From f36c919ff9d52a27bcf11ef490b17812b51d5198 Mon Sep 17 00:00:00 2001 From: Marcin-Ramotowski Date: Tue, 1 Apr 2025 20:50:37 +0000 Subject: [PATCH 1/6] Reduced repeating of user creation in tests --- api/tests/conftest.py | 37 +++++++++++++- api/tests/test_tasks.py | 26 +++------- api/tests/test_users.py | 110 ++++++++++++---------------------------- 3 files changed, 76 insertions(+), 97 deletions(-) diff --git a/api/tests/conftest.py b/api/tests/conftest.py index 23c403c..0672c14 100644 --- a/api/tests/conftest.py +++ b/api/tests/conftest.py @@ -1,6 +1,8 @@ import pytest from app import create_app -from models import db +from datetime import datetime +from models import db, User, Task +from werkzeug.security import generate_password_hash @pytest.fixture def test_client(): @@ -13,3 +15,36 @@ def test_client(): yield client db.session.remove() db.drop_all() + +@pytest.fixture +def test_user(): + """Create a new user for testing.""" + user = User(username="testuser", email="test@example.com", password=generate_password_hash("testpass"), role="User") + db.session.add(user) + db.session.commit() + return user + +@pytest.fixture +def test_user2(): + """Create a user nr 2 for testing.""" + user2 = User(username="testuser2", email="test2@example.com", password=generate_password_hash("testpass2"), role="User") + db.session.add(user2) + db.session.commit() + return user2 + +@pytest.fixture +def test_admin(): + """Create a new admin user for testing.""" + admin = User(username="adminuser", email="admin@example.com", password=generate_password_hash("adminpass"), role="Administrator") + db.session.add(admin) + db.session.commit() + return admin + +@pytest.fixture +def new_task(test_user): + """Create a new task for testing.""" + due_date = datetime.strptime("20-03-2025 12:00", '%d-%m-%Y %H:%M') + task = Task(title="Test Task", description="Task description", due_date=due_date, done=0, user_id=test_user.id) + db.session.add(task) + db.session.commit() + return task diff --git a/api/tests/test_tasks.py b/api/tests/test_tasks.py index 5ac8610..763139d 100644 --- a/api/tests/test_tasks.py +++ b/api/tests/test_tasks.py @@ -1,15 +1,11 @@ from datetime import datetime import json -from models import Task, User, db +from models import db from flask_jwt_extended import create_access_token -def test_create_task(test_client): +def test_create_task(test_client, test_user): """Task creation test by logged in user""" - user = User(username="testuser", email="test@example.com", password="hashed_pass", role="User") - db.session.add(user) - db.session.commit() - - access_token = create_access_token(identity=str(user.id)) + access_token = create_access_token(identity=str(test_user.id)) headers = {"Authorization": f"Bearer {access_token}"} response = test_client.post( @@ -22,21 +18,13 @@ def test_create_task(test_client): data = response.get_json() assert data["title"] == "Test Task" -def test_get_tasks(test_client): +def test_get_tasks(test_client, test_user, new_task): """User task get test""" - user = User(username="taskuser", email="task@example.com", password="hashed_pass", role="User") - db.session.add(user) - db.session.commit() - - task = Task(title="Zadanie", description="Opis zadania", due_date=datetime.strptime("20-03-2025 12:00", '%d-%m-%Y %H:%M'), done=0, user_id=user.id) - db.session.add(task) - db.session.commit() - - access_token = create_access_token(identity=str(user.id)) + access_token = create_access_token(identity=str(test_user.id)) headers = {"Authorization": f"Bearer {access_token}"} - response = test_client.get(f"/tasks/user/{user.id}", headers=headers) + response = test_client.get(f"/tasks/user/{test_user.id}", headers=headers) assert response.status_code == 200 data = response.get_json() assert len(data) == 1 - assert data[0]["title"] == "Zadanie" + assert data[0]["title"] == "Test Task" diff --git a/api/tests/test_users.py b/api/tests/test_users.py index eb597d1..5d9a61b 100644 --- a/api/tests/test_users.py +++ b/api/tests/test_users.py @@ -3,15 +3,15 @@ from models import User, db from flask_jwt_extended import create_access_token from werkzeug.security import generate_password_hash -def test_create_user(test_client): +def test_create_user(test_client, test_user, test_admin): """New user registration test""" # Anonymous try to create common user - test_user_data = {"username": "testuser", "email": "test@example.com", "password": "testpass", "role": "User"} + test_user_data = {"username": "test", "email": "testemail@example.com", "password": "testpassword", "role": "User"} response = test_client.post("/users", data=json.dumps(test_user_data), content_type="application/json") assert