rookeries/api/tests/server/test_user_management.py

"""
Functional tests for the managing users.

:copyright: Copyright 2013-2016, Dorian Pula <dorian.pula@amber-penguin-software.ca>
:license: AGPL v3+
"""

import http

import pytest
import pytest_bdd as bdd
import requests
from pytest_bdd import parsers

from rookeries.users import models
from tests import utils

bdd.scenarios('user_management.feature')

# TODO: Add tests to make sure users can't modify each other's profiles, etc.
# TODO: Add in a new role that is super-admin, maybe?
# TODO: Add scenarios regarding subscriber users.

TEST_USER_PASSWORDS = 'password-testing'


@pytest.fixture(scope='module')
def admin_user(db_engine):
    return utils.create_test_user(
        db_engine=db_engine,
        username='admin',
        password=TEST_USER_PASSWORDS,
        role=models.UserRole.admin,
    )


@pytest.fixture(scope='module')
def editor_user(db_engine):
    return utils.create_test_user(
        db_engine=db_engine,
        username='site-editor',
        password=TEST_USER_PASSWORDS,
        role=models.UserRole.editor,
    )


@pytest.fixture(scope='module')
def subscriber_user(db_engine):
    return utils.create_test_user(
        db_engine=db_engine,
        username='site-member',
        password=TEST_USER_PASSWORDS,
        role=models.UserRole.subscriber,
    )


@pytest.fixture(scope='module')
def non_existent_user():
    return {
        'username': 'does-not-exist',
    }


SAMPLE_USERS_REQUEST = {
    'admin': {},
    'editor': {},
}


# Step definitions here.

@bdd.given(parsers.parse('I am an {user_role} user'))
@bdd.given(parsers.parse('I am a {user_role} user'))
def jwt_token(user_role, api_base_uri, admin_user, editor_user, subscriber_user, non_existent_user):

    # TODO: Improve selection of fixtures.
    user_info = non_existent_user
    if user_role == models.UserRole.admin.name:
        user_info = admin_user
    elif user_role == models.UserRole.editor.name:
        user_info = editor_user
    elif user_role == models.UserRole.subscriber.name:
        user_info = subscriber_user

    jwt_token = requests.post(
        url=f'{api_base_uri}/auth',
        json={
            'username': user_info['username'],
            'password': TEST_USER_PASSWORDS,
        }
    ).json()['access_token']
    return jwt_token


@bdd.given(parsers.parse('I create an {user_role} user'))
@bdd.given(parsers.parse('I create a {user_role} user'))
def create_user_response(user_role, jwt_token, api_base_uri):
    user_creation_request = SAMPLE_USERS_REQUEST[user_role]
    response = requests.post(
        url=f'{api_base_uri}/api/users',
        json=user_creation_request,
        headers={
            'Authorization': f'JWT {jwt_token}',
        },
    )

    return response


@bdd.given(parsers.parse('I get an {user_role} user'))
@bdd.given(parsers.parse('I get a {user_role} user'))
def get_user_response(user_role, jwt_token, api_base_uri, admin_user, editor_user, subscriber_user, non_existent_user):

    user_info = non_existent_user
    if user_role == models.UserRole.admin.name:
        user_info = admin_user
    elif user_role == models.UserRole.editor.name:
        user_info = editor_user
    elif user_role == models.UserRole.subscriber.name:
        user_info = subscriber_user

    response = requests.get(
        url=f'{api_base_uri}/api/users/{user_info["username"]}',
        headers={
            'Authorization': f'JWT {jwt_token}',
        },
    )
    return response


@bdd.then(parsers.parse('I get a new {user_role} user'))
def assert_create_user_response(user_role, create_user_response, admin_user, editor_user, subscriber_user,
                                non_existent_user):
    assert create_user_response.status_code == http.HTTPStatus.CREATED
    expected_user_creation_response = admin_user
    assert create_user_response.json() == expected_user_creation_response


@bdd.then(parsers.parse('I can get an {user_role} user profile'))
@bdd.then(parsers.parse('I can get a {user_role} user profile'))
def assert_user_profile(user_role, get_user_response, admin_user, editor_user, subscriber_user, non_existent_user):

    # TODO: Add in actual user profiles...
    user_info = non_existent_user
    if user_role == models.UserRole.admin.name:
        user_info = admin_user
    elif user_role == models.UserRole.editor.name:
        user_info = editor_user
    elif user_role == models.UserRole.subscriber.name:
        user_info = subscriber_user

    assert get_user_response.status_code == http.HTTPStatus.OK
    expected_user_creation_response = user_info
    assert get_user_response.json() == expected_user_creation_response


