__author__ = "Florian Kaiser"
__copyright__ = "Copyright 2022, Project Aktienbot"
__credits__ = ["Florian Kaiser", "Florian Kellermann", "Linus Eickhof", "Kevin Pauer"]
__license__ = "GPL 3.0"
__version__ = "1.0.0"
"""
This file (test_user.py) contains the functional tests for the `users` blueprint.
"""
import json
from tests.functional.helper_functions import get_token
def test_login_with_valid_data(test_client, init_database):
"""
Test POST '/api/user/login'
Valid data
"""
response = test_client.post('/api/user/login', data=json.dumps(dict(email="user1@example.com", password="password")), content_type='application/json')
assert response.status_code == 200
assert b'Successfully logged in' in response.data
def test_login_with_wrong_password(test_client, init_database):
"""
Test POST '/api/user/login'
Wrong password
"""
response = test_client.post('/api/user/login', data=json.dumps(dict(email="user2@example.com", password="password2")), content_type='application/json')
assert response.status_code == 500
assert b'Unable to login' in response.data
def test_login_user_not_exist(test_client, init_database):
"""
Test POST '/api/user/login'
User doesn't exist
"""
response = test_client.post('/api/user/login', data=json.dumps(dict(email="notexistinguser@example.com", password="password")), content_type='application/json')
assert response.status_code == 500
assert b'Can\'t find user' in response.data
def test_login_email_missing(test_client, init_database):
"""
Test POST '/api/user/login'
Email missing
"""
response = test_client.post('/api/user/login', data=json.dumps(dict(password="password")), content_type='application/json')
assert response.status_code == 400
assert b'missing' in response.data
def test_login_password_missing(test_client, init_database):
"""
Test POST '/api/user/login'
Password missing
"""
response = test_client.post('/api/user/login', data=json.dumps(dict(email="user1@example.com")), content_type='application/json')
assert response.status_code == 400
assert b'missing' in response.data
def test_register_valid_data(test_client, init_database):
"""
Test POST '/api/user/register'
Valid data
"""
response = test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json')
assert response.status_code == 200
assert b'Successfully registered user' in response.data
def test_register_user_exists_already(test_client, init_database):
"""
Test POST '/api/user/register'
User exists already
"""
test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json')
response = test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json')
assert response.status_code == 500
assert b'Email already exist' in response.data
def test_register_email_missing(test_client, init_database):
"""
Test POST '/api/user/register'
Email missing
"""
response = test_client.post('/api/user/register', data=json.dumps(dict(password="password", username="user3")), content_type='application/json')
assert response.status_code == 400
assert b'missing' in response.data
def test_register_email_empty(test_client, init_database):
"""
Test POST '/api/user/register'
Email empty
"""
response = test_client.post('/api/user/register', data=json.dumps(dict(password="password", username="user3", email="")), content_type='application/json')
assert response.status_code == 400
assert b'Not a valid email address' in response.data
def test_register_password_missing(test_client, init_database):
"""
Test POST '/api/user/register'
Password missing
"""
response = test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", username="user3")), content_type='application/json')
assert response.status_code == 400
assert b'missing' in response.data
def test_register_password_empty(test_client, init_database):
"""
Test POST '/api/user/register'
password empty
"""
response = test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", username="user3", password="")), content_type='application/json')
assert response.status_code == 400
assert b'missing' in response.data
def test_register_username_missing(test_client, init_database):
"""
Test POST '/api/user/register'
Username missing
"""
response = test_client.post('/api/user/register', data=json.dumps(dict(password="password", email="user3@example.com")), content_type='application/json')
assert response.status_code == 400
assert b'missing' in response.data
def test_register_username_empty(test_client, init_database):
"""
Test POST '/api/user/register'
Username empty
"""
response = test_client.post('/api/user/register', data=json.dumps(dict(password="password", username="", email="user3@example.com")), content_type='application/json')
assert response.status_code == 400
