pikram/tasker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reduced repeating of user creation in tests

Browse Source
This commit is contained in:
Marcin-Ramotowski 2025-04-01 20:50:37 +00:00
parent 41d767c02f
commit f36c919ff9
3 changed files with 76 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
api/tests/conftest.py
View File

@ -1,6 +1,8 @@
import pytest import pytest
from app import create_app from app import create_app
from models import db from datetime import datetime
from models import db, User, Task
from werkzeug.security import generate_password_hash
@pytest.fixture @pytest.fixture
def test_client(): def test_client():
@ -13,3 +15,36 @@ def test_client():
yield client yield client
db.session.remove() db.session.remove()
db.drop_all() db.drop_all()
@pytest.fixture
def test_user():
"""Create a new user for testing."""
user = User(username="testuser", email="test@example.com", password=generate_password_hash("testpass"), role="User")
db.session.add(user)
db.session.commit()
return user
@pytest.fixture
def test_user2():
"""Create a user nr 2 for testing."""
user2 = User(username="testuser2", email="test2@example.com", password=generate_password_hash("testpass2"), role="User")
db.session.add(user2)
db.session.commit()
return user2
@pytest.fixture
def test_admin():
"""Create a new admin user for testing."""
admin = User(username="adminuser", email="admin@example.com", password=generate_password_hash("adminpass"), role="Administrator")
db.session.add(admin)
db.session.commit()
return admin
@pytest.fixture
def new_task(test_user):
"""Create a new task for testing."""
due_date = datetime.strptime("20-03-2025 12:00", '%d-%m-%Y %H:%M')
task = Task(title="Test Task", description="Task description", due_date=due_date, done=0, user_id=test_user.id)
db.session.add(task)
db.session.commit()
return task

26
api/tests/test_tasks.py
View File

@ -1,15 +1,11 @@
from datetime import datetime from datetime import datetime
import json import json
from models import Task, User, db from models import db
from flask_jwt_extended import create_access_token from flask_jwt_extended import create_access_token
def test_create_task(test_client): def test_create_task(test_client, test_user):
"""Task creation test by logged in user""" """Task creation test by logged in user"""
user = User(username="testuser", email="test@example.com", password="hashed_pass", role="User") access_token = create_access_token(identity=str(test_user.id))
db.session.add(user)
db.session.commit()
access_token = create_access_token(identity=str(user.id))
headers = {"Authorization": f"Bearer {access_token}"} headers = {"Authorization": f"Bearer {access_token}"}
response = test_client.post( response = test_client.post(
@ -22,21 +18,13 @@ def test_create_task(test_client):
data = response.get_json() data = response.get_json()
assert data["title"] == "Test Task" assert data["title"] == "Test Task"
def test_get_tasks(test_client): def test_get_tasks(test_client, test_user, new_task):
"""User task get test""" """User task get test"""
user = User(username="taskuser", email="task@example.com", password="hashed_pass", role="User") access_token = create_access_token(identity=str(test_user.id))
db.session.add(user)
db.session.commit()
task = Task(title="Zadanie", description="Opis zadania", due_date=datetime.strptime("20-03-2025 12:00", '%d-%m-%Y %H:%M'), done=0, user_id=user.id)
db.session.add(task)
db.session.commit()
access_token = create_access_token(identity=str(user.id))
headers = {"Authorization": f"Bearer {access_token}"} headers = {"Authorization": f"Bearer {access_token}"}
response = test_client.get(f"/tasks/user/{user.id}", headers=headers) response = test_client.get(f"/tasks/user/{test_user.id}", headers=headers)
assert response.status_code == 200 assert response.status_code == 200
data = response.get_json() data = response.get_json()
assert len(data) == 1 assert len(data) == 1
assert data[0]["title"] == "Zadanie" assert data[0]["title"] == "Test Task"

110
api/tests/test_users.py
View File

@ -3,15 +3,15 @@ from models import User, db
from flask_jwt_extended import create_access_token from flask_jwt_extended import create_access_token
from werkzeug.security import generate_password_hash from werkzeug.security import generate_password_hash
def test_create_user(test_client): def test_create_user(test_client, test_user, test_admin):
"""New user registration test""" """New user registration test"""
# Anonymous try to create common user # Anonymous try to create common user
test_user_data = {"username": "testuser", "email": "test@example.com", "password": "testpass", "role": "User"} test_user_data = {"username": "test", "email": "testemail@example.com", "password": "testpassword", "role": "User"}
