def create_user():
try:
data = get_request_data(
request,
required_params=["email", "password"],
)
except (ValueError, TypeError) as e:
return handle_error(
message="%s: %s" % (request.url, str(e)),
logger=logger,
status_code=422,
)
email = data["email"]
password = data["password"]
firstName = data.get("firstName", None)
lastName = data.get("lastName", None)
userType = data.get("userType", None)
db = DatabaseService()
try:
db.save_user(
email=email,
password=password,
firstName=firstName,
lastName=lastName,
userType=userType,
)
except SQLIntegrityError:
return make_response("User %s already exists" % data["email"], 409)
return make_response("OK", 200)
def test_login_returns_401_with_invalid_credentials(self):
db = DatabaseService()
email = "*****@*****.**"
password = "******"
db.save_user(email=email, password=password)
data = json.dumps({"email": email, "password": "******"})
result = self.app.post("/api/v1/login", data=data)
self.assertEqual(result.status_code, 401)
def test_login_handles_email_with_different_create_and_login_casing(self):
db = DatabaseService()
email = "*****@*****.**"
uppercaseEmail = "*****@*****.**"
password = "******"
db.save_user(email=email, password=password)
data = json.dumps({"email": uppercaseEmail, "password": password})
result = self.app.post("/api/v1/login", data=data)
self.assertEqual(result.status_code, 200)
def test_reset_password_updates_password(self):
email = "*****@*****.**"
token = "testtoken"
password1 = "testpassword1"
password2 = "testpassword2"
db = DatabaseService()
db.save_user(email=email, password=password1)
db.save_reset_token(email=email, token=token)
data = json.dumps({
"token": token,
"password": password2,
"passwordCheck": password2,
})
self.app.post("/api/v1/reset-password", data=data)
result = db.authenticate_user(email=email, password=password2)
self.assertIsNotNone(result)
def test_get_profile_returns_200(self):
db = DatabaseService()
email = "*****@*****.**"
password = "******"
firstName = "First"
lastName = "Last"
userType = "testtype"
db.save_user(
email=email,
password=password,
userType=userType,
firstName=firstName,
lastName=lastName,
)
result = self.get_request_with_token("/api/v1/profile/get")
self.assertEqual(200, result.status_code)
def test_user_can_login_with_new_password_after_reset_password(self):
email = "*****@*****.**"
token = "testtoken"
password1 = "testpassword1"
password2 = "testpassword2"
db = DatabaseService()
db.save_user(email=email, password=password1)
db.save_reset_token(email=email, token=token)
data = json.dumps({
"token": token,
"password": password2,
"passwordCheck": password2,
})
self.app.post("/api/v1/reset-password", data=data)
login_data = json.dumps({"email": email, "password": password2})
result = self.app.post("/api/v1/login", data=login_data)
self.assertEqual(result.status_code, 200)
def test_login_returns_jwt_token_for_valid_credentials(self):
email = "*****@*****.**"
password = "******"
db = DatabaseService()
api_config = APIConfig()
db.save_user(email=email, password=password)
data = json.dumps({
"email": "*****@*****.**",
"password": "******"
})
result = self.app.post("/api/v1/login", data=data)
try:
data = json.loads(result.data)
token = data["token"]
decoded = jwt.decode(token,
api_config.SECRET_KEY,
algorithms=["HS256"])
except:
decoded = None
self.assertIsNotNone(decoded)
def test_get_profile_returns_user_data(self):
db = DatabaseService()
email = "*****@*****.**"
password = "******"
firstName = "First"
lastName = "Last"
userType = "testtype"
db.save_user(
email=email,
password=password,
userType=userType,
firstName=firstName,
lastName=lastName,
)
result = self.get_request_with_token("/api/v1/profile/get")
data = json.loads(result.data)
self.assertEqual(data["email"], email)
self.assertEqual(data["userType"], userType)
self.assertEqual(data["firstName"], firstName)
self.assertEqual(data["lastName"], lastName)
def test_jwt_token_contains_subject_and_user_type(self):
email = "*****@*****.**"
password = "******"
db = DatabaseService()
api_config = APIConfig()
db.save_user(email=email, password=password)
data = json.dumps({
"email": "*****@*****.**",
"password": "******"
})
result = self.app.post("/api/v1/login", data=data)
try:
data = json.loads(result.data)
token = data["token"]
decoded = jwt.decode(token,
api_config.SECRET_KEY,
algorithms=["HS256"])
subject = decoded["subject"]
userType = decoded["userType"]
except:
decoded = None
self.assertIsNotNone(decoded)
class TestDatabaseService(BaseTest):
def setUp(self):
super(TestDatabaseService, self).setUp()
self.db = DatabaseService()
def tearDown(self):
super(TestDatabaseService, self).tearDown()
def test_database_service_can_connect(self):
self.assertIsNotNone(self.db)
def test_database_service_can_save_user(self):
email = '*****@*****.**'
password = '******'
self.db.save_user(
email=email,
password=password,
)
query = "SELECT COUNT(*) FROM users"
curr = self.conn.cursor()
curr.execute(query)
results = curr.fetchall()
self.assertEqual(1, results[0][0])
curr.close()
def test_database_service_saves_user_with_correct_email(self):
email = '*****@*****.**'
password = '******'
self.db.save_user(
email=email,
password=password,
