rookeries/api/tests/server/test_user_management.py

"""
Functional tests for the managing users.

:copyright: Copyright 2013-2016, Dorian Pula <dorian.pula@amber-penguin-software.ca>
:license: AGPL v3+
"""

import http

import pytest
import pytest_bdd as bdd
import requests
from pytest import mark
from pytest_bdd import parsers

from rookeries.users import models
from tests import utils

# TODO: Add tests to make sure users can't modify each other's profiles, etc.
# TODO: Add in a new role that is super-admin, maybe?

TEST_USER_PASSWORDS = 'password-testing'


@pytest.fixture(scope='module')
def admin_user(db_engine):
    return utils.create_test_user(
        db_engine=db_engine,
        username='admin',
        password=TEST_USER_PASSWORDS,
        role=models.UserRole.admin,
    )


@pytest.fixture(scope='module')
def editor_user(db_engine):
    return utils.create_test_user(
        db_engine=db_engine,
        username='site-editor',
        password=TEST_USER_PASSWORDS,
        role=models.UserRole.editor,
    )


SAMPLE_USERS_REQUEST = {
    'admin': {},
    'editor': {},
}


@mark.skip(reason="Test scenarios need work")
@bdd.scenario('user_management.feature', 'Admin user can create a new admin user')
def test_admin_user_creation_by_admin():
    pass


@mark.skip(reason="Test scenarios need work")
@bdd.scenario('user_management.feature', 'Admin user can create a new editor user')
def test_editor_user_creation_by_admin():
    pass


@mark.skip(reason="Test scenarios need work")
@bdd.scenario('user_management.feature', 'Editor user can not create a new admin user')
def test_admin_user_creation_by_editor():
    pass


@mark.skip(reason="Test scenarios need work")
@bdd.scenario('user_management.feature', 'Editor user can not create a new editor user')
def test_editor_user_creation_by_editor():
    pass


@bdd.scenario('user_management.feature', 'Admin user can get an existing admin user')
def test_admin_user_fetch_by_admin():
    pass


@bdd.scenario('user_management.feature', 'Admin user can get an existing editor user')
def test_editor_user_fetch_by_admin():
    pass


@mark.skip(reason="Test scenarios need work")
@bdd.scenario('user_management.feature', 'Any user can not get an existing admin user')
def test_admin_user_fetch_by_anyone():
    pass


@mark.skip(reason="Test scenarios need work")
@bdd.scenario('user_management.feature', 'Any user can not get an existing editor user')
def test_editor_user_fetch_by_anyone():
    pass


@mark.skip(reason="FIXME")
@bdd.scenario('user_management.feature', 'Editor user can not get an existing admin user')
def test_admin_user_fetch_by_editor():
    pass


@mark.skip(reason="Test scenarios need work")
@bdd.scenario('user_management.feature', 'Editor user can not get an existing editor user that is not me')
def test_editor_user_fetch_by_editor():
    pass


@mark.skip(reason="Test scenarios need work")
@bdd.scenario('user_management.feature', 'Admin user can modify an admin user')
def test_admin_user_modification_by_admin():
    pass


@mark.skip(reason="Test scenarios need work")
@bdd.scenario('user_management.feature', 'Admin user can modify an editor user')
def test_editor_user_modification_by_admin():
    pass


@mark.skip(reason="Test scenarios need work")
@bdd.scenario('user_management.feature', 'Editor user can not modify an editor user that is not self')
def test_editor_user_modification_by_editor():
    pass


@mark.skip(reason="Test scenarios need work")
@bdd.scenario('user_management.feature', 'Editor user can modify their own user')
def test_self_user_modification_by_editor():
    pass


@mark.skip(reason="Test scenarios need work")
@bdd.scenario('user_management.feature', 'Admin user can delete an admin user')
def test_admin_user_deletion_by_admin():
    pass