response = test_client.post("/users", data=json.dumps(test_user_data), content_type="application/json") response = test_client.post("/users", data=json.dumps(test_user_data), content_type="application/json")
assert response.status_code == 201 # User should be created successfully assert response.status_code == 201 # User should be created successfully
data = response.get_json() data = response.get_json()
assert data["username"] == "testuser" assert data["username"] == "test"
# Anonymous try to create admin user # Anonymous try to create admin user
admin_user_data = {"username": "testadmin", "email": "testadmin@example.com", "password": "adminpass", "role": "Administrator"} admin_user_data = {"username": "testadmin", "email": "testadmin@example.com", "password": "adminpass", "role": "Administrator"}
@ -19,25 +19,20 @@ def test_create_user(test_client):
assert response.status_code == 401 # Anonymous cannot create admin users assert response.status_code == 401 # Anonymous cannot create admin users
# Login common user and try to create admin user # Login common user and try to create admin user
access_token = create_access_token(identity='1') access_token = create_access_token(identity=str(test_user.id))
headers = {"Authorization": f"Bearer {access_token}"} headers = {"Authorization": f"Bearer {access_token}"}
response = test_client.post("/users", data=json.dumps(admin_user_data), content_type="application/json", headers=headers) response = test_client.post("/users", data=json.dumps(admin_user_data), content_type="application/json", headers=headers)
assert response.status_code == 403 # Common user cannot create admin users assert response.status_code == 403 # Common user cannot create admin users
# Try to create admin user using admin account # Try to create admin user using admin account
hashed_pass = generate_password_hash("adminpass") access_token = create_access_token(identity=str(test_admin.id))
user = User(username="admin", email="admin@example.com", password=hashed_pass, role="Administrator")
db.session.add(user)
db.session.commit()
access_token = create_access_token(identity=str(user.id))
headers = {"Authorization": f"Bearer {access_token}"} headers = {"Authorization": f"Bearer {access_token}"}
response = test_client.post("/users", data=json.dumps(admin_user_data), content_type="application/json", headers=headers) response = test_client.post("/users", data=json.dumps(admin_user_data), content_type="application/json", headers=headers)
assert response.status_code == 201 # Logged administrators can create new admin users assert response.status_code == 201 # Logged administrators can create new admin users
def test_edit_user(test_client, test_user):
def test_edit_user(test_client):
"User edit test" "User edit test"
# Create one admin and one user account # Create one admin account
admin_password = "adminpass" admin_password = "adminpass"
hashed_admin_pass = generate_password_hash(admin_password) hashed_admin_pass = generate_password_hash(admin_password)
admin_data = {"username": "testadmin", "email": "testadmin@example.com", "role": "Administrator"} admin_data = {"username": "testadmin", "email": "testadmin@example.com", "role": "Administrator"}
@ -45,13 +40,6 @@ def test_edit_user(test_client):
db.session.add(admin) db.session.add(admin)
db.session.commit() db.session.commit()
user_password = "testpass"
hashed_user_pass = generate_password_hash(user_password)
user_data = {"username": "testuser", "email": "test@example.com", "role": "User"}
user = User(username=user_data["username"], email=user_data["email"], password=hashed_user_pass, role=user_data["role"])
db.session.add(user)
db.session.commit()
# Anonymous cannot edit any user # Anonymous cannot edit any user
response = test_client.patch(f"/users/{admin.id}", data=json.dumps({"username": admin_data["username"], "password": admin_password})) response = test_client.patch(f"/users/{admin.id}", data=json.dumps({"username": admin_data["username"], "password": admin_password}))
assert response.status_code == 401 assert response.status_code == 401
@ -59,15 +47,15 @@ def test_edit_user(test_client):
# Login users # Login users
admin_access_token = create_access_token(identity=str(admin.id)) admin_access_token = create_access_token(identity=str(admin.id))
admin_headers = {"Authorization": f"Bearer {admin_access_token}", "Content-Type": "application/json"} admin_headers = {"Authorization": f"Bearer {admin_access_token}", "Content-Type": "application/json"}
user_access_token = create_access_token(identity=str(user.id)) user_access_token = create_access_token(identity=str(test_user.id))
