diff --git a/sachet/server/models.py b/sachet/server/models.py index 1ea0f3e..d6d6b8c 100644 --- a/sachet/server/models.py +++ b/sachet/server/models.py @@ -91,7 +91,7 @@ class User(db.Model): password, current_app.config.get("BCRYPT_LOG_ROUNDS") ).decode() self.username = username - self.url = url_for("users_blueprint.user_list_api", username=self.username) + self.url = url_for("users_blueprint.user_api", username=self.username) self.register_date = datetime.datetime.now() def encode_token(self, jti=None): diff --git a/tests/conftest.py b/tests/conftest.py index a0e33c2..47aa98b 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -125,6 +125,16 @@ def users(client): Permissions.READ, ), ), + no_admin_user=dict( + password="password", + permissions=Bitmask( + Permissions.CREATE, + Permissions.MODIFY, + Permissions.DELETE, + Permissions.LOCK, + Permissions.READ, + ), + ), administrator=dict(password="4321", permissions=Bitmask(Permissions.ADMIN)), ) diff --git a/tests/test_user.py b/tests/test_user.py new file mode 100644 index 0000000..c532756 --- /dev/null +++ b/tests/test_user.py @@ -0,0 +1,34 @@ +import pytest + + +def test_post(client, users, auth): + """Test registering a user, then logging in to it.""" + # register without adequate permissions + resp = client.post( + "/users", + headers=auth("no_admin_user"), + json={"username": "claire", "permissions": [], "password": "claire123"}, + ) + assert resp.status_code == 403 + # properly register + resp = client.post( + "/users", + headers=auth("administrator"), + json={"username": "claire", "permissions": [], "password": "claire123"}, + ) + assert resp.status_code == 201 + data = resp.get_json() + url = data.get("url") + assert url is not None + assert url == "/users/claire" + + # try logging in now + resp = client.post( + "/users/login", json={"username": "claire", "password": "claire123"} + ) + assert resp.status_code == 200 + data = resp.get_json() + assert data.get("status") == "success" + assert data.get("username") == "claire" + token = data.get("auth_token") + assert token is not None and token != ""