def test_refresh(self):
student = StudentFactory(email='*****@*****.**',
read_access_until=(datetime.now() -
timedelta(days=1)))
student.permissions_list = [
Permission.ReadEvaluations, Permission.WriteEvaluations,
Permission.VoteOnEvaluations
]
db.session.flush()
old_jwt = create_access_token(identity=student.to_dict())
rv = self.client.get('/auth/refresh',
headers={'Authorization': 'Bearer ' + old_jwt})
self.assertEqual(200, rv.status_code)
data = json.loads(rv.data)
new_identity = jwt.get_unverified_claims(data['jwt'])['sub']
self.assertEqual(None, student.read_access_until)
self.assertNotIn(Permission.ReadEvaluations, student.permissions_list)
self.assertNotIn(Permission.VoteOnEvaluations,
student.permissions_list)
self.assertEqual([Permission.WriteEvaluations],
new_identity['permissions'])
def test_patch_incomplete(self):
student = StudentFactory(
majors=[MajorFactory()],
permissions=[Permission.query.get(Permission.Incomplete)])
self.jwt = create_access_token(identity=student.to_dict())
headers = {
'Authorization': 'Bearer ' + self.jwt,
'Content-Type': 'application/json'
}
quarter = QuarterCurrentFactory()
rv = self.client.patch('/students/{}'.format(student.id),
headers=headers,
data=json.dumps(self.patch_data))
self.assertEqual(200, rv.status_code)
self.assertEqual(self.patch_data['graduation_year'],
student.graduation_year)
self.assertEqual(self.patch_data['gender'], student.gender)
self.assertEqual(self.patch_data['majors'], student.majors_list)
self.assertIn(Permission.WriteEvaluations, student.permissions_list)
self.assertIn(Permission.ReadEvaluations, student.permissions_list)
self.assertEqual(
datetime_from_date(quarter.period.upper +
timedelta(days=1, hours=11),
tzinfo=timezone.utc), student.read_access_until)
def test_read_access_none(self):
student = StudentFactory(
permissions=[Permission.query.get(Permission.WriteEvaluations)],
read_access_until=None)
db.session.flush()
student_jwt = create_access_token(identity=student.to_dict())
rv = self.client.get(
'/auth/validate',
headers={'Authorization': 'Bearer ' + student_jwt})
self.assertEqual(200, rv.status_code)
def test_majors_as_incomplete(self):
incomplete = StudentFactory(
permissions=[Permission.query.get(Permission.Incomplete)])
db.session.flush()
jwt = create_access_token(identity=incomplete.to_dict())
head_auth = {'Authorization': 'Bearer ' + jwt}
rv = self.client.get('/majors', headers=head_auth)
self.assertEqual(200, rv.status_code)
data = json.loads(rv.data)
self.assertEqual(1, len(data))
def test_post_evaluation(self):
student = StudentFactory(
permissions=[Permission.query.get(Permission.WriteEvaluations)])
db.session.flush()
jwt = create_access_token(identity=student.to_dict())
headers = {
'Authorization': 'Bearer ' + jwt,
'Content-Type': 'application/json'
}
data = {
'quarter_id': self.section.quarter_id,
'professor_id': self.section.professors[0].id,
'course_id': self.section.course_id,
'display_grad_year': True,
'display_majors': False,
'evaluation': {
'attitude': 1,
'availability': 1,
'clarity': 1,
'easiness': 1,
'grading_speed': 1,
'recommended': 1,
'resourcefulness': 1,
'workload': 1,
'comment': 'Test'
}
}
rv = self.client.post('/evaluations',
headers=headers,
data=json.dumps(data))
self.assertEqual(201, rv.status_code)
resp = json.loads(rv.data)
self.assertIn('jwt', resp)
self.assertNotEqual('', resp['jwt'])
evaluation = Evaluation.query.filter(
Evaluation.professor_id == self.section.professors[0].id,
Evaluation.student_id == student.id).one_or_none()
if evaluation is None:
self.fail('evaluation was not inserted')
self.assertEqual(data['evaluation'], evaluation.data)
self.assertIn(Permission.ReadEvaluations, student.permissions_list)
self.assertIn(Permission.VoteOnEvaluations, student.permissions_list)
self.assertEqual(datetime(2018, 2, 2, 0, 0, tzinfo=timezone.utc),
student.read_access_until)
def test_incorrect_permissions(self):
student = StudentFactory(permissions=[])
db.session.flush()
token = create_access_token(identity=student.to_dict())
rv = self.client.get('/quarters',
headers={'Authorization': 'Bearer ' + token})
self.assertEqual(401, rv.status_code)
data = json.loads(rv.data)
self.assertIn(
'could not verify that you are authorized to access the URL requested',
data['message'])
def test_user_loader(self):
# create a jwt for a non-existing user
student = StudentFactory()
db.session.flush()
info = student.to_dict()
info['id'] += 1
token = create_access_token(identity=info)
rv = self.client.get('/auth/validate',
headers={'Authorization': 'Bearer ' + token})
self.assertEqual(500, rv.status_code)
data = json.loads(rv.data)
self.assertEqual('unable to load user', data['message'])
def test_existing_user_suspended(self, data, decode_func):
student = StudentFactory(email='*****@*****.**',
suspended_until=(datetime.now() +
timedelta(days=1)))
db.session.flush()
token = create_access_token(identity=student.to_dict())
rv = self.client.get('/auth/refresh',
headers={'Authorization': 'Bearer ' + token})
self.assertEqual(401, rv.status_code)
data = json.loads(rv.data)
self.assertEqual('suspended', data['status'])
def test_read_access_expired(self):
student = StudentFactory(
permissions=[Permission.query.get(Permission.ReadEvaluations)],
read_access_until=(datetime.now() - timedelta(days=1)))
db.session.flush()
student_jwt = create_access_token(identity=student.to_dict())
rv = self.client.get(
'/search?q=', headers={'Authorization': 'Bearer ' + student_jwt})
self.assertEqual(401, rv.status_code)
data = json.loads(rv.data)
self.assertIn('message', data)
self.assertIn(
'could not verify that you are authorized to access the URL requested',
data['message'])