user_headers = {"Authorization": f"Bearer {user_access_token}", "Content-Type": "application/json"} user_headers = {"Authorization": f"Bearer {user_access_token}", "Content-Type": "application/json"}
# Check if PUT request contains all editable fields # Check if PUT request contains all editable fields
response = test_client.put(f"/users/{user.id}", data=json.dumps({"username": user_data["username"], "password": user_password}), headers=user_headers) response = test_client.put(f"/users/{test_user.id}", data=json.dumps({"username": test_user.username, "password": "testpass"}), headers=user_headers)
assert response.status_code == 400 # PUT must have all editable fields assert response.status_code == 400 # PUT must have all editable fields
# Check if user can edit your own data # Check if user can edit their own data
response = test_client.patch(f"/users/{user.id}", data=json.dumps({"username": user_data["username"], "password": user_password}), headers=user_headers) response = test_client.patch(f"/users/{test_user.id}", data=json.dumps({"username": test_user.username, "password": "testpass"}), headers=user_headers)
assert response.status_code == 200 assert response.status_code == 200
# Check if user cannot edit other user data # Check if user cannot edit other user data
@ -75,54 +63,39 @@ def test_edit_user(test_client):
assert response.status_code == 403 assert response.status_code == 403
# Check if admin can edit other user data # Check if admin can edit other user data
response = test_client.patch(f"/users/{user.id}", data=json.dumps({"username": user_data["username"], "password": user_password}), headers=admin_headers) response = test_client.patch(f"/users/{test_user.id}", data=json.dumps({"username": test_user.username, "password": "testpass"}), headers=admin_headers)
assert response.status_code == 200 assert response.status_code == 200
def test_remove_user(test_client): def test_remove_user(test_client, test_user, test_user2):
"User remove test" "User remove test"
# Create 1 admin and 2 common user accounts # Create 1 admin account
hashed_pass = generate_password_hash("adminpass") hashed_pass = generate_password_hash("adminpass")
admin = User(username="testadmin", email="testadmin@example.com", password=hashed_pass, role="Administrator") admin = User(username="testadmin", email="testadmin@example.com", password=hashed_pass, role="Administrator")
db.session.add(admin) db.session.add(admin)
db.session.commit() db.session.commit()
hashed_pass = generate_password_hash("testpass")
user = User(username="testuser", email="test@example.com", password=hashed_pass, role="User")
db.session.add(user)
db.session.commit()
hashed_pass = generate_password_hash("testpass2")
user2 = User(username="testuser2", email="test2@example.com", password=hashed_pass, role="User")
db.session.add(user2)
db.session.commit()
# Anonymous try to remove user # Anonymous try to remove user
response = test_client.delete(f"/users/{user.id}") response = test_client.delete(f"/users/{test_user.id}")
assert response.status_code == 401 # Anonymous cannot remove user account assert response.status_code == 401 # Anonymous cannot remove user account
# Logged user try to remove other user account # Logged user try to remove other user account
access_token = create_access_token(identity=str(user.id)) access_token = create_access_token(identity=str(test_user.id))
headers = {"Authorization": f"Bearer {access_token}"} headers = {"Authorization": f"Bearer {access_token}"}
response = test_client.delete(f"/users/{admin.id}", headers=headers) response = test_client.delete(f"/users/{admin.id}", headers=headers)
assert response.status_code == 403 # Common user cannot remove other user account assert response.status_code == 403 # Common user cannot remove other user account
# Logged user try to remove own account # Logged user try to remove own account
response = test_client.delete(f"/users/{user.id}", headers=headers) response = test_client.delete(f"/users/{test_user.id}", headers=headers)
assert response.status_code == 200 # Common user can remove your own account assert response.status_code == 200 # Common user can remove their own account
# Logged admin can remove other user account # Logged admin can remove other user account
admin_access_token = create_access_token(identity=str(admin.id)) admin_access_token = create_access_token(identity=str(admin.id))
admin_headers = {"Authorization": f"Bearer {admin_access_token}"} admin_headers = {"Authorization": f"Bearer {admin_access_token}"}
response = test_client.delete(f"/users/{user2.id}", headers=admin_headers) response = test_client.delete(f"/users/{test_user2.id}", headers=admin_headers)
