示例#1
0
    def test_can_set_cookie_on_authentication(self):
        self.db.query(User).delete()
        user = UserFactory(email='*****@*****.**', fullname='Test', id='1')
        user.first_login = True
        with patch.object(AuthenticateHandler, 'authenticate') as auth_mock:
            result = gen.Future()
            result.set_result(user)
            auth_mock.return_value = result
            try:
                response = yield self.anonymous_fetch('/authenticate',
                                                      method='POST',
                                                      body=dumps({
                                                          'provider':
                                                          'GooglePlus',
                                                          'access_token':
                                                          'VALID-TOKEN',
                                                      }))
            except HTTPError, e:
                response = e.response

            expect(response.code).to_equal(200)
            expect(loads(response.body)['first_login']).to_be_true()
            expect(loads(response.body)['authenticated']).to_be_true()
            expect('HOLMES_AUTH_TOKEN' in response.headers.get(
                'Set-Cookie')).to_equal(True)
    def test_can_update_by_user(self):
        user = UserFactory.create()

        key = KeyFactory.create(name='some.random')

        pref = UsersViolationsPrefsFactory.create(user=user,
                                                  key=key,
                                                  is_active=True)

        data = [{
            'key': pref.key.name,
            'is_active': False
        }, {
            'key': 'blah',
            'is_active': False
        }]

        UsersViolationsPrefs.update_by_user(self.db, user, data)

        prefs = self.db.query(UsersViolationsPrefs).all()

        expect(prefs).to_length(1)
        expect(prefs[0].key.name).to_equal(key.name)
        expect(prefs[0].user).to_equal(user)
        expect(prefs[0].is_active).to_equal(False)
示例#3
0
def test_get_auth_token__success(db, api_client):
    password = faker.password()
    user = UserFactory.build()
    user.set_password(password)
    user.save()

    with pytest.raises(Token.DoesNotExist):
        Token.objects.get(user_id=user.id)

    # first create
    response = api_client.post(
        reverse('auth-token'),
        data={
            'username': user.username,
            'password': password
        }
    )
    token = Token.objects.get(user_id=user.id)
    assert response.status_code == 200
    assert response.data['token'] == token.key

    # get exists
    response = api_client.post(
        reverse('auth-token'),
        data={
            'username': user.username,
            'password': password
        }
    )
    assert response.status_code == 200
    assert response.data['token'] == token.key
示例#4
0
    def test_can_authenticate_existent_user(self):
        self.db.query(User).delete()
        user = UserFactory(email='*****@*****.**')
        with patch.object(AuthenticateHandler,
                          'authenticate_on_google') as auth_mock:
            result = gen.Future()
            result.set_result({
                'email': '*****@*****.**',
                'fullname': 'Test',
                'id': '12345'
            })
            auth_mock.return_value = result
            try:
                response = yield self.anonymous_fetch('/authenticate',
                                                      method='POST',
                                                      body=dumps({
                                                          'provider':
                                                          'GooglePlus',
                                                          'access_token':
                                                          'VALID-TOKEN',
                                                      }))
            except HTTPError, e:
                response = e.response

            expect(response.code).to_equal(200)
            expect(loads(response.body)['first_login']).to_be_false()
            expect(loads(response.body)['authenticated']).to_be_true()
            expect(user).not_to_be_null()
示例#5
0
    def test_can_save_prefs(self):
        user = UserFactory.create(is_superuser=True)

        key1 = KeyFactory.create(name='some.random.1')
        key2 = KeyFactory.create(name='some.random.2')

        UsersViolationsPrefsFactory.create(user=user, key=key1, is_active=True)
        UsersViolationsPrefsFactory.create(user=user, key=key2, is_active=False)

        loaded_prefs = UsersViolationsPrefs.get_prefs(self.db, user)
        expect(loaded_prefs).to_length(2)
        expect(loaded_prefs).to_be_like({
            'some.random.1': True,
            'some.random.2': False
        })

        yield self.authenticated_fetch(
            '/users/violations-prefs/',
            user_email=user.email,
            method='POST',
            body=dumps([
                {'key': 'some.random.1', 'is_active': False},
                {'key': 'some.random.2', 'is_active': True},
            ])
        )

