def test_users_resource(init_app):
"""Tests UsersResource"""
app = init_app
user_john = User.get_user_by_username("john")
with app.test_client() as client:
response_get_route_no_auth = client.get(
url_for("api_user_history", uuid=user_john.uuid))
assert response_get_route_no_auth.status_code == 401
login_payload_john = json.dumps({"login": "******", "password": "******"})
access_token_john = get_access_token(client, login_payload_john)
response_get_users_not_admin = client.get(
url_for("api_users"),
headers={"Authorization": "Bearer {0}".format(access_token_john)},
)
assert response_get_users_not_admin.status_code == 200
assert isinstance(response_get_users_not_admin.json, dict)
assert response_get_users_not_admin.json.get("username") == "john"
login_payload_admin = json.dumps({
"login": "******",
"password": "******"
})
access_token_admin = get_access_token(client, login_payload_admin)
response_get_users_admin = client.get(
url_for("api_users"),
headers={"Authorization": "Bearer {0}".format(access_token_admin)},
)
assert response_get_users_admin.status_code == 200
assert isinstance(response_get_users_admin.json, list)
def get(self):
"""
Creates access_token and refresh_token for the user
if user exists and login, password from the request match.
"""
data = LoginSchema().load(request.get_json())
login = data.get("login")
password = data.get("password")
user = User.get_user_by_username(login)
if user and user.check_password(
password
): # if login and password from the request match - return access_token
access_token = create_access_token(identity=user.uuid, fresh=True)
refresh_token = create_refresh_token(user.uuid)
decoded = decode_token(access_token)
return {
"access_token": access_token,
"refresh_token": refresh_token,
"fresh": decoded["fresh"],
"expires_in": decoded["exp"],
}, 200
# if user doesn't exist or login and password don't match - return 401
return {"message": "Unable to login."}, 401
def test_saving_deleting_to_db(setup_database):
"""Save and delete user from the database"""
db = setup_database
usr = User(username="******", password="******")
assert not db.session.query(User).filter_by(username="******").first()
usr.save_to_db()
assert User.get_user_by_username("susan")
usr.save_to_db()
assert len(db.session.query(User).filter_by(username="******").all()) == 1
usr.delete_from_db()
assert not User.get_user_by_username("susan")
prev_num_objects = len(db.session.query(User).all())
try:
usr_not_exist = User(username="******", password="******")
usr_not_exist.delete_from_db()
assert False # If user was deleted - something goes wrong
except ValueError: # Exception was raised - everything is OK
assert len(db.session.query(User).all()) == prev_num_objects
def post(self):
"""Creates new user and save it to the database. Available only for admin"""
curr_user = User.get_by_uuid(get_jwt_identity())
if curr_user.username != "admin":
return {"message": messages["access_denied"]}, 403
data = request.get_json()
user = RegisterSchema().load(data)
if User.get_user_by_username(data["username"]):
return {"message": "This user already exists."}, 400
try:
user.save_to_db()
return {"message": messages["success_register"]}, 201
except ValueError as e:
return {
"message": messages["failure"] + " Error - {0}".format(e)
}, 500
def test_user_history_resource(init_app):
"""Tests UserHistoryResource"""
app = init_app
user_john = User.get_user_by_username("john")
with app.test_client() as client:
response_get_route_no_auth = client.get(
url_for("api_user_history", uuid=user_john.uuid))
assert response_get_route_no_auth.status_code == 401
login_payload_john = json.dumps({"login": "******", "password": "******"})
access_token = get_access_token(client, login_payload_john)
response_get_user_history_wrong_uuid = client.get(
url_for("api_user_history", uuid=uuid4()),
headers={"Authorization": "Bearer {0}".format(access_token)},
)
assert response_get_user_history_wrong_uuid.status_code == 404
response_get_user_history_wrong_uuid = client.get(
url_for("api_user_history", uuid=user_john.uuid),
headers={"Authorization": "Bearer {0}".format(access_token)},
)
assert response_get_user_history_wrong_uuid.status_code == 200
def test_user_resource(init_app):
"""Tests UserResource"""
app = init_app
user_john = User.get_user_by_username("john")
user_andre = User.get_user_by_username("andre")
with app.test_client() as client:
