TelegramAktienBot/api/tests/functional/test_user.py

__author__ = "Florian Kaiser"
__copyright__ = "Copyright 2022, Project Aktienbot"
__credits__ = ["Florian Kaiser", "Florian Kellermann", "Linus Eickhof", "Kevin Pauer"]
__license__ = "GPL 3.0"
__version__ = "1.0.0"

"""
This file (test_user.py) contains the functional tests for the `users` blueprint.
"""
import json

from tests.functional.helper_functions import get_token


def test_login_with_valid_data(test_client, init_database):
    """
    Test POST '/api/user/login'

    Valid data
    """
    response = test_client.post('/api/user/login', data=json.dumps(dict(email="user1@example.com", password="password")), content_type='application/json')
    assert response.status_code == 200
    assert b'Successfully logged in' in response.data


def test_login_with_wrong_password(test_client, init_database):
    """
    Test POST '/api/user/login'

    Wrong password
    """
    response = test_client.post('/api/user/login', data=json.dumps(dict(email="user2@example.com", password="password2")), content_type='application/json')
    assert response.status_code == 500
    assert b'Unable to login' in response.data


def test_login_user_not_exist(test_client, init_database):
    """
    Test POST '/api/user/login'

    User doesn't exist
    """
    response = test_client.post('/api/user/login', data=json.dumps(dict(email="notexistinguser@example.com", password="password")), content_type='application/json')
    assert response.status_code == 500
    assert b'Can\'t find user' in response.data


def test_login_email_missing(test_client, init_database):
    """
    Test POST '/api/user/login'

    Email missing
    """
    response = test_client.post('/api/user/login', data=json.dumps(dict(password="password")), content_type='application/json')
    assert response.status_code == 400
    assert b'missing' in response.data


def test_login_password_missing(test_client, init_database):
    """
    Test POST '/api/user/login'

    Password missing
    """
    response = test_client.post('/api/user/login', data=json.dumps(dict(email="user1@example.com")), content_type='application/json')
    assert response.status_code == 400
    assert b'missing' in response.data


def test_register_valid_data(test_client, init_database):
    """
    Test POST '/api/user/register'

    Valid data
    """
    response = test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json')
    assert response.status_code == 200
    assert b'Successfully registered user' in response.data


def test_register_user_exists_already(test_client, init_database):
    """
    Test POST '/api/user/register'

    User exists already
    """
    test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json')
    response = test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json')
    assert response.status_code == 500
    assert b'Email already exist' in response.data


def test_register_email_missing(test_client, init_database):
    """
    Test POST '/api/user/register'

    Email missing
    """
    response = test_client.post('/api/user/register', data=json.dumps(dict(password="password", username="user3")), content_type='application/json')
    assert response.status_code == 400
    assert b'missing' in response.data


def test_register_email_empty(test_client, init_database):
    """
    Test POST '/api/user/register'

    Email empty
    """
    response = test_client.post('/api/user/register', data=json.dumps(dict(password="password", username="user3", email="")), content_type='application/json')
    assert response.status_code == 400
    assert b'Not a valid email address' in response.data


def test_register_password_missing(test_client, init_database):
    """
    Test POST '/api/user/register'

    Password missing
    """
    response = test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", username="user3")), content_type='application/json')
    assert response.status_code == 400
    assert b'missing' in response.data


def test_register_password_empty(test_client, init_database):
    """
    Test POST '/api/user/register'

    password empty
    """
    response = test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", username="user3", password="")), content_type='application/json')
    assert response.status_code == 400
    assert b'missing' in response.data


def test_register_username_missing(test_client, init_database):
    """
    Test POST '/api/user/register'

    Username missing
    """
    response = test_client.post('/api/user/register', data=json.dumps(dict(password="password", email="user3@example.com")), content_type='application/json')
    assert response.status_code == 400
    assert b'missing' in response.data


def test_register_username_empty(test_client, init_database):
    """
    Test POST '/api/user/register'

    Username empty
    """
    response = test_client.post('/api/user/register', data=json.dumps(dict(password="password", username="", email="user3@example.com")), content_type='application/json')
    assert response.status_code == 400
    assert b'missing' in response.data


def test_delete_user_not_logged_in(test_client, init_database):
    """
    Test DELETE '/api/user'

    User is not logged in
    """
    test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json')
    response = test_client.delete('/api/user', data=json.dumps(dict(email="user3@example.com")), content_type='application/json')
    assert response.status_code == 401
    assert b'Unauthorized' in response.data


def test_delete_user_same_user_logged_in(test_client, init_database):
    """
    Test DELETE '/api/user'