response.status_code == 201 # User should be created successfully data = response.get_json() - assert data["username"] == "testuser" + assert data["username"] == "test" # Anonymous try to create admin user admin_user_data = {"username": "testadmin", "email": "testadmin@example.com", "password": "adminpass", "role": "Administrator"} @@ -19,25 +19,20 @@ def test_create_user(test_client): assert response.status_code == 401 # Anonymous cannot create admin users # Login common user and try to create admin user - access_token = create_access_token(identity='1') + access_token = create_access_token(identity=str(test_user.id)) headers = {"Authorization": f"Bearer {access_token}"} response = test_client.post("/users", data=json.dumps(admin_user_data), content_type="application/json", headers=headers) assert response.status_code == 403 # Common user cannot create admin users # Try to create admin user using admin account - hashed_pass = generate_password_hash("adminpass") - user = User(username="admin", email="admin@example.com", password=hashed_pass, role="Administrator") - db.session.add(user) - db.session.commit() - access_token = create_access_token(identity=str(user.id)) + access_token = create_access_token(identity=str(test_admin.id)) headers = {"Authorization": f"Bearer {access_token}"} response = test_client.post("/users", data=json.dumps(admin_user_data), content_type="application/json", headers=headers) assert response.status_code == 201 # Logged administrators can create new admin users - -def test_edit_user(test_client): +def test_edit_user(test_client, test_user): "User edit test" - # Create one admin and one user account + # Create one admin account admin_password = "adminpass" hashed_admin_pass = generate_password_hash(admin_password) admin_data = {"username": "testadmin", "email": "testadmin@example.com", "role": "Administrator"} @@ -45,13 +40,6 @@ def test_edit_user(test_client): db.session.add(admin) db.session.commit() - user_password = "testpass" - hashed_user_pass = generate_password_hash(user_password) - user_data = {"username": "testuser", "email": "test@example.com", "role": "User"} - user = User(username=user_data["username"], email=user_data["email"], password=hashed_user_pass, role=user_data["role"]) - db.session.add(user) - db.session.commit() - # Anonymous cannot edit any user response = test_client.patch(f"/users/{admin.id}", data=json.dumps({"username": admin_data["username"], "password": admin_password})) assert response.status_code == 401 @@ -59,15 +47,15 @@ def test_edit_user(test_client): # Login users admin_access_token = create_access_token(identity=str(admin.id)) admin_headers = {"Authorization": f"Bearer {admin_access_token}", "Content-Type": "application/json"} - user_access_token = create_access_token(identity=str(user.id)) + user_access_token = create_access_token(identity=str(test_user.id)) user_headers = {"Authorization": f"Bearer {user_access_token}", "Content-Type": "application/json"} # Check if PUT request contains all editable fields - response = test_client.put(f"/users/{user.id}", data=json.dumps({"username": user_data["username"], "password": user_password}), headers=user_headers) + response = test_client.put(f"/users/{test_user.id}", data=json.dumps({"username": test_user.username, "password": "testpass"}), headers=user_headers) assert response.status_code == 400 # PUT must have all editable fields - # Check if user can edit your own data - response = test_client.patch(f"/users/{user.id}", data=json.dumps({"username": user_data["username"], "password": user_password}), headers=user_headers) + # Check if user can edit their own data + response = test_client.patch(f"/users/{test_user.id}", data=json.dumps({"username": test_user.username, "password": "testpass"}), headers=user_headers) assert response.status_code == 200 # Check if user cannot edit other user data @@ -75,54 +63,39 @@ def test_edit_user(test_client): assert response.status_code == 403 # Check if admin can edit other user data - response = test_client.patch(f"/users/{user.id}", data=json.dumps({"username": user_data["username"], "password": user_password}), headers=admin_headers) + response = test_client.patch(f"/users/{test_user.id}", data=json.dumps({"username": test_user.username, "password": "testpass"}), headers=admin_headers) assert response.status_code == 200 -def test_remove_user(test_client): +def test_remove_user(test_client, test_user, test_user2): "User remove test" - # Create 1 admin and 2 common user accounts + # Create 1 admin account hashed_pass = generate_password_hash("adminpass") admin = User(username="testadmin", email="testadmin@example.com", password=hashed_pass, role="Administrator") db.session.add(admin) db.session.commit() - hashed_pass = generate_password_hash("testpass") - user = User(username="testuser", email="test@example.com", password=hashed_pass, role="User") - db.session.add(user) - db.session.commit() - - hashed_pass = generate_password_hash("testpass2") - user2 = User(username="testuser2", email="test2@example.com", password=hashed_pass, role="User") - db.session.add(user2) - db.session.commit() - # Anonymous try to remove user - response = test_client.delete(f"/users/{user.id}") + response = test_client.delete(f"/users/{test_user.id}") assert response.status_code == 401 # Anonymous cannot remove user account # Logged user try to remove other user account - access_token = create_access_token(identity=str(user.id)) + access_token = create_access_token(identity=str(test_user.id)) headers = {"Authorization": f"Bearer {access_token}"} response = test_client.delete(f"/users/{admin.id}", headers=headers) assert response.status_code == 403 # Common user cannot remove other user account # Logged user try to remove own account - response = test_client.delete(f"/users/{user.id}", headers=headers) - assert response.status_code == 200 # Common user can remove your own account + response = test_client.delete(f"/users/{test_user.id}", headers=headers) + assert response.status_code == 200 # Common user can remove their own account # Logged admin can remove other user account admin_access_token = create_access_token(identity=str(admin.id)) admin_headers = {"Authorization": f"Bearer {admin_access_token}"} - response = test_client.delete(f"/users/{user2.id}", headers=admin_headers) + response = test_client.delete(f"/users/{test_user2.id}", headers=admin_headers) assert response.status_code == 200 # Admin user can remove other user account - -def test_login(test_client): +def test_login(test_client, test_user): """User login test""" - hashed_pass = generate_password_hash("testpass") - user = User(username="testuser", email="test@example.com", password=hashed_pass, role="User") - db.session.add(user) - db.session.commit() response = test_client.post( "/login", @@ -137,7 +110,6 @@ def test_login(test_client): ) assert response.status_code == 200 # User should be logged - right password - def test_get_users(test_client): """Get all users test""" response = test_client.get("/users") @@ -161,49 +133,33 @@ def test_get_users(test_client): access_token = create_access_token(identity=str(user.id)) headers = {"Authorization": f"Bearer {access_token}"} response = test_client.get("/users", headers=headers) - assert response.status_code == 200 # Admin user should can get all users data + assert response.status_code == 200 # Admin user should be able to get all users data - -def test_get_user_with_token(test_client): +def test_get_user_with_token(test_client, test_user, test_admin): """Test to get user data before and after auth using JWT token""" - admin_pass = generate_password_hash("admin_pass") - admin = User(username="admin", email="admin@example.com", password=admin_pass, role="Administrator") - db.session.add(admin) - db.session.commit() - - response = test_client.get(f"/users/{admin.id}") + response = test_client.get(f"/users/{test_admin.id}") assert response.status_code == 401 # Try to get user data without login - access_token = create_access_token(identity=str(admin.id)) + access_token = create_access_token(identity=str(test_admin.id)) admin_headers = {"Authorization": f"Bearer {access_token}"} - response = test_client.get(f"/users/{admin.id}", headers=admin_headers) + response = test_client.get(f"/users/{test_admin.id}", headers=admin_headers) assert response.status_code == 200 data = response.get_json() - assert data["username"] == "admin" + assert data["username"] == "adminuser" - user_pass = generate_password_hash("test_pass") - user = User(username="testuser", email="test@example.com", password=user_pass, role="User") - db.session.add(user) - db.session.commit() - access_token = create_access_token(identity=str(user.id)) + access_token = create_access_token(identity=str(test_user.id)) headers = {"Authorization": f"Bearer {access_token}"} - response = test_client.get(f"/users/{user.id}", headers=headers) + response = test_client.get(f"/users/{test_user.id}", headers=headers) assert response.status_code == 200 # Common user can get own user data - response = test_client.get(f"/users/{admin.id}", headers=headers) + response = test_client.get(f"/users/{test_admin.id}", headers=headers) assert response.status_code == 403 # Common user cannot get other user data - response = test_client.get(f"/users/{user.id}", headers=admin_headers) + response = test_client.get(f"/users/{test_user.id}", headers=admin_headers) assert response.status_code == 200 # Admin can access all user data - -def test_user_logout(test_client): - """Test if logout work and JWT token is revoked""" - hashed_pass = generate_password_hash("testpass") - user = User(username="testuser", email="test@example.com", password=hashed_pass, role="User") - db.session.add(user) - db.session.commit() - - access_token = create_access_token(identity=str(user.id)) +def test_user_logout(test_client, test_user): + """Test if logout works and JWT token is revoked""" + access_token = create_access_token(identity=str(test_user.id)) headers = {"Authorization": f"Bearer {access_token}"} response = test_client.get(f"/logout", headers=headers) From 7f9c7cd27f392003b01d3d80e1a4b9c7f215bb35 Mon Sep 17 00:00:00 2001 From: Marcin-Ramotowski Date: Tue, 1 Apr 2025 21:02:25 +0000 Subject: [PATCH 2/6] Removed redundant creation of user in edit user endpoint --- api/tests/test_users.py | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/api/tests/test_users.py b/api/tests/test_users.py index 5d9a61b..58ae67c 100644 --- a/api/tests/test_users.py +++ b/api/tests/test_users.py @@ -30,22 +30,15 @@ def test_create_user(test_client, test_user, test_admin): response = test_client.post("/users", data=json.dumps(admin_user_data), content_type="application/json", headers=headers) assert response.status_code == 201 # Logged administrators can create new admin users -def test_edit_user(test_client, test_user): +def test_edit_user(test_client, test_user, test_admin): "User edit test" - # Create one admin account - admin_password = "adminpass" - hashed_admin_pass = generate_password_hash(admin_password) - admin_data = {"username": "testadmin", "email": "testadmin@example.com", "role": "Administrator"} - admin = User(username=admin_data["username"], email=admin_data["email"], password=hashed_admin_pass, role=admin_data["role"]) - db.session.add(admin) - db.session.commit() - # Anonymous cannot edit any user - response = test_client.patch(f"/users/{admin.id}", data=json.dumps({"username": admin_data["username"], "password": admin_password})) + admin_data = test_admin.to_dict() + response = test_client.patch(f"/users/{test_admin.id}", data=json.dumps({"username": admin_data["username"], "password": "adminpass"})) assert response.status_code == 401 # Login users - admin_access_token = create_access_token(identity=str(admin.id)) + admin_access_token = create_access_token(identity=str(test_admin.id)) admin_headers = {"Authorization": f"Bearer {admin_access_token}", "Content-Type": "application/json"} user_access_token = create_access_token(identity=str(test_user.id)) user_headers = {"Authorization": f"Bearer {user_access_token}", "Content-Type": "application/json"} @@ -59,7 +52,7 @@ def test_edit_user(test_client, test_user): assert response.status_code == 200 # Check if user cannot edit other user data - response = test_client.patch(f"/users/{admin.id}", data=json.dumps({"username": admin_data["username"], "password": admin_password}), headers=user_headers) + response = test_client.patch(f"/users/{test_admin.id}", data=json.dumps({"username": admin_data["username"], "password": "adminpass"}), headers=user_headers) assert response.status_code == 403 # Check if admin can edit other user data From 40b1193efd491962ff0821ff4b079aeb30532bf3 Mon Sep 17 00:00:00 2001 From: Marcin-Ramotowski Date: Tue, 1 Apr 2025 21:27:54 +0000 Subject: [PATCH 3/6] Refactored code dedicated to user login in tests --- api/tests/conftest.py | 7 +++++ api/tests/test_users.py | 61 +++++++++++------------------------------ 2 files changed, 23 insertions(+), 45 deletions(-) diff --git a/api/tests/conftest.py b/api/tests/conftest.py index 0672c14..b9b1d53 100644 --- a/api/tests/conftest.py +++ b/api/tests/conftest.py @@ -1,6 +1,7 @@ import pytest from app import create_app from datetime import datetime +from flask_jwt_extended import create_access_token from models import db, User, Task from werkzeug.security import generate_password_hash @@ -48,3 +49,9 @@ def new_task(test_user): db.session.add(task) db.session.commit() return task + +def login_test_user(identity): + """Return Bearer auth header for user identified by provided id""" + access_token = create_access_token(identity=str(identity)) + auth_header = {"Authorization": f"Bearer {access_token}"} + return auth_header \ No newline at end of file diff --git a/api/tests/test_users.py b/api/tests/test_users.py index 58ae67c..231ee9f 100644 --- a/api/tests/test_users.py +++ b/api/tests/test_users.py @@ -1,7 +1,5 @@ +from conftest import login_test_user import json -from models import User, db -from flask_jwt_extended