        loaded_prefs = UsersViolationsPrefs.get_prefs(self.db, user)
        expect(loaded_prefs).to_length(2)
        expect(loaded_prefs).to_be_like({
            'some.random.1': False,
            'some.random.2': True
        })
示例#6
0
    def test_can_save_prefs_as_superuser(self):
        self.db.query(User).delete()
        user = UserFactory(email='*****@*****.**', is_superuser=True)
        domain = DomainFactory.create(name='globo.com')
        key = KeyFactory.create(name='some.random')
        DomainsViolationsPrefsFactory.create(domain=domain, key=key, value=100)

        loaded_prefs = DomainsViolationsPrefs.get_domains_violations_prefs_by_domain(
            self.db, domain.name)
        expect(loaded_prefs).to_length(1)
        expect(loaded_prefs[0]).to_be_like({
            'value': 100,
            'key': 'some.random'
        })

        yield self.authenticated_fetch('/domains/%s/violations-prefs/' %
                                       domain.name,
                                       user_email=user.email,
                                       method='POST',
                                       body=dumps([
                                           {
                                               'key': 'some.random',
                                               'value': 10
                                           },
                                       ]))

        loaded_prefs = DomainsViolationsPrefs.get_domains_violations_prefs_by_domain(
            self.db, domain.name)
        expect(loaded_prefs).to_length(1)
        expect(loaded_prefs[0]).to_be_like({'value': 10, 'key': 'some.random'})
示例#7
0
    def test_cant_save_prefs_as_normal_user(self):
        self.db.query(User).delete()
        user = UserFactory(email='*****@*****.**', is_superuser=False)
        domain = DomainFactory.create(name='globo.com')
        key = KeyFactory.create(name='some.random')
        DomainsViolationsPrefsFactory.create(domain=domain, key=key, value=100)

        loaded_prefs = DomainsViolationsPrefs.get_domains_violations_prefs_by_domain(
            self.db, domain.name)
        expect(loaded_prefs).to_length(1)
        expect(loaded_prefs[0]).to_be_like({
            'value': 100,
            'key': 'some.random'
        })

        try:
            yield self.authenticated_fetch('/domains/%s/violations-prefs/' %
                                           domain.name,
                                           user_email=user.email,
                                           method='POST',
                                           body=dumps([
                                               {
                                                   'key': 'some.random',
                                                   'value': 10
                                               },
                                           ]))
        except HTTPError, e:
            expect(e).not_to_be_null()
            expect(e.code).to_equal(401)
            expect(e.response.reason).to_be_like('Unauthorized')
示例#8
0
    def test_can_convert_user_to_dict(self):
        user = UserFactory.create()

        user_dict = user.to_dict()

        expect(user_dict['fullname']).to_equal(user.fullname)
        expect(user_dict['email']).to_equal(user.email)
        expect(user_dict['is_superuser']).to_equal(user.is_superuser)
        expect(user_dict['last_login']).to_equal(user.last_login)
示例#9
0
 def test_can_verify_authenticated_request_as_superuser(self):
     self.db.query(User).delete()
     user = UserFactory(email='*****@*****.**', is_superuser=True)
     response = yield self.authenticated_fetch('/authenticate',
                                               user_email=user.email)
     expect(response.code).to_equal(200)
     response_body = loads(response.body)
     expect(response_body['authenticated']).to_be_true()
     expect(response_body['isSuperUser']).to_be_true()
示例#10
0
    def test_can_get_user_by_email(self):
        self.db.query(User).delete()

        user = UserFactory.create()

        loaded_user = User.by_email(user.email, self.db)
        expect(loaded_user.id).to_equal(user.id)

        invalid_user = User.by_email('*****@*****.**', self.db)
        expect(invalid_user).to_be_null()
示例#11
0
    def test_can_get_user_locale(self):
        user = UserFactory.create(locale='pt_BR')

        response = yield self.authenticated_fetch('/users/locale/',
                                                  user_email=user.email)

        expect(response.code).to_equal(200)

        locale_data = loads(response.body)

        expect(locale_data.get('locale')).to_equal('pt_BR')
示例#12
0
    def test_can_create_user(self):
        user = UserFactory.create()

        expect(str(user)).to_be_like('%s' % user.email)

        expect(user.id).not_to_be_null()
        expect(user.fullname).to_equal('Marcelo Jorge Vieira')
        expect(user.email).to_equal('*****@*****.**')
        expect(user.is_superuser).to_equal(True)
        last_login = datetime(2013, 12, 11, 10, 9, 8)
        expect(user.last_login).to_be_like(last_login)
示例#13
0
    def test_can_update_locale(self):
        user = UserFactory.create(locale='es_ES')

        loaded_user = User.by_email(user.email, self.db)
        expect(loaded_user.id).to_equal(user.id)
        expect(loaded_user.locale).to_equal('es_ES')