# GET
response_get_route_no_headers_no_auth = client.get(
url_for("api_user_details", uuid=user_john.uuid))
assert response_get_route_no_headers_no_auth.status_code == 401
login_payload_john = json.dumps({"login": "******", "password": "******"})
access_token = get_access_token(client, login_payload_john)
response_get_user_route_john_uuid_andre = client.get(
url_for("api_user_details", uuid=user_andre.uuid),
headers={"Authorization": "Bearer {0}".format(access_token)},
)
assert response_get_user_route_john_uuid_andre.status_code == 403
response_get_user_route_john_uuid_john = client.get(
url_for("api_user_details", uuid=user_john.uuid),
headers={"Authorization": "Bearer {0}".format(access_token)},
)
assert response_get_user_route_john_uuid_john.status_code == 200
for key_ in ["name", "email", "phone"]:
assert key_ in response_get_user_route_john_uuid_john.json.keys()
login_payload_admin = json.dumps({
"login": "******",
"password": "******"
})
access_token = get_access_token(client, login_payload_admin)
response_get_user_route_admin_uuid_john = client.get(
url_for("api_user_details", uuid=user_john.uuid),
headers={"Authorization": "Bearer {0}".format(access_token)},
)
assert response_get_user_route_admin_uuid_john.status_code == 200
for key_ in ["name", "email", "phone"]:
assert key_ not in response_get_user_route_admin_uuid_john.json.keys(
)
response_get_user_route_admin_uuid_john = client.get(
url_for("api_user_details", uuid=uuid4()),
headers={"Authorization": "Bearer {0}".format(access_token)},
)
assert response_get_user_route_admin_uuid_john.status_code == 404
# POST
response_get_route_no_headers_no_auth = client.post(
url_for("api_user_details", uuid=user_john.uuid))
assert response_get_route_no_headers_no_auth.status_code == 401
login_payload_john = json.dumps({"login": "******", "password": "******"})
access_token = get_access_token(client, login_payload_john)
response_post_user_route_john_uuid_andre = client.post(
url_for("api_user_details", uuid=user_andre.uuid),
headers={"Authorization": "Bearer {0}".format(access_token)},
)
assert response_post_user_route_john_uuid_andre.status_code == 403
response_post_user_route_john_uuid_john_no_content = client.post(
url_for("api_user_details", uuid=user_john.uuid),
headers={"Authorization": "Bearer {0}".format(access_token)},
)
assert response_post_user_route_john_uuid_john_no_content.status_code == 400
response_post_user_route_john_uuid_john_invalid_card_code = client.post(
url_for("api_user_details", uuid=user_john.uuid),
headers={
"Authorization": "Bearer {0}".format(access_token),
"Content-Type": "application/json",
},
data=json.dumps({"code": "invalid"}),
)
assert response_post_user_route_john_uuid_john_invalid_card_code.status_code == 404
assert User.get_user_by_username("john").balance == 0
response_post_user_route_john_uuid_john_valid_card_code = client.post(
url_for("api_user_details", uuid=user_john.uuid),
headers={
"Authorization": "Bearer {0}".format(access_token),
"Content-Type": "application/json",
},
data=json.dumps({"code": "000001"}),
)
assert response_post_user_route_john_uuid_john_valid_card_code.status_code == 200
assert User.get_user_by_username("john").balance != 0
def test_auth_resource(init_app):
"""Tests AuthResource"""
app = init_app
with app.test_client() as client:
# GET
response_get_route_no_headers = client.get(url_for("api_auth"))
assert response_get_route_no_headers.status_code == 400
login_payload_john = json.dumps({"login": "******", "password": "******"})
response_get_route = client.get(
url_for("api_auth"),
headers={"Content-Type": "application/json"},
data=login_payload_john,
)
assert response_get_route.status_code == 200
for key_ in ["access_token", "refresh_token", "fresh", "expires_in"]:
assert key_ in response_get_route.json.keys()
assert response_get_route.json.get("fresh")
login_payload_not_found = json.dumps({
"login": "******",
"password": "******"
})
response_get_route_404 = client.get(
url_for("api_auth"),
headers={"Content-Type": "application/json"},
data=login_payload_not_found,
)
assert response_get_route_404.status_code == 401
# POST
register_payload = json.dumps({
"address": "St.Test",
"name": "Test Test",
"email": "*****@*****.**",
"password": "******",
"phone": "+380967711222",
"tariff": "50m",
"username": "******",
})
register_payload_non_unique = json.dumps({
"address": "St.Test",
