def test_delete_all_helper(client): # starts empty resp = client.get(POTION_TYPE, as_response=True) assert resp.status_code == 200 if resp.json['results']: delete_all() resp = client.get(POTION_TYPE, as_response=True) assert resp.status_code == 200 assert resp.json['results'] == EMPTY # add some potions client.post(POTION_TYPE, headers=valid_token, json=[{ 'related_stat': 'Health', 'color': 'red' }, { 'related_stat': 'Mana', 'color': 'blue' }]) resp = client.get(POTION_TYPE, as_response=True) assert resp.status_code == 200 assert len(resp.json['results']) == 2 # use helper to delete from DB delete_all() # immediately run get again, should be empty resp = client.get(POTION_TYPE, as_response=True) assert resp.status_code == 200 assert resp.json['results'] == EMPTY
def test_post_bad_json(client, url): response = client.post(url, headers=valid_token, json=1, as_response=True) assert response.status_code == 400 assert response.json['title'] == 'Invalid Content' response = client.post(url, headers=valid_token, json={'invalid':'invalid'}, as_response=True) assert response.status_code == 400 assert response.json['title'] == 'Invalid Content'
def test_not_admin(client, not_admin): auth_header = {'Authorization': not_admin} response = client.post(test_url, headers=auth_header, json=valid_data, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert 'Invalid JWT Credentials' in response.json['description'] response = client.put(f'{test_url}/1', headers=auth_header, json={'color': 'purple'}, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert 'Invalid JWT Credentials' in response.json['description'] response = client.delete(f'{test_url}/1', headers=auth_header, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert 'Invalid JWT Credentials' in response.json['description']
def test_expired_token(client, expired_token): auth_header = {'Authorization': expired_token} response = client.post(test_url, headers=auth_header, json=valid_data, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert 'Error Decoding Token' in response.json['description'] response = client.put(f'{test_url}/1', headers=auth_header, json={'color': 'purple'}, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert 'Error Decoding Token' in response.json['description'] response = client.delete(f'{test_url}/1', headers=auth_header, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert 'Error Decoding Token' in response.json['description']
def test_missing_other_token_fields(client, bad_token): # this test is for if any fields in the token # that are NOT checked by PyJWT are missing # ex: 'sub', 'user' auth_header = {'Authorization': create_token(bad_token)} response = client.post(test_url, headers=auth_header, json=valid_data, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert response.json['description'] == 'Invalid JWT Credentials' response = client.put(f'{test_url}/1', headers=auth_header, json={'color': 'purple'}, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert response.json['description'] == 'Invalid JWT Credentials' response = client.delete(f'{test_url}/1', headers=auth_header, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert response.json['description'] == 'Invalid JWT Credentials'
def test_missing_required_token_fields(client, bad_token): # this test is for if any fields in the token # that are automatically checked by PyJWT are missing # ex: 'exp', 'iat', 'nbf' auth_header = {'Authorization': bad_token} missing_claim = re.compile( 'Error Decoding Token: Token is missing the "(\w+)" claim') response = client.post(test_url, headers=auth_header, json=valid_data, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert missing_claim.match(response.json['description']) response = client.put(f'{test_url}/1', headers=auth_header, json={'color': 'purple'}, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert missing_claim.match(response.json['description']) response = client.delete(f'{test_url}/1', headers=auth_header, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert missing_claim.match(response.json['description'])
def test_potion_type_duplicate_color(client): prepopulate() response = client.post('/v1/potions/types', headers=valid_token, json={'related_stat':'sleep', 'color':'red'}, as_response=True) assert response.status_code == 400 delete_all()
def test_methods_without_params(client, url): prepopulate() response = client.put(f'{url}/1', headers=valid_token, as_response=True) assert response.status_code == 400 response = client.post(url, headers=valid_token, as_response=True) assert response.status_code == 400
def test_valid_auth_token(client): delete_all() response = client.post( test_url, headers={'Authorization': create_token(token, adjust_times=True)}, json=valid_data, as_response=True) assert response.status_code == 201 delete_all()
def test_bearer_case_insensitive(client, bearer_case): delete_all() token_value = create_token(token, adjust_times=True)[7:] # removes 'Bearer ' response = client.post( test_url, headers={'Authorization': f'{bearer_case} {token_value}'}, json=valid_data, as_response=True) assert response.status_code == 201
def test_invalid_value_type(client, url, bad_value): prepopulate() response = client.put(f'{url}/1', headers=valid_token, json=bad_value, as_response=True) assert response.status_code in [400,404] response = client.post(url, headers=valid_token, json=bad_value, as_response=True) assert response.status_code in [400,404] delete_all()
def test_no_token(client, header): response = client.post(test_url, headers=header, json=valid_data, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert 'Missing Authorization Header' in response.json['description'] response = client.put(f'{test_url}/1', headers=header, json={'color': 'purple'}, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert 'Missing Authorization Header' in response.json['description'] response = client.delete(f'{test_url}/1', headers=header, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert 'Missing Authorization Header' in response.json['description']
def test_invalid_token_format(client, bad_token): bad_token = {'Authorization': bad_token} response = client.post(test_url, headers=bad_token, json=valid_data, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert 'Invalid Authorization Header' in response.json['description'] response = client.put(f'{test_url}/1', headers=bad_token, json={'color': 'purple'}, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert 'Invalid Authorization Header' in response.json['description'] response = client.delete(f'{test_url}/1', headers=bad_token, as_response=True) assert response.status_code == 401 assert response.json['title'] == '401 Unauthorized' assert 'Invalid Authorization Header' in response.json['description']
def create(route, test_value): response = client.post(route, headers=valid_token, json=test_value) test_value.update({'id': 1}) value_equals(f'{route}/1', test_value) assert response['results'][0]['id'] == 1
def test_post_unknown_foreign_key(client): prepopulate() # can't create a valid potion if the potency/type don't exist! response = client.post('/v1/potions', headers=valid_token, json={'potency_id':9000, 'type_id':9000}, as_response=True) assert response.status_code == 400
def test_post_to_id(client, url): response = client.post(f'{url}/1', headers=valid_token, json={'invalid':'invalid'}, as_response=True) assert response.status_code == 405