Merge pull request 'test-code-refactor' (#1) from test-code-refactor into main
This commit is contained in:
commit
72f56f9929
@ -1,5 +1,6 @@
|
||||
FROM python:3.11.7-slim-bookworm
|
||||
FROM python:3.11.7-alpine
|
||||
WORKDIR /app
|
||||
COPY api .
|
||||
RUN pip install -r requirements.txt
|
||||
CMD python3 app.py
|
||||
EXPOSE 80
|
||||
CMD ["python3", "app.py"]
|
||||
|
||||
@ -12,7 +12,7 @@ def create_app(config_name="default"):
|
||||
"""Creates and returns a new instance of Flask app."""
|
||||
load_dotenv()
|
||||
app = Flask(__name__)
|
||||
|
||||
|
||||
# Database settings
|
||||
if config_name == "testing":
|
||||
app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:" # Database in memory
|
||||
@ -63,4 +63,5 @@ def create_app(config_name="default"):
|
||||
# Server start only if we run app directly
|
||||
if __name__ == "__main__":
|
||||
app = create_app()
|
||||
app.run(host="0.0.0.0")
|
||||
port = os.getenv("TODOLIST_PORT", "80")
|
||||
app.run(host="0.0.0.0", port=port)
|
||||
|
||||
@ -1,6 +1,9 @@
|
||||
import pytest
|
||||
from app import create_app
|
||||
from models import db
|
||||
from datetime import datetime
|
||||
from flask_jwt_extended import create_access_token
|
||||
from models import db, User, Task
|
||||
from werkzeug.security import generate_password_hash
|
||||
|
||||
@pytest.fixture
|
||||
def test_client():
|
||||
@ -13,3 +16,42 @@ def test_client():
|
||||
yield client
|
||||
db.session.remove()
|
||||
db.drop_all()
|
||||
|
||||
@pytest.fixture
|
||||
def test_user():
|
||||
"""Create a new user for testing."""
|
||||
user = User(username="testuser", email="test@example.com", password=generate_password_hash("testpass"), role="User")
|
||||
db.session.add(user)
|
||||
db.session.commit()
|
||||
return user
|
||||
|
||||
@pytest.fixture
|
||||
def test_user2():
|
||||
"""Create a user nr 2 for testing."""
|
||||
user2 = User(username="testuser2", email="test2@example.com", password=generate_password_hash("testpass2"), role="User")
|
||||
db.session.add(user2)
|
||||
db.session.commit()
|
||||
return user2
|
||||
|
||||
@pytest.fixture
|
||||
def test_admin():
|
||||
"""Create a new admin user for testing."""
|
||||
admin = User(username="adminuser", email="admin@example.com", password=generate_password_hash("adminpass"), role="Administrator")
|
||||
db.session.add(admin)
|
||||
db.session.commit()
|
||||
return admin
|
||||
|
||||
@pytest.fixture
|
||||
def new_task(test_user):
|
||||
"""Create a new task for testing."""
|
||||
due_date = datetime.strptime("20-03-2025 12:00", '%d-%m-%Y %H:%M')
|
||||
task = Task(title="Test Task", description="Task description", due_date=due_date, done=0, user_id=test_user.id)
|
||||
db.session.add(task)
|
||||
db.session.commit()
|
||||
return task
|
||||
|
||||
def login_test_user(identity):
|
||||
"""Return Bearer auth header for user identified by provided id"""
|
||||
access_token = create_access_token(identity=str(identity))
|
||||
auth_header = {"Authorization": f"Bearer {access_token}"}
|
||||
return auth_header
|
||||
@ -1,15 +1,9 @@
|
||||
from datetime import datetime
|
||||
import json
|
||||
from models import Task, User, db
|
||||
from flask_jwt_extended import create_access_token
|
||||
|
||||
def test_create_task(test_client):
|
||||
def test_create_task(test_client, test_user):
|
||||
"""Task creation test by logged in user"""
|
||||
user = User(username="testuser", email="test@example.com", password="hashed_pass", role="User")
|
||||
db.session.add(user)
|
||||
db.session.commit()
|
||||
|
||||
access_token = create_access_token(identity=str(user.id))
|
||||
access_token = create_access_token(identity=str(test_user.id))
|
||||
headers = {"Authorization": f"Bearer {access_token}"}
|
||||
|
||||
response = test_client.post(
|
||||
@ -18,25 +12,17 @@ def test_create_task(test_client):
|
||||
headers=headers,
|
||||
content_type="application/json",
|
||||
)
|
||||
assert response.status_code == 200 # Create task should be successful
|
||||
assert response.status_code == 200, "Logged user should can create task"
|
||||
data = response.get_json()
|
||||
assert data["title"] == "Test Task"
|
||||
assert data["title"] == "Test Task", "API should return created task data"
|
||||
|
||||
def test_get_tasks(test_client):
|
||||
def test_get_tasks(test_client, test_user, new_task):
|
||||
"""User task get test"""
|
||||
user = User(username="taskuser", email="task@example.com", password="hashed_pass", role="User")
