sachet-server/tests/test_userinfo.py

import pytest
from bitmask import Bitmask
from sachet.server.models import Permissions, User
from datetime import datetime

user_schema = User.get_schema(User)


def test_get(client, auth, validate_info):
    """Test accessing the user information endpoint as a normal user."""

    # access user info endpoint
    resp = client.get("/users/jeff", headers=auth("jeff"))
    assert resp.status_code == 200
    validate_info("jeff", resp.get_json())

    # access other user's info endpoint
    resp = client.get("/users/administrator", headers=auth("jeff"))
    assert resp.status_code == 403


def test_userinfo_admin(client, auth, validate_info):
    """Test accessing other user's information as an admin."""

    # first test that admin can access its own info
    resp = client.get(
        "/users/administrator",
        headers=auth("administrator"),
    )
    assert resp.status_code == 200
    validate_info("administrator", resp.get_json())

    # now test accessing other user's info
    resp = client.get("/users/jeff", headers=auth("administrator"))
    assert resp.status_code == 200
    validate_info("jeff", resp.get_json())


def test_patch(client, users, auth, validate_info):
    """Test modifying user information as an administrator."""

    # try with regular user to make sure it doesn't work
    resp = client.patch(
        "/users/jeff",
        json={"permissions": ["ADMIN"]},
        headers=auth("jeff"),
    )
    assert resp.status_code == 403

    # test malformed patch
    resp = client.patch(
        "/users/jeff",
        json="hurr durr",
        headers=auth("administrator"),
    )
    assert resp.status_code == 400

    resp = client.patch(
        "/users/jeff",
        json={"permissions": ["ADMIN"]},
        headers=auth("administrator"),
    )
    assert resp.status_code == 200

    # modify the expected values
    users["jeff"]["permissions"] = Bitmask(Permissions.ADMIN)

    # request new info
    resp = client.get("/users/jeff", headers=auth("jeff"))
    assert resp.status_code == 200
    validate_info("jeff", resp.get_json())

    # test password change through patch
    resp = client.patch(
        "/users/jeff",
        json=dict(password="123"),
        headers=auth("administrator"),
    )
    assert resp.status_code == 200

    # sign in with new token
    resp = client.post("/users/login", json=dict(username="jeff", password="123"))
    assert resp.status_code == 200
    data = resp.get_json()
    new_token = data.get("auth_token")
    assert new_token

    # test that we're logged in
    resp = client.get("/users/jeff", headers=dict(Authorization=f"bearer {new_token}"))
    assert resp.status_code == 200


def test_put(client, users, auth, validate_info):
    """Test replacing user information as an administrator."""

    # try with regular user to make sure it doesn't work
    resp = client.patch(
        "/users/jeff",
        json=dict(),
        headers=auth("jeff"),
    )
    assert resp.status_code == 403

    new_data = {k: v for k, v in users["jeff"].items()}
    new_data["permissions"] = Bitmask(Permissions.ADMIN)

    json_data = user_schema.dump(new_data)
    json_data.update(dict(password="123"))

    resp = client.put(
        "/users/jeff",
        json=json_data,
        headers=auth("administrator"),
    )
    assert resp.status_code == 200

    # modify the expected values
    users["jeff"]["permissions"] = Bitmask(Permissions.ADMIN)

    # request new info
    resp = client.get("/users/jeff", headers=auth("jeff"))
    assert resp.status_code == 200
    validate_info("jeff", resp.get_json())

    # sign in with new token
    resp = client.post("/users/login", json=dict(username="jeff", password="123"))
    assert resp.status_code == 200
    data = resp.get_json()
    new_token = data.get("auth_token")
    assert new_token

    # test that we're logged in
    resp = client.get("/users/jeff", headers=dict(Authorization=f"bearer {new_token}"))
    assert resp.status_code == 200