@bdd.then(parsers.parse('I get an unauthorized response'))
def assert_unauthorized_response(get_user_response: requests.Response):
    assert get_user_response.status_code == http.HTTPStatus.UNAUTHORIZED

    expected_response_json = {
        'error': {
            'status_code': http.HTTPStatus.UNAUTHORIZED.value,
            'message': 'Not authorized to access this resource.',
            'resource': get_user_response.request.url,
        }
    }
    assert get_user_response.json() == expected_response_json


@bdd.then(parsers.parse('I can get a user can not be found message'))
def assert_resource_not_found_response(get_user_response: requests.Response):
    assert get_user_response.status_code == http.HTTPStatus.NOT_FOUND

    expected_response_json = {
        'error': {
            'status_code': http.HTTPStatus.NOT_FOUND.value,
            'message': 'Resource not found.',
            'resource': get_user_response.request.url,
        },
    }
    assert get_user_response.json() == expected_response_json
Add functional tests for user management. 2016-12-21 17:53:51 -05:00			`"""`
			`Functional tests for the managing users.`

			`:copyright: Copyright 2013-2016, Dorian Pula <dorian.pula@amber-penguin-software.ca>`
			`:license: AGPL v3+`
			`"""`

Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00			`import http`

Migrate test admin user into relevant test out of sample fixture. 2017-02-28 11:54:43 -05:00			`import pytest`
Add functional tests for user management. 2016-12-21 17:53:51 -05:00			`import pytest_bdd as bdd`
Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00			`import requests`
Add JWT authentication to endpoints and update tests for user management. 2017-02-01 08:40:26 -05:00			`from pytest_bdd import parsers`
Migrate test admin user into relevant test out of sample fixture. 2017-02-28 11:54:43 -05:00
Add concept of a role to users. 2017-02-28 19:30:55 -05:00			`from rookeries.users import models`
Abstract test user creation to simplify tests. 2017-02-28 17:43:08 -05:00			`from tests import utils`
Add functional tests for user management. 2016-12-21 17:53:51 -05:00
Enable automatic generation of scenarios. 2017-03-01 23:58:05 -05:00			`bdd.scenarios('user_management.feature')`

Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00			`# TODO: Add tests to make sure users can't modify each other's profiles, etc.`
			`# TODO: Add in a new role that is super-admin, maybe?`
Add support to not allow unauthorized access of users dependent on roles. 2017-03-01 22:34:23 -05:00			`# TODO: Add scenarios regarding subscriber users.`
Update functional tests. 2017-02-25 16:51:39 -05:00
Migrate test admin user into relevant test out of sample fixture. 2017-02-28 11:54:43 -05:00			`TEST_USER_PASSWORDS = 'password-testing'`
Add functional tests for user management. 2016-12-21 17:53:51 -05:00

Migrate test admin user into relevant test out of sample fixture. 2017-02-28 11:54:43 -05:00			`@pytest.fixture(scope='module')`
			`def admin_user(db_engine):`
Abstract test user creation to simplify tests. 2017-02-28 17:43:08 -05:00			`return utils.create_test_user(`
			`db_engine=db_engine,`
			`username='admin',`
			`password=TEST_USER_PASSWORDS,`
Add concept of a role to users. 2017-02-28 19:30:55 -05:00			`role=models.UserRole.admin,`
			`)`


			`@pytest.fixture(scope='module')`
			`def editor_user(db_engine):`
			`return utils.create_test_user(`
			`db_engine=db_engine,`
			`username='site-editor',`
			`password=TEST_USER_PASSWORDS,`
			`role=models.UserRole.editor,`
Abstract test user creation to simplify tests. 2017-02-28 17:43:08 -05:00			`)`
Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00

Add support to not allow unauthorized access of users dependent on roles. 2017-03-01 22:34:23 -05:00			`@pytest.fixture(scope='module')`
			`def subscriber_user(db_engine):`
			`return utils.create_test_user(`
			`db_engine=db_engine,`
			`username='site-member',`
			`password=TEST_USER_PASSWORDS,`
			`role=models.UserRole.subscriber,`
			`)`


Significantly improve the error code. 2017-03-01 09:18:44 -05:00			`@pytest.fixture(scope='module')`
			`def non_existent_user():`
			`return {`
			`'username': 'does-not-exist',`
			`}`


Migrate test admin user into relevant test out of sample fixture. 2017-02-28 11:54:43 -05:00			`SAMPLE_USERS_REQUEST = {`
			`'admin': {},`
Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00			`'editor': {},`
			`}`


