pikram/tasker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactored code dedicated to user login in tests

Browse Source
This commit is contained in:
Marcin-Ramotowski 2025-04-01 21:27:54 +00:00
parent 7f9c7cd27f
commit 40b1193efd
2 changed files with 23 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
api/tests/conftest.py
View File

@ -1,6 +1,7 @@
import pytest
from app import create_app
from datetime import datetime
from flask_jwt_extended import create_access_token
from models import db, User, Task
from werkzeug.security import generate_password_hash
@ -48,3 +49,9 @@ def new_task(test_user):
db.session.add(task)
db.session.commit()
return task
def login_test_user(identity):
"""Return Bearer auth header for user identified by provided id"""
access_token = create_access_token(identity=str(identity))
auth_header = {"Authorization": f"Bearer {access_token}"}
return auth_header

61
api/tests/test_users.py
View File

@ -1,7 +1,5 @@
from conftest import login_test_user
import json
from models import User, db
from flask_jwt_extended import create_access_token
from werkzeug.security import generate_password_hash
def test_create_user(test_client, test_user, test_admin):
"""New user registration test"""
@ -19,14 +17,12 @@ def test_create_user(test_client, test_user, test_admin):
assert response.status_code == 401 # Anonymous cannot create admin users
# Login common user and try to create admin user
access_token = create_access_token(identity=str(test_user.id))
headers = {"Authorization": f"Bearer {access_token}"}
headers = login_test_user(test_user.id)
response = test_client.post("/users", data=json.dumps(admin_user_data), content_type="application/json", headers=headers)
assert response.status_code == 403 # Common user cannot create admin users
# Try to create admin user using admin account
access_token = create_access_token(identity=str(test_admin.id))
headers = {"Authorization": f"Bearer {access_token}"}
headers = login_test_user(test_admin.id)
response = test_client.post("/users", data=json.dumps(admin_user_data), content_type="application/json", headers=headers)
assert response.status_code == 201 # Logged administrators can create new admin users
@ -37,11 +33,9 @@ def test_edit_user(test_client, test_user, test_admin):
response = test_client.patch(f"/users/{test_admin.id}", data=json.dumps({"username": admin_data["username"], "password": "adminpass"}))
assert response.status_code == 401
# Login users
admin_access_token = create_access_token(identity=str(test_admin.id))
admin_headers = {"Authorization": f"Bearer {admin_access_token}", "Content-Type": "application/json"}
user_access_token = create_access_token(identity=str(test_user.id))
user_headers = {"Authorization": f"Bearer {user_access_token}", "Content-Type": "application/json"}
# Login users (get dict with auth header and merge it with dict with rest of headers)
admin_headers = login_test_user(test_admin.id) | {"Content-Type": "application/json"}
user_headers = login_test_user(test_user.id) | {"Content-Type": "application/json"}
# Check if PUT request contains all editable fields
response = test_client.put(f"/users/{test_user.id}", data=json.dumps({"username": test_user.username, "password": "testpass"}), headers=user_headers)
@ -59,22 +53,15 @@ def test_edit_user(test_client, test_user, test_admin):
response = test_client.patch(f"/users/{test_user.id}", data=json.dumps({"username": test_user.username, "password": "testpass"}), headers=admin_headers)
assert response.status_code == 200
def test_remove_user(test_client, test_user, test_user2):
def test_remove_user(test_client, test_user, test_user2, test_admin):
"User remove test"
# Create 1 admin account
hashed_pass = generate_password_hash("adminpass")
admin = User(username="testadmin", email="testadmin@example.com", password=hashed_pass, role="Administrator")
db.session.add(admin)
db.session.commit()
# Anonymous try to remove user
response = test_client.delete(f"/users/{test_user.id}")
assert response.status_code == 401 # Anonymous cannot remove user account
# Logged user try to remove other user account
access_token = create_access_token(identity=str(test_user.id))
headers = {"Authorization": f"Bearer {access_token}"}
response = test_client.delete(f"/users/{admin.id}", headers=headers)
headers = login_test_user(test_user.id)
response = test_client.delete(f"/users/{test_admin.id}", headers=headers)
assert response.status_code == 403 # Common user cannot remove other user account
# Logged user try to remove own account
@ -82,8 +69,7 @@ def test_remove_user(test_client, test_user, test_user2):
assert response.status_code == 200 # Common user can remove their own account
# Logged admin can remove other user account
admin_access_token = create_access_token(identity=str(admin.id))
admin_headers = {"Authorization": f"Bearer {admin_access_token}"}
admin_headers = login_test_user(test_admin.id)
response = test_client.delete(f"/users/{test_user2.id}", headers=admin_headers)
assert response.status_code == 200 # Admin user can remove other user account
@ -103,28 +89,18 @@ def test_login(test_client, test_user):
)
assert response.status_code == 200 # User should be logged - right password
def test_get_users(test_client):
def test_get_users(test_client, test_user, test_admin):
"""Get all users test"""
response = test_client.get("/users")
assert response.status_code == 401 # Anonymous cannot get all users data
# Common user try to get all users data
hashed_pass = generate_password_hash("testpass")
user = User(username="testuser", email="test@example.com", password=hashed_pass, role="User")
db.session.add(user)
db.session.commit()
access_token = create_access_token(identity=str(user.id))
headers = {"Authorization": f"Bearer {access_token}"}
headers = login_test_user(test_user.id)
response = test_client.get("/users", headers=headers)
assert response.status_code == 403 # Common user cannot get all users data
# Admin user try to get all users data
hashed_pass = generate_password_hash("adminpass")
user = User(username="testadmin", email="testadmin@example.com", password=hashed_pass, role="Administrator")
db.session.add(user)
db.session.commit()
access_token = create_access_token(identity=str(user.id))
headers = {"Authorization": f"Bearer {access_token}"}
headers = login_test_user(test_admin.id)
response = test_client.get("/users", headers=headers)
assert response.status_code == 200 # Admin user should be able to get all users data
@ -132,17 +108,14 @@ def test_get_user_with_token(test_client, test_user, test_admin):
"""Test to get user data before and after auth using JWT token"""
response = test_client.get(f"/users/{test_admin.id}")
assert response.status_code == 401 # Try to get user data without login
access_token = create_access_token(identity=str(test_admin.id))
admin_headers = {"Authorization": f"Bearer {access_token}"}
admin_headers = login_test_user(test_admin.id)
response = test_client.get(f"/users/{test_admin.id}", headers=admin_headers)
assert response.status_code == 200
data = response.get_json()
assert data["username"] == "adminuser"
access_token = create_access_token(identity=str(test_user.id))
headers = {"Authorization": f"Bearer {access_token}"}
headers = login_test_user(test_user.id)
response = test_client.get(f"/users/{test_user.id}", headers=headers)
assert response.status_code == 200 # Common user can get own user data
response = test_client.get(f"/users/{test_admin.id}", headers=headers)
@ -152,9 +125,7 @@ def test_get_user_with_token(test_client, test_user, test_admin):
def test_user_logout(test_client, test_user):
"""Test if logout works and JWT token is revoked"""
access_token = create_access_token(identity=str(test_user.id))
headers = {"Authorization": f"Bearer {access_token}"}
headers = login_test_user(test_user.id)
response = test_client.get(f"/logout", headers=headers)
assert response.status_code == 200 # Logged user can logout
response = test_client.get(f"/logout", headers=headers)