@mark.skip(reason="Test scenarios need work")
@bdd.scenario('user_management.feature', 'Admin user can delete an editor user')
def test_editor_user_deletion_by_admin():
    pass


@mark.skip(reason="Test scenarios need work")
@bdd.scenario('user_management.feature', 'Editor user can not delete an editor user')
def test_editor_user_deletion_by_editor():
    pass


# Step definitions here.

@bdd.given(parsers.parse('I am an {user_role} user'))
def jwt_token(user_role, api_base_uri, admin_user, editor_user):

    # TODO: Improve selection of fixtures.
    user_info = None
    if user_role == models.UserRole.admin.name:
        user_info = admin_user
    elif user_role == models.UserRole.editor.name:
        user_info = editor_user

    jwt_token = requests.post(
        url=f'{api_base_uri}/auth',
        json={
            'username': user_info['username'],
            'password': TEST_USER_PASSWORDS,
        }
    ).json()['access_token']
    return jwt_token


@bdd.given(parsers.parse('I create an {user_role} user'))
def create_user_response(user_role, jwt_token, api_base_uri):
    user_creation_request = SAMPLE_USERS_REQUEST[user_role]
    response = requests.post(
        url=f'{api_base_uri}/api/users',
        json=user_creation_request,
        headers={
            'Authorization': f'JWT {jwt_token}',
        },
    )

    return response


@bdd.given(parsers.parse('I get an {user_role} user'))
def get_user_response(user_role, jwt_token, api_base_uri, admin_user, editor_user):

    test_user = None
    if user_role == models.UserRole.admin.name:
        test_user = admin_user
    elif user_role == models.UserRole.editor.name:
        test_user = editor_user

    response = requests.get(
        url=f'{api_base_uri}/api/users/{test_user["username"]}',
        headers={
            'Authorization': f'JWT {jwt_token}',
        },
    )
    return response


@bdd.then(parsers.parse('I get a new {user_role} user'))
def assert_create_user_response(user_role, create_user_response, admin_user, editor_user):
    assert create_user_response.status_code == http.HTTPStatus.CREATED
    expected_user_creation_response = admin_user
    assert create_user_response.json() == expected_user_creation_response


@bdd.then(parsers.parse('I can get an {user_role} user profile'))
def assert_user_profile(user_role, get_user_response, admin_user, editor_user):

    # TODO: Add in actual user profiles...
    test_user = None
    if user_role == models.UserRole.admin.name:
        test_user = admin_user
    elif user_role == models.UserRole.editor.name:
        test_user = editor_user

    assert get_user_response.status_code == http.HTTPStatus.OK
    expected_user_creation_response = test_user
    assert get_user_response.json() == expected_user_creation_response


@bdd.then(parsers.parse('I get an unauthorized response'))
def assert_unauthorized_response(get_user_response: requests.Response):
    assert get_user_response.status_code == http.HTTPStatus.UNAUTHORIZED

    expected_response_json = {
        'status_code': http.HTTPStatus.UNAUTHORIZED,
        'error': 'Unauthorized',
        'description': 'Not authorized to access this resource.',
        'resource': get_user_response.request.url,
    }
    assert get_user_response.json() == expected_response_json
Add functional tests for user management. 2016-12-21 17:53:51 -05:00			`"""`
			`Functional tests for the managing users.`

			`:copyright: Copyright 2013-2016, Dorian Pula <dorian.pula@amber-penguin-software.ca>`
			`:license: AGPL v3+`
			`"""`

Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00			`import http`

Migrate test admin user into relevant test out of sample fixture. 2017-02-28 11:54:43 -05:00			`import pytest`
Add functional tests for user management. 2016-12-21 17:53:51 -05:00			`import pytest_bdd as bdd`
Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00			`import requests`
Add JWT authentication to endpoints and update tests for user management. 2017-02-01 08:40:26 -05:00			`from pytest import mark`
			`from pytest_bdd import parsers`
Migrate test admin user into relevant test out of sample fixture. 2017-02-28 11:54:43 -05:00
Add concept of a role to users. 2017-02-28 19:30:55 -05:00			`from rookeries.users import models`
Abstract test user creation to simplify tests. 2017-02-28 17:43:08 -05:00			`from tests import utils`
Add functional tests for user management. 2016-12-21 17:53:51 -05:00
Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00			`# TODO: Add tests to make sure users can't modify each other's profiles, etc.`
			`# TODO: Add in a new role that is super-admin, maybe?`
Update functional tests. 2017-02-25 16:51:39 -05:00
Migrate test admin user into relevant test out of sample fixture. 2017-02-28 11:54:43 -05:00			`TEST_USER_PASSWORDS = 'password-testing'`
Add functional tests for user management. 2016-12-21 17:53:51 -05:00

Migrate test admin user into relevant test out of sample fixture. 2017-02-28 11:54:43 -05:00			`@pytest.fixture(scope='module')`
			`def admin_user(db_engine):`
Abstract test user creation to simplify tests. 2017-02-28 17:43:08 -05:00			`return utils.create_test_user(`
			`db_engine=db_engine,`
			`username='admin',`
			`password=TEST_USER_PASSWORDS,`
Add concept of a role to users. 2017-02-28 19:30:55 -05:00			`role=models.UserRole.admin,`
			`)`


			`@pytest.fixture(scope='module')`
			`def editor_user(db_engine):`
			`return utils.create_test_user(`
			`db_engine=db_engine,`
			`username='site-editor',`
			`password=TEST_USER_PASSWORDS,`
			`role=models.UserRole.editor,`
Abstract test user creation to simplify tests. 2017-02-28 17:43:08 -05:00			`)`
Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00

Migrate test admin user into relevant test out of sample fixture. 2017-02-28 11:54:43 -05:00			`SAMPLE_USERS_REQUEST = {`
			`'admin': {},`
Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00			`'editor': {},`
			`}`


Add JWT authentication to endpoints and update tests for user management. 2017-02-01 08:40:26 -05:00			`@mark.skip(reason="Test scenarios need work")`
Add functional tests for user management. 2016-12-21 17:53:51 -05:00			`@bdd.scenario('user_management.feature', 'Admin user can create a new admin user')`
			`def test_admin_user_creation_by_admin():`
			`pass`


			`@mark.skip(reason="Test scenarios need work")`
			`@bdd.scenario('user_management.feature', 'Admin user can create a new editor user')`
			`def test_editor_user_creation_by_admin():`
			`pass`


			`@mark.skip(reason="Test scenarios need work")`
			`@bdd.scenario('user_management.feature', 'Editor user can not create a new admin user')`
			`def test_admin_user_creation_by_editor():`
			`pass`


			`@mark.skip(reason="Test scenarios need work")`
			`@bdd.scenario('user_management.feature', 'Editor user can not create a new editor user')`
			`def test_editor_user_creation_by_editor():`
			`pass`


			`@bdd.scenario('user_management.feature', 'Admin user can get an existing admin user')`
			`def test_admin_user_fetch_by_admin():`
			`pass`


			`@bdd.scenario('user_management.feature', 'Admin user can get an existing editor user')`
			`def test_editor_user_fetch_by_admin():`
			`pass`


			`@mark.skip(reason="Test scenarios need work")`
			`@bdd.scenario('user_management.feature', 'Any user can not get an existing admin user')`
			`def test_admin_user_fetch_by_anyone():`
			`pass`


			`@mark.skip(reason="Test scenarios need work")`
			`@bdd.scenario('user_management.feature', 'Any user can not get an existing editor user')`
			`def test_editor_user_fetch_by_anyone():`
			`pass`