|
||||
db.session.add(user)
|
||||
db.session.commit()
|
||||
|
||||
task = Task(title="Zadanie", description="Opis zadania", due_date=datetime.strptime("20-03-2025 12:00", '%d-%m-%Y %H:%M'), done=0, user_id=user.id)
|
||||
db.session.add(task)
|
||||
db.session.commit()
|
||||
|
||||
access_token = create_access_token(identity=str(user.id))
|
||||
access_token = create_access_token(identity=str(test_user.id))
|
||||
headers = {"Authorization": f"Bearer {access_token}"}
|
||||
|
||||
response = test_client.get(f"/tasks/user/{user.id}", headers=headers)
|
||||
assert response.status_code == 200
|
||||
response = test_client.get(f"/tasks/user/{test_user.id}", headers=headers)
|
||||
assert response.status_code == 200, "Logged user should can get your own tasks data"
|
||||
data = response.get_json()
|
||||
assert len(data) == 1
|
||||
assert data[0]["title"] == "Zadanie"
|
||||
assert data[0]["title"] == "Test Task", "API should return only tasks belongs to specific user"
|
||||
|
||||
@ -1,212 +1,132 @@
|
||||
from conftest import login_test_user
|
||||
import json
|
||||
from models import User, db
|
||||
from flask_jwt_extended import create_access_token
|
||||
from werkzeug.security import generate_password_hash
|
||||
|
||||
def test_create_user(test_client):
|
||||
def test_create_user(test_client, test_user, test_admin):
|
||||
"""New user registration test"""
|
||||
|
||||
# Anonymous try to create common user
|
||||
test_user_data = {"username": "testuser", "email": "test@example.com", "password": "testpass", "role": "User"}
|
||||
test_user_data = {"username": "test", "email": "testemail@example.com", "password": "testpassword", "role": "User"}
|
||||
response = test_client.post("/users", data=json.dumps(test_user_data), content_type="application/json")
|
||||
assert response.status_code == 201 # User should be created successfully
|
||||
assert response.status_code == 201, "Each should can register in the service"
|
||||
data = response.get_json()
|
||||
assert data["username"] == "testuser"
|
||||
assert data["username"] == "test"
|
||||
|
||||
# Anonymous try to create admin user
|
||||
admin_user_data = {"username": "testadmin", "email": "testadmin@example.com", "password": "adminpass", "role": "Administrator"}
|
||||
response = test_client.post("/users", data=json.dumps(admin_user_data), content_type="application/json")
|
||||
assert response.status_code == 401 # Anonymous cannot create admin users
|
||||
assert response.status_code == 401, "Anonymous should cannot create admin users"
|
||||
|
||||
# Login common user and try to create admin user
|
||||
access_token = create_access_token(identity='1')
|
||||
headers = {"Authorization": f"Bearer {access_token}"}
|
||||
headers = login_test_user(test_user.id)
|
||||
response = test_client.post("/users", data=json.dumps(admin_user_data), content_type="application/json", headers=headers)
|
||||
assert response.status_code == 403 # Common user cannot create admin users
|
||||
assert response.status_code == 403, "Common user should cannot create admin users"
|
||||
|
||||
# Try to create admin user using admin account
|
||||
hashed_pass = generate_password_hash("adminpass")
|
||||
user = User(username="admin", email="admin@example.com", password=hashed_pass, role="Administrator")
|
||||
db.session.add(user)
|
||||
db.session.commit()
|
||||
access_token = create_access_token(identity=str(user.id))
|
||||
headers = {"Authorization": f"Bearer {access_token}"}
|
||||
headers = login_test_user(test_admin.id)
|
||||
response = test_client.post("/users", data=json.dumps(admin_user_data), content_type="application/json", headers=headers)
|
||||
assert response.status_code == 201 # Logged administrators can create new admin users
|
||||
assert response.status_code == 201, "Logged administrators should can create new admin users"
|
||||
|
||||
|
||||
def test_edit_user(test_client):
|
||||
def test_edit_user(test_client, test_user, test_admin):
|
||||
"User edit test"
|
||||
# Create one admin and one user account
|
||||
admin_password = "adminpass"
|
||||
hashed_admin_pass = generate_password_hash(admin_password)
|
||||
admin_data = {"username": "testadmin", "email": "testadmin@example.com", "role": "Administrator"}
|
||||
admin = User(username=admin_data["username"], email=admin_data["email"], password=hashed_admin_pass, role=admin_data["role"])
|
||||