assert b'missing' in response.data
def test_delete_user_not_logged_in(test_client, init_database):
"""
Test DELETE '/api/user'
User is not logged in
"""
test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json')
response = test_client.delete('/api/user', data=json.dumps(dict(email="user3@example.com")), content_type='application/json')
assert response.status_code == 401
assert b'Unauthorized' in response.data
def test_delete_user_same_user_logged_in(test_client, init_database):
"""
Test DELETE '/api/user'
User3 is logged in
"""
test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json')
response = test_client.delete('/api/user',
data=json.dumps(dict(email="user3@example.com")),
content_type='application/json',
headers={"Authorization": "Bearer {}".format(get_token(test_client, "user3@example.com", "password"))})
assert response.status_code == 200
assert b'Successfully removed user' in response.data
def test_delete_user_different_user_logged_in_no_admin(test_client, init_database):
"""
Test DELETE '/api/user'
Different user is logged in -> no admin
"""
test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json')
response = test_client.delete('/api/user',
data=json.dumps(dict(email="user3@example.com")),
content_type='application/json',
headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))})
assert response.status_code == 401
assert b'Only admin users can access this' in response.data
def test_delete_user_different_user_logged_in_admin(test_client, init_database):
"""
Test DELETE '/api/user'
Different user is logged in -> admin
"""
test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json')
response = test_client.delete('/api/user',
data=json.dumps(dict(email="user3@example.com")),
content_type='application/json',
headers={"Authorization": "Bearer {}".format(get_token(test_client, "admin1@example.com", "admin1"))})
assert response.status_code == 200
assert b'Successfully removed user' in response.data
def test_delete_user_email_missing(test_client, init_database):
"""
Test DELETE '/api/user'
Email missing
"""
test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json')
response = test_client.delete('/api/user',
data=json.dumps(dict()),
content_type='application/json',
headers={"Authorization": "Bearer {}".format(get_token(test_client, "user3@example.com", "password"))})
assert response.status_code == 400
assert b'missing' in response.data
def test_delete_user_email_empty(test_client, init_database):
"""
Test DELETE '/api/user'
Email empty
"""
test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json')
response = test_client.delete('/api/user',
data=json.dumps(dict(email="")),
content_type='application/json',
headers={"Authorization": "Bearer {}".format(get_token(test_client, "user3@example.com", "password"))})
assert response.status_code == 400
assert b'Not a valid email address' in response.data
def test_get_current_user_user_not_logged_in(test_client, init_database):
"""
Test GET '/api/user'
User is not logged in
"""
response = test_client.get('/api/user')
assert response.status_code == 401
assert b'Unauthorized' in response.data
def test_get_current_user_user1_logged_in(test_client, init_database):
"""
Test GET '/api/user'
User1 is logged in
"""
response = test_client.get('/api/user', headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))})
assert response.status_code == 200
assert b'user1' in response.data
assert b'user2' not in response.data
def test_get_current_user_bot_logged_in_user_exists(test_client, init_database):
"""
Test GET '/api/user'
Bot1 is logged in and requests user 12345678
"""
response = test_client.get('/api/user', headers={"Authorization": "Bearer {}".format(get_token(test_client, "bot1@example.com", "bot1") + ":12345678")})
assert response.status_code == 200
assert b'user1' in response.data
assert b'bot' not in response.data
def test_get_current_user_bot_logged_in_user_not_exists(test_client, init_database):
"""
Test GET '/api/user'
Bot1 is logged in and requests user 1234 (not existing)
"""
response = test_client.get('/api/user', headers={"Authorization": "Bearer {}".format(get_token(test_client, "bot1@example.com", "bot1") + ":1234")})
assert response.status_code == 401
assert b'Unable to login' in response.data
def test_get_current_user_user1_logged_in_but_no_bot(test_client, init_database):
"""
Test GET '/api/user'
User1 is logged in and requests user 1234 (not existing)
Fails because user1 is not a bot
"""
response = test_client.get('/api/user', headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password") + ":12345678")})
assert response.status_code == 401
