api/tests/conftest.py

@@ -1,6 +1,7 @@
 import pytest
 from app import create_app
 from datetime import datetime
+from flask_jwt_extended import create_access_token
 from models import db, User, Task
 from werkzeug.security import generate_password_hash
 
@@ -48,3 +49,9 @@ def new_task(test_user):
     db.session.add(task)
     db.session.commit()
     return task
+
+def login_test_user(identity):
+    """Return Bearer auth header for user identified by provided id"""
+    access_token = create_access_token(identity=str(identity))
+    auth_header = {"Authorization": f"Bearer {access_token}"}
+    return auth_header

api/tests/test_users.py

@@ -1,7 +1,5 @@
+from conftest import login_test_user
 import json
-from models import User, db
-from flask_jwt_extended import create_access_token
-from werkzeug.security import generate_password_hash
 
 def test_create_user(test_client, test_user, test_admin):
     """New user registration test"""
@@ -19,14 +17,12 @@ def test_create_user(test_client, test_user, test_admin):
     assert response.status_code == 401 # Anonymous cannot create admin users
 
     # Login common user and try to create admin user
-    access_token = create_access_token(identity=str(test_user.id))
+    headers = login_test_user(test_user.id)
-    headers = {"Authorization": f"Bearer {access_token}"}
     response = test_client.post("/users", data=json.dumps(admin_user_data), content_type="application/json", headers=headers)
     assert response.status_code == 403 # Common user cannot create admin users
 
     # Try to create admin user using admin account
-    access_token = create_access_token(identity=str(test_admin.id))
+    headers = login_test_user(test_admin.id)
-    headers = {"Authorization": f"Bearer {access_token}"}
     response = test_client.post("/users", data=json.dumps(admin_user_data), content_type="application/json", headers=headers)
     assert response.status_code == 201 # Logged administrators can create new admin users
 
@@ -37,11 +33,9 @@ def test_edit_user(test_client, test_user, test_admin):
     response = test_client.patch(f"/users/{test_admin.id}", data=json.dumps({"username": admin_data["username"], "password": "adminpass"}))
     assert response.status_code == 401
 
-    # Login users
+    # Login users (get dict with auth header and merge it with dict with rest of headers)
-    admin_access_token = create_access_token(identity=str(test_admin.id))
+    admin_headers = login_test_user(test_admin.id) | {"Content-Type": "application/json"}
-    admin_headers = {"Authorization": f"Bearer {admin_access_token}", "Content-Type": "application/json"}
+    user_headers = login_test_user(test_user.id) | {"Content-Type": "application/json"}
-    user_access_token = create_access_token(identity=str(test_user.id))
-    user_headers = {"Authorization": f"Bearer {user_access_token}", "Content-Type": "application/json"}
 
     # Check if PUT request contains all editable fields
     response = test_client.put(f"/users/{test_user.id}", data=json.dumps({"username": test_user.username, "password": "testpass"}), headers=user_headers)
@@ -59,22 +53,15 @@ def test_edit_user(test_client, test_user, test_admin):
     response = test_client.patch(f"/users/{test_user.id}", data=json.dumps({"username": test_user.username, "password": "testpass"}), headers=admin_headers)
     assert response.status_code == 200
 
-def test_remove_user(test_client, test_user, test_user2):
+def test_remove_user(test_client, test_user, test_user2, test_admin):
     "User remove test"
-    # Create 1 admin account
-    hashed_pass = generate_password_hash("adminpass")
-    admin = User(username="testadmin", email="testadmin@example.com", password=hashed_pass, role="Administrator")
-    db.session.add(admin)
-    db.session.commit()
-
     # Anonymous try to remove user
     response = test_client.delete(f"/users/{test_user.id}")
     assert response.status_code == 401 # Anonymous cannot remove user account
 
     # Logged user try to remove other user account
-    access_token = create_access_token(identity=str(test_user.id))
+    headers = login_test_user(test_user.id)
-    headers = {"Authorization": f"Bearer {access_token}"}
+    response = test_client.delete(f"/users/{test_admin.id}", headers=headers)
-    response = test_client.delete(f"/users/{admin.id}", headers=headers)
     assert response.status_code == 403 # Common user cannot remove other user account
 
     # Logged user try to remove own account
@@ -82,8 +69,7 @@ def test_remove_user(test_client, test_user, test_user2):
     assert response.status_code == 200 # Common user can remove their own account
 
     # Logged admin can remove other user account
-    admin_access_token = create_access_token(identity=str(admin.id))
+    admin_headers = login_test_user(test_admin.id)
-    admin_headers = {"Authorization": f"Bearer {admin_access_token}"}
     response = test_client.delete(f"/users/{test_user2.id}", headers=admin_headers)
     assert response.status_code == 200 # Admin user can remove other user account
 
@@ -103,28 +89,18 @@ def test_login(test_client, test_user):
     )
     assert response.status_code == 200 # User should be logged - right password
 
-def test_get_users(test_client):
+def test_get_users(test_client, test_user, test_admin):
     """Get all users test"""
     response = test_client.get("/users")
     assert response.status_code == 401 # Anonymous cannot get all users data
     
     # Common user try to get all users data
-    hashed_pass = generate_password_hash("testpass")
+    headers = login_test_user(test_user.id)
-    user = User(username="testuser", email="test@example.com", password=hashed_pass, role="User")
-    db.session.add(user)
-    db.session.commit()
-    access_token = create_access_token(identity=str(user.id))
-    headers = {"Authorization": f"Bearer {access_token}"}
     response = test_client.get("/users", headers=headers)
     assert response.status_code == 403 # Common user cannot get all users data
     
     # Admin user try to get all users data
-    hashed_pass = generate_password_hash("adminpass")
+    headers = login_test_user(test_admin.id)
-    user = User(username="testadmin", email="testadmin@example.com", password=hashed_pass, role="Administrator")
-    db.session.add(user)
-    db.session.commit()
-    access_token = create_access_token(identity=str(user.id))
-    headers = {"Authorization": f"Bearer {access_token}"}
     response = test_client.get("/users", headers=headers)
     assert response.status_code == 200 # Admin user should be able to get all users data
 
@@ -133,16 +109,13 @@ def test_get_user_with_token(test_client, test_user, test_admin):
     response = test_client.get(f"/users/{test_admin.id}")
     assert response.status_code == 401 # Try to get user data without login
 
-    access_token = create_access_token(identity=str(test_admin.id))
+    admin_headers = login_test_user(test_admin.id)
-    admin_headers = {"Authorization": f"Bearer {access_token}"}
-
     response = test_client.get(f"/users/{test_admin.id}", headers=admin_headers)
     assert response.status_code == 200
     data = response.get_json()
     assert data["username"] == "adminuser"
 
-    access_token = create_access_token(identity=str(test_user.id))
+    headers = login_test_user(test_user.id)
-    headers = {"Authorization": f"Bearer {access_token}"}
     response = test_client.get(f"/users/{test_user.id}", headers=headers)
     assert response.status_code == 200 # Common user can get own user data
     response = test_client.get(f"/users/{test_admin.id}", headers=headers)
@@ -152,9 +125,7 @@ def test_get_user_with_token(test_client, test_user, test_admin):
 
 def test_user_logout(test_client, test_user):
     """Test if logout works and JWT token is revoked"""
-    access_token = create_access_token(identity=str(test_user.id))
+    headers = login_test_user(test_user.id)
-    headers = {"Authorization": f"Bearer {access_token}"}
-
     response = test_client.get(f"/logout", headers=headers)
     assert response.status_code == 200 # Logged user can logout
     response = test_client.get(f"/logout", headers=headers)