def test_transfer_agreement_mutations_identical_source_org_for_creation(
read_only_client, ):
# Test case 2.2.14
mutation = """mutation { createTransferAgreement( creationInput: {
targetOrganisationId: 1,
type: Unidirectional
} ) { id } }"""
assert_bad_user_input(read_only_client, mutation)
def test_transfer_agreement_mutations_create_non_existent_target_org(
read_only_client):
# Test case 2.2.15
creation_input = "targetOrganisationId: 0"
mutation = f"""mutation {{ createTransferAgreement( creationInput: {{
{creation_input},
type: Bidirectional
}} ) {{ id }} }}"""
assert_bad_user_input(read_only_client, mutation)
def test_transfer_agreement_mutations_create_invalid_source_base(
read_only_client, kind, base_id):
# Test cases 2.2.18, 2.2.19
mutation = f"""mutation {{ createTransferAgreement( creationInput: {{
targetOrganisationId: 2,
{kind}BaseIds: [{base_id}],
type: Bidirectional
}} ) {{ id }} }}"""
assert_bad_user_input(read_only_client, mutation)
def test_shipment_mutations_create_non_existent_resource(
read_only_client, default_bases):
# Test case 3.2.5
mutation = _generate_create_shipment_mutation(
source_base=default_bases[1],
target_base=default_bases[3],
agreement={"id": 0},
)
assert_bad_user_input(read_only_client, mutation)
def test_transfer_agreement_mutations_invalid_state(read_only_client, mocker,
expired_transfer_agreement,
action):
# The client has to be permitted to perform the action in general
mocker.patch("jose.jwt.decode").return_value = create_jwt_payload(
organisation_id=expired_transfer_agreement["target_organisation"],
user_id=2)
# Test cases 2.2.11, 2.2.12, 2.2.13
agreement_id = expired_transfer_agreement["id"]
mutation = f"mutation {{ {action}TransferAgreement(id: {agreement_id}) {{ id }} }}"
assert_bad_user_input(read_only_client, mutation)
def test_code_not_associated_with_box(read_only_client, qr_code_without_box):
code = qr_code_without_box["code"]
query = f"""query {{ qrCode(qrCode: "{code}") {{ box {{ id }} }} }}"""
response = assert_bad_user_input(read_only_client,
query,
value={"box": None})
assert "SQL" not in response.json["errors"][0]["message"]
def test_mutation_update_non_existent_resource(read_only_client, operation):
# Test cases 3.2.21
if operation == "updateBox":
update_input = """boxUpdateInput: { labelIdentifier: "xxx" }"""
else:
update_input = "updateInput: { id: 0 }"
mutation = f"mutation {{ {operation}({update_input}) {{ id }} }}"
response = assert_bad_user_input(read_only_client, mutation, field=operation)
assert "SQL" not in response.json["errors"][0]["message"]
def test_qr_code_mutation(client, box_without_qr_code):
mutation = "mutation { createQrCode { id } }"
qr_code = assert_successful_request(client, mutation)
qr_code_id = int(qr_code["id"])
assert qr_code_id > 2
mutation = f"""mutation {{
createQrCode(boxLabelIdentifier: "{box_without_qr_code['label_identifier']}")
{{
id
box {{
id
items
}}
}}
}}"""
created_qr_code = assert_successful_request(client, mutation)
assert int(created_qr_code["id"]) == qr_code_id + 1
assert created_qr_code["box"]["items"] == box_without_qr_code["items"]
assert int(created_qr_code["box"]["id"]) == box_without_qr_code["id"]
assert_bad_user_input(
client,
"""mutation { createQrCode(boxLabelIdentifier: "xxx") { id } }""")
def test_shipment_mutations_in_non_preparing_state(read_only_client,
canceled_shipment, act):
# Test cases 3.2.9, 3.2.13
mutation = f"mutation {{ {act}Shipment(id: {canceled_shipment['id']}) {{ id }} }}"
assert_bad_user_input(read_only_client, mutation)
def assert_bad_user_input_when_updating_shipment(client, **kwargs):
mutation = _generate_update_shipment_mutation(**kwargs)
assert_bad_user_input(client, mutation)
def test_code_does_not_exist(read_only_client):
query = """query { qrCode(qrCode: "-1") { id } }"""
response = assert_bad_user_input(read_only_client, query)
assert "SQL" not in response.json["errors"][0]["message"]
def test_query_non_existent_resource_for_god_user(read_only_client, mocker, resource):
# Non-god users would not be authorized to access resource ID 0
mocker.patch("jose.jwt.decode").return_value = create_jwt_payload(permissions=["*"])
query = f"query {{ {resource}(id: 0) {{ id }} }}"
response = assert_bad_user_input(read_only_client, query, field=resource)
assert "SQL" not in response.json["errors"][0]["message"]
def test_query_non_existent_resource(read_only_client, resource):
# Test cases 2.1.4, 3.1.3
query = f"query {{ {resource}(id: 0) {{ id }} }}"
response = assert_bad_user_input(read_only_client, query, field=resource)
assert "SQL" not in response.json["errors"][0]["message"]
def test_invalid_pagination_input(read_only_client):
query = """query { beneficiaries(paginationInput: {last: 2}) {
elements { id }
} }"""
assert_bad_user_input(read_only_client, query, none_data=True)
def test_mutation_non_existent_resource(read_only_client, operation):
# Test cases 2.2.4, 2.2.6, 2.2.8, 3.2.8, 3.2.12
mutation = f"mutation {{ {operation}(id: 0) {{ id }} }}"
response = assert_bad_user_input(read_only_client, mutation, field=operation)
assert "SQL" not in response.json["errors"][0]["message"]