        User.update_locale(self.db, user, 'pt_BR')

        loaded_user = User.by_email(user.email, self.db)
        expect(loaded_user.id).to_equal(user.id)
        expect(loaded_user.locale).to_equal('pt_BR')
示例#14
0
    def test_can_set_cookie_on_authentication(self):
        self.db.query(User).delete()
        user = UserFactory(email='*****@*****.**', fullname='Test', id='1')
        user.first_login = True
        with patch.object(AuthenticateHandler, 'authenticate') as auth_mock:
            result = gen.Future()
            result.set_result(user)
            auth_mock.return_value = result
            try:
                response = yield self.anonymous_fetch(
                    '/authenticate', method='POST', body=dumps({
                        'provider': 'GooglePlus',
                        'access_token': 'VALID-TOKEN',
                    })
                )
            except HTTPError, e:
                response = e.response

            expect(response.code).to_equal(200)
            expect(loads(response.body)['first_login']).to_be_true()
            expect(loads(response.body)['authenticated']).to_be_true()
            expect('HOLMES_AUTH_TOKEN' in response.headers.get('Set-Cookie')).to_equal(True)
    def test_can_get_prefs(self):
        user = UserFactory.create()
        key1 = KeyFactory.create()
        key2 = KeyFactory.create()

        UsersViolationsPrefs.insert_pref(self.db, user, key1, True)
        UsersViolationsPrefs.insert_pref(self.db, user, key2, False)

        data = UsersViolationsPrefs.get_prefs(self.db, user)

        expect(data).to_length(2)

        expect(data).to_be_like({key1.name: True, key2.name: False})
示例#16
0
    def test_can_get_user_locale(self):
        user = UserFactory.create(locale='pt_BR')

        response = yield self.authenticated_fetch(
            '/users/locale/',
            user_email=user.email
        )

        expect(response.code).to_equal(200)

        locale_data = loads(response.body)

        expect(locale_data.get('locale')).to_equal('pt_BR')
示例#17
0
def test_authenticate(db):
    user = UserFactory.build()
    password = faker.password()
    user.set_password(password)
    user.save()

    assert authenticate(username=user.username, password=password) == user
    assert authenticate(username=user.username) == None
    assert authenticate(password=password) == None
    assert authenticate(username=faker.user_name(), password=password) == None

    assert authenticate(username=user.email, password=password) == user
    assert authenticate(username=user.email) == None
    assert authenticate(username=faker.email(), password=password) == None
    def test_can_get_prefs(self):
        user = UserFactory.create()
        key1 = KeyFactory.create()
        key2 = KeyFactory.create()

        UsersViolationsPrefs.insert_pref(self.db, user, key1, True)
        UsersViolationsPrefs.insert_pref(self.db, user, key2, False)

        data = UsersViolationsPrefs.get_prefs(self.db, user)

        expect(data).to_length(2)

        expect(data).to_be_like(
            {key1.name: True, key2.name: False}
        )
示例#19
0
    def test_can_get_prefs(self):
        user = UserFactory.create()

        key1 = KeyFactory.create(name='some.random.1')
        key2 = KeyFactory.create(name='some.random.2')

        UsersViolationsPrefsFactory.create(user=user, key=key1, is_active=True)
        UsersViolationsPrefsFactory.create(user=user, key=key2, is_active=False)

        self.server.application.violation_definitions = {
            'some.random.1': {
                'title': 'some random 1',
                'category': 'SEO',
                'generic_description': 'my some random 1'
            },
            'some.random.2': {
                'title': 'some random 2',
                'category': 'HTTP',
                'generic_description': 'my some random 2'
            }
        }

        response = yield self.authenticated_fetch(
            '/users/violations-prefs/',
            user_email=user.email
        )

        expect(response.code).to_equal(200)

        prefs = loads(response.body)

        expect(prefs).to_length(2)
        expect(prefs[0]).to_length(5)
        expect(prefs[1]).to_length(5)

        expect(prefs).to_be_like([{
            'category': 'SEO',
            'is_active': True,
            'name': 'some random 1',
            'key': u'some.random.1',
            'description': u'my some random 1'
        }, {
            'category': 'HTTP',
            'is_active': False,
            'name': 'some random 2',
            'key': u'some.random.2',
            'description': u'my some random 2'
        }])
    def test_can_insert_prefs(self):
        user = UserFactory.create()

        prefs = self.db.query(UsersViolationsPrefs).all()
        expect(prefs).to_length(0)

        items = []
        for x in range(3):
            name = 'key-test-%d' % x
            KeyFactory.create(name=name)
            items.append(name)