db.session.add(admin)
|
||||
db.session.commit()
|
||||
|
||||
user_password = "testpass"
|
||||
hashed_user_pass = generate_password_hash(user_password)
|
||||
user_data = {"username": "testuser", "email": "test@example.com", "role": "User"}
|
||||
user = User(username=user_data["username"], email=user_data["email"], password=hashed_user_pass, role=user_data["role"])
|
||||
db.session.add(user)
|
||||
db.session.commit()
|
||||
|
||||
# Anonymous cannot edit any user
|
||||
response = test_client.patch(f"/users/{admin.id}", data=json.dumps({"username": admin_data["username"], "password": admin_password}))
|
||||
admin_data = test_admin.to_dict()
|
||||
response = test_client.patch(f"/users/{test_admin.id}", data=json.dumps({"username": admin_data["username"], "password": "adminpass"}))
|
||||
assert response.status_code == 401
|
||||
|
||||
# Login users
|
||||
admin_access_token = create_access_token(identity=str(admin.id))
|
||||
admin_headers = {"Authorization": f"Bearer {admin_access_token}", "Content-Type": "application/json"}
|
||||
user_access_token = create_access_token(identity=str(user.id))
|
||||
user_headers = {"Authorization": f"Bearer {user_access_token}", "Content-Type": "application/json"}
|
||||
# Login users (get dict with auth header and merge it with dict with rest of headers)
|
||||
admin_headers = login_test_user(test_admin.id) | {"Content-Type": "application/json"}
|
||||
user_headers = login_test_user(test_user.id) | {"Content-Type": "application/json"}
|
||||
|
||||
# Check if PUT request contains all editable fields
|
||||
response = test_client.put(f"/users/{user.id}", data=json.dumps({"username": user_data["username"], "password": user_password}), headers=user_headers)
|
||||
assert response.status_code == 400 # PUT must have all editable fields
|
||||
response = test_client.put(f"/users/{test_user.id}", data=json.dumps({"username": test_user.username, "password": "testpass"}), headers=user_headers)
|
||||
assert response.status_code == 400, "PUT request data must have all editable fields"
|
||||
|
||||
# Check if user can edit your own data
|
||||
response = test_client.patch(f"/users/{user.id}", data=json.dumps({"username": user_data["username"], "password": user_password}), headers=user_headers)
|
||||
assert response.status_code == 200
|
||||
# Check if user can edit their own data
|
||||
response = test_client.patch(f"/users/{test_user.id}", data=json.dumps({"username": test_user.username, "password": "testpass"}), headers=user_headers)
|
||||
assert response.status_code == 200, "Common user should can edit own account data"
|
||||
|
||||
# Check if user cannot edit other user data
|
||||
response = test_client.patch(f"/users/{admin.id}", data=json.dumps({"username": admin_data["username"], "password": admin_password}), headers=user_headers)
|
||||
assert response.status_code == 403
|
||||
response = test_client.patch(f"/users/{test_admin.id}", data=json.dumps({"username": admin_data["username"], "password": "adminpass"}), headers=user_headers)
|
||||
assert response.status_code == 403, "Common user should cannot edit other user data"
|
||||
|
||||
# Check if admin can edit other user data
|
||||
response = test_client.patch(f"/users/{user.id}", data=json.dumps({"username": user_data["username"], "password": user_password}), headers=admin_headers)
|
||||
assert response.status_code == 200
|
||||
response = test_client.patch(f"/users/{test_user.id}", data=json.dumps({"username": test_user.username, "password": "testpass"}), headers=admin_headers)
|
||||
assert response.status_code == 200, "Admin user should can edit other user data"
|
||||
|
||||
def test_remove_user(test_client):
|
||||
def test_remove_user(test_client, test_user, test_user2, test_admin):
|
||||
"User remove test"
|
||||
# Create 1 admin and 2 common user accounts
|
||||
hashed_pass = generate_password_hash("adminpass")
|
||||
admin = User(username="testadmin", email="testadmin@example.com", password=hashed_pass, role="Administrator")
|
||||
db.session.add(admin)
|
||||
db.session.commit()
|
||||
|
||||
hashed_pass = generate_password_hash("testpass")
|
||||
user = User(username="testuser", email="test@example.com", password=hashed_pass, role="User")
|
||||
db.session.add(user)
|
||||
db.session.commit()
|
||||
|
||||
hashed_pass = generate_password_hash("testpass2")
|
||||
user2 = User(username="testuser2", email="test2@example.com", password=hashed_pass, role="User")