import create_access_token -from werkzeug.security import generate_password_hash def test_create_user(test_client, test_user, test_admin): """New user registration test""" @@ -19,14 +17,12 @@ def test_create_user(test_client, test_user, test_admin): assert response.status_code == 401 # Anonymous cannot create admin users # Login common user and try to create admin user - access_token = create_access_token(identity=str(test_user.id)) - headers = {"Authorization": f"Bearer {access_token}"} + headers = login_test_user(test_user.id) response = test_client.post("/users", data=json.dumps(admin_user_data), content_type="application/json", headers=headers) assert response.status_code == 403 # Common user cannot create admin users # Try to create admin user using admin account - access_token = create_access_token(identity=str(test_admin.id)) - headers = {"Authorization": f"Bearer {access_token}"} + headers = login_test_user(test_admin.id) response = test_client.post("/users", data=json.dumps(admin_user_data), content_type="application/json", headers=headers) assert response.status_code == 201 # Logged administrators can create new admin users @@ -37,11 +33,9 @@ def test_edit_user(test_client, test_user, test_admin): response = test_client.patch(f"/users/{test_admin.id}", data=json.dumps({"username": admin_data["username"], "password": "adminpass"})) assert response.status_code == 401 - # Login users - admin_access_token = create_access_token(identity=str(test_admin.id)) - admin_headers = {"Authorization": f"Bearer {admin_access_token}", "Content-Type": "application/json"} - user_access_token = create_access_token(identity=str(test_user.id)) - user_headers = {"Authorization": f"Bearer {user_access_token}", "Content-Type": "application/json"} + # Login users (get dict with auth header and merge it with dict with rest of headers) + admin_headers = login_test_user(test_admin.id) | {"Content-Type": "application/json"} + user_headers = login_test_user(test_user.id) | {"Content-Type": "application/json"} # Check if PUT request contains all editable fields response = test_client.put(f"/users/{test_user.id}", data=json.dumps({"username": test_user.username, "password": "testpass"}), headers=user_headers) @@ -59,22 +53,15 @@ def test_edit_user(test_client, test_user, test_admin): response = test_client.patch(f"/users/{test_user.id}", data=json.dumps({"username": test_user.username, "password": "testpass"}), headers=admin_headers) assert response.status_code == 200 -def test_remove_user(test_client, test_user, test_user2): +def test_remove_user(test_client, test_user, test_user2, test_admin): "User remove test" - # Create 1 admin account - hashed_pass = generate_password_hash("adminpass") - admin = User(username="testadmin", email="testadmin@example.com", password=hashed_pass, role="Administrator") - db.session.add(admin) - db.session.commit() - # Anonymous try to remove user response = test_client.delete(f"/users/{test_user.id}") assert response.status_code == 401 # Anonymous cannot remove user account # Logged user try to remove other user account - access_token = create_access_token(identity=str(test_user.id)) - headers = {"Authorization": f"Bearer {access_token}"} - response = test_client.delete(f"/users/{admin.id}", headers=headers) + headers = login_test_user(test_user.id) + response = test_client.delete(f"/users/{test_admin.id}", headers=headers) assert response.status_code == 403 # Common user cannot remove other user account # Logged user try to remove own account @@ -82,8 +69,7 @@ def test_remove_user(test_client, test_user, test_user2): assert response.status_code == 200 # Common user can remove their own account # Logged admin can remove other user account - admin_access_token = create_access_token(identity=str(admin.id)) - admin_headers = {"Authorization": f"Bearer {admin_access_token}"} + admin_headers = login_test_user(test_admin.id) response = test_client.delete(f"/users/{test_user2.id}", headers=admin_headers) assert response.status_code == 200 # Admin user can remove other user account @@ -103,28 +89,18 @@ def test_login(test_client, test_user): ) assert response.status_code == 200 # User should be logged - right password -def test_get_users(test_client): +def test_get_users(test_client, test_user, test_admin): """Get all users test""" response = test_client.get("/users") assert response.status_code == 401 # Anonymous cannot get all users data # Common user try to get all users data - hashed_pass = generate_password_hash("testpass") - user = User(username="testuser", email="test@example.com", password=hashed_pass, role="User") - db.session.add(user) - db.session.commit() - access_token = create_access_token(identity=str(user.id)) - headers = {"Authorization": f"Bearer {access_token}"} + headers = login_test_user(test_user.id) response = test_client.get("/users", headers=headers) assert response.status_code == 403 # Common user cannot get all users data # Admin user try to get all users data - hashed_pass = generate_password_hash("adminpass") - user = User(username="testadmin", email="testadmin@example.com", password=hashed_pass, role="Administrator") - db.session.add(user) - db.session.commit() - access_token = create_access_token(identity=str(user.id)) - headers = {"Authorization": f"Bearer {access_token}"} + headers = login_test_user(test_admin.id) response = test_client.get("/users", headers=headers) assert response.status_code == 200 # Admin user should be able to get all users data @@ -132,17 +108,14 @@ def test_get_user_with_token(test_client, test_user, test_admin): """Test to get user data before and after auth using JWT token""" response = test_client.get(f"/users/{test_admin.id}") assert response.status_code == 401 # Try to get user data without login - - access_token = create_access_token(identity=str(test_admin.id)) - admin_headers = {"Authorization": f"Bearer {access_token}"} + admin_headers = login_test_user(test_admin.id) response = test_client.get(f"/users/{test_admin.id}", headers=admin_headers) assert response.status_code == 200 data = response.get_json() assert data["username"] == "adminuser" - access_token = create_access_token(identity=str(test_user.id)) - headers = {"Authorization": f"Bearer {access_token}"} + headers = login_test_user(test_user.id) response = test_client.get(f"/users/{test_user.id}", headers=headers) assert response.status_code == 200 # Common user can get own user data response = test_client.get(f"/users/{test_admin.id}", headers=headers) @@ -152,9 +125,7 @@ def test_get_user_with_token(test_client, test_user, test_admin): def test_user_logout(test_client, test_user): """Test if logout works and JWT token is revoked""" - access_token = create_access_token(identity=str(test_user.id)) - headers = {"Authorization": f"Bearer {access_token}"} - + headers = login_test_user(test_user.id) response = test_client.get(f"/logout", headers=headers) assert response.status_code == 200 # Logged user can logout response = test_client.get(f"/logout", headers=headers) From 4e6788f61472c3ccf2d918f717967213bd397697 Mon Sep 17 00:00:00 2001 From: Marcin-Ramotowski Date: Wed, 2 Apr 2025 19:07:27 +0000 Subject: [PATCH 4/6] Changed comments to assertion error messages --- api/tests/test_tasks.py | 10 ++++----- api/tests/test_users.py | 46 ++++++++++++++++++++--------------------- 2 files changed, 27 insertions(+), 29 deletions(-) diff --git a/api/tests/test_tasks.py b/api/tests/test_tasks.py index 763139d..e3bcdd4 100644 --- a/api/tests/test_tasks.py +++ b/api/tests/test_tasks.py @@ -1,6 +1,4 @@ -from datetime import datetime import json -from models import db from flask_jwt_extended import create_access_token def test_create_task(test_client, test_user): @@ -14,9 +12,9 @@ def test_create_task(test_client, test_user): headers=headers, content_type="application/json", ) - assert response.status_code == 200 # Create task should be successful + assert response.status_code == 200, "Logged user should can create task" data = response.get_json() - assert data["title"] == "Test Task" + assert data["title"] == "Test Task", "API should return created task data" def test_get_tasks(test_client, test_user, new_task): """User task get test""" @@ -24,7 +22,7 @@ def test_get_tasks(test_client, test_user, new_task): headers = {"Authorization": f"Bearer {access_token}"} response = test_client.get(f"/tasks/user/{test_user.id}", headers=headers) - assert response.status_code == 200 + assert response.status_code == 200, "Logged user should can get your own tasks data" data = response.get_json() assert len(data) == 1 - assert data[0]["title"] == "Test Task" + assert data[0]["title"] == "Test Task", "API should return only tasks belongs to specific user" diff --git a/api/tests/test_users.py b/api/tests/test_users.py index 231ee9f..d072d6c 100644 --- a/api/tests/test_users.py +++ b/api/tests/test_users.py @@ -7,24 +7,24 @@ def test_create_user(test_client, test_user, test_admin): # Anonymous try to create common user test_user_data = {"username": "test", "email": "testemail@example.com", "password": "testpassword", "role": "User"} response = test_client.post("/users", data=json.dumps(test_user_data), content_type="application/json") - assert response.status_code == 201 # User should be created successfully + assert response.status_code == 201, "Each should can register in