sachet-server/tests/test_userinfo.py

113 lines
3.4 KiB
Python
Raw Normal View History

import pytest
2023-03-28 21:48:09 -04:00
from bitmask import Bitmask
2023-03-29 19:50:09 -04:00
from sachet.server.models import Permissions, UserSchema
from datetime import datetime
user_schema = UserSchema()
2023-03-30 20:20:09 -04:00
2023-03-28 21:48:09 -04:00
def test_get(client, tokens, validate_info):
"""Test accessing the user information endpoint as a normal user."""
# access user info endpoint
resp = client.get(
2023-03-30 20:20:09 -04:00
"/users/jeff", headers={"Authorization": f"bearer {tokens['jeff']}"}
)
assert resp.status_code == 200
validate_info("jeff", resp.get_json())
# access other user's info endpoint
resp = client.get(
2023-03-30 20:20:09 -04:00
"/users/administrator", headers={"Authorization": f"bearer {tokens['jeff']}"}
)
assert resp.status_code == 403
2023-03-30 20:20:09 -04:00
def test_userinfo_admin(client, tokens, validate_info):
"""Test accessing other user's information as an admin."""
# first test that admin can access its own info
resp = client.get(
"/users/administrator",
2023-03-30 20:20:09 -04:00
headers={"Authorization": f"bearer {tokens['administrator']}"},
)
assert resp.status_code == 200
validate_info("administrator", resp.get_json())
# now test accessing other user's info
resp = client.get(
2023-03-30 20:20:09 -04:00
"/users/jeff", headers={"Authorization": f"bearer {tokens['administrator']}"}
)
assert resp.status_code == 200
validate_info("jeff", resp.get_json())
2023-03-28 21:48:09 -04:00
2023-03-30 20:20:09 -04:00
2023-03-28 21:48:09 -04:00
def test_patch(client, users, tokens, validate_info):
"""Test modifying user information as an administrator."""
# try with regular user to make sure it doesn't work
resp = client.patch(
"/users/jeff",
2023-03-30 20:20:09 -04:00
json={"permissions": ["ADMIN"]},
headers={"Authorization": f"bearer {tokens['jeff']}"},
2023-03-28 21:48:09 -04:00
)
assert resp.status_code == 403
# test malformed patch
resp = client.patch(
"/users/jeff",
2023-03-30 20:20:09 -04:00
json="hurr durr",
headers={"Authorization": f"bearer {tokens['administrator']}"},
2023-03-28 21:48:09 -04:00
)
assert resp.status_code == 400
resp = client.patch(
"/users/jeff",
2023-03-30 20:20:09 -04:00
json={"permissions": ["ADMIN"]},
headers={"Authorization": f"bearer {tokens['administrator']}"},
2023-03-28 21:48:09 -04:00
)
assert resp.status_code == 200
# modify the expected values
users["jeff"]["permissions"] = Bitmask(Permissions.ADMIN)
# request new info
resp = client.get(
2023-03-30 20:20:09 -04:00
"/users/jeff", headers={"Authorization": f"bearer {tokens['jeff']}"}
2023-03-28 21:48:09 -04:00
)
assert resp.status_code == 200
validate_info("jeff", resp.get_json())
2023-03-29 19:50:09 -04:00
2023-03-30 20:20:09 -04:00
2023-03-29 19:50:09 -04:00
def test_put(client, users, tokens, validate_info):
"""Test replacing user information as an administrator."""
# try with regular user to make sure it doesn't work
resp = client.patch(
"/users/jeff",
2023-03-30 20:20:09 -04:00
json=dict(),
headers={"Authorization": f"bearer {tokens['jeff']}"},
2023-03-29 19:50:09 -04:00
)
assert resp.status_code == 403
2023-03-30 20:20:09 -04:00
new_data = {k: v for k, v in users["jeff"].items()}
2023-03-29 19:50:09 -04:00
new_data["permissions"] = Bitmask(Permissions.ADMIN)
2023-03-30 20:20:09 -04:00
new_data["register_date"] = datetime(2022, 2, 2, 0, 0, 0)
2023-03-29 19:50:09 -04:00
resp = client.put(
"/users/jeff",
2023-03-30 20:20:09 -04:00
json=user_schema.dump(new_data),
headers={"Authorization": f"bearer {tokens['administrator']}"},
2023-03-29 19:50:09 -04:00
)
assert resp.status_code == 200
# modify the expected values
users["jeff"]["permissions"] = Bitmask(Permissions.ADMIN)
# request new info
resp = client.get(
2023-03-30 20:20:09 -04:00
"/users/jeff", headers={"Authorization": f"bearer {tokens['jeff']}"}
2023-03-29 19:50:09 -04:00
)
assert resp.status_code == 200
validate_info("jeff", resp.get_json())