assert b'Unable to login' in response.data
def test_get_current_user_invalid_token(test_client, init_database):
"""
Test GET '/api/user'
Invalid Bearer token
"""
response = test_client.get('/api/user', headers={"Authorization": "Bearer {}".format("invalidtoken:12345678")})
assert response.status_code == 401
assert b'Unauthorized' in response.data
def test_update_user_not_logged_in(test_client, init_database):
"""
Test PUT '/api/user'
User is not logged in
"""
response = test_client.put('/api/user')
assert response.status_code == 401
assert b'Unauthorized' in response.data
def test_update_user1_logged_in_password_username(test_client, init_database):
"""
Test PUT '/api/user'
User1 is logged in
Change Username and Password
"""
test_client.put('/api/user', data=json.dumps(dict(username="user4", password="password")),
headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))},
content_type='application/json')
response = test_client.get('/api/user',
headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))},
content_type='application/json')
assert response.status_code == 200
assert b'user4' in response.data
def test_update_user1_logged_in_password(test_client, init_database):
"""
Test PUT '/api/user'
User1 is logged in
Change Password
"""
response = test_client.put('/api/user', data=json.dumps(dict(password="password123")),
headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))})
assert response.status_code == 200
assert b'Successfully updated user' in response.data
def test_update_user1_logged_in_username(test_client, init_database):
"""
Test PUT '/api/user'
User1 is logged in
Change Username
"""
response = test_client.put('/api/user', data=json.dumps(dict(username="user1")),
headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))})
assert response.status_code == 200
assert b'Successfully updated user' in response.data
def test_set_admin_user_not_logged_in(test_client, init_database):
"""
Test PUT '/api/user/setAdmin'
User is not logged in
"""
response = test_client.put('/api/user/setAdmin', data=json.dumps(dict(email="user1@example.com", admin=True)), content_type='application/json')
assert response.status_code == 401
assert b'Unauthorized' in response.data
def test_set_admin_user1_logged_in(test_client, init_database):
"""
Test PUT '/api/user/setAdmin'
User1 is logged in (no admin)
"""
response = test_client.put('/api/user/setAdmin', data=json.dumps(dict(email="user1@example.com", admin=True)),
headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))},
content_type='application/json')
assert response.status_code == 401
assert b'Only admin users can access this' in response.data
def test_set_admin_admin1_logged_in(test_client, init_database):
"""
Test PUT '/api/user/setAdmin'
Admin1 is logged in (admin)
"""
response = test_client.put('/api/user/setAdmin', data=json.dumps(dict(email="user1@example.com", admin=True)),
headers={"Authorization": "Bearer {}".format(get_token(test_client, "admin1@example.com", "admin1"))},
content_type='application/json')
assert response.status_code == 200
assert b'Successfully updated users admin rights' in response.data
def test_set_admin_admin1_logged_in_user_not_exist(test_client, init_database):
"""
Test PUT '/api/user/setAdmin'
Admin1 is logged in (admin)
notexistinguser@example.com does not exist
"""
response = test_client.put('/api/user/setAdmin', data=json.dumps(dict(email="notexistinguser@example.com", admin=True)),
headers={"Authorization": "Bearer {}".format(get_token(test_client, "admin1@example.com", "admin1"))},
content_type='application/json')
assert response.status_code == 500
assert b'Can\'t find user' in response.data
def test_set_admin_admin1_logged_in_email_missing(test_client, init_database):
"""
Test PUT '/api/user/setAdmin'
Admin1 is logged in (admin)
email missing
"""
response = test_client.put('/api/user/setAdmin', data=json.dumps(dict(admin=True)),
headers={"Authorization": "Bearer {}".format(get_token(test_client, "admin1@example.com", "admin1"))},
content_type='application/json')
assert response.status_code == 400
assert b'missing' in response.data
def test_set_admin_admin1_logged_in_email_empty(test_client, init_database):
"""
Test PUT '/api/user/setAdmin'
Admin1 is logged in (admin)
email missing
"""
response = test_client.put('/api/user/setAdmin', data=json.dumps(dict(email="", admin=True)),
headers={"Authorization": "Bearer {}".format(get_token(test_client, "admin1@example.com", "admin1"))},
content_type='application/json')
assert response.status_code == 400
assert b'Not a valid email address.' in response.data
def test_set_admin_admin1_logged_in_admin_missing(test_client, init_database):
