sachet-server/tests/test_userinfo.py

import pytest
from bitmask import Bitmask
from sachet.server.models import Permissions, User
from datetime import datetime

user_schema = User.get_schema(User)


def test_get(client, auth, validate_info):
    """Test accessing the user information endpoint as a normal user."""

    # access user info endpoint
    resp = client.get("/users/jeff", headers=auth("jeff"))
    assert resp.status_code == 200
    validate_info("jeff", resp.get_json())

    # access other user's info endpoint
    resp = client.get("/users/administrator", headers=auth("jeff"))
    assert resp.status_code == 403


def test_userinfo_admin(client, auth, validate_info):
    """Test accessing other user's information as an admin."""

    # first test that admin can access its own info
    resp = client.get(
        "/users/administrator",
        headers=auth("administrator"),
    )
    assert resp.status_code == 200
    validate_info("administrator", resp.get_json())

    # now test accessing other user's info
    resp = client.get("/users/jeff", headers=auth("administrator"))
    assert resp.status_code == 200
    validate_info("jeff", resp.get_json())


def test_patch(client, users, auth, validate_info):
    """Test modifying user information as an administrator."""

    # try with regular user to make sure it doesn't work
    resp = client.patch(
        "/users/jeff",
        json={"permissions": ["ADMIN"]},
        headers=auth("jeff"),
    )
    assert resp.status_code == 403

    # test malformed patch
    resp = client.patch(
        "/users/jeff",
        json="hurr durr",
        headers=auth("administrator"),
    )
    assert resp.status_code == 400

    resp = client.patch(
        "/users/jeff",
        json={"permissions": ["ADMIN"]},
        headers=auth("administrator"),
    )
    assert resp.status_code == 200

    # modify the expected values
    users["jeff"]["permissions"] = Bitmask(Permissions.ADMIN)

    # request new info
    resp = client.get("/users/jeff", headers=auth("jeff"))
    assert resp.status_code == 200
    validate_info("jeff", resp.get_json())

    # test password change through patch
    resp = client.patch(
        "/users/jeff",
        json=dict(password="123"),
        headers=auth("administrator"),
    )
    assert resp.status_code == 200

    # sign in with new token
    resp = client.post("/users/login", json=dict(username="jeff", password="123"))
    assert resp.status_code == 200
    data = resp.get_json()
    new_token = data.get("auth_token")
    assert new_token

    # test that we're logged in
    resp = client.get("/users/jeff", headers=dict(Authorization=f"bearer {new_token}"))
    assert resp.status_code == 200


def test_put(client, users, auth, validate_info):
    """Test replacing user information as an administrator."""

    # try with regular user to make sure it doesn't work
    resp = client.patch(
        "/users/jeff",
        json=dict(),
        headers=auth("jeff"),
    )
    assert resp.status_code == 403

    new_data = {k: v for k, v in users["jeff"].items()}
    new_data["permissions"] = Bitmask(Permissions.ADMIN)

    json_data = user_schema.dump(new_data)
    json_data.update(dict(password="123"))

    resp = client.put(
        "/users/jeff",
        json=json_data,
        headers=auth("administrator"),
    )
    assert resp.status_code == 200

    # modify the expected values
    users["jeff"]["permissions"] = Bitmask(Permissions.ADMIN)

    # request new info
    resp = client.get("/users/jeff", headers=auth("jeff"))
    assert resp.status_code == 200
    validate_info("jeff", resp.get_json())

    # sign in with new token
    resp = client.post("/users/login", json=dict(username="jeff", password="123"))
    assert resp.status_code == 200
    data = resp.get_json()
    new_token = data.get("auth_token")
    assert new_token

    # test that we're logged in
    resp = client.get("/users/jeff", headers=dict(Authorization=f"bearer {new_token}"))
    assert resp.status_code == 200
tests/test_userinfo.py: Split off authentication tests 2023-03-10 18:38:41 -05:00			`import pytest`
/users/<id>: added PATCH endpoint 2023-03-28 21:48:09 -04:00			`from bitmask import Bitmask`
refactor: split off generic model REST API logic also, a model's marshmallow schema class is now within the model class 2023-04-01 17:56:25 -04:00			`from sachet.server.models import Permissions, User`
/users/<id>: added PUT endpoint 2023-03-29 19:50:09 -04:00			`from datetime import datetime`

refactor: split off generic model REST API logic also, a model's marshmallow schema class is now within the model class 2023-04-01 17:56:25 -04:00			`user_schema = User.get_schema(User)`
tests/test_userinfo.py: Split off authentication tests 2023-03-10 18:38:41 -05:00
linted everything with black 2023-03-30 20:20:09 -04:00
tests: refactor authentication header 2023-04-13 13:30:53 -04:00			`def test_get(client, auth, validate_info):`
tests/test_userinfo.py: Split off authentication tests 2023-03-10 18:38:41 -05:00			`"""Test accessing the user information endpoint as a normal user."""`