assert response.status_code == 200 # Admin user can remove other user account assert response.status_code == 200 # Admin user can remove other user account
def test_login(test_client, test_user):
def test_login(test_client):
"""User login test""" """User login test"""
hashed_pass = generate_password_hash("testpass")
user = User(username="testuser", email="test@example.com", password=hashed_pass, role="User")
db.session.add(user)
db.session.commit()
response = test_client.post( response = test_client.post(
"/login", "/login",
@ -137,7 +110,6 @@ def test_login(test_client):
) )
assert response.status_code == 200 # User should be logged - right password assert response.status_code == 200 # User should be logged - right password
def test_get_users(test_client): def test_get_users(test_client):
"""Get all users test""" """Get all users test"""
response = test_client.get("/users") response = test_client.get("/users")
@ -161,49 +133,33 @@ def test_get_users(test_client):
access_token = create_access_token(identity=str(user.id)) access_token = create_access_token(identity=str(user.id))
headers = {"Authorization": f"Bearer {access_token}"} headers = {"Authorization": f"Bearer {access_token}"}
response = test_client.get("/users", headers=headers) response = test_client.get("/users", headers=headers)
assert response.status_code == 200 # Admin user should can get all users data assert response.status_code == 200 # Admin user should be able to get all users data
def test_get_user_with_token(test_client, test_user, test_admin):
def test_get_user_with_token(test_client):
"""Test to get user data before and after auth using JWT token""" """Test to get user data before and after auth using JWT token"""
admin_pass = generate_password_hash("admin_pass") response = test_client.get(f"/users/{test_admin.id}")
admin = User(username="admin", email="admin@example.com", password=admin_pass, role="Administrator")
db.session.add(admin)
db.session.commit()
response = test_client.get(f"/users/{admin.id}")
assert response.status_code == 401 # Try to get user data without login assert response.status_code == 401 # Try to get user data without login
access_token = create_access_token(identity=str(admin.id)) access_token = create_access_token(identity=str(test_admin.id))
admin_headers = {"Authorization": f"Bearer {access_token}"} admin_headers = {"Authorization": f"Bearer {access_token}"}
response = test_client.get(f"/users/{admin.id}", headers=admin_headers) response = test_client.get(f"/users/{test_admin.id}", headers=admin_headers)
assert response.status_code == 200 assert response.status_code == 200
data = response.get_json() data = response.get_json()
assert data["username"] == "admin" assert data["username"] == "adminuser"
user_pass = generate_password_hash("test_pass") access_token = create_access_token(identity=str(test_user.id))
user = User(username="testuser", email="test@example.com", password=user_pass, role="User")
db.session.add(user)
db.session.commit()
access_token = create_access_token(identity=str(user.id))
headers = {"Authorization": f"Bearer {access_token}"} headers = {"Authorization": f"Bearer {access_token}"}
response = test_client.get(f"/users/{user.id}", headers=headers) response = test_client.get(f"/users/{test_user.id}", headers=headers)
assert response.status_code == 200 # Common user can get own user data assert response.status_code == 200 # Common user can get own user data
response = test_client.get(f"/users/{admin.id}", headers=headers) response = test_client.get(f"/users/{test_admin.id}", headers=headers)
assert response.status_code == 403 # Common user cannot get other user data assert response.status_code == 403 # Common user cannot get other user data
response = test_client.get(f"/users/{user.id}", headers=admin_headers) response = test_client.get(f"/users/{test_user.id}", headers=admin_headers)
assert response.status_code == 200 # Admin can access all user data assert response.status_code == 200 # Admin can access all user data
def test_user_logout(test_client, test_user):
def test_user_logout(test_client): """Test if logout works and JWT token is revoked"""
"""Test if logout work and JWT token is revoked""" access_token = create_access_token(identity=str(test_user.id))
hashed_pass = generate_password_hash("testpass")
user = User(username="testuser", email="test@example.com", password=hashed_pass, role="User")
db.session.add(user)
db.session.commit()
access_token = create_access_token(identity=str(user.id))
headers = {"Authorization": f"Bearer {access_token}"} headers = {"Authorization": f"Bearer {access_token}"}
response = test_client.get(f"/logout", headers=headers) response = test_client.get(f"/logout", headers=headers)