def test_passwords(self):
p = make_password('testing')
self.assertTrue(check_password('testing', p))
self.assertFalse(check_password('testing ', p))
self.assertFalse(check_password('Testing', p))
self.assertFalse(check_password('', p))
p2 = make_password('Testing')
self.assertFalse(p == p2)
def test_create(self):
self.create_users()
new_pass = make_password('test')
user_data = {'username': '******', 'password': new_pass, 'email': ''}
serialized = json.dumps(user_data)
# authorized as an admin
resp = self.app.post('/api/user/', data=serialized, headers=self.auth_headers('admin', 'admin'))
self.assertEqual(resp.status_code, 200)
new_user = User.get(username='******')
self.assertTrue(check_password('test', new_user.password))
resp_json = self.response_json(resp)
self.assertAPIUser(resp_json, new_user)
def test_auth_create(self):
self.create_users()
new_pass = make_password('test')
user_data = {'username': '******', 'password': new_pass, 'email': ''}
serialized = json.dumps(user_data)
# this request is not authorized
resp = self.app.post('/api/user/', data=serialized)
self.assertEqual(resp.status_code, 401)
# authorized, but user does not exist in database
resp = self.app.post('/api/user/', data=serialized, headers=self.auth_headers('xxx', 'xxx'))
self.assertEqual(resp.status_code, 401)
# authorized, user in database, but not an administrator
resp = self.app.post('/api/user/', data=serialized, headers=self.auth_headers('normal', 'normal'))
self.assertEqual(resp.status_code, 401)
# authorized as an admin
resp = self.app.post('/api/user/', data=serialized, headers=self.auth_headers('admin', 'admin'))
self.assertEqual(resp.status_code, 200)
def set_password(self, password):
self.password = make_password(password)