    User3 is logged in
    """
    test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json')
    response = test_client.delete('/api/user',
                                  data=json.dumps(dict(email="user3@example.com")),
                                  content_type='application/json',
                                  headers={"Authorization": "Bearer {}".format(get_token(test_client, "user3@example.com", "password"))})
    assert response.status_code == 200
    assert b'Successfully removed user' in response.data


def test_delete_user_different_user_logged_in_no_admin(test_client, init_database):
    """
    Test DELETE '/api/user'

    Different user is logged in -> no admin
    """
    test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json')
    response = test_client.delete('/api/user',
                                  data=json.dumps(dict(email="user3@example.com")),
                                  content_type='application/json',
                                  headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))})
    assert response.status_code == 401
    assert b'Only admin users can access this' in response.data


def test_delete_user_different_user_logged_in_admin(test_client, init_database):
    """
    Test DELETE '/api/user'

    Different user is logged in -> admin
    """
    test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json')
    response = test_client.delete('/api/user',
                                  data=json.dumps(dict(email="user3@example.com")),
                                  content_type='application/json',
                                  headers={"Authorization": "Bearer {}".format(get_token(test_client, "admin1@example.com", "admin1"))})
    assert response.status_code == 200
    assert b'Successfully removed user' in response.data


def test_delete_user_email_missing(test_client, init_database):
    """
    Test DELETE '/api/user'

    Email missing
    """
    test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json')
    response = test_client.delete('/api/user',
                                  data=json.dumps(dict()),
                                  content_type='application/json',
                                  headers={"Authorization": "Bearer {}".format(get_token(test_client, "user3@example.com", "password"))})
    assert response.status_code == 400
    assert b'missing' in response.data


def test_delete_user_email_empty(test_client, init_database):
    """
    Test DELETE '/api/user'

    Email empty
    """
    test_client.post('/api/user/register', data=json.dumps(dict(email="user3@example.com", password="password", username="user3")), content_type='application/json')
    response = test_client.delete('/api/user',
                                  data=json.dumps(dict(email="")),
                                  content_type='application/json',
                                  headers={"Authorization": "Bearer {}".format(get_token(test_client, "user3@example.com", "password"))})
    assert response.status_code == 400
    assert b'Not a valid email address' in response.data


def test_get_current_user_user_not_logged_in(test_client, init_database):
    """
    Test GET '/api/user'

    User is not logged in
    """
    response = test_client.get('/api/user')
    assert response.status_code == 401
    assert b'Unauthorized' in response.data


def test_get_current_user_user1_logged_in(test_client, init_database):
    """
    Test GET '/api/user'

    User1 is logged in
    """
    response = test_client.get('/api/user', headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))})
    assert response.status_code == 200
    assert b'user1' in response.data
    assert b'user2' not in response.data


def test_get_current_user_bot_logged_in_user_exists(test_client, init_database):
    """
    Test GET '/api/user'

    Bot1 is logged in and requests user 12345678
    """
    response = test_client.get('/api/user', headers={"Authorization": "Bearer {}".format(get_token(test_client, "bot1@example.com", "bot1") + ":12345678")})
    assert response.status_code == 200
    assert b'user1' in response.data
    assert b'bot' not in response.data


def test_get_current_user_bot_logged_in_user_not_exists(test_client, init_database):
    """
    Test GET '/api/user'

    Bot1 is logged in and requests user 1234 (not existing)
    """
    response = test_client.get('/api/user', headers={"Authorization": "Bearer {}".format(get_token(test_client, "bot1@example.com", "bot1") + ":1234")})
    assert response.status_code == 401
    assert b'Unable to login' in response.data


def test_get_current_user_user1_logged_in_but_no_bot(test_client, init_database):
    """
    Test GET '/api/user'

    User1 is logged in and requests user 1234 (not existing)
    Fails because user1 is not a bot
    """
    response = test_client.get('/api/user', headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password") + ":12345678")})
    assert response.status_code == 401
    assert b'Unable to login' in response.data


def test_get_current_user_invalid_token(test_client, init_database):
    """
    Test GET '/api/user'

    Invalid Bearer token
    """
    response = test_client.get('/api/user', headers={"Authorization": "Bearer {}".format("invalidtoken:12345678")})
    assert response.status_code == 401
    assert b'Unauthorized' in response.data


def test_update_user_not_logged_in(test_client, init_database):
    """
    Test PUT '/api/user'