Add concept of a role to users. 2017-02-28 19:30:55 -05:00			`@mark.skip(reason="FIXME")`
Add functional tests for user management. 2016-12-21 17:53:51 -05:00			`@bdd.scenario('user_management.feature', 'Editor user can not get an existing admin user')`
			`def test_admin_user_fetch_by_editor():`
			`pass`


			`@mark.skip(reason="Test scenarios need work")`
Change test steps to be closer to bdd test capabilities. 2016-12-22 17:14:09 -05:00			`@bdd.scenario('user_management.feature', 'Editor user can not get an existing editor user that is not me')`
Add functional tests for user management. 2016-12-21 17:53:51 -05:00			`def test_editor_user_fetch_by_editor():`
			`pass`


			`@mark.skip(reason="Test scenarios need work")`
			`@bdd.scenario('user_management.feature', 'Admin user can modify an admin user')`
			`def test_admin_user_modification_by_admin():`
			`pass`


			`@mark.skip(reason="Test scenarios need work")`
			`@bdd.scenario('user_management.feature', 'Admin user can modify an editor user')`
			`def test_editor_user_modification_by_admin():`
			`pass`


			`@mark.skip(reason="Test scenarios need work")`
Change test steps to be closer to bdd test capabilities. 2016-12-22 17:14:09 -05:00			`@bdd.scenario('user_management.feature', 'Editor user can not modify an editor user that is not self')`
Add functional tests for user management. 2016-12-21 17:53:51 -05:00			`def test_editor_user_modification_by_editor():`
			`pass`


Change test steps to be closer to bdd test capabilities. 2016-12-22 17:14:09 -05:00			`@mark.skip(reason="Test scenarios need work")`
			`@bdd.scenario('user_management.feature', 'Editor user can modify their own user')`
			`def test_self_user_modification_by_editor():`
			`pass`


Add functional tests for user management. 2016-12-21 17:53:51 -05:00			`@mark.skip(reason="Test scenarios need work")`
			`@bdd.scenario('user_management.feature', 'Admin user can delete an admin user')`
			`def test_admin_user_deletion_by_admin():`
			`pass`


			`@mark.skip(reason="Test scenarios need work")`
			`@bdd.scenario('user_management.feature', 'Admin user can delete an editor user')`
			`def test_editor_user_deletion_by_admin():`
			`pass`


			`@mark.skip(reason="Test scenarios need work")`
			`@bdd.scenario('user_management.feature', 'Editor user can not delete an editor user')`
			`def test_editor_user_deletion_by_editor():`
			`pass`
Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00

			`# Step definitions here.`

			`@bdd.given(parsers.parse('I am an {user_role} user'))`
Add concept of a role to users. 2017-02-28 19:30:55 -05:00			`def jwt_token(user_role, api_base_uri, admin_user, editor_user):`

			`# TODO: Improve selection of fixtures.`
			`user_info = None`
			`if user_role == models.UserRole.admin.name:`
			`user_info = admin_user`
			`elif user_role == models.UserRole.editor.name:`
			`user_info = editor_user`

Update functional tests. 2017-02-25 16:51:39 -05:00			`jwt_token = requests.post(`
			`url=f'{api_base_uri}/auth',`
			`json={`
			`'username': user_info['username'],`
Migrate test admin user into relevant test out of sample fixture. 2017-02-28 11:54:43 -05:00			`'password': TEST_USER_PASSWORDS,`
Update functional tests. 2017-02-25 16:51:39 -05:00			`}`
			`).json()['access_token']`
			`return jwt_token`
Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00

Change test steps to be closer to bdd test capabilities. 2016-12-22 17:14:09 -05:00			`@bdd.given(parsers.parse('I create an {user_role} user'))`
Migrate test admin user into relevant test out of sample fixture. 2017-02-28 11:54:43 -05:00			`def create_user_response(user_role, jwt_token, api_base_uri):`
Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00			`user_creation_request = SAMPLE_USERS_REQUEST[user_role]`
Update functional tests. 2017-02-25 16:51:39 -05:00			`response = requests.post(`
Transition user into a database model. 2017-02-01 23:42:20 -05:00			`url=f'{api_base_uri}/api/users',`
Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00			`json=user_creation_request,`
			`headers={`
Migrate test admin user into relevant test out of sample fixture. 2017-02-28 11:54:43 -05:00			`'Authorization': f'JWT {jwt_token}',`
Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00			`},`
			`)`