|
||||
db.session.add(user2)
|
||||
db.session.commit()
|
||||
|
||||
# Anonymous try to remove user
|
||||
response = test_client.delete(f"/users/{user.id}")
|
||||
assert response.status_code == 401 # Anonymous cannot remove user account
|
||||
response = test_client.delete(f"/users/{test_user.id}")
|
||||
assert response.status_code == 401, "Anonymous should cannot remove user account"
|
||||
|
||||
# Logged user try to remove other user account
|
||||
access_token = create_access_token(identity=str(user.id))
|
||||
headers = {"Authorization": f"Bearer {access_token}"}
|
||||
response = test_client.delete(f"/users/{admin.id}", headers=headers)
|
||||
assert response.status_code == 403 # Common user cannot remove other user account
|
||||
headers = login_test_user(test_user.id)
|
||||
response = test_client.delete(f"/users/{test_admin.id}", headers=headers)
|
||||
assert response.status_code == 403, "Common user should cannot remove other user account"
|
||||
|
||||
# Logged user try to remove own account
|
||||
response = test_client.delete(f"/users/{user.id}", headers=headers)
|
||||
assert response.status_code == 200 # Common user can remove your own account
|
||||
response = test_client.delete(f"/users/{test_user.id}", headers=headers)
|
||||
assert response.status_code == 200, "Common user should can remove their own account"
|
||||
|
||||
# Logged admin can remove other user account
|
||||
admin_access_token = create_access_token(identity=str(admin.id))
|
||||
admin_headers = {"Authorization": f"Bearer {admin_access_token}"}
|
||||
response = test_client.delete(f"/users/{user2.id}", headers=admin_headers)
|
||||
assert response.status_code == 200 # Admin user can remove other user account
|
||||
admin_headers = login_test_user(test_admin.id)
|
||||
response = test_client.delete(f"/users/{test_user2.id}", headers=admin_headers)
|
||||
assert response.status_code == 200, "Admin user should can remove other user account"
|
||||
|
||||
|
||||
def test_login(test_client):
|
||||
def test_login(test_client, test_user):
|
||||
"""User login test"""
|
||||
hashed_pass = generate_password_hash("testpass")
|
||||
user = User(username="testuser", email="test@example.com", password=hashed_pass, role="User")
|
||||
db.session.add(user)
|
||||
db.session.commit()
|
||||
|
||||
response = test_client.post(
|
||||
"/login",
|
||||
data=json.dumps({"username": "testuser", "password": "wrongpass"}),
|
||||
content_type="application/json",
|
||||
)
|
||||
assert response.status_code == 401 # User should not be logged - wrong password
|
||||
assert response.status_code == 401, "User should not become logged if provided wrong password"
|
||||
response = test_client.post(
|
||||
"/login",
|
||||
data=json.dumps({"username": "testuser", "password": "testpass"}),
|
||||
content_type="application/json",
|
||||
)
|
||||
assert response.status_code == 200 # User should be logged - right password
|
||||
assert response.status_code == 200, "User should become logged if provided right password"
|
||||
|
||||
|
||||
def test_get_users(test_client):
|
||||
def test_get_users(test_client, test_user, test_admin):
|
||||
"""Get all users test"""
|
||||
response = test_client.get("/users")
|
||||
assert response.status_code == 401 # Anonymous cannot get all users data
|
||||
assert response.status_code == 401, "Anonymous should cannot get all users data"
|
||||
|
||||
# Common user try to get all users data
|
||||
hashed_pass = generate_password_hash("testpass")
|
||||
user = User(username="testuser", email="test@example.com", password=hashed_pass, role="User")
|
||||
db.session.add(user)
|
||||
db.session.commit()
|
||||
access_token = create_access_token(identity=str(user.id))
|
||||
headers = {"Authorization": f"Bearer {access_token}"}
|
||||
headers = login_test_user(test_user.id)
|
||||
response = test_client.get("/users", headers=headers)
|
||||
assert response.status_code == 403 # Common user cannot get all users data
|
||||
assert response.status_code == 403, "Common user should cannot get all users data"
|
||||
|
||||
# Admin user try to get all users data
|
||||
hashed_pass = generate_password_hash("adminpass")
|
||||
user = User(username="testadmin", email="testadmin@example.com", password=hashed_pass, role="Administrator")
|
||||
db.session.add(user)
|
||||
db.session.commit()
|
||||
access_token = create_access_token(identity=str(user.id))
|
||||