)
query = "SELECT email FROM users"
curr = self.conn.cursor()
curr.execute(query)
results = curr.fetchall()
self.assertEqual(email, results[0][0])
curr.close()
def test_database_service_saves_email_as_lowercase(self):
email = '*****@*****.**'
lowercaseEmail = '*****@*****.**'
password = '******'
self.db.save_user(
email=email,
password=password,
)
query = "SELECT email FROM users"
curr = self.conn.cursor()
curr.execute(query)
results = curr.fetchall()
self.assertEqual(lowercaseEmail, results[0][0])
curr.close()
def test_database_service_saves_hashed_password(self):
email = '*****@*****.**'
password = '******'
self.db.save_user(
email=email,
password=password,
)
query = "SELECT password FROM users"
curr = self.conn.cursor()
curr.execute(query)
results = curr.fetchall()
self.assertNotEqual(password, results[0][0])
curr.close()
def test_database_services_saves_correct_password(self):
email = '*****@*****.**'
password = '******'
self.db.save_user(
email=email,
password=password,
)
query = "SELECT password FROM users"
curr = self.conn.cursor()
curr.execute(query)
results = curr.fetchall()
self.assertTrue(check_password_hash(results[0][0], password))
curr.close()
def test_database_service_saves_first_and_last_name(self):
email = '*****@*****.**'
password = '******'
firstName = 'First'
lastName = 'Last'
self.db.save_user(
email=email,
password=password,
firstName=firstName,
lastName=lastName,
)
query = "SELECT first_name, last_name FROM users"
curr = self.conn.cursor()
curr.execute(query)
results = curr.fetchall()
self.assertEqual(firstName, results[0][0])
self.assertEqual(lastName, results[0][1])
curr.close()
def test_database_service_handles_default_values_for_first_and_last_name(
self):
email = '*****@*****.**'
password = '******'
self.db.save_user(
email=email,
password=password,
)
query = "SELECT first_name, last_name FROM users"
curr = self.conn.cursor()
curr.execute(query)
results = curr.fetchall()
self.assertEqual(None, results[0][0])
self.assertEqual(None, results[0][1])
curr.close()
def test_database_service_can_authorize_valid_user_credentials(self):
email = '*****@*****.**'
password = '******'
self.db.save_user(
email=email,
password=password,
)
result = self.db.authenticate_user(email=email, password=password)
self.assertIsNotNone(result)
def test_database_service_returns_user_type_after_authorizing(self):
email = '*****@*****.**'
password = '******'
userType = 'testtype'
self.db.save_user(
email=email,
password=password,
userType=userType,
)
result = self.db.authenticate_user(email=email, password=password)
self.assertEqual(userType, result)
def test_database_service_handles_nonexistent_user(self):
email = '*****@*****.**'
password = '******'
result = self.db.authenticate_user(email=email, password=password)
self.assertEqual(result, None)
def test_database_service_creates_user_with_correct_user_type(self):
email = '*****@*****.**'
password = '******'
userType = 'testtype'
self.db.save_user(
email=email,
password=password,
userType=userType,
)
query = "SELECT user_type FROM users"
curr = self.conn.cursor()
curr.execute(query)
results = curr.fetchall()
self.assertEqual(userType, results[0][0])
curr.close()
def test_database_service_can_return_user_data(self):
email = '*****@*****.**'
password = '******'
userType = 'testtype'
self.db.save_user(
email=email,
password=password,
userType=userType,
)
user = self.db.get_user(email=email)
self.assertIsNotNone(user)
def test_database_service_returns_correct_user_data_on_get_user(self):
email = '*****@*****.**'
password = '******'
userType = 'testtype'
firstName = 'First'
lastName = 'Last'
self.db.save_user(
email=email,
password=password,
userType=userType,
firstName=firstName,
lastName=lastName,
)
user = self.db.get_user(email=email)
self.assertEqual(user['email'], email)
self.assertEqual(user['firstName'], firstName)
self.assertEqual(user['lastName'], lastName)
self.assertEqual(user['userType'], userType)
def test_database_service_can_save_reset_token(self):
self.db.save_reset_token(
email='*****@*****.**',
token='thisisatesttoken',
)
query = "SELECT * FROM reset_tokens"
curr = self.conn.cursor()
curr.execute(query)
results = curr.fetchall()
curr.close()
self.assertIsNotNone(results[0])
def test_database_service_can_validate_saved_reset_token(self):
email = '*****@*****.**'
token = 'testtoken'
curr = self.conn.cursor()
data = (email, token)
query = "INSERT INTO reset_tokens (email, token) VALUES (%s, %s)"
curr.execute(query, data)
self.conn.commit()
user_email = self.db.validate_reset_token(token=token)
self.assertIsNotNone(user_email)
def test_database_service_can_update_password(self):
email = '*****@*****.**'
password1 = 'testpass1'
password2 = 'testpass2'
self.db.save_user(email=email, password=password1)
query = "SELECT password FROM users"
curr = self.conn.cursor()
curr.execute(query)
results = curr.fetchall()
curr.close()
first_password = results[0][0]
self.db.update_password(email=email, password=password2)
query = "SELECT password FROM users"
curr = self.conn.cursor()
curr.execute(query)
results = curr.fetchall()
curr.close()
second_password = results[0][0]
self.assertNotEqual(first_password, second_password)