Update functional tests. 2017-02-25 16:51:39 -05:00			`return response`

Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00
Transition user into a database model. 2017-02-01 23:42:20 -05:00			`@bdd.given(parsers.parse('I get an {user_role} user'))`
Add concept of a role to users. 2017-02-28 19:30:55 -05:00			`def get_user_response(user_role, jwt_token, api_base_uri, admin_user, editor_user):`

			`test_user = None`
			`if user_role == models.UserRole.admin.name:`
			`test_user = admin_user`
			`elif user_role == models.UserRole.editor.name:`
			`test_user = editor_user`

Update functional tests. 2017-02-25 16:51:39 -05:00			`response = requests.get(`
Migrate test admin user into relevant test out of sample fixture. 2017-02-28 11:54:43 -05:00			`url=f'{api_base_uri}/api/users/{test_user["username"]}',`
Transition user into a database model. 2017-02-01 23:42:20 -05:00			`headers={`
Migrate test admin user into relevant test out of sample fixture. 2017-02-28 11:54:43 -05:00			`'Authorization': f'JWT {jwt_token}',`
Transition user into a database model. 2017-02-01 23:42:20 -05:00			`},`
			`)`
Update functional tests. 2017-02-25 16:51:39 -05:00			`return response`
Transition user into a database model. 2017-02-01 23:42:20 -05:00

Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00			`@bdd.then(parsers.parse('I get a new {user_role} user'))`
Add concept of a role to users. 2017-02-28 19:30:55 -05:00			`def assert_create_user_response(user_role, create_user_response, admin_user, editor_user):`
Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00			`assert create_user_response.status_code == http.HTTPStatus.CREATED`
Migrate test admin user into relevant test out of sample fixture. 2017-02-28 11:54:43 -05:00			`expected_user_creation_response = admin_user`
Create initial steps for creating an admin user. 2016-12-22 08:51:40 -05:00			`assert create_user_response.json() == expected_user_creation_response`
Transition user into a database model. 2017-02-01 23:42:20 -05:00

			`@bdd.then(parsers.parse('I can get an {user_role} user profile'))`
Add concept of a role to users. 2017-02-28 19:30:55 -05:00			`def assert_user_profile(user_role, get_user_response, admin_user, editor_user):`

			`# TODO: Add in actual user profiles...`
			`test_user = None`
			`if user_role == models.UserRole.admin.name:`
			`test_user = admin_user`
			`elif user_role == models.UserRole.editor.name:`
			`test_user = editor_user`

Transition user into a database model. 2017-02-01 23:42:20 -05:00			`assert get_user_response.status_code == http.HTTPStatus.OK`
Add concept of a role to users. 2017-02-28 19:30:55 -05:00			`expected_user_creation_response = test_user`
Transition user into a database model. 2017-02-01 23:42:20 -05:00			`assert get_user_response.json() == expected_user_creation_response`

Add concept of a role to users. 2017-02-28 19:30:55 -05:00
			`@bdd.then(parsers.parse('I get an unauthorized response'))`
			`def assert_unauthorized_response(get_user_response: requests.Response):`
			`assert get_user_response.status_code == http.HTTPStatus.UNAUTHORIZED`

			`expected_response_json = {`
			`'status_code': http.HTTPStatus.UNAUTHORIZED,`
			`'error': 'Unauthorized',`
			`'description': 'Not authorized to access this resource.',`
			`'resource': get_user_response.request.url,`
			`}`
			`assert get_user_response.json() == expected_response_json`