    User is not logged in
    """
    response = test_client.put('/api/user')
    assert response.status_code == 401
    assert b'Unauthorized' in response.data


def test_update_user1_logged_in_password_username(test_client, init_database):
    """
    Test PUT '/api/user'

    User1 is logged in
    Change Username and Password
    """
    test_client.put('/api/user', data=json.dumps(dict(username="user4", password="password")),
                    headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))},
                    content_type='application/json')
    response = test_client.get('/api/user',
                               headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))},
                               content_type='application/json')
    assert response.status_code == 200
    assert b'user4' in response.data


def test_update_user1_logged_in_password(test_client, init_database):
    """
    Test PUT '/api/user'

    User1 is logged in
    Change Password
    """
    response = test_client.put('/api/user', data=json.dumps(dict(password="password123")),
                               headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))})
    assert response.status_code == 200
    assert b'Successfully updated user' in response.data


def test_update_user1_logged_in_username(test_client, init_database):
    """
    Test PUT '/api/user'

    User1 is logged in
    Change Username
    """
    response = test_client.put('/api/user', data=json.dumps(dict(username="user1")),
                               headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))})
    assert response.status_code == 200
    assert b'Successfully updated user' in response.data


def test_set_admin_user_not_logged_in(test_client, init_database):
    """
    Test PUT '/api/user/setAdmin'

    User is not logged in
    """
    response = test_client.put('/api/user/setAdmin', data=json.dumps(dict(email="user1@example.com", admin=True)), content_type='application/json')
    assert response.status_code == 401
    assert b'Unauthorized' in response.data


def test_set_admin_user1_logged_in(test_client, init_database):
    """
    Test PUT '/api/user/setAdmin'

    User1 is logged in (no admin)
    """
    response = test_client.put('/api/user/setAdmin', data=json.dumps(dict(email="user1@example.com", admin=True)),
                               headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))},
                               content_type='application/json')
    assert response.status_code == 401
    assert b'Only admin users can access this' in response.data


def test_set_admin_admin1_logged_in(test_client, init_database):
    """
    Test PUT '/api/user/setAdmin'

    Admin1 is logged in (admin)
    """
    response = test_client.put('/api/user/setAdmin', data=json.dumps(dict(email="user1@example.com", admin=True)),
                               headers={"Authorization": "Bearer {}".format(get_token(test_client, "admin1@example.com", "admin1"))},
                               content_type='application/json')
    assert response.status_code == 200
    assert b'Successfully updated users admin rights' in response.data


def test_set_admin_admin1_logged_in_user_not_exist(test_client, init_database):
    """
    Test PUT '/api/user/setAdmin'

    Admin1 is logged in (admin)
    notexistinguser@example.com does not exist
    """
    response = test_client.put('/api/user/setAdmin', data=json.dumps(dict(email="notexistinguser@example.com", admin=True)),
                               headers={"Authorization": "Bearer {}".format(get_token(test_client, "admin1@example.com", "admin1"))},
                               content_type='application/json')
    assert response.status_code == 500
    assert b'Can\'t find user' in response.data


def test_set_admin_admin1_logged_in_email_missing(test_client, init_database):
    """
    Test PUT '/api/user/setAdmin'

    Admin1 is logged in (admin)
    email missing
    """
    response = test_client.put('/api/user/setAdmin', data=json.dumps(dict(admin=True)),
                               headers={"Authorization": "Bearer {}".format(get_token(test_client, "admin1@example.com", "admin1"))},
                               content_type='application/json')
    assert response.status_code == 400
    assert b'missing' in response.data


def test_set_admin_admin1_logged_in_email_empty(test_client, init_database):
    """
    Test PUT '/api/user/setAdmin'

    Admin1 is logged in (admin)
    email missing
    """
    response = test_client.put('/api/user/setAdmin', data=json.dumps(dict(email="", admin=True)),
                               headers={"Authorization": "Bearer {}".format(get_token(test_client, "admin1@example.com", "admin1"))},
                               content_type='application/json')
    assert response.status_code == 400
    assert b'Not a valid email address.' in response.data


def test_set_admin_admin1_logged_in_admin_missing(test_client, init_database):
    """
    Test PUT '/api/user/setAdmin'

    Admin1 is logged in (admin)
    admin data missing
    """
    response = test_client.put('/api/user/setAdmin', data=json.dumps(dict(email="user1@example.com")),
                               headers={"Authorization": "Bearer {}".format(get_token(test_client, "admin1@example.com", "admin1"))},
                               content_type='application/json')
    assert response.status_code == 400
    assert b'missing' in response.data


def test_set_admin_admin1_logged_in_admin_empty(test_client, init_database):
    """
    Test PUT '/api/user/setAdmin'

