca6').add_item(
                         item, 2)

        Order.create(delivery_address=addr,
                     user=user,
                     uuid='429994bf-784e-47cc-a823-e0c394b823e8').add_item(
                         item, 5)

        resp = self.app.get('/orders/')

        expected_result = EXPECTED_RESULTS['get_orders__success']

        assert resp.status_code == OK
        assert_valid_response(resp.data, expected_result)
Пример #23
0
    def test_delete_order__failure_non_existing_empty_orders(self):
        user = add_user('*****@*****.**', TEST_USER_PSW)

        path = 'orders/{}'.format(str(uuid4()))
        resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'DELETE',
                              user.email, TEST_USER_PSW, None, None)
        assert resp.status_code == NOT_FOUND
Пример #24
0
    def test_delete_order__success_admin_not_own_order(self):
        user = add_user('*****@*****.**', TEST_USER_PSW)
        addr_A = add_address(user=user)
        addr_B = add_address(user=user)

        item1 = Item.create(
            uuid='429994bf-784e-47cc-a823-e0c394b823e8',
            name='mario',
            price=20.20,
            description='svariati mariii',
            availability=2,
            category='scarpe',
        )
        order1 = Order.create(delivery_address=addr_A, user=user)
        order1.add_item(item1, 2)

        order2 = Order.create(delivery_address=addr_B, user=user)

        user_B = add_admin_user('*****@*****.**', TEST_USER_PSW)
        path = 'orders/{}'.format(order1.uuid)
        resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'DELETE',
                              user_B.email, TEST_USER_PSW, None, None)

        assert resp.status_code == NO_CONTENT
        assert len(Order.select()) == 1
        assert len(OrderItem.select()) == 0
        assert Order.get(uuid=order2.uuid)
Пример #25
0
 def test_post_favorites2__fail(self):
     user = add_user(USER1, PASS1)
     data = {"data": {"type": "favorite", "attributes": {"item_uuid": ""}}}
     resp = open_with_auth(self.app, API_ENDPOINT.format('favorites/'),
                           'POST', user.email, PASS1, 'application/json',
                           json.dumps(data))
     assert resp.status_code == BAD_REQUEST
     assert Favorite.select().count() == 0
Пример #26
0
    def test_delete_user_auth_does_not_exists__fail(self):
        user = add_user(None, TEST_USER_PSW)

        path = 'users/'
        resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'DELETE',
                              '*****@*****.**', 'unused_psw', None, None)

        assert resp.status_code == UNAUTHORIZED
        assert User.exists(user.email)
Пример #27
0
    def test_create_order__success(self):
        Item.create(
            uuid='429994bf-784e-47cc-a823-e0c394b823e8',
            name='mario',
            price=20.20,
            description='svariati mariii',
            availability=4,
            category='scarpe',
        )
        Item.create(
            uuid='577ad826-a79d-41e9-a5b2-7955bcf03499',
            name='GINO',
            price=30.20,
            description='svariati GINIIIII',
            availability=10,
            category='accessori',
        )
        user = add_user('*****@*****.**',
                        TEST_USER_PSW,
                        id='e736a9a6-448b-4b92-9e38-4cf745b066db')
        add_address(user=user, id='8473fbaa-94f0-46db-939f-faae898f001c')

        order = {
            'relationships': {
                'items': [{
                    'id': '429994bf-784e-47cc-a823-e0c394b823e8',
                    'type': 'item',
                    'quantity': 4
                }, {
                    'id': '577ad826-a79d-41e9-a5b2-7955bcf03499',
                    'type': 'item',
                    'quantity': 10
                }],
                'delivery_address': {
                    'type': 'address',
                    'id': '8473fbaa-94f0-46db-939f-faae898f001c'
                },
                'user': {
                    'type': 'user',
                    'id': 'e736a9a6-448b-4b92-9e38-4cf745b066db'
                }
            }
        }
        data = format_jsonapi_request('order', order)

        path = 'orders/'
        resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'POST',
                              user.email, TEST_USER_PSW, 'application/json',
                              json.dumps(data))

        assert resp.status_code == CREATED

        assert len(Order.select()) == 1
        assert len(OrderItem.select()) == 2
        order = Order.get()
        expected_result = EXPECTED_RESULTS['create_order__success']
        assert_valid_response(resp.data, expected_result)
Пример #28
0
    def test_patch_change1user_attribute__success(self):
        email = '*****@*****.**'
        add_user(email, TEST_USER_PSW)

        post_data = format_jsonapi_request('user', {'first_name': 'new-first-name'})
        content_type = 'application/json'
        user_path = 'users/'
        resp = open_with_auth(self.app, API_ENDPOINT.format(user_path), 'PATCH',
                              email, TEST_USER_PSW, content_type, json.dumps(post_data))

        assert resp.status_code == OK

        expected_result = EXPECTED_RESULTS['patch_change1user_attribute__success']
        assert_valid_response(resp.data, expected_result)

        assert User.select().count() == 1
        assert User.get().admin is False
        assert User.get().first_name == 'new-first-name'
Пример #29
0
    def test_update_order__non_existing_address(self):
        item1 = Item.create(
            uuid='429994bf-784e-47cc-a823-e0c394b823e8',
            name='mario',
            price=20.20,
            description='svariati mariii',
            availability=2,
            category='scarpe',
        )
        item2 = Item.create(
            uuid='577ad826-a79d-41e9-a5b2-7955bcf03499',
            name='GINO',
            price=30.20,
            description='svariati GINIIIII',
            availability=1,
            category='accessori',
        )

        user = add_user('*****@*****.**', TEST_USER_PSW)
        addr_A = add_address(user=user)

        order1 = Order.create(delivery_address=addr_A,
                              user=user).add_item(item1, 2).add_item(item2)
        order_item_before = order1.order_items

        order = {
            'relationships': {
                'items': [
                    {
                        'id': '577ad826-a79d-41e9-a5b2-7955bcf00000',
                        'type': 'item',
                        'quantity': 1
                    },
                    {
                        'id': '577ad826-a79d-41e9-a5b2-7955bcf2222',
                        'type': 'item',
                        'quantity': 1
                    },
                ],
                'delivery_address': {
                    'type': 'address',
                    'id': '817c8747-dfb7-4c2d-8a24-82dae23d250b',
                },
                'user': {
                    'type': 'user',
                    'id': str(user.uuid),
                }
            }
        }
        data = format_jsonapi_request('order', order)
        path = 'orders/{}'.format(order1.uuid)
        resp = open_with_auth(self.app, API_ENDPOINT.format(path), 'PATCH',
                              '*****@*****.**', TEST_USER_PSW,
                              'application/json', json.dumps(data))

        assert resp.status_code == BAD_REQUEST
        assert order_item_before == order1.order_items
Пример #30
0
    def test_delete_favorites__fail(self):
        user = add_user(USER1, PASS1)
        item = add_item()
        favorite = add_favorite(user, item)
        user_path = 'favorites/{}'.format(str(favorite.uuid))
        resp = open_with_auth(self.app, API_ENDPOINT.format(user_path),
                              'DELETE', user.email, PASS2, None, None)

        assert resp.status_code == UNAUTHORIZED