def test_not_admin(client, not_admin): auth_header = {'Authorization': not_admin} response = client.post(test_url, headers=auth_header, json=valid_data, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert 'Invalid JWT Credentials' in response.json['description'] response = client.put(f'{test_url}/1', headers=auth_header, json={'color': 'purple'}, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert 'Invalid JWT Credentials' in response.json['description'] response = client.delete(f'{test_url}/1', headers=auth_header, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert 'Invalid JWT Credentials' in response.json['description']
def test_missing_other_token_fields(client, bad_token): # this test is for if any fields in the token # that are NOT checked by PyJWT are missing # ex: 'sub', 'user' auth_header = {'Authorization': create_token(bad_token)} response = client.post(test_url, headers=auth_header, json=valid_data, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert response.json['description'] == 'Invalid JWT Credentials' response = client.put(f'{test_url}/1', headers=auth_header, json={'color': 'purple'}, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert response.json['description'] == 'Invalid JWT Credentials' response = client.delete(f'{test_url}/1', headers=auth_header, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert response.json['description'] == 'Invalid JWT Credentials'
def test_expired_token(client, expired_token): auth_header = {'Authorization': expired_token} response = client.post(test_url, headers=auth_header, json=valid_data, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert 'Error Decoding Token' in response.json['description'] response = client.put(f'{test_url}/1', headers=auth_header, json={'color': 'purple'}, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert 'Error Decoding Token' in response.json['description'] response = client.delete(f'{test_url}/1', headers=auth_header, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert 'Error Decoding Token' in response.json['description']
def test_missing_required_token_fields(client, bad_token): # this test is for if any fields in the token # that are automatically checked by PyJWT are missing # ex: 'exp', 'iat', 'nbf' auth_header = {'Authorization': bad_token} missing_claim = re.compile( 'Error Decoding Token: Token is missing the "(\w+)" claim') response = client.post(test_url, headers=auth_header, json=valid_data, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert missing_claim.match(response.json['description']) response = client.put(f'{test_url}/1', headers=auth_header, json={'color': 'purple'}, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert missing_claim.match(response.json['description']) response = client.delete(f'{test_url}/1', headers=auth_header, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert missing_claim.match(response.json['description'])
def test_delete_foreign_key(client, url, key): prepopulate() # prepopulate should have created the thing response = client.get(url, as_response=True) assert response.status_code == 200 # thing should be referenced as ForeignKey in Potions response = client.get(f'/v1/potions?{key}=1', as_response=True) assert response.status_code == 200 assert len(response.json['results']) >= 1 matched_potions = len(response.json['results']) # if you delete PotionType/Potency with Potion referencing it # should throw an error & not delete response = client.delete(url, headers=valid_token, as_response=True) assert response.status_code == 400 # delete should not have removed the thing response = client.get(url, as_response=True) assert response.status_code == 200 response = client.get(f'/v1/potions?{key}=1', as_response=True) assert response.status_code == 200 assert len(response.json['results']) == matched_potions delete_all()
def test_no_token(client, header): response = client.post(test_url, headers=header, json=valid_data, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert 'Missing Authorization Header' in response.json['description'] response = client.put(f'{test_url}/1', headers=header, json={'color': 'purple'}, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert 'Missing Authorization Header' in response.json['description'] response = client.delete(f'{test_url}/1', headers=header, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert 'Missing Authorization Header' in response.json['description']
def test_invalid_token_format(client, bad_token): bad_token = {'Authorization': bad_token} response = client.post(test_url, headers=bad_token, json=valid_data, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert 'Invalid Authorization Header' in response.json['description'] response = client.put(f'{test_url}/1', headers=bad_token, json={'color': 'purple'}, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert 'Invalid Authorization Header' in response.json['description'] response = client.delete(f'{test_url}/1', headers=bad_token, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert 'Invalid Authorization Header' in response.json['description']
def delete(route): client.delete(f'{route}/1', headers=valid_token, expected_statuses=[204]) response = client.get(route) assert len(response['results']) == 0
def test_delete_all(client, url): response = client.delete(url, headers=valid_token, as_response=True) assert response.status_code == 405