"""
Test PUT '/api/user/setAdmin'
Admin1 is logged in (admin)
admin data missing
"""
response = test_client.put('/api/user/setAdmin', data=json.dumps(dict(email="user1@example.com")),
headers={"Authorization": "Bearer {}".format(get_token(test_client, "admin1@example.com", "admin1"))},
content_type='application/json')
assert response.status_code == 400
assert b'missing' in response.data
def test_set_admin_admin1_logged_in_admin_empty(test_client, init_database):
"""
Test PUT '/api/user/setAdmin'
Admin1 is logged in (admin)
admin data missing
"""
response = test_client.put('/api/user/setAdmin', data=json.dumps(dict(email="user1@example.com", admin=None)),
headers={"Authorization": "Bearer {}".format(get_token(test_client, "admin1@example.com", "admin1"))},
content_type='application/json')
assert response.status_code == 400
assert b'Field may not be null' in response.data
def test_set_cron_user_not_logged_in(test_client, init_database):
"""
Test PUT '/api/user/setCron'
User is not logged in
"""
response = test_client.put('/api/user/setCron')
assert response.status_code == 401
assert b'Unauthorized' in response.data
def test_set_cron_user1_logged_in(test_client, init_database):
"""
Test PUT '/api/user/setCron'
User1 is logged in
"""
response = test_client.put('/api/user/setCron', data=json.dumps(dict(cron="* * * * *")),
headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))},
content_type='application/json')
assert response.status_code == 200
assert b'Successfully updated users cron' in response.data
def test_set_empty_cron_user1_logged_in(test_client, init_database):
"""
Test PUT '/api/user/setCron'
User1 is logged in
Interval is empty
"""
response = test_client.put('/api/user/setCron', data=json.dumps(dict(cron="")),
headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))},
content_type='application/json')
assert response.status_code == 400
def test_set_cron_bot_logged_in_user_exists(test_client, init_database):
"""
Test PUT '/api/user/setCron'
Bot1 is logged in and requests user 12345678
"""
response = test_client.put('/api/user/setCron', data=json.dumps(dict(cron="* * * * *")),
headers={"Authorization": "Bearer {}".format(get_token(test_client, "bot1@example.com", "bot1") + ":12345678")},
content_type='application/json')
assert response.status_code == 200
assert b'Successfully updated users cron' in response.data
def test_set_cron_bot_logged_in_user_not_exists(test_client, init_database):
"""
Test PUT '/api/user/setCron'
Bot1 is logged in and requests user 1234 (not existing)
"""
response = test_client.put('/api/user/setCron', data=json.dumps(dict(cron="* * * * *")),
headers={"Authorization": "Bearer {}".format(get_token(test_client, "bot1@example.com", "bot1") + ":1234")},
content_type='application/json')
assert response.status_code == 401
assert b'Unable to login' in response.data
def test_set_cron_user1_logged_in_but_no_bot(test_client, init_database):
"""
Test PUT '/api/user/setCron'
User1 is logged in and requests user 1234 (not existing)
Fails because user1 is not a bot
"""
response = test_client.put('/api/user/setCron', data=json.dumps(dict(cron="* * * * *")),
headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password") + ":12345678")},
content_type='application/json')
assert response.status_code == 401
assert b'Unable to login' in response.data
def test_set_cron_invalid_token(test_client, init_database):
"""
Test PUT '/api/user/setCron'
Invalid Bearer token
"""
response = test_client.put('/api/user/setCron', headers={"Authorization": "Bearer {}".format("invalidtoken:12345678")})
assert response.status_code == 401
assert b'Unauthorized' in response.data
def test_get_users_not_logged_in(test_client, init_database):
"""
Test GET '/api/users'
User is not logged in
"""
response = test_client.get('/api/users')
assert response.status_code == 401
assert b'Unauthorized' in response.data
def test_get_users_user1_logged_in(test_client, init_database):
"""
Test GET '/api/users'
User1 is logged in (not admin)
"""
response = test_client.get('/api/users',
headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))},
content_type='application/json')
assert response.status_code == 401
assert b'Only admin users can access this' in response.data
def test_get_users_admin1_logged_in(test_client, init_database):
"""
Test GET '/api/users'
Admin1 is logged in (admin)
"""
response = test_client.get('/api/users',
headers={"Authorization": "Bearer {}".format(get_token(test_client, "admin1@example.com", "admin1"))},
content_type='application/json')
assert response.status_code == 200
assert b'Successfully received all users' in response.data