def test_auth_decorated_link_good_token_wrong_authority(client):
user1 = default_config()
user2 = User(name='second user', password='******', roles=['user'])
user2.save()
headers = Headers()
headers.set('Authorization', 'Bearer {}'.format(user2.auth_token))
post_data = json.dumps({'current_password': '******', 'new_password': '******'})
rsp = client.post('/users/{}/change_password'.format(user1.id), data=post_data, headers=headers)
print('\nResponse: {} -> {}'.format(rsp.status, rsp.data))
assert rsp.status_code == 403, 'should be ok'
def create_basic_user():
u = User().update(name='some_user', password='******')
u.save()
return u