2023-03-10 18:38:41 -05:00
|
|
|
import pytest
|
2023-03-28 21:48:09 -04:00
|
|
|
from bitmask import Bitmask
|
2023-04-01 17:56:25 -04:00
|
|
|
from sachet.server.models import Permissions, User
|
2023-03-29 19:50:09 -04:00
|
|
|
from datetime import datetime
|
|
|
|
|
2023-04-01 17:56:25 -04:00
|
|
|
user_schema = User.get_schema(User)
|
2023-03-10 18:38:41 -05:00
|
|
|
|
2023-03-30 20:20:09 -04:00
|
|
|
|
2023-04-13 13:30:53 -04:00
|
|
|
def test_get(client, auth, validate_info):
|
2023-03-10 18:38:41 -05:00
|
|
|
"""Test accessing the user information endpoint as a normal user."""
|
|
|
|
|
|
|
|
# access user info endpoint
|
2023-04-15 16:33:50 -04:00
|
|
|
resp = client.get("/users/jeff", headers=auth("jeff"))
|
2023-03-10 18:38:41 -05:00
|
|
|
assert resp.status_code == 200
|
|
|
|
validate_info("jeff", resp.get_json())
|
|
|
|
|
|
|
|
# access other user's info endpoint
|
2023-04-15 16:33:50 -04:00
|
|
|
resp = client.get("/users/administrator", headers=auth("jeff"))
|
2023-03-10 18:38:41 -05:00
|
|
|
assert resp.status_code == 403
|
|
|
|
|
2023-03-30 20:20:09 -04:00
|
|
|
|
2023-04-13 13:30:53 -04:00
|
|
|
def test_userinfo_admin(client, auth, validate_info):
|
2023-03-10 18:38:41 -05:00
|
|
|
"""Test accessing other user's information as an admin."""
|
|
|
|
|
|
|
|
# first test that admin can access its own info
|
|
|
|
resp = client.get(
|
|
|
|
"/users/administrator",
|
2023-04-13 13:30:53 -04:00
|
|
|
headers=auth("administrator"),
|
2023-03-10 18:38:41 -05:00
|
|
|
)
|
|
|
|
assert resp.status_code == 200
|
|
|
|
validate_info("administrator", resp.get_json())
|
|
|
|
|
|
|
|
# now test accessing other user's info
|
2023-04-15 16:33:50 -04:00
|
|
|
resp = client.get("/users/jeff", headers=auth("administrator"))
|
2023-03-10 18:38:41 -05:00
|
|
|
assert resp.status_code == 200
|
|
|
|
validate_info("jeff", resp.get_json())
|
2023-03-28 21:48:09 -04:00
|
|
|
|
2023-03-30 20:20:09 -04:00
|
|
|
|
2023-04-13 13:30:53 -04:00
|
|
|
def test_patch(client, users, auth, validate_info):
|
2023-03-28 21:48:09 -04:00
|
|
|
"""Test modifying user information as an administrator."""
|
|
|
|
|
|
|
|
# try with regular user to make sure it doesn't work
|
|
|
|
resp = client.patch(
|
|
|
|
"/users/jeff",
|
2023-03-30 20:20:09 -04:00
|
|
|
json={"permissions": ["ADMIN"]},
|
2023-04-13 13:30:53 -04:00
|
|
|
headers=auth("jeff"),
|
2023-03-28 21:48:09 -04:00
|
|
|
)
|
|
|
|
assert resp.status_code == 403
|
|
|
|
|
|
|
|
# test malformed patch
|
|
|
|
resp = client.patch(
|
|
|
|
"/users/jeff",
|
2023-03-30 20:20:09 -04:00
|
|
|
json="hurr durr",
|
2023-04-13 13:30:53 -04:00
|
|
|
headers=auth("administrator"),
|
2023-03-28 21:48:09 -04:00
|
|
|
)
|
|
|
|
assert resp.status_code == 400
|
|
|
|
|
|
|
|
resp = client.patch(
|
|
|
|
"/users/jeff",
|
2023-03-30 20:20:09 -04:00
|
|
|
json={"permissions": ["ADMIN"]},
|
2023-04-13 13:30:53 -04:00
|
|
|
headers=auth("administrator"),
|
2023-03-28 21:48:09 -04:00
|
|
|
)
|
|
|
|
assert resp.status_code == 200
|
|
|
|
|
|
|
|
# modify the expected values
|
|
|
|
users["jeff"]["permissions"] = Bitmask(Permissions.ADMIN)
