def test_set_user_role_with_nonexistent_user_or_role(auth_post): mutation = read_graphql("tests/auth/e2e/queries/permission.graphql") command = { "userAccessKey": helpers.random_word(), "roleCode": helpers.DEFAULT_ROLE_CODE, } response = auth_post( json=dict( query=mutation, operationName="setUserRole", variables=dict(command=command), ), ) errors = response.json()["errors"] assert errors assert "user_not_found" in errors[0]["extensions"]["status"].lower() mutation = read_graphql("tests/auth/e2e/queries/permission.graphql") command = { "userAccessKey": DEFAULT_USER, "roleCode": helpers.random_word(), } response = auth_post( json=dict( query=mutation, operationName="setUserRole", variables=dict(command=command), ), ) errors = response.json()["errors"] assert errors assert "role_not_found" in errors[0]["extensions"]["status"].lower()
def test_user_has_not_needed_permission_on_action(auth_post): permission_mutation = read_graphql( "tests/auth/e2e/queries/permission.graphql") command = { "accessKey": config.default_user()[0], "permissions": [{ "resource": "user", "action": "CREATE", "isConditional": False }], } response = auth_post(json=dict( query=permission_mutation, operationName="detachUserPermissions", variables=dict(command=command), ), ) status = response.json()["data"]["detachUserPermissions"]["status"] assert "PERMISSIONS_DETACHED" in status mutation = read_graphql("tests/auth/e2e/queries/create_user.graphql") command = { "accessKey": helpers.random_username(), "name": helpers.random_name(), "email": helpers.random_email(), "password": helpers.random_password(), } response = auth_post(json=dict( query=mutation, operationName="createUser", variables=dict(command=command), )) response = response.json() assert not response["data"]["createUser"] assert response["errors"] assert "not allowed" in response["errors"][0]["message"] permission_mutation = read_graphql( "tests/auth/e2e/queries/permission.graphql") command = { "accessKey": config.default_user()[0], "permissions": [{ "resource": "user", "action": "CREATE", "isConditional": False }], } auth_post(json=dict( query=permission_mutation, operationName="attachUserPermissions", variables=dict(command=command), ), )
def test_create_user_without_token(starlette_client): mutation = read_graphql("tests/auth/e2e/queries/create_user.graphql") command = { "accessKey": helpers.random_username(), "name": helpers.random_name(), "email": helpers.random_email(), "password": helpers.random_password(), } response = starlette_client.post( "/", json=dict( query=mutation, operationName="createUser", variables=dict(command=command), ), ) errors = response.json()["errors"] assert len(errors) > 0 assert ( "Authorization directives missing from HTTP header" in errors[0]["message"] ) assert "missing_auth_header" in errors[0]["extensions"]["status"].lower()
def test_change_pwd_valid_token(starlette_client, uow): mutation = read_graphql("tests/auth/e2e/queries/change_pwd.graphql") with uow: user = uow.users.get(helpers.TEST_USER_ACCESS_KEY) token = user.generate_password_reset_token() new_password = helpers.random_password() command = { "token": token, "newPassword": new_password, } response = starlette_client.post( "/", json=dict( query=mutation, operationName="changePassword", variables=dict(command=command), ), ) status = response.json()["data"]["changePassword"]["status"] message = response.json()["data"]["changePassword"]["message"] assert status == "PWD_CHANGED" assert message == "Password changed successfully" with uow: user = uow.users.get(helpers.TEST_USER_ACCESS_KEY) assert user.is_correct_password(new_password)
def test_user_has_needed_permission_on_action(auth_post): mutation = read_graphql("tests/auth/e2e/queries/create_user.graphql") command = { "accessKey": helpers.random_username(), "name": helpers.random_name(), "email": helpers.random_email(), "password": helpers.random_password(), } response = auth_post(json=dict( query=mutation, operationName="createUser", variables=dict(command=command), )) status = response.json()["data"]["createUser"]["status"] assert "USER_CREATED" in status
