pikram/user-microservice
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
user-microservice/api/tests/test_users.py
Marcin-Ramotowski 3ad5f0ca94 Added more cases to user tests to check all access levels
2025-03-27 22:38:16 +00:00

114 lines
5.3 KiB
Python
Raw Blame History

import json
from models import User, db
from flask_jwt_extended import create_access_token
from werkzeug.security import generate_password_hash
def test_create_user(test_client):
"""New user registration test"""
# Anonymous try to create common user
test_user_data = {"username": "testuser", "email": "test@example.com", "password": "testpass", "role": "User"}
response = test_client.post("/users", data=json.dumps(test_user_data), content_type="application/json")
assert response.status_code == 201 # User should be created successfully
data = response.get_json()
assert data["username"] == "testuser"
# Anonymous try to create admin user
admin_user_data = {"username": "testadmin", "email": "testadmin@example.com", "password": "adminpass", "role": "Administrator"}
response = test_client.post("/users", data=json.dumps(admin_user_data), content_type="application/json")
assert response.status_code == 401 # Anonymous cannot create admin users
# Login common user and try to create admin user
access_token = create_access_token(identity='1')
headers = {"Authorization": f"Bearer {access_token}"}
response = test_client.post("/users", data=json.dumps(admin_user_data), content_type="application/json", headers=headers)
assert response.status_code == 403 # Common user cannot create admin users
# Try to create admin user using admin account
hashed_pass = generate_password_hash("adminpass")
user = User(username="admin", email="admin@example.com", password=hashed_pass, role="Administrator")
db.session.add(user)
db.session.commit()
access_token = create_access_token(identity=str(user.id))
headers = {"Authorization": f"Bearer {access_token}"}
response = test_client.post("/users", data=json.dumps(admin_user_data), content_type="application/json", headers=headers)
assert response.status_code == 201 # Logged administrators can create new admin users
def test_login(test_client):
"""User login test"""
hashed_pass = generate_password_hash("testpass")
user = User(username="testuser", email="test@example.com", password=hashed_pass, role="User")
db.session.add(user)
db.session.commit()
response = test_client.post(
"/login",
data=json.dumps({"username": "testuser", "password": "wrongpass"}),
content_type="application/json",
)
assert response.status_code == 401 # User should not be logged - wrong password
response = test_client.post(
"/login",
data=json.dumps({"username": "testuser", "password": "testpass"}),
content_type="application/json",
)
assert response.status_code == 200 # User should be logged - right password
def test_get_users(test_client):
"""Get all users test"""
response = test_client.get("/users")
assert response.status_code == 401 # Anonymous cannot get all users data
# Common user try to get all users data
hashed_pass = generate_password_hash("testpass")
user = User(username="testuser", email="test@example.com", password=hashed_pass, role="User")
db.session.add(user)
db.session.commit()
access_token = create_access_token(identity=str(user.id))
headers = {"Authorization": f"Bearer {access_token}"}
response = test_client.get("/users", headers=headers)
assert response.status_code == 403 # Common user cannot get all users data
# Admin user try to get all users data
hashed_pass = generate_password_hash("adminpass")
user = User(username="testadmin", email="testadmin@example.com", password=hashed_pass, role="Administrator")
db.session.add(user)
db.session.commit()
access_token = create_access_token(identity=str(user.id))
headers = {"Authorization": f"Bearer {access_token}"}
response = test_client.get("/users", headers=headers)
assert response.status_code == 200 # Admin user should can get all users data
def test_get_user_with_token(test_client):
"""Test to get user data before and after auth using JWT token"""
admin_pass = generate_password_hash("admin_pass")
admin = User(username="admin", email="admin@example.com", password=admin_pass, role="Administrator")
db.session.add(admin)
db.session.commit()
response = test_client.get(f"/users/{admin.id}")
assert response.status_code == 401 # Try to get user data without login
access_token = create_access_token(identity=str(admin.id))
admin_headers = {"Authorization": f"Bearer {access_token}"}
response = test_client.get(f"/users/{admin.id}", headers=admin_headers)
assert response.status_code == 200
data = response.get_json()
assert data["username"] == "admin"
user_pass = generate_password_hash("test_pass")
user = User(username="testuser", email="test@example.com", password=user_pass, role="User")
db.session.add(user)
db.session.commit()
access_token = create_access_token(identity=str(user.id))
headers = {"Authorization": f"Bearer {access_token}"}
response = test_client.get(f"/users/{user.id}", headers=headers)
assert response.status_code == 200 # Common user can get own user data
response = test_client.get(f"/users/{admin.id}", headers=headers)
assert response.status_code == 403 # Common user cannot get other user data
response = test_client.get(f"/users/{user.id}", headers=admin_headers)
assert response.status_code == 200 # Admin can access all user data
Reference in New Issue View Git Blame Copy Permalink