    Admin1 is logged in (admin)
    admin data missing
    """
    response = test_client.put('/api/user/setAdmin', data=json.dumps(dict(email="user1@example.com", admin=None)),
                               headers={"Authorization": "Bearer {}".format(get_token(test_client, "admin1@example.com", "admin1"))},
                               content_type='application/json')
    assert response.status_code == 400
    assert b'Field may not be null' in response.data


def test_set_cron_user_not_logged_in(test_client, init_database):
    """
    Test PUT '/api/user/setCron'

    User is not logged in
    """
    response = test_client.put('/api/user/setCron')
    assert response.status_code == 401
    assert b'Unauthorized' in response.data


def test_set_cron_user1_logged_in(test_client, init_database):
    """
    Test PUT '/api/user/setCron'

    User1 is logged in
    """
    response = test_client.put('/api/user/setCron', data=json.dumps(dict(cron="* * * * *")),
                               headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))},
                               content_type='application/json')
    assert response.status_code == 200
    assert b'Successfully updated users cron' in response.data


def test_set_empty_cron_user1_logged_in(test_client, init_database):
    """
    Test PUT '/api/user/setCron'

    User1 is logged in
    Interval is empty
    """
    response = test_client.put('/api/user/setCron', data=json.dumps(dict(cron="")),
                               headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))},
                               content_type='application/json')
    assert response.status_code == 400


def test_set_cron_bot_logged_in_user_exists(test_client, init_database):
    """
    Test PUT '/api/user/setCron'

    Bot1 is logged in and requests user 12345678
    """
    response = test_client.put('/api/user/setCron', data=json.dumps(dict(cron="* * * * *")),
                               headers={"Authorization": "Bearer {}".format(get_token(test_client, "bot1@example.com", "bot1") + ":12345678")},
                               content_type='application/json')
    assert response.status_code == 200
    assert b'Successfully updated users cron' in response.data


def test_set_cron_bot_logged_in_user_not_exists(test_client, init_database):
    """
    Test PUT '/api/user/setCron'

    Bot1 is logged in and requests user 1234 (not existing)
    """
    response = test_client.put('/api/user/setCron', data=json.dumps(dict(cron="* * * * *")),
                               headers={"Authorization": "Bearer {}".format(get_token(test_client, "bot1@example.com", "bot1") + ":1234")},
                               content_type='application/json')
    assert response.status_code == 401
    assert b'Unable to login' in response.data


def test_set_cron_user1_logged_in_but_no_bot(test_client, init_database):
    """
    Test PUT '/api/user/setCron'

    User1 is logged in and requests user 1234 (not existing)
    Fails because user1 is not a bot
    """
    response = test_client.put('/api/user/setCron', data=json.dumps(dict(cron="* * * * *")),
                               headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password") + ":12345678")},
                               content_type='application/json')
    assert response.status_code == 401
    assert b'Unable to login' in response.data


def test_set_cron_invalid_token(test_client, init_database):
    """
    Test PUT '/api/user/setCron'

    Invalid Bearer token
    """
    response = test_client.put('/api/user/setCron', headers={"Authorization": "Bearer {}".format("invalidtoken:12345678")})
    assert response.status_code == 401
    assert b'Unauthorized' in response.data


def test_get_users_not_logged_in(test_client, init_database):
    """
    Test GET '/api/users'

    User is not logged in
    """
    response = test_client.get('/api/users')
    assert response.status_code == 401
    assert b'Unauthorized' in response.data


def test_get_users_user1_logged_in(test_client, init_database):
    """
    Test GET '/api/users'

    User1 is logged in (not admin)
    """
    response = test_client.get('/api/users',
                               headers={"Authorization": "Bearer {}".format(get_token(test_client, "user1@example.com", "password"))},
                               content_type='application/json')

    assert response.status_code == 401
    assert b'Only admin users can access this' in response.data


def test_get_users_admin1_logged_in(test_client, init_database):
    """
    Test GET '/api/users'

    Admin1 is logged in (admin)
    """
    response = test_client.get('/api/users',
                               headers={"Authorization": "Bearer {}".format(get_token(test_client, "admin1@example.com", "admin1"))},
                               content_type='application/json')
    assert response.status_code == 200
    assert b'Successfully received all users' in response.data