|
|
|
|
|
|
|
|
# request new info
|
2023-04-15 16:33:50 -04:00
|
|
|
resp = client.get("/users/jeff", headers=auth("jeff"))
|
2023-03-28 21:48:09 -04:00
|
|
|
assert resp.status_code == 200
|
|
|
|
validate_info("jeff", resp.get_json())
|
2023-03-29 19:50:09 -04:00
|
|
|
|
2023-07-15 20:25:08 -04:00
|
|
|
# test password change through patch
|
|
|
|
resp = client.patch(
|
2023-07-15 22:18:55 -04:00
|
|
|
"/users/jeff",
|
|
|
|
json=dict(password="123"),
|
|
|
|
headers=auth("administrator"),
|
|
|
|
)
|
2023-07-15 20:25:08 -04:00
|
|
|
assert resp.status_code == 200
|
|
|
|
|
|
|
|
# sign in with new token
|
2023-07-15 22:18:55 -04:00
|
|
|
resp = client.post("/users/login", json=dict(username="jeff", password="123"))
|
2023-07-15 20:25:08 -04:00
|
|
|
assert resp.status_code == 200
|
|
|
|
data = resp.get_json()
|
|
|
|
new_token = data.get("auth_token")
|
|
|
|
assert new_token
|
|
|
|
|
|
|
|
# test that we're logged in
|
|
|
|
resp = client.get("/users/jeff", headers=dict(Authorization=f"bearer {new_token}"))
|
|
|
|
assert resp.status_code == 200
|
|
|
|
|
2023-03-30 20:20:09 -04:00
|
|
|
|
2023-04-13 13:30:53 -04:00
|
|
|
def test_put(client, users, auth, validate_info):
|
2023-03-29 19:50:09 -04:00
|
|
|
"""Test replacing user information as an administrator."""
|
|
|
|
|
|
|
|
# try with regular user to make sure it doesn't work
|
|
|
|
resp = client.patch(
|
|
|
|
"/users/jeff",
|
2023-03-30 20:20:09 -04:00
|
|
|
json=dict(),
|
2023-04-13 13:30:53 -04:00
|
|
|
headers=auth("jeff"),
|
2023-03-29 19:50:09 -04:00
|
|
|
)
|
|
|
|
assert resp.status_code == 403
|
|
|
|
|
2023-03-30 20:20:09 -04:00
|
|
|
new_data = {k: v for k, v in users["jeff"].items()}
|
2023-03-29 19:50:09 -04:00
|
|
|
new_data["permissions"] = Bitmask(Permissions.ADMIN)
|
2023-05-18 22:06:16 -04:00
|
|
|
|
|
|
|
json_data = user_schema.dump(new_data)
|
|
|
|
json_data.update(dict(password="123"))
|
2023-03-29 19:50:09 -04:00
|
|
|
|
|
|
|
resp = client.put(
|
|
|
|
"/users/jeff",
|
2023-05-18 22:06:16 -04:00
|
|
|
json=json_data,
|
2023-04-13 13:30:53 -04:00
|
|
|
headers=auth("administrator"),
|
2023-03-29 19:50:09 -04:00
|
|
|
)
|
|
|
|
assert resp.status_code == 200
|
|
|
|
|
|
|
|
# modify the expected values
|
|
|
|
users["jeff"]["permissions"] = Bitmask(Permissions.ADMIN)
|
|
|
|
|
|
|
|
# request new info
|
2023-04-15 16:33:50 -04:00
|
|
|
resp = client.get("/users/jeff", headers=auth("jeff"))
|
2023-03-29 19:50:09 -04:00
|
|
|
assert resp.status_code == 200
|
|
|
|
validate_info("jeff", resp.get_json())
|
2023-07-15 20:25:08 -04:00
|
|
|
|
|
|
|
# sign in with new token
|
2023-07-15 22:18:55 -04:00
|
|
|
resp = client.post("/users/login", json=dict(username="jeff", password="123"))
|
2023-07-15 20:25:08 -04:00
|
|
|
assert resp.status_code == 200
|
|
|
|
data = resp.get_json()
|
|
|
|
new_token = data.get("auth_token")
|
|
|
|
assert new_token
|
|
|
|
|
|
|
|
# test that we're logged in
|
|
|
|
resp = client.get("/users/jeff", headers=dict(Authorization=f"bearer {new_token}"))
|
|
|
|
assert resp.status_code == 200
|