        UsersViolationsPrefs.insert_prefs(self.db, user, items)

        prefs = self.db.query(UsersViolationsPrefs).all()
        expect(prefs).to_length(3)
示例#21
0
    def test_cant_delete_nonexistent_limiter_as_superuser(self):
        self.db.query(Limiter).delete()
        self.db.query(User).delete()
        user = UserFactory(email='*****@*****.**', is_superuser=True)

        try:
            yield self.authenticated_fetch('/limiters/1',
                                           user_email=user.email,
                                           method='DELETE')
        except HTTPError, e:
            expected = {'reason': 'Not Found', 'description': 'Not Found'}

            expect(e).not_to_be_null()
            expect(e.code).to_equal(404)
            expect(e.response.reason).to_equal('Not Found')
            expect(loads(e.response.body)).to_equal(expected)
示例#22
0
    def test_cant_save_limiters_with_empty_values_as_superuser(self):
        self.db.query(Limiter).delete()
        self.db.query(User).delete()
        user = UserFactory(email='*****@*****.**', is_superuser=True)

        try:
            yield self.authenticated_fetch('/limiters',
                                           user_email=user.email,
                                           method='POST',
                                           body='{}')
        except HTTPError, e:
            expect(e).not_to_be_null()
            expect(e.code).to_equal(400)
            expect(e.response.body).to_equal(
                '{"reason":"Not url or value","description":"Not url or value"}'
            )
示例#23
0
    def test_cant_save_limiters_as_normal_user(self):
        self.db.query(User).delete()
        user = UserFactory(email='*****@*****.**', is_superuser=False)

        try:
            yield self.authenticated_fetch('/limiters',
                                           user_email=user.email,
                                           method='POST',
                                           body=dumps({
                                               'url': 'http://globo.com/',
                                               'maxValue': 10
                                           }))
        except HTTPError, e:
            expect(e).not_to_be_null()
            expect(e.code).to_equal(401)
            expect(e.response.reason).to_be_like('Unauthorized')
    def test_can_insert_prefs(self):
        user = UserFactory.create()

        prefs = self.db.query(UsersViolationsPrefs).all()
        expect(prefs).to_length(0)

        items = []
        for x in range(3):
            name = 'key-test-%d' % x
            KeyFactory.create(name=name)
            items.append(name)

        UsersViolationsPrefs.insert_prefs(self.db, user, items)

        prefs = self.db.query(UsersViolationsPrefs).all()
        expect(prefs).to_length(3)
示例#25
0
    def test_user_can_sign_in_and_sign_out(self, service):
        cases = (UserFactory.ROLE_ADMIN, UserFactory.ROLE_USER)

        with app.test_client() as client:
            for case in cases:
                user = UserFactory.get_user(role=case)
                service.return_value = user
                # step 1 log in
                r_in = client.get('/sign_in', follow_redirects=True)
                self.assertIn(bytes(user.full_name, 'utf8'), r_in.data)
                self.assertIn(b'Sign out', r_in.data)

                # step 2 log out
                r_out = client.get('/sign_out', follow_redirects=True)
                self.assertNotIn(bytes(user.full_name, 'utf8'), r_out.data)
                self.assertIn(b'Sign in', r_out.data)
    def test_can_update_by_user_with_no_data(self):
        user = UserFactory.create()

        key = KeyFactory.create(name='some.random')

        UsersViolationsPrefsFactory.create(user=user, key=key, is_active=True)

        data = []

        UsersViolationsPrefs.update_by_user(self.db, user, data)

        prefs = self.db.query(UsersViolationsPrefs).all()

        expect(prefs).to_length(1)
        expect(prefs[0].key.name).to_equal(key.name)
        expect(prefs[0].user).to_equal(user)
        expect(prefs[0].is_active).to_equal(True)
    def test_can_update_by_user_with_no_data(self):
        user = UserFactory.create()

        key = KeyFactory.create(name='some.random')

