def test_passwords(self): p = make_password('testing') self.assertTrue(check_password('testing', p)) self.assertFalse(check_password('testing ', p)) self.assertFalse(check_password('Testing', p)) self.assertFalse(check_password('', p)) p2 = make_password('Testing') self.assertFalse(p == p2)
def test_create(self): self.create_users() new_pass = make_password('test') user_data = {'username': '******', 'password': new_pass, 'email': ''} serialized = json.dumps(user_data) # authorized as an admin resp = self.app.post('/api/user/', data=serialized, headers=self.auth_headers('admin', 'admin')) self.assertEqual(resp.status_code, 200) new_user = User.get(username='******') self.assertTrue(check_password('test', new_user.password)) resp_json = self.response_json(resp) self.assertAPIUser(resp_json, new_user)
def test_auth_create(self): self.create_users() new_pass = make_password('test') user_data = {'username': '******', 'password': new_pass, 'email': ''} serialized = json.dumps(user_data) # this request is not authorized resp = self.app.post('/api/user/', data=serialized) self.assertEqual(resp.status_code, 401) # authorized, but user does not exist in database resp = self.app.post('/api/user/', data=serialized, headers=self.auth_headers('xxx', 'xxx')) self.assertEqual(resp.status_code, 401) # authorized, user in database, but not an administrator resp = self.app.post('/api/user/', data=serialized, headers=self.auth_headers('normal', 'normal')) self.assertEqual(resp.status_code, 401) # authorized as an admin resp = self.app.post('/api/user/', data=serialized, headers=self.auth_headers('admin', 'admin')) self.assertEqual(resp.status_code, 200)
def set_password(self, password): self.password = make_password(password)