			`# Step definitions here.`

			`@bdd.given(parsers.parse('I am an {user_role} user'))`
Enable automatic generation of scenarios. 2017-03-01 23:58:05 -05:00			`@bdd.given(parsers.parse('I am a {user_role} user'))`
Add support to not allow unauthorized access of users dependent on roles. 2017-03-01 22:34:23 -05:00			`def jwt_token(user_role, api_base_uri, admin_user, editor_user, subscriber_user, non_existent_user):`
Add concept of a role to users. 2017-02-28 19:30:55 -05:00
			`# TODO: Improve selection of fixtures.`
Add support to not allow unauthorized access of users dependent on roles. 2017-03-01 22:34:23 -05:00			`user_info = non_existent_user`
Add concept of a role to users. 2017-02-28 19:30:55 -05:00			`if user_role == models.UserRole.admin.name:`
			`user_info = admin_user`
			`elif user_role == models.UserRole.editor.name:`
			`user_info = editor_user`
Add support to not allow unauthorized access of users dependent on roles. 2017-03-01 22:34:23 -05:00			`elif user_role == models.UserRole.subscriber.name:`
			`user_info = subscriber_user`
Add concept of a role to users. 2017-02-28 19:30:55 -05:00
Update functional tests. 2017-02-25 16:51:39 -05:00			`jwt_token = requests.post(`
			`url=f'{api_base_uri}/auth',`
			`json={`
			`'username': user_info['username'],`
Migrate test admin user into relevant test out of sample fixture. 2017-02-28 11:54:43 -05:00			`'password': TEST_USER_PASSWORDS,`
Update functional tests. 2017-02-25 16:51:39 -05:00			`}`
			`).json()['access_token']`
			`return jwt_token`
Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00

Change test steps to be closer to bdd test capabilities. 2016-12-22 17:14:09 -05:00			`@bdd.given(parsers.parse('I create an {user_role} user'))`
Enable automatic generation of scenarios. 2017-03-01 23:58:05 -05:00			`@bdd.given(parsers.parse('I create a {user_role} user'))`
Migrate test admin user into relevant test out of sample fixture. 2017-02-28 11:54:43 -05:00			`def create_user_response(user_role, jwt_token, api_base_uri):`
Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00			`user_creation_request = SAMPLE_USERS_REQUEST[user_role]`
Update functional tests. 2017-02-25 16:51:39 -05:00			`response = requests.post(`
Transition user into a database model. 2017-02-01 23:42:20 -05:00			`url=f'{api_base_uri}/api/users',`
Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00			`json=user_creation_request,`
			`headers={`
Migrate test admin user into relevant test out of sample fixture. 2017-02-28 11:54:43 -05:00			`'Authorization': f'JWT {jwt_token}',`
Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00			`},`
			`)`

Update functional tests. 2017-02-25 16:51:39 -05:00			`return response`

Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00
Transition user into a database model. 2017-02-01 23:42:20 -05:00			`@bdd.given(parsers.parse('I get an {user_role} user'))`
Enable automatic generation of scenarios. 2017-03-01 23:58:05 -05:00			`@bdd.given(parsers.parse('I get a {user_role} user'))`
Add support to not allow unauthorized access of users dependent on roles. 2017-03-01 22:34:23 -05:00			`def get_user_response(user_role, jwt_token, api_base_uri, admin_user, editor_user, subscriber_user, non_existent_user):`
Add concept of a role to users. 2017-02-28 19:30:55 -05:00
Add support to not allow unauthorized access of users dependent on roles. 2017-03-01 22:34:23 -05:00			`user_info = non_existent_user`
Add concept of a role to users. 2017-02-28 19:30:55 -05:00			`if user_role == models.UserRole.admin.name:`
Add support to not allow unauthorized access of users dependent on roles. 2017-03-01 22:34:23 -05:00			`user_info = admin_user`
Add concept of a role to users. 2017-02-28 19:30:55 -05:00			`elif user_role == models.UserRole.editor.name:`
Add support to not allow unauthorized access of users dependent on roles. 2017-03-01 22:34:23 -05:00			`user_info = editor_user`
			`elif user_role == models.UserRole.subscriber.name:`
			`user_info = subscriber_user`
Add concept of a role to users. 2017-02-28 19:30:55 -05:00
Update functional tests. 2017-02-25 16:51:39 -05:00			`response = requests.get(`
Add support to not allow unauthorized access of users dependent on roles. 2017-03-01 22:34:23 -05:00			`url=f'{api_base_uri}/api/users/{user_info["username"]}',`
Transition user into a database model. 2017-02-01 23:42:20 -05:00			`headers={`
Migrate test admin user into relevant test out of sample fixture. 2017-02-28 11:54:43 -05:00			`'Authorization': f'JWT {jwt_token}',`
Transition user into a database model. 2017-02-01 23:42:20 -05:00			`},`
			`)`
Update functional tests. 2017-02-25 16:51:39 -05:00			`return response`
Transition user into a database model. 2017-02-01 23:42:20 -05:00

Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00			`@bdd.then(parsers.parse('I get a new {user_role} user'))`
Add support to not allow unauthorized access of users dependent on roles. 2017-03-01 22:34:23 -05:00			`def assert_create_user_response(user_role, create_user_response, admin_user, editor_user, subscriber_user,`
			`non_existent_user):`
Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00			`assert create_user_response.status_code == http.HTTPStatus.CREATED`
Migrate test admin user into relevant test out of sample fixture. 2017-02-28 11:54:43 -05:00			`expected_user_creation_response = admin_user`
Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00			`assert create_user_response.json() == expected_user_creation_response`
Transition user into a database model. 2017-02-01 23:42:20 -05:00

			`@bdd.then(parsers.parse('I can get an {user_role} user profile'))`
Enable automatic generation of scenarios. 2017-03-01 23:58:05 -05:00			`@bdd.then(parsers.parse('I can get a {user_role} user profile'))`
Add support to not allow unauthorized access of users dependent on roles. 2017-03-01 22:34:23 -05:00			`def assert_user_profile(user_role, get_user_response, admin_user, editor_user, subscriber_user, non_existent_user):`
Add concept of a role to users. 2017-02-28 19:30:55 -05:00
			`# TODO: Add in actual user profiles...`
Add support to not allow unauthorized access of users dependent on roles. 2017-03-01 22:34:23 -05:00			`user_info = non_existent_user`
Add concept of a role to users. 2017-02-28 19:30:55 -05:00			`if user_role == models.UserRole.admin.name:`
Add support to not allow unauthorized access of users dependent on roles. 2017-03-01 22:34:23 -05:00			`user_info = admin_user`
Add concept of a role to users. 2017-02-28 19:30:55 -05:00			`elif user_role == models.UserRole.editor.name:`
Add support to not allow unauthorized access of users dependent on roles. 2017-03-01 22:34:23 -05:00			`user_info = editor_user`
			`elif user_role == models.UserRole.subscriber.name:`
			`user_info = subscriber_user`
Add concept of a role to users. 2017-02-28 19:30:55 -05:00
Transition user into a database model. 2017-02-01 23:42:20 -05:00			`assert get_user_response.status_code == http.HTTPStatus.OK`
Add support to not allow unauthorized access of users dependent on roles. 2017-03-01 22:34:23 -05:00			`expected_user_creation_response = user_info`
Transition user into a database model. 2017-02-01 23:42:20 -05:00			`assert get_user_response.json() == expected_user_creation_response`

Add concept of a role to users. 2017-02-28 19:30:55 -05:00
			`@bdd.then(parsers.parse('I get an unauthorized response'))`
			`def assert_unauthorized_response(get_user_response: requests.Response):`
			`assert get_user_response.status_code == http.HTTPStatus.UNAUTHORIZED`

			`expected_response_json = {`
Add support to not allow unauthorized access of users dependent on roles. 2017-03-01 22:34:23 -05:00			`'error': {`
			`'status_code': http.HTTPStatus.UNAUTHORIZED.value,`
			`'message': 'Not authorized to access this resource.',`
			`'resource': get_user_response.request.url,`
			`}`
Add concept of a role to users. 2017-02-28 19:30:55 -05:00			`}`
			`assert get_user_response.json() == expected_response_json`
Significantly improve the error code. 2017-03-01 09:18:44 -05:00

			`@bdd.then(parsers.parse('I can get a user can not be found message'))`
Fix flake8 issue. 2017-03-01 09:32:16 -05:00			`def assert_resource_not_found_response(get_user_response: requests.Response):`
Significantly improve the error code. 2017-03-01 09:18:44 -05:00			`assert get_user_response.status_code == http.HTTPStatus.NOT_FOUND`

			`expected_response_json = {`
			`'error': {`
			`'status_code': http.HTTPStatus.NOT_FOUND.value,`
			`'message': 'Resource not found.',`
			`'resource': get_user_response.request.url,`
			`},`
			`}`
			`assert get_user_response.json() == expected_response_json`