        UsersViolationsPrefsFactory.create(user=user, key=key, is_active=True)

        data = []

        UsersViolationsPrefs.update_by_user(self.db, user, data)

        prefs = self.db.query(UsersViolationsPrefs).all()

        expect(prefs).to_length(1)
        expect(prefs[0].key.name).to_equal(key.name)
        expect(prefs[0].user).to_equal(user)
        expect(prefs[0].is_active).to_equal(True)
示例#28
0
    def test_cant_delete_limiter_as_normal_user(self):
        self.db.query(Limiter).delete()
        limiter = LimiterFactory.create()
        self.db.query(User).delete()
        user = UserFactory(email='*****@*****.**', is_superuser=False)

        loaded_limiter = Limiter.by_id(limiter.id, self.db)
        expect(loaded_limiter).not_to_be_null()

        try:
            yield self.authenticated_fetch('/limiters/%d' % limiter.id,
                                           user_email=user.email,
                                           method='DELETE')
        except HTTPError, e:
            expect(e).not_to_be_null()
            expect(e.code).to_equal(401)
            expect(e.response.reason).to_be_like('Unauthorized')
示例#29
0
    def test_can_delete_limiter_as_superuser(self):
        self.db.query(Limiter).delete()
        limiter = LimiterFactory.create()
        self.db.query(User).delete()
        user = UserFactory(email='*****@*****.**', is_superuser=True)

        loaded_limiter = Limiter.by_id(limiter.id, self.db)
        expect(loaded_limiter).not_to_be_null()

        response = yield self.authenticated_fetch('/limiters/%d' % limiter.id,
                                                  user_email=user.email,
                                                  method='DELETE')

        expect(response.code).to_equal(204)
        expect(response.body).to_length(0)

        loaded_limiter = Limiter.by_id(limiter.id, self.db)
        expect(loaded_limiter).to_be_null()
示例#30
0
    def test_cant_delete_limiter_with_empty_values_as_superuser(self):
        self.db.query(Limiter).delete()
        self.db.query(User).delete()
        user = UserFactory(email='*****@*****.**', is_superuser=True)

        try:
            yield self.authenticated_fetch('/limiters',
                                           user_email=user.email,
                                           method='DELETE')
        except HTTPError, e:
            expected = {
                'reason': 'Invalid data',
                'description': 'Invalid data'
            }
            expect(e).not_to_be_null()
            expect(e.code).to_equal(400)
            expect(e.response.reason).to_equal('Bad Request')
            expect(loads(e.response.body)).to_equal(expected)
示例#31
0
    def test_can_save_limiters_as_superuser(self):
        self.db.query(Limiter).delete()
        self.db.query(User).delete()
        user = UserFactory(email='*****@*****.**', is_superuser=True)

        response = yield self.authenticated_fetch('/limiters',
                                                  user_email=user.email,
                                                  method='POST',
                                                  body=dumps({
                                                      'url':
                                                      'http://globo.com/',
                                                      'maxValue': 10
                                                  }))
        expect(response).not_to_be_null()
        expect(response.code).to_equal(200)

        loaded_limiter = Limiter.by_url('http://globo.com/', self.db)
        expect(loaded_limiter).not_to_be_null()
示例#32
0
 def test_can_save_prefs_as_normal_user(self):
     self.db.query(User).delete()
     user = UserFactory(email='*****@*****.**', is_superuser=False)
     try:
         yield self.authenticated_fetch(
             '/domains/blah.com/violations-prefs/',
             method='POST',
             user_email=user.email,
             body=dumps([
                 {
                     'key': 'some.random',
                     'value': 10
                 },
             ]))
     except HTTPError, e:
         expect(e).not_to_be_null()
         expect(e.code).to_equal(401)
         expect(e.response.reason).to_be_like('Unauthorized')
         expect(e.response.body).to_be_like('Unauthorized')
示例#33
0
    def test_can_save_user_locale(self):
        user = UserFactory.create(locale='pt_BR')

        loaded_user = User.by_email(user.email, self.db)
        expect(loaded_user.id).to_equal(user.id)
        expect(loaded_user.locale).to_equal('pt_BR')

        response = yield self.authenticated_fetch('/users/locale/',
                                                  user_email=user.email,
                                                  method='POST',
                                                  body=dumps(
                                                      {'locale': 'es_ES'}))

        expect(response.code).to_equal(200)
        expect(loads(response.body)).to_equal('OK')

        loaded_user = User.by_email(user.email, self.db)
        expect(loaded_user.id).to_equal(user.id)
        expect(loaded_user.locale).to_equal('es_ES')
    def test_can_insert_pref(self):
        user = UserFactory.create()
        key1 = KeyFactory.create()
        key2 = KeyFactory.create()