the service" data = response.get_json() assert data["username"] == "test" # Anonymous try to create admin user admin_user_data = {"username": "testadmin", "email": "testadmin@example.com", "password": "adminpass", "role": "Administrator"} response = test_client.post("/users", data=json.dumps(admin_user_data), content_type="application/json") - assert response.status_code == 401 # Anonymous cannot create admin users + assert response.status_code == 401, "Anonymous should cannot create admin users" # Login common user and try to create admin user headers = login_test_user(test_user.id) response = test_client.post("/users", data=json.dumps(admin_user_data), content_type="application/json", headers=headers) - assert response.status_code == 403 # Common user cannot create admin users + assert response.status_code == 403, "Common user should cannot create admin users" # Try to create admin user using admin account headers = login_test_user(test_admin.id) response = test_client.post("/users", data=json.dumps(admin_user_data), content_type="application/json", headers=headers) - assert response.status_code == 201 # Logged administrators can create new admin users + assert response.status_code == 201, "Logged administrators should can create new admin users" def test_edit_user(test_client, test_user, test_admin): "User edit test" @@ -39,39 +39,39 @@ def test_edit_user(test_client, test_user, test_admin): # Check if PUT request contains all editable fields response = test_client.put(f"/users/{test_user.id}", data=json.dumps({"username": test_user.username, "password": "testpass"}), headers=user_headers) - assert response.status_code == 400 # PUT must have all editable fields + assert response.status_code == 400, "PUT request data must have all editable fields" # Check if user can edit their own data response = test_client.patch(f"/users/{test_user.id}", data=json.dumps({"username": test_user.username, "password": "testpass"}), headers=user_headers) - assert response.status_code == 200 + assert response.status_code == 200, "Common user should can edit own account data" # Check if user cannot edit other user data response = test_client.patch(f"/users/{test_admin.id}", data=json.dumps({"username": admin_data["username"], "password": "adminpass"}), headers=user_headers) - assert response.status_code == 403 + assert response.status_code == 403, "Common user should cannot edit other user data" # Check if admin can edit other user data response = test_client.patch(f"/users/{test_user.id}", data=json.dumps({"username": test_user.username, "password": "testpass"}), headers=admin_headers) - assert response.status_code == 200 + assert response.status_code == 200, "Admin user should can edit other user data" def test_remove_user(test_client, test_user, test_user2, test_admin): "User remove test" # Anonymous try to remove user response = test_client.delete(f"/users/{test_user.id}") - assert response.status_code == 401 # Anonymous cannot remove user account + assert response.status_code == 401, "Anonymous should cannot remove user account" # Logged user try to remove other user account headers = login_test_user(test_user.id) response = test_client.delete(f"/users/{test_admin.id}", headers=headers) - assert response.status_code == 403 # Common user cannot remove other user account + assert response.status_code == 403, "Common user should cannot remove other user account" # Logged user try to remove own account response = test_client.delete(f"/users/{test_user.id}", headers=headers) - assert response.status_code == 200 # Common user can remove their own account + assert response.status_code == 200, "Common user should can remove their own account" # Logged admin can remove other user account admin_headers = login_test_user(test_admin.id) response = test_client.delete(f"/users/{test_user2.id}", headers=admin_headers) - assert response.status_code == 200 # Admin user can remove other user account + assert response.status_code == 200, "Admin user should can remove other user account" def test_login(test_client, test_user): """User login test""" @@ -81,33 +81,33 @@ def test_login(test_client, test_user): data=json.dumps({"username": "testuser", "password": "wrongpass"}), content_type="application/json", ) - assert response.status_code == 401 # User should not be logged - wrong password + assert response.status_code == 401, "User should not become logged if provided wrong password" response = test_client.post( "/login", data=json.dumps({"username": "testuser", "password": "testpass"}), content_type="application/json", ) - assert response.status_code == 200 # User should be logged - right password + assert response.status_code == 200, "User should become logged if provided right password" def test_get_users(test_client, test_user, test_admin): """Get all users test""" response = test_client.get("/users") - assert response.status_code == 401 # Anonymous cannot get all users data + assert response.status_code == 401, "Anonymous should cannot get all users data" # Common user try to get all users data headers = login_test_user(test_user.id) response = test_client.get("/users", headers=headers) - assert response.status_code == 403 # Common user cannot get all users data + assert response.status_code == 403, "Common user should cannot get all users data" # Admin user try to get all users data headers = login_test_user(test_admin.id) response = test_client.get("/users", headers=headers) - assert response.status_code == 200 # Admin user should be able to get all users data + assert response.status_code == 200, "Admin user should be able to get all users data" def test_get_user_with_token(test_client, test_user, test_admin): """Test to get user data before and after auth using JWT token""" response = test_client.get(f"/users/{test_admin.id}") - assert response.status_code == 401 # Try to get user data without login + assert response.status_code == 401, "Anonymous should cannot get user data without login" admin_headers = login_test_user(test_admin.id) response = test_client.get(f"/users/{test_admin.id}", headers=admin_headers) @@ -117,16 +117,16 @@ def test_get_user_with_token(test_client, test_user, test_admin): headers = login_test_user(test_user.id) response = test_client.get(f"/users/{test_user.id}", headers=headers) - assert response.status_code == 200 # Common user can get own user data + assert response.status_code == 200, "Common user should can get own user data" response = test_client.get(f"/users/{test_admin.id}", headers=headers) - assert response.status_code == 403 # Common user cannot get other user data + assert response.status_code == 403, "Common user should cannot get other user data" response = test_client.get(f"/users/{test_user.id}", headers=admin_headers) - assert response.status_code == 200 # Admin can access all user data + assert response.status_code == 200, "Admin should can access all user data" def test_user_logout(test_client, test_user): """Test if logout works and JWT token is revoked""" headers = login_test_user(test_user.id) response = test_client.get(f"/logout", headers=headers) - assert response.status_code == 200 # Logged user can logout + assert response.status_code == 200, "Logged user should can logout" response = test_client.get(f"/logout", headers=headers) - assert response.status_code == 401 # Token should be revoked after logout + assert response.status_code == 401, "Token should be revoked after logout" From 084e3868f99fcbe3d0f9bd16862c6ac8465288d9 Mon Sep 17 00:00:00 2001 From: Marcin-Ramotowski Date: Thu, 10 Apr 2025 20:38:22 +0000 Subject: [PATCH 5/6] Changed default port to 80 and added possibility of setup app port using TODOLIST_PORT variable --- api/app.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/api/app.py b/api/app.py index 208aaf4..1c2a82a 100644 --- a/api/app.py +++ b/api/app.py @@ -12,7 +12,7 @@ def create_app(config_name="default"): """Creates and returns a new instance of Flask app.""" load_dotenv() app = Flask(__name__) - + # Database settings if config_name == "testing": app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:" # Database in memory @@ -63,4 +63,5 @@ def create_app(config_name="default"): # Server start only if we run app directly if __name__ == "__main__": app = create_app() - app.run(host="0.0.0.0") + port = os.getenv("TODOLIST_PORT", "80") + app.run(host="0.0.0.0", port=port) From ed8fcedba4726a4345591d43a4353001e53eb92c Mon Sep 17 00:00:00 2001 From: Marcin-Ramotowski Date: Thu, 10 Apr 2025 20:38:59 +0000 Subject: [PATCH 6/6] Changed base image for app container to alpine --- Dockerfile | 5 +++-- docker-compose.yml | 14 ++++++++++---- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index aafa859..0ddb7aa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,6 @@ -FROM python:3.11.7-slim-bookworm +FROM python:3.11.7-alpine WORKDIR /app COPY api . RUN pip install -r requirements.txt -CMD python3 app.py +EXPOSE 80 +CMD ["python3", "app.py"] diff --git a/docker-compose.yml b/docker-compose.yml index 4717f40..13ecb59 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,11 +5,17 @@ services: depends_on: - db build: . - env_file: - - api/.env + networks: + - default + db: container_name: db hostname: db image: mysql:latest - env_file: - - db/.env + networks: + - default + +networks: + default: + name: todolist + driver: bridge