			`# access user info endpoint`
/files: add more tests 2023-04-15 16:33:50 -04:00			`resp = client.get("/users/jeff", headers=auth("jeff"))`
tests/test_userinfo.py: Split off authentication tests 2023-03-10 18:38:41 -05:00			`assert resp.status_code == 200`
			`validate_info("jeff", resp.get_json())`

			`# access other user's info endpoint`
/files: add more tests 2023-04-15 16:33:50 -04:00			`resp = client.get("/users/administrator", headers=auth("jeff"))`
tests/test_userinfo.py: Split off authentication tests 2023-03-10 18:38:41 -05:00			`assert resp.status_code == 403`

linted everything with black 2023-03-30 20:20:09 -04:00
tests: refactor authentication header 2023-04-13 13:30:53 -04:00			`def test_userinfo_admin(client, auth, validate_info):`
tests/test_userinfo.py: Split off authentication tests 2023-03-10 18:38:41 -05:00			`"""Test accessing other user's information as an admin."""`

			`# first test that admin can access its own info`
			`resp = client.get(`
			`"/users/administrator",`
tests: refactor authentication header 2023-04-13 13:30:53 -04:00			`headers=auth("administrator"),`
tests/test_userinfo.py: Split off authentication tests 2023-03-10 18:38:41 -05:00			`)`
			`assert resp.status_code == 200`
			`validate_info("administrator", resp.get_json())`

			`# now test accessing other user's info`
/files: add more tests 2023-04-15 16:33:50 -04:00			`resp = client.get("/users/jeff", headers=auth("administrator"))`
tests/test_userinfo.py: Split off authentication tests 2023-03-10 18:38:41 -05:00			`assert resp.status_code == 200`
			`validate_info("jeff", resp.get_json())`
/users/<id>: added PATCH endpoint 2023-03-28 21:48:09 -04:00
linted everything with black 2023-03-30 20:20:09 -04:00
tests: refactor authentication header 2023-04-13 13:30:53 -04:00			`def test_patch(client, users, auth, validate_info):`
/users/<id>: added PATCH endpoint 2023-03-28 21:48:09 -04:00			`"""Test modifying user information as an administrator."""`

			`# try with regular user to make sure it doesn't work`
			`resp = client.patch(`
			`"/users/jeff",`
linted everything with black 2023-03-30 20:20:09 -04:00			`json={"permissions": ["ADMIN"]},`
tests: refactor authentication header 2023-04-13 13:30:53 -04:00			`headers=auth("jeff"),`
/users/<id>: added PATCH endpoint 2023-03-28 21:48:09 -04:00			`)`
			`assert resp.status_code == 403`

			`# test malformed patch`
			`resp = client.patch(`
			`"/users/jeff",`
linted everything with black 2023-03-30 20:20:09 -04:00			`json="hurr durr",`
tests: refactor authentication header 2023-04-13 13:30:53 -04:00			`headers=auth("administrator"),`
/users/<id>: added PATCH endpoint 2023-03-28 21:48:09 -04:00			`)`
			`assert resp.status_code == 400`

			`resp = client.patch(`
			`"/users/jeff",`
linted everything with black 2023-03-30 20:20:09 -04:00			`json={"permissions": ["ADMIN"]},`
tests: refactor authentication header 2023-04-13 13:30:53 -04:00			`headers=auth("administrator"),`
/users/<id>: added PATCH endpoint 2023-03-28 21:48:09 -04:00			`)`
			`assert resp.status_code == 200`

			`# modify the expected values`
			`users["jeff"]["permissions"] = Bitmask(Permissions.ADMIN)`