def test_reset_pwd_known_user(starlette_client): mutation = read_graphql("tests/auth/e2e/queries/reset_pwd.graphql") command = {"accessKey": helpers.TEST_USER_ACCESS_KEY} response = starlette_client.post( "/", json=dict( query=mutation, operationName="resetPassword", variables=dict(command=command), ), ) status = response.json()["data"]["resetPassword"]["status"] message = response.json()["data"]["resetPassword"]["message"] assert "EMAIL_RESET_PWD_SENT" == status assert command["accessKey"] in message
def test_reset_pwd_unknown_user(starlette_client): mutation = read_graphql("tests/auth/e2e/queries/reset_pwd.graphql") command = { "accessKey": "unknown_user", } response = starlette_client.post( "/", json=dict( query=mutation, operationName="resetPassword", variables=dict(command=command), ), ) errors = response.json()["errors"] assert errors assert "user_not_found" in errors[0]["extensions"]["status"].lower()
def test_set_user_role(auth_post): mutation = read_graphql("tests/auth/e2e/queries/permission.graphql") command = { "userAccessKey": DEFAULT_USER, "roleCode": helpers.DEFAULT_ROLE_CODE, } response = auth_post( json=dict( query=mutation, operationName="setUserRole", variables=dict(command=command), ), ) command_response = response.json()["data"]["setUserRole"] assert command_response assert "user_role_set" in command_response["status"].lower()
def test_change_pwd_invalid_token(starlette_client): mutation = read_graphql("tests/auth/e2e/queries/change_pwd.graphql") command = { "token": "invalid_token", "newPassword": helpers.random_password(), } response = starlette_client.post( "/", json=dict( query=mutation, operationName="changePassword", variables=dict(command=command), ), ) errors = response.json()["errors"] assert errors assert "invalid_token" in errors[0]["extensions"]["status"].lower()
def auth_post(starlette_client): mutation = read_graphql("tests/auth/e2e/queries/login_user.graphql") command = { "accessKey": DEFAULT_USER, "password": DEFAULT_PWD, } response = starlette_client.post( "/", json=dict( query=mutation, operationName="authenticate", variables=dict(command=command), ), ) token = response.json()["data"]["authenticate"]["token"]["value"] auth_type = response.json()["data"]["authenticate"]["token"]["authType"] headers = dict(Authorization=f"{auth_type} {token}") yield functools.partial(starlette_client.post, "/", headers=headers)
def test_create_role_with_existing_code(auth_post): mutation = read_graphql("tests/auth/e2e/queries/permission.graphql") command = { "code": helpers.DEFAULT_ROLE_CODE, "name": helpers.random_word(), "permissions": [], } response = auth_post( json=dict( query=mutation, operationName="createRole", variables=dict(command=command), ), ) errors = response.json()["errors"] assert errors assert "role_already_exist" in errors[0]["extensions"]["status"].lower()
def test_authentication_wrong_credentials(starlette_client): mutation = read_graphql("tests/auth/e2e/queries/login_user.graphql") command = { "accessKey": DEFAULT_USER, "password": "******", } response = starlette_client.post( "/", json=dict( query=mutation, operationName="authenticate", variables=dict(command=command), ), ) errors = response.json()["errors"] assert errors assert "wrong_credentials" in errors[0]["extensions"]["status"].lower()
def test_create_user_with_invalid_email(auth_post): mutation = read_graphql("tests/auth/e2e/queries/create_user.graphql") command = { "accessKey": "*****@*****.**", "name": "test", "email": "test", "password": "******", } response = auth_post( json=dict( query=mutation, operationName="createUser", variables=dict(command=command), ) ) errors = response.json()["errors"] assert errors assert "invalid_email" in errors[0]["extensions"]["status"].lower()
def test_create_role_with_permissions(auth_post): mutation = read_graphql("tests/auth/e2e/queries/permission.graphql") command = { "code": helpers.DEFAULT_ROLE_CODE, "name": helpers.DEFAULT_ROLE_NAME, "permissions": [auth.AVAILABLE_PERMISSIONS_GRAPHQL[0]], } response = auth_post( json=dict( query=mutation, operationName="createRole", variables=dict(command=command), ), ) command_response = response.json()["data"]["createRole"] assert command_response assert "role_created" in command_response["status"].lower()
