__author__ = "Florian Kaiser" __copyright__ = "Copyright 2022, Project Aktienbot" __credits__ = ["Florian Kaiser", "Florian Kellermann", "Linus Eickhof", "Kevin Pauer"] __license__ = "GPL 3.0" __version__ = "1.0.0" """ This file (test_user.py) contains the functional tests for the `users` blueprint. """ import json from tests.functional.helper_functions import get_token def test_login_with_valid_data(test_client, init_database): """ Test POST '/api/user/login' Valid data """ response = test_client.post('/api/user/login', data=json.dumps(dict(email="user1@example.com", password="password")), content_type='application/json') assert response.status_code == 200 assert b'Successfully logged in' in response.data def test_login_with_wrong_password(test_client, init_database): """ Test POST '/api/user/login' Wrong password """ response = test_client.post('/api/user/login', data=json.dumps(dict(email="user2@example.com", password="password2")), content_type='application/json') assert response.status_code == 500 assert b'Unable to login' in response.data def test_login_user_not_exist(test_client, init_database): """ Test POST '/api/user/login' User doesn't exist """ response = test_client.post('/api/user/login', data=json.dumps(dict(email="notexistinguser@example.com", password="password")), content_type='application/json') assert response.status_code == 500 assert b'Can\'t find user' in response.data def test_login_email_missing(test_client, init_database): """ Test POST '/api/user/login' Email missing """ response = test_client.post('/api/user/login', data=json.dumps(dict(password="password")), content_type='application/json') assert response.status_code == 400 assert b'missing' in response.data def test_login_password_missing(test_client, init_database): """ Test POST '/api/user/login' Password missing """ response = test_client.post('/api/user/login', data=json.dumps(dict(email="user1@example.com")), content_type='application/json') assert response.status_code == 400 assert b'missing' in response.data def test_register_valid_data(test_client, init_database): """ Test POST '/api/user/register' Valid data """ response = test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json') assert response.status_code == 200 assert b'Successfully registered user' in response.data def test_register_user_exists_already(test_client, init_database): """ Test POST '/api/user/register' User exists already """ test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json') response = test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json') assert response.status_code == 500 assert b'Email already exist' in response.data def test_register_email_missing(test_client, init_database): """ Test POST '/api/user/register' Email missing """ response = test_client.post('/api/user/register', data=json.dumps(dict(password="password", username="user3")), content_type='application/json') assert response.status_code == 400 assert b'missing' in response.data def test_register_email_empty(test_client, init_database): """ Test POST '/api/user/register' Email empty """ response = test_client.post('/api/user/register', data=json.dumps(dict(password="password", username="user3", email="")), content_type='application/json') assert response.status_code == 400 assert b'Not a valid email address' in response.data def test_register_password_missing(test_client, init_database): """ Test POST '/api/user/register' Password missing """ response = test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", username="user3")), content_type='application/json') assert response.status_code == 400 assert b'missing' in response.data def test_register_password_empty(test_client, init_database): """ Test POST '/api/user/register' password empty """ response = test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", username="user3", password="")), content_type='application/json') assert response.status_code == 400 assert b'missing' in response.data def test_register_username_missing(test_client, init_database): """ Test POST '/api/user/register' Username missing """ response = test_client.post('/api/user/register', data=json.dumps(dict(password="password", email="user3@example.com")), content_type='application/json') assert response.status_code == 400 assert b'missing' in response.data def test_register_username_empty(test_client, init_database): """ Test POST '/api/user/register' Username empty """ response = test_client.post('/api/user/register', data=json.dumps(dict(password="password", username="", email="user3@example.com")), content_type='application/json') assert response.status_code == 