183 lines
5.5 KiB
Python
183 lines
5.5 KiB
Python
"""
|
|
Functional tests for the managing users.
|
|
|
|
:copyright: Copyright 2013-2016, Dorian Pula <dorian.pula@amber-penguin-software.ca>
|
|
:license: AGPL v3+
|
|
"""
|
|
|
|
import http
|
|
|
|
import pytest
|
|
import pytest_bdd as bdd
|
|
import requests
|
|
from pytest_bdd import parsers
|
|
|
|
from rookeries.users import models
|
|
from tests import utils
|
|
|
|
bdd.scenarios('user_management.feature')
|
|
|
|
# TODO: Add tests to make sure users can't modify each other's profiles, etc.
|
|
# TODO: Add in a new role that is super-admin, maybe?
|
|
# TODO: Add scenarios regarding subscriber users.
|
|
|
|
TEST_USER_PASSWORDS = 'password-testing'
|
|
|
|
|
|
@pytest.fixture(scope='module')
|
|
def admin_user(db_engine):
|
|
return utils.create_test_user(
|
|
db_engine=db_engine,
|
|
username='admin',
|
|
password=TEST_USER_PASSWORDS,
|
|
role=models.UserRole.admin,
|
|
)
|
|
|
|
|
|
@pytest.fixture(scope='module')
|
|
def editor_user(db_engine):
|
|
return utils.create_test_user(
|
|
db_engine=db_engine,
|
|
username='site-editor',
|
|
password=TEST_USER_PASSWORDS,
|
|
role=models.UserRole.editor,
|
|
)
|
|
|
|
|
|
@pytest.fixture(scope='module')
|
|
def subscriber_user(db_engine):
|
|
return utils.create_test_user(
|
|
db_engine=db_engine,
|
|
username='site-member',
|
|
password=TEST_USER_PASSWORDS,
|
|
role=models.UserRole.subscriber,
|
|
)
|
|
|
|
|
|
@pytest.fixture(scope='module')
|
|
def non_existent_user():
|
|
return {
|
|
'username': 'does-not-exist',
|
|
}
|
|
|
|
|
|
SAMPLE_USERS_REQUEST = {
|
|
'admin': {},
|
|
'editor': {},
|
|
}
|
|
|
|
|
|
# Step definitions here.
|
|
|
|
@bdd.given(parsers.parse('I am an {user_role} user'))
|
|
@bdd.given(parsers.parse('I am a {user_role} user'))
|
|
def jwt_token(user_role, api_base_uri, admin_user, editor_user, subscriber_user, non_existent_user):
|
|
|
|
# TODO: Improve selection of fixtures.
|
|
user_info = non_existent_user
|
|
if user_role == models.UserRole.admin.name:
|
|
user_info = admin_user
|
|
elif user_role == models.UserRole.editor.name:
|
|
user_info = editor_user
|
|
elif user_role == models.UserRole.subscriber.name:
|
|
user_info = subscriber_user
|
|
|
|
jwt_token = requests.post(
|
|
url=f'{api_base_uri}/auth',
|
|
json={
|
|
'username': user_info['username'],
|
|
'password': TEST_USER_PASSWORDS,
|
|
}
|
|
).json()['access_token']
|
|
return jwt_token
|
|
|
|
|
|
@bdd.given(parsers.parse('I create an {user_role} user'))
|
|
@bdd.given(parsers.parse('I create a {user_role} user'))
|
|
def create_user_response(user_role, jwt_token, api_base_uri):
|
|
user_creation_request = SAMPLE_USERS_REQUEST[user_role]
|
|
response = requests.post(
|
|
url=f'{api_base_uri}/api/users',
|
|
json=user_creation_request,
|
|
headers={
|
|
'Authorization': f'JWT {jwt_token}',
|
|
},
|
|
)
|
|
|
|
return response
|
|
|
|
|
|
@bdd.given(parsers.parse('I get an {user_role} user'))
|
|
@bdd.given(parsers.parse('I get a {user_role} user'))
|
|
def get_user_response(user_role, jwt_token, api_base_uri, admin_user, editor_user, subscriber_user, non_existent_user):
|
|
|
|
user_info = non_existent_user
|
|
if user_role == models.UserRole.admin.name:
|
|
user_info = admin_user
|
|
elif user_role == models.UserRole.editor.name:
|
|
user_info = editor_user
|
|
elif user_role == models.UserRole.subscriber.name:
|
|
user_info = subscriber_user
|
|
|
|
response = requests.get(
|
|
url=f'{api_base_uri}/api/users/{user_info["username"]}',
|
|
headers={
|
|
'Authorization': f'JWT {jwt_token}',
|
|
},
|
|
)
|
|
return response
|
|
|
|
|
|
@bdd.then(parsers.parse('I get a new {user_role} user'))
|
|
def assert_create_user_response(user_role, create_user_response, admin_user, editor_user, subscriber_user,
|
|
non_existent_user):
|
|
assert create_user_response.status_code == http.HTTPStatus.CREATED
|
|
expected_user_creation_response = admin_user
|
|
assert create_user_response.json() == expected_user_creation_response
|
|
|
|
|
|
@bdd.then(parsers.parse('I can get an {user_role} user profile'))
|
|
@bdd.then(parsers.parse('I can get a {user_role} user profile'))
|
|
def assert_user_profile(user_role, get_user_response, admin_user, editor_user, subscriber_user, non_existent_user):
|
|
|
|
# TODO: Add in actual user profiles...
|
|
user_info = non_existent_user
|
|
if user_role == models.UserRole.admin.name:
|
|
user_info = admin_user
|
|
elif user_role == models.UserRole.editor.name:
|
|
user_info = editor_user
|
|
elif user_role == models.UserRole.subscriber.name:
|
|
user_info = subscriber_user
|
|
|
|
assert get_user_response.status_code == http.HTTPStatus.OK
|
|
expected_user_creation_response = user_info
|
|
assert get_user_response.json() == expected_user_creation_response
|
|
|
|
|
|
@bdd.then(parsers.parse('I get an unauthorized response'))
|
|
def assert_unauthorized_response(get_user_response: requests.Response):
|
|
assert get_user_response.status_code == http.HTTPStatus.UNAUTHORIZED
|
|
|
|
expected_response_json = {
|
|
'error': {
|
|
'status_code': http.HTTPStatus.UNAUTHORIZED.value,
|
|
'message': 'Not authorized to access this resource.',
|
|
'resource': get_user_response.request.url,
|
|
}
|
|
}
|
|
assert get_user_response.json() == expected_response_json
|
|
|
|
|
|
@bdd.then(parsers.parse('I can get a user can not be found message'))
|
|
def assert_resource_not_found_response(get_user_response: requests.Response):
|
|
assert get_user_response.status_code == http.HTTPStatus.NOT_FOUND
|
|
|
|
expected_response_json = {
|
|
'error': {
|
|
'status_code': http.HTTPStatus.NOT_FOUND.value,
|
|
'message': 'Resource not found.',
|
|
'resource': get_user_response.request.url,
|
|
},
|
|
}
|
|
assert get_user_response.json() == expected_response_json
|