def test_create_user(auth_post): mutation = read_graphql("tests/auth/e2e/queries/create_user.graphql") command = { "accessKey": helpers.TEST_USER_ACCESS_KEY, "name": helpers.random_name(), "email": helpers.TEST_USER_EMAIL, "password": helpers.random_password(), } response = auth_post( json=dict( query=mutation, operationName="createUser", variables=dict(command=command), ) ) command_response = response.json()["data"]["createUser"] assert command_response assert "user_created" in command_response["status"].lower()
def test_wrong_scheme(starlette_client): mutation = read_graphql("tests/auth/e2e/queries/permission.graphql") command = { "userAccessKey": helpers.random_word(), "roleCode": helpers.DEFAULT_ROLE_CODE, } headers = dict(Authorization=f"not_bearer wrong.token.for_sure") response = starlette_client.post( json=dict( query=mutation, operationName="setUserRole", variables=dict(command=command), ), url="/", headers=headers, ) errors = response.json()["errors"] assert errors assert "invalid_auth_schema" in errors[0]["extensions"]["status"].lower()
def test_authentication_known_user(starlette_client): mutation = read_graphql("tests/auth/e2e/queries/login_user.graphql") command = { "accessKey": DEFAULT_USER, "password": DEFAULT_PWD, } response = starlette_client.post( "/", json=dict( query=mutation, operationName="authenticate", variables=dict(command=command), ), ) token = response.json()["data"]["authenticate"]["token"]["value"] auth_type = response.json()["data"]["authenticate"]["token"]["authType"] assert token assert auth_type
def test_detach_role_permissions(auth_post): mutation = read_graphql("tests/auth/e2e/queries/permission.graphql") command = { "code": helpers.DEFAULT_ROLE_CODE, "permissions": [ auth.AVAILABLE_PERMISSIONS_GRAPHQL[1], auth.AVAILABLE_PERMISSIONS_GRAPHQL[2], ], } response = auth_post( json=dict( query=mutation, operationName="detachRolePermissions", variables=dict(command=command), ), ) command_response = response.json()["data"]["detachRolePermissions"] assert command_response assert "permissions_detached" in command_response["status"].lower()
def test_create_role_without_permissions(auth_post): mutation = read_graphql("tests/auth/e2e/queries/permission.graphql") code = helpers.random_word() command = { "code": code, "name": code, } response = auth_post( json=dict( query=mutation, operationName="createRole", variables=dict(command=command), ), ) command_response = response.json()["data"]["createRole"] assert command_response assert "role_created" in command_response["status"].lower()
def test_detach_user_permissions(auth_post, uow): mutation = read_graphql("tests/auth/e2e/queries/permission.graphql") command = { "accessKey": helpers.TEST_USER_ACCESS_KEY, "permissions": [ auth.AVAILABLE_PERMISSIONS_GRAPHQL[1], auth.AVAILABLE_PERMISSIONS_GRAPHQL[2], ], } response = auth_post( json=dict( query=mutation, operationName="detachUserPermissions", variables=dict(command=command), ), ) command_response = response.json()["data"]["detachUserPermissions"] assert command_response assert "permissions_detached" in command_response["status"].lower() with uow: user = uow.users.get(helpers.TEST_USER_ACCESS_KEY) assert len(user.permissions) == 0
from src import config from tests.helpers import read_graphql from tests.auth import helpers DEFAULT_USER, DEFAULT_PWD = config.default_user() permission_queries = read_graphql("tests/auth/e2e/queries/permission.graphql") def test_query_roles(auth_post, postgres_session_factory): response = auth_post(json=dict(query=permission_queries, operationName="roles"), ) roles = response.json()["data"]["roles"] assert roles assert roles["elements"] assert all([ role["code"] and role["name"] and role["createdAt"] for role in roles["elements"] ]) count = helpers.query_roles_count(postgres_session_factory()) assert roles["elementsCount"] == count def test_query_specific_role(auth_post): response = auth_post(json=dict( query=permission_queries, operationName="role", variables=dict(code="test"), ), ) role = response.json()["data"]["role"]