400 assert b'missing' in response.data def test_delete_user_not_logged_in(test_client, init_database): """ Test DELETE '/api/user' User is not logged in """ test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json') response = test_client.delete('/api/user', data=json.dumps(dict(email="user3@example.com")), content_type='application/json') assert response.status_code == 401 assert b'Unauthorized' in response.data def test_delete_user_same_user_logged_in(test_client, init_database): """ Test DELETE '/api/user' User3 is logged in """ test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json') response = test_client.delete('/api/user', data=json.dumps(dict(email="user3@example.com")), content_type='application/json', headers={"Authorization": "Bearer {}".format(get_token(test_client, "user3@example.com", "password"))}) assert response.status_code == 200 assert b'Successfully removed user' in response.data def test_delete_user_different_user_logged_in_no_admin(test_client, init_database): """ Test DELETE '/api/user' Different user is logged in -> no admin """ test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json') response = test_client.delete('/api/user', data=json.dumps(dict(email="user3@example.com")), content_type='application/json', headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))}) assert response.status_code == 401 assert b'Only admin users can access this' in response.data def test_delete_user_different_user_logged_in_admin(test_client, init_database): """ Test DELETE '/api/user' Different user is logged in -> admin """ test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json') response = test_client.delete('/api/user', data=json.dumps(dict(email="user3@example.com")), content_type='application/json', headers={"Authorization": "Bearer {}".format(get_token(test_client, "admin1@example.com", "admin1"))}) assert response.status_code == 200 assert b'Successfully removed user' in response.data def test_delete_user_email_missing(test_client, init_database): """ Test DELETE '/api/user' Email missing """ test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json') response = test_client.delete('/api/user', data=json.dumps(dict()), content_type='application/json', headers={"Authorization": "Bearer {}".format(get_token(test_client, "user3@example.com", "password"))}) assert response.status_code == 400 assert b'missing' in response.data def test_delete_user_email_empty(test_client, init_database): """ Test DELETE '/api/user' Email empty """ test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json') response = test_client.delete('/api/user', data=json.dumps(dict(email="")), content_type='application/json', headers={"Authorization": "Bearer {}".format(get_token(test_client, "user3@example.com", "password"))}) assert response.status_code == 400 assert b'Not a valid email address' in response.data def test_get_current_user_user_not_logged_in(test_client, init_database): """ Test GET '/api/user' User is not logged in """ response = test_client.get('/api/user') assert response.status_code == 401 assert b'Unauthorized' in response.data def test_get_current_user_user1_logged_in(test_client, init_database): """ Test GET '/api/user' User1 is logged in """ response = test_client.get('/api/user', headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))}) assert response.status_code == 200 assert b'user1' in response.data assert b'user2' not in response.data def test_get_current_user_bot_logged_in_user_exists(test_client, init_database): """ Test GET '/api/user' Bot1 is logged in and requests user 12345678 """ response = test_client.get('/api/user', headers={"Authorization": "Bearer {}".format(get_token(test_client, "bot1@example.com", "bot1") + ":12345678")}) assert response.status_code == 200 assert b'user1' in response.data assert b'bot' not in response.data def test_get_current_user_bot_logged_in_user_not_exists(test_client, init_database): """ Test GET '/api/user' Bot1 is logged in and requests user 1234 (not existing) """ response = test_client.get('/api/user', headers={"Authorization": "Bearer {}".format(get_token(test_client, "bot1@example.com", "bot1") + ":1234")}) assert response.status_code == 401 assert b'Unable to login' in response.data def test_get_current_user_user1_logged_in_but_no_bot(test_client, init_database): """ Test GET '/api/user' User1 is logged in and requests user 1234 (not existing) Fails because user1 is not a bot """ response = test_client.get('/api/user', headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password") + ":12345678")}) assert response.status_code == 401 assert b'Unable