			`# request new info`
/files: add more tests 2023-04-15 16:33:50 -04:00			`resp = client.get("/users/jeff", headers=auth("jeff"))`
/users/<id>: added PATCH endpoint 2023-03-28 21:48:09 -04:00			`assert resp.status_code == 200`
			`validate_info("jeff", resp.get_json())`
/users/<id>: added PUT endpoint 2023-03-29 19:50:09 -04:00
test/test_userinfo.py: add missing password change test code how did i not see this 2023-07-15 20:25:08 -04:00			`# test password change through patch`
			`resp = client.patch(`
/users/<user>: fix inability to change password via PATCH 2023-07-15 22:18:55 -04:00			`"/users/jeff",`
			`json=dict(password="123"),`
			`headers=auth("administrator"),`
			`)`
test/test_userinfo.py: add missing password change test code how did i not see this 2023-07-15 20:25:08 -04:00			`assert resp.status_code == 200`

			`# sign in with new token`
/users/<user>: fix inability to change password via PATCH 2023-07-15 22:18:55 -04:00			`resp = client.post("/users/login", json=dict(username="jeff", password="123"))`
test/test_userinfo.py: add missing password change test code how did i not see this 2023-07-15 20:25:08 -04:00			`assert resp.status_code == 200`
			`data = resp.get_json()`
			`new_token = data.get("auth_token")`
			`assert new_token`

			`# test that we're logged in`
			`resp = client.get("/users/jeff", headers=dict(Authorization=f"bearer {new_token}"))`
			`assert resp.status_code == 200`

linted everything with black 2023-03-30 20:20:09 -04:00
tests: refactor authentication header 2023-04-13 13:30:53 -04:00			`def test_put(client, users, auth, validate_info):`
/users/<id>: added PUT endpoint 2023-03-29 19:50:09 -04:00			`"""Test replacing user information as an administrator."""`

			`# try with regular user to make sure it doesn't work`
			`resp = client.patch(`
			`"/users/jeff",`
linted everything with black 2023-03-30 20:20:09 -04:00			`json=dict(),`
tests: refactor authentication header 2023-04-13 13:30:53 -04:00			`headers=auth("jeff"),`
/users/<id>: added PUT endpoint 2023-03-29 19:50:09 -04:00			`)`
			`assert resp.status_code == 403`

linted everything with black 2023-03-30 20:20:09 -04:00			`new_data = {k: v for k, v in users["jeff"].items()}`
/users/<id>: added PUT endpoint 2023-03-29 19:50:09 -04:00			`new_data["permissions"] = Bitmask(Permissions.ADMIN)`
/users: added endpoint for creating, listing users 2023-05-18 22:06:16 -04:00
			`json_data = user_schema.dump(new_data)`
			`json_data.update(dict(password="123"))`
/users/<id>: added PUT endpoint 2023-03-29 19:50:09 -04:00
			`resp = client.put(`
			`"/users/jeff",`
/users: added endpoint for creating, listing users 2023-05-18 22:06:16 -04:00			`json=json_data,`
tests: refactor authentication header 2023-04-13 13:30:53 -04:00			`headers=auth("administrator"),`
/users/<id>: added PUT endpoint 2023-03-29 19:50:09 -04:00			`)`
			`assert resp.status_code == 200`

			`# modify the expected values`
			`users["jeff"]["permissions"] = Bitmask(Permissions.ADMIN)`

			`# request new info`
/files: add more tests 2023-04-15 16:33:50 -04:00			`resp = client.get("/users/jeff", headers=auth("jeff"))`
/users/<id>: added PUT endpoint 2023-03-29 19:50:09 -04:00			`assert resp.status_code == 200`
			`validate_info("jeff", resp.get_json())`
test/test_userinfo.py: add missing password change test code how did i not see this 2023-07-15 20:25:08 -04:00
			`# sign in with new token`
/users/<user>: fix inability to change password via PATCH 2023-07-15 22:18:55 -04:00			`resp = client.post("/users/login", json=dict(username="jeff", password="123"))`
test/test_userinfo.py: add missing password change test code how did i not see this 2023-07-15 20:25:08 -04:00			`assert resp.status_code == 200`
			`data = resp.get_json()`
			`new_token = data.get("auth_token")`
			`assert new_token`

			`# test that we're logged in`
			`resp = client.get("/users/jeff", headers=dict(Authorization=f"bearer {new_token}"))`
			`assert resp.status_code == 200`