        UsersViolationsPrefs.insert_pref(self.db, user, key1, True)
        UsersViolationsPrefs.insert_pref(self.db, user, key2, False)

        prefs = self.db.query(UsersViolationsPrefs).all()

        expect(prefs).to_length(2)

        expect(prefs[0].key).to_equal(key1)
        expect(prefs[0].user).to_equal(user)
        expect(prefs[0].is_active).to_equal(True)

        expect(prefs[1].key).to_equal(key2)
        expect(prefs[1].user).to_equal(user)
        expect(prefs[1].is_active).to_equal(False)
    def test_can_insert_pref(self):
        user = UserFactory.create()
        key1 = KeyFactory.create()
        key2 = KeyFactory.create()

        UsersViolationsPrefs.insert_pref(self.db, user, key1, True)
        UsersViolationsPrefs.insert_pref(self.db, user, key2, False)

        prefs = self.db.query(UsersViolationsPrefs).all()

        expect(prefs).to_length(2)

        expect(prefs[0].key).to_equal(key1)
        expect(prefs[0].user).to_equal(user)
        expect(prefs[0].is_active).to_equal(True)

        expect(prefs[1].key).to_equal(key2)
        expect(prefs[1].user).to_equal(user)
        expect(prefs[1].is_active).to_equal(False)
    def test_can_delete_prefs(self):
        user = UserFactory.create()

        pref1 = UsersViolationsPrefsFactory.create(user=user)
        pref2 = UsersViolationsPrefsFactory.create(user=user)

        prefs = self.db.query(UsersViolationsPrefs).all()
        expect(prefs).to_length(2)

        items = [pref1.key.name]

        UsersViolationsPrefs.delete_prefs(self.db, user, items)

        prefs = self.db.query(UsersViolationsPrefs).all()

        expect(prefs).to_length(1)
        expect(prefs[0].key.name).to_equal(pref2.key.name)
        expect(prefs[0].user).to_equal(pref2.user)
        expect(prefs[0].is_active).to_equal(True)
示例#37
0
    def test_can_save_prefs_for_invalid_domain_as_superuser(self):
        self.db.query(User).delete()
        user = UserFactory(email='*****@*****.**', is_superuser=True)

        try:
            yield self.authenticated_fetch(
                '/domains/blah.com/violations-prefs/',
                method='POST',
                user_email=user.email,
                body=dumps([
                    {
                        'key': 'some.random',
                        'value': 10
                    },
                ]))
        except HTTPError, e:
            expect(e).not_to_be_null()
            expect(e.code).to_equal(404)
            expect(e.response.reason).to_equal('Domain blah.com not found')
示例#38
0
    def test_can_save_user_locale(self):
        user = UserFactory.create(locale='pt_BR')

        loaded_user = User.by_email(user.email, self.db)
        expect(loaded_user.id).to_equal(user.id)
        expect(loaded_user.locale).to_equal('pt_BR')

        response = yield self.authenticated_fetch(
            '/users/locale/',
            user_email=user.email,
            method='POST',
            body=dumps({'locale': 'es_ES'})
        )

        expect(response.code).to_equal(200)
        expect(loads(response.body)).to_equal('OK')

        loaded_user = User.by_email(user.email, self.db)
        expect(loaded_user.id).to_equal(user.id)
        expect(loaded_user.locale).to_equal('es_ES')
    def test_can_update_by_user(self):
        user = UserFactory.create()

        key = KeyFactory.create(name='some.random')

        pref = UsersViolationsPrefsFactory.create(user=user, key=key, is_active=True)

        data = [
            {'key': pref.key.name, 'is_active': False},
            {'key': 'blah', 'is_active': False}
        ]

        UsersViolationsPrefs.update_by_user(self.db, user, data)

        prefs = self.db.query(UsersViolationsPrefs).all()

        expect(prefs).to_length(1)
        expect(prefs[0].key.name).to_equal(key.name)
        expect(prefs[0].user).to_equal(user)
        expect(prefs[0].is_active).to_equal(False)