tests: improved coverage
This commit is contained in:
parent
e258a0d061
commit
10dc7957a2
GPG Key ID:
7225FE3592EFFA38
@ -48,7 +48,7 @@ def _token_decorator(require_admin, f, *args, **kwargs):
|
|||||||
"status": "fail",
|
"status": "fail",
|
||||||
"message": "Malformed Authorization header."
|
"message": "Malformed Authorization header."
|
||||||
}
|
}
|
||||||
return jsonify(resp)
|
return jsonify(resp), 401
|
||||||
|
|
||||||
if not token:
|
if not token:
|
||||||
return jsonify({"status": "fail", "message": "Missing auth token"}), 401
|
return jsonify({"status": "fail", "message": "Missing auth token"}), 401
|
||||||
|
|||||||
@ -3,6 +3,12 @@ import jwt
|
|||||||
from sachet.server import db
|
from sachet.server import db
|
||||||
from sachet.server.users import manage
|
from sachet.server.users import manage
|
||||||
|
|
||||||
|
def test_reserved_users(client):
|
||||||
|
"""Test that the server prevents reserved endpoints from being registered as usernames."""
|
||||||
|
for user in ["login", "logout", "extend"]:
|
||||||
|
with pytest.raises(KeyError):
|
||||||
|
manage.create_user(False, user, "")
|
||||||
|
|
||||||
def test_unauth_perms(client):
|
def test_unauth_perms(client):
|
||||||
"""Test endpoints to see if they allow unauthenticated users."""
|
"""Test endpoints to see if they allow unauthenticated users."""
|
||||||
resp = client.get("/users/jeff")
|
resp = client.get("/users/jeff")
|
||||||
@ -21,6 +27,16 @@ def test_malformed_authorization(client):
|
|||||||
)
|
)
|
||||||
assert resp.status_code == 401
|
assert resp.status_code == 401
|
||||||
|
|
||||||
|
# token for incorrect user (but properly signed)
|
||||||
|
token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.nZ86hUWPdG43W6HVSGFy6DJnDVOZhx8a73LhQ3gIxY8"
|
||||||
|
resp = client.get(
|
||||||
|
"/users/jeff",
|
||||||
|
headers={
|
||||||
|
"Authorization": f"bearer {token}"
|
||||||
|
}
|
||||||
|
)
|
||||||
|
assert resp.status_code == 401
|
||||||
|
|
||||||
# invalid token
|
# invalid token
|
||||||
token = "not a.real JWT.token"
|
token = "not a.real JWT.token"
|
||||||
resp = client.get(
|
resp = client.get(
|
||||||
@ -32,11 +48,10 @@ def test_malformed_authorization(client):
|
|||||||
assert resp.status_code == 401
|
assert resp.status_code == 401
|
||||||
|
|
||||||
# missing token
|
# missing token
|
||||||
token = "not a.real JWT.token"
|
|
||||||
resp = client.get(
|
resp = client.get(
|
||||||
"/users/jeff",
|
"/users/jeff",
|
||||||
headers={
|
headers={
|
||||||
"Authorization": ""
|
"Authorization": "bearer"
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
assert resp.status_code == 401
|
assert resp.status_code == 401
|
||||||
@ -51,6 +66,13 @@ def test_login(client, users):
|
|||||||
})
|
})
|
||||||
assert resp.status_code == 401
|
assert resp.status_code == 401
|
||||||
|
|
||||||
|
# wrong user
|
||||||
|
resp = client.post("/users/login", json={
|
||||||
|
"username": "jeffery",
|
||||||
|
"password": users["jeff"]["password"] + "garbage"
|
||||||
|
})
|
||||||
|
assert resp.status_code == 401
|
||||||
|
|
||||||
# logging in correctly
|
# logging in correctly
|
||||||
resp = client.post("/users/login", json={
|
resp = client.post("/users/login", json={
|
||||||
"username": "jeff",
|
"username": "jeff",
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user