to login' in response.data def test_get_current_user_invalid_token(test_client, init_database): """ Test GET '/api/user' Invalid Bearer token """ response = test_client.get('/api/user', headers={"Authorization": "Bearer {}".format("invalidtoken:12345678")}) assert response.status_code == 401 assert b'Unauthorized' in response.data def test_update_user_not_logged_in(test_client, init_database): """ Test PUT '/api/user' User is not logged in """ response = test_client.put('/api/user') assert response.status_code == 401 assert b'Unauthorized' in response.data def test_update_user1_logged_in_password_username(test_client, init_database): """ Test PUT '/api/user' User1 is logged in Change Username and Password """ test_client.put('/api/user', data=json.dumps(dict(username="user4", password="password")), headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))}, content_type='application/json') response = test_client.get('/api/user', headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))}, content_type='application/json') assert response.status_code == 200 assert b'user4' in response.data def test_update_user1_logged_in_password(test_client, init_database): """ Test PUT '/api/user' User1 is logged in Change Password """ response = test_client.put('/api/user', data=json.dumps(dict(password="password123")), headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))}) assert response.status_code == 200 assert b'Successfully updated user' in response.data def test_update_user1_logged_in_username(test_client, init_database): """ Test PUT '/api/user' User1 is logged in Change Username """ response = test_client.put('/api/user', data=json.dumps(dict(username="user1")), headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))}) assert response.status_code == 200 assert b'Successfully updated user' in response.data def test_set_admin_user_not_logged_in(test_client, init_database): """ Test PUT '/api/user/setAdmin' User is not logged in """ response = test_client.put('/api/user/setAdmin', data=json.dumps(dict(email="user1@example.com", admin=True)), content_type='application/json') assert response.status_code == 401 assert b'Unauthorized' in response.data def test_set_admin_user1_logged_in(test_client, init_database): """ Test PUT '/api/user/setAdmin' User1 is logged in (no admin) """ response = test_client.put('/api/user/setAdmin', data=json.dumps(dict(email="user1@example.com", admin=True)), headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))}, content_type='application/json') assert response.status_code == 401 assert b'Only admin users can access this' in response.data def test_set_admin_admin1_logged_in(test_client, init_database): """ Test PUT '/api/user/setAdmin' Admin1 is logged in (admin) """ response = test_client.put('/api/user/setAdmin', data=json.dumps(dict(email="user1@example.com", admin=True)), headers={"Authorization": "Bearer {}".format(get_token(test_client, "admin1@example.com", "admin1"))}, content_type='application/json') assert response.status_code == 200 assert b'Successfully updated users admin rights' in response.data def test_set_admin_admin1_logged_in_user_not_exist(test_client, init_database): """ Test PUT '/api/user/setAdmin' Admin1 is logged in (admin) notexistinguser@example.com does not exist """ response = test_client.put('/api/user/setAdmin', data=json.dumps(dict(email="notexistinguser@example.com", admin=True)), headers={"Authorization": "Bearer {}".format(get_token(test_client, "admin1@example.com", "admin1"))}, content_type='application/json') assert response.status_code == 500 assert b'Can\'t find user' in response.data def test_set_admin_admin1_logged_in_email_missing(test_client, init_database): """ Test PUT '/api/user/setAdmin' Admin1 is logged in (admin) email missing """ response = test_client.put('/api/user/setAdmin', data=json.dumps(dict(admin=True)), headers={"Authorization": "Bearer {}".format(get_token(test_client, "admin1@example.com", "admin1"))}, content_type='application/json') assert response.status_code == 400 assert b'missing' in response.data def test_set_admin_admin1_logged_in_email_empty(test_client, init_database): """ Test PUT '/api/user/setAdmin' Admin1 is logged in (admin) email missing """ response = test_client.put('/api/user/setAdmin', data=json.dumps(dict(email="", admin=True)), headers={"Authorization": "Bearer {}".format(get_token(test_client, "admin1@example.com", "admin1"))}, content_type='application/json') assert response.status_code == 400 assert b'Not a valid email address.' in response.data def test_set_admin_admin1_logged_in_admin_missing(test_client, init_database): """ Test PUT '/api/user/setAdmin' Admin1 is logged in (admin) admin data missing """ response = test_client.put('/api/user/setAdmin', data=json.dumps(dict(email="user1@example.com")), headers={"Authorization": "Bearer {}".format(get_token(test_client, "admin1@example.com", "admin1"))}, content_type='application/json') assert response.status_code == 400 assert b'missing' in response.data def test_set_admin_admin1_logged_in_admin_empty(test_client, init_database): """ Test PUT '/api/user/setAdmin' Admin1 is logged in (admin) admin data missing """ response = test_client.put('/api/user/setAdmin', data=json.dumps(dict(email="user1@example.com", admin=None)), headers={"Authorization": "Bearer {}".format(get_token(test_client, "admin1@example.com", "admin1"))}, content_type='application/json') assert response.status_code == 400 assert b'Field may not be null' in response.data def test_set_cron_user_not_logged_in(test_client, init_database): """ Test PUT '/api/user/setCron' User is not logged in """ response = test_client.put('/api/user/setCron') assert response.status_code == 401 assert b'Unauthorized' in response.data def test_set_cron_user1_logged_in(test_client, init_database): """ Test PUT '/api/user/setCron' User1 is logged in """ response = test_client.put('/api/user/setCron', data=json.dumps(dict(cron="* * * * *")), headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))}, content_type='application/json') assert response.status_code == 200 assert b'Successfully updated users cron' in response.data def test_set_empty_cron_user1_logged_in(test_client, init_database): """ Test PUT '/api/user/setCron' User1 is logged in Interval is empty """ response = test_client.put('/api/user/setCron', data=json.dumps(dict(cron="")), headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))}, content_type='application/json') assert response.status_code == 400 def test_set_cron_bot_logged_in_user_exists(test_client, init_database): """ Test PUT '/api/user/setCron' Bot1 is logged in and requests user 12345678 """ response = test_client.put('/api/user/setCron', data=json.dumps(dict(cron="* * * * *")), headers={"Authorization": "Bearer {}".format(get_token(test_client, "bot1@example.com", "bot1") + ":12345678")}, content_type='application/json') assert response.status_code == 200 assert b'Successfully updated users cron' in response.data def test_set_cron_bot_logged_in_user_not_exists(test_client, init_database): """ Test PUT '/api/user/setCron' Bot1 is logged in and requests user 1234 (not existing) """ response = test_client.put('/api/user/setCron', data=json.dumps(dict(cron="* * * * *")), headers={"Authorization": "Bearer {}".format(get_token(test_client, "bot1@example.com", "bot1") + ":1234")}, content_type='application/json') assert response.status_code == 401 assert b'Unable to login' in response.data def test_set_cron_user1_logged_in_but_no_bot(test_client, init_database): """ Test PUT '/api/user/setCron' User1 is logged in and requests user 1234 (not existing) Fails because user1 is not a bot """ response = test_client.put('/api/user/setCron', data=json.dumps(dict(cron="* * * * *")), headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password") + ":12345678")}, content_type='application/json') assert response.status_code == 401 assert b'Unable to login' in response.data def test_set_cron_invalid_token(test_client, init_database): """ Test PUT '/api/user/setCron' Invalid Bearer token """ response = test_client.put('/api/user/setCron', headers={"Authorization": "Bearer {}".format("invalidtoken:12345678")}) assert response.status_code == 401 assert b'Unauthorized' in response.data def test_get_users_not_logged_in(test_client, init_database): """ Test GET '/api/users' User is not logged in """ response = test_client.get('/api/users') assert response.status_code == 401 assert b'Unauthorized' in response.data def test_get_users_user1_logged_in(test_client, init_database): """ Test GET '/api/users' User1 is logged in (not admin) """ response = test_client.get('/api/users', headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))}, content_type='application/json') assert response.status_code == 401 assert b'Only admin users can access this' in response.data def test_get_users_admin1_logged_in(test_client, init_database): """ Test GET '/api/users' Admin1 is logged in (admin) """ response = test_client.get('/api/users', headers={"Authorization": "Bearer {}".format(get_token(test_client, "admin1@example.com", "admin1"))}, content_type='application/json') assert response.status_code == 200 assert b'Successfully received all users' in response.data