headers = {"Authorization": f"Bearer {access_token}"}
|
||||
headers = login_test_user(test_admin.id)
|
||||
response = test_client.get("/users", headers=headers)
|
||||
assert response.status_code == 200 # Admin user should can get all users data
|
||||
assert response.status_code == 200, "Admin user should be able to get all users data"
|
||||
|
||||
|
||||
def test_get_user_with_token(test_client):
|
||||
def test_get_user_with_token(test_client, test_user, test_admin):
|
||||
"""Test to get user data before and after auth using JWT token"""
|
||||
admin_pass = generate_password_hash("admin_pass")
|
||||
admin = User(username="admin", email="admin@example.com", password=admin_pass, role="Administrator")
|
||||
db.session.add(admin)
|
||||
db.session.commit()
|
||||
response = test_client.get(f"/users/{test_admin.id}")
|
||||
assert response.status_code == 401, "Anonymous should cannot get user data without login"
|
||||
|
||||
response = test_client.get(f"/users/{admin.id}")
|
||||
assert response.status_code == 401 # Try to get user data without login
|
||||
|
||||
access_token = create_access_token(identity=str(admin.id))
|
||||
admin_headers = {"Authorization": f"Bearer {access_token}"}
|
||||
|
||||
response = test_client.get(f"/users/{admin.id}", headers=admin_headers)
|
||||
admin_headers = login_test_user(test_admin.id)
|
||||
response = test_client.get(f"/users/{test_admin.id}", headers=admin_headers)
|
||||
assert response.status_code == 200
|
||||
data = response.get_json()
|
||||
assert data["username"] == "admin"
|
||||
assert data["username"] == "adminuser"
|
||||
|
||||
user_pass = generate_password_hash("test_pass")
|
||||
user = User(username="testuser", email="test@example.com", password=user_pass, role="User")
|
||||
db.session.add(user)
|
||||
db.session.commit()
|
||||
access_token = create_access_token(identity=str(user.id))
|
||||
headers = {"Authorization": f"Bearer {access_token}"}
|
||||
response = test_client.get(f"/users/{user.id}", headers=headers)
|
||||
assert response.status_code == 200 # Common user can get own user data
|
||||
response = test_client.get(f"/users/{admin.id}", headers=headers)
|
||||
assert response.status_code == 403 # Common user cannot get other user data
|
||||
response = test_client.get(f"/users/{user.id}", headers=admin_headers)
|
||||
assert response.status_code == 200 # Admin can access all user data
|
||||
|
||||
|
||||
def test_user_logout(test_client):
|
||||
"""Test if logout work and JWT token is revoked"""
|
||||
hashed_pass = generate_password_hash("testpass")
|
||||
user = User(username="testuser", email="test@example.com", password=hashed_pass, role="User")
|
||||
db.session.add(user)
|
||||
db.session.commit()
|
||||
|
||||
access_token = create_access_token(identity=str(user.id))
|
||||
headers = {"Authorization": f"Bearer {access_token}"}
|
||||
headers = login_test_user(test_user.id)
|
||||
response = test_client.get(f"/users/{test_user.id}", headers=headers)
|
||||
assert response.status_code == 200, "Common user should can get own user data"
|
||||
response = test_client.get(f"/users/{test_admin.id}", headers=headers)
|
||||
assert response.status_code == 403, "Common user should cannot get other user data"
|
||||
response = test_client.get(f"/users/{test_user.id}", headers=admin_headers)
|
||||
assert response.status_code == 200, "Admin should can access all user data"
|
||||
|
||||
def test_user_logout(test_client, test_user):
|
||||
"""Test if logout works and JWT token is revoked"""
|
||||
headers = login_test_user(test_user.id)
|
||||
response = test_client.get(f"/logout", headers=headers)
|
||||
assert response.status_code == 200 # Logged user can logout
|
||||
assert response.status_code == 200, "Logged user should can logout"
|
||||
response = test_client.get(f"/logout", headers=headers)
|
||||
assert response.status_code == 401 # Token should be revoked after logout
|
||||
assert response.status_code == 401, "Token should be revoked after logout"
|
||||
|
||||
@ -5,11 +5,17 @@ services:
|
||||
depends_on:
|
||||
- db
|
||||
build: .
|
||||
env_file:
|
||||
- api/.env
|
||||
networks:
|
||||
- default
|
||||
|
||||
db:
|
||||
container_name: db
|
||||
hostname: db
|
||||
image: mysql:latest
|
||||
env_file:
|
||||
- db/.env
|
||||
networks:
|
||||
- default
|
||||
|
||||
networks:
|
||||
default:
|
||||
name: todolist
|
||||
driver: bridge
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user