"name": "Test Test",
"email": "*****@*****.**",
"password": "******",
"phone": "+380967711222",
"tariff": "50m",
"username": "******",
})
login_payload_admin = json.dumps({
"login": "******",
"password": "******"
})
login_payload_john = json.dumps({"login": "******", "password": "******"})
response_login_john = client.get(
url_for("api_auth"),
headers={"Content-Type": "application/json"},
data=login_payload_john,
)
assert response_login_john.status_code == 200
response_post_route_auth_not_admin = client.post(
url_for("api_auth"),
headers={
"Authorization":
"Bearer {0}".format(
response_login_john.json.get("access_token")),
"Content-Type":
"application/json",
},
data=register_payload,
)
assert response_post_route_auth_not_admin.status_code == 403
response_login_admin = client.get(
url_for("api_auth"),
headers={"Content-Type": "application/json"},
data=login_payload_admin,
)
assert response_login_admin.status_code == 200
access_token_admin = response_login_admin.json.get("access_token")
assert not User.get_user_by_username("test")
response_post_route_auth = client.post(
url_for("api_auth"),
headers={
"Authorization": "Bearer {0}".format(access_token_admin),
"Content-Type": "application/json",
},
data=register_payload,
)
assert response_post_route_auth.status_code == 201
assert User.get_user_by_username("test")
response_post_route_auth_user_exists = client.post(
url_for("api_auth"),
headers={
"Authorization": "Bearer {0}".format(access_token_admin),
"Content-Type": "application/json",
},
data=register_payload,
)
assert response_post_route_auth_user_exists.status_code == 400
response_post_route_auth_user_exists = client.post(
url_for("api_auth"),
headers={
"Authorization": "Bearer {0}".format(access_token_admin),
"Content-Type": "application/json",
},
data=register_payload_non_unique,
)
assert response_post_route_auth_user_exists.status_code == 500
def test_admin_tools_resource(init_app):
"""Tests AdminToolsResource"""
app = init_app
user = User.get_user_by_username("john")
user_to_del = User.get_user_by_username("test_del")
with app.test_client() as client:
response_get_route_no_auth = client.post(
url_for("api_admin_tools", uuid=user.uuid))
assert response_get_route_no_auth.status_code == 401
login_payload_john = json.dumps({"login": "******", "password": "******"})
login_payload_admin = json.dumps({
"login": "******",
"password": "******"
})
access_token_john = get_access_token(client, login_payload_john)
response_get_route_not_admin_auth = client.post(
url_for("api_admin_tools", uuid=user.uuid),
headers={"Authorization": "Bearer {0}".format(access_token_john)},
)
assert response_get_route_not_admin_auth.status_code == 403
access_token_admin = get_access_token(client, login_payload_admin)
response_get_route_admin_auth_no_content_type = client.post(
url_for("api_admin_tools", uuid=user.uuid),
headers={"Authorization": "Bearer {0}".format(access_token_admin)},
)
assert response_get_route_admin_auth_no_content_type.status_code == 400
response_get_route_admin_deactivate = client.post(
url_for("api_admin_tools", uuid=user.uuid),
headers={
"Authorization": "Bearer {0}".format(access_token_admin),
"Content-Type": "application/json",
},
data=json.dumps({"choice": "deactivate"}),
)
assert response_get_route_admin_deactivate.status_code == 200
assert user.state == State.deactivated_state.value
response_get_route_admin_activate = client.post(
url_for("api_admin_tools", uuid=user.uuid),
headers={
"Authorization": "Bearer {0}".format(access_token_admin),
"Content-Type": "application/json",
},
data=json.dumps({"choice": "activate"}),
)
assert response_get_route_admin_activate.status_code == 200
assert user.state == State.activated_state.value
response_get_route_admin_delete = client.post(
url_for("api_admin_tools", uuid=user_to_del.uuid),
headers={
"Authorization": "Bearer {0}".format(access_token_admin),
"Content-Type": "application/json",
},
data=json.dumps({"choice": "delete"}),
)
assert response_get_route_admin_delete.status_code == 200
assert not User.get_user_by_username("test_del")
response_get_route_admin_delete_no_user = client.post(
url_for("api_admin_tools", uuid=user_to_del.uuid),
headers={
"Authorization": "Bearer {0}".format(access_token_admin),
"Content-Type": "application/json",
},
data=json.dumps({"choice": "delete"}),
)
assert response_get_route_admin_delete_no_user.status_code == 500