示例#1
0
    def test_users_3_update_partial_user(self):
        """
        Do only partial update of the user
        """
        r = self.req.POST('/users',
                          auth=ApiAuth(self.user['session_id']),
                          json={
                              'username': '******',
                              'password': '******',
                              'email': '*****@*****.**',
                              'role': 'guest'
                          })

        self.assertOK(r)
        user_id = (r.json())['user_id']

        data = {"email": "*****@*****.**", "first_name": "John"}

        r = self.req.PUT('/users/' + user_id,
                         auth=ApiAuth(self.user['session_id']),
                         data=json_util.dumps(data))

        self.assertOK(r)
        new_user = r.json()

        self.assertTrue(new_user['email'] == '*****@*****.**')
        self.assertTrue(new_user['first_name'] == 'John')

        r = self.req.DELETE('/users/' + user_id,
                            auth=ApiAuth(self.user['session_id']))
        self.assertOK(r)
        self.assertTrue(len(r.text) > 1)
示例#2
0
    def test_users_2_add_existing_user(self):
        """
        Try to add the same user twice.
        This should return HTTP 400.
        """
        r = self.req.POST('/users',
                          auth=ApiAuth(self.user['session_id']),
                          json={
                              'username': '******',
                              'password': '******',
                              'email': '*****@*****.**',
                              'role': 'guest'
                          })

        self.assertOK(r)
        user = r.json()

        r = self.req.POST('/users',
                          auth=ApiAuth(self.user['session_id']),
                          json={
                              'username': '******',
                              'password': '******',
                              'email': '*****@*****.**',
                              'role': 'guest'
                          })

        self.assertTrue(r.status_code == 400)
        """
        Delete the temp user
        """
        r = self.req.DELETE('/users/' + user['user_id'],
                            auth=ApiAuth(self.user['session_id']))
        self.assertOK(r)
示例#3
0
    def test_users_5_low_role_edit_user(self):
        """
        Create a user with 'user' privileges and try to edit another user.
        This should fail since users are not authorized to edit another users.
        """

        # First we need to create temp user guest and user with 'user; role
        r = self.req.POST('/users',
                          auth=ApiAuth(self.user['session_id']),
                          json={
                              'username': '******',
                              'password': '******',
                              'email': '*****@*****.**',
                              'role': 'guest'
                          })

        self.assertOK(r)
        guest_id = (r.json())['user_id']

        r = self.req.POST('/users',
                          auth=ApiAuth(self.user['session_id']),
                          json={
                              'username': '******',
                              'password': '******',
                              'email': '*****@*****.**',
                              'role': 'user'
                          })

        self.assertOK(r)
        user_id = (r.json())['user_id']

        # Authorize as user
        user_role = self.req.POST('/authorization',
                                  json={
                                      'username': "******",
                                      'password': "******"
                                  })

        data = {"email": "*****@*****.**", "first_name": "John"}

        r = self.req.PUT('/users/' + guest_id,
                         auth=ApiAuth(user_role.json()['session_id']),
                         data=json_util.dumps(data))

        self.assertTrue(r.status_code == 401)

        r = self.req.DELETE('/users/' + user_id,
                            auth=ApiAuth(self.user['session_id']))
        self.assertOK(r)

        r = self.req.DELETE('/users/' + guest_id,
                            auth=ApiAuth(self.user['session_id']))
        self.assertOK(r)
示例#4
0
    def test_users_4_role_edit_user(self):
        """
        Create a user with 'user' privileges and try to add another user.
        This should fail since users are not authorized to add another users.
        """

        # First we need to create temp user guest and user with 'user' role
        r = self.req.POST('/users',
                          auth=ApiAuth(self.user['session_id']),
                          json={
                              'username': '******',
                              'password': '******',
                              'email': '*****@*****.**',
                              'role': 'user'
                          })

        self.assertOK(r)
        user_id = (r.json())['user_id']

        # Authorize as user
        user_role = self.req.POST('/authorization',
                                  json={
                                      'username': "******",
                                      'password': "******"
                                  })

        r = self.req.POST('/users',
                          auth=ApiAuth(user_role.json()['session_id']),
                          json={
                              'username': '******',
                              'password': '******',
                              'email': '*****@*****.**',
                              'role': 'guest'
                          })
        self.assertTrue(r.status_code == 401)

        r = self.req.DELETE('/users/' + user_id,
                            auth=ApiAuth(self.user['session_id']))
        self.assertOK(r)
示例#5
0
    def test_users_1_add_delete_user(self):
        """
        Create and delete a temporary guest user
        """
        r = self.req.POST('/users',
                          auth=ApiAuth(self.user['session_id']),
                          json={
                              'username': '******',
                              'password': '******',
                              'email': '*****@*****.**',
                              'role': 'guest'
                          })

        self.assertOK(r)
        self.assertTrue('user_id' in r.json())
        user = r.json()

        self.assertTrue(user['role'] == 255)
        self.assertTrue(user['email'] == '*****@*****.**')
        self.assertTrue(user['username'] == 'tempuser')
        self.assertTrue('password' not in user)

        r = self.req.GET('/users', auth=ApiAuth(self.user['session_id']))
        self.assertTrue(len(r.json()) > 1)
        """
        Delete should return the deleted user
        """
        r = self.req.DELETE('/users/' + user['user_id'],
                            auth=ApiAuth(self.user['session_id']))
        self.assertOK(r)

        user = r.json()

        self.assertTrue(user['role'] == 255)
        self.assertTrue(user['email'] == '*****@*****.**')
        self.assertTrue(user['username'] == 'tempuser')
示例#6
0
    def test1_login_logout(self):
        """
		Try to log into the API with given credentials and then logout

		@note: For now we have user admin/admin so let's work with this one.
		"""

        r = self.req.POST('/authorization',
                          json={
                              'username': '******',
                              'password': '******'
                          })

        self.assertOK(r)

        # Store the Session ID in order to do proper logout
        body = r.json()

        self.assertTrue('session_id' in body)
        """
		When we have the session_id from login we can test logout
		"""
        r = self.req.DELETE('/authorization', auth=ApiAuth(body['session_id']))
        self.assertOK(r)
示例#7
0
    def test_users_0_get_users(self):
        r = self.req.GET('/users', auth=ApiAuth(self.user['session_id']))

        self.assertOK(r)
        self.assertTrue(len(r.json()) > 0)
示例#8
0
	def tearDown(self):
		"""
		When the test case is done, log out
		"""
		r = self.req.DELETE('/authorization', auth = ApiAuth(self.user['session_id']))
		self.assertOK(r)