test_session.py 6.9KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215
  1. # coding=utf-8
  2. import datetime
  3. import pytest
  4. import transaction
  5. from sqlalchemy.exc import OperationalError
  6. from tracim_backend import models
  7. from tracim_backend.lib.core.group import GroupApi
  8. from tracim_backend.lib.core.user import UserApi
  9. from tracim_backend.models import get_tm_session
  10. from tracim_backend.tests import FunctionalTest
  11. from tracim_backend.tests import FunctionalTestNoDB
  12. class TestLogoutEndpoint(FunctionalTest):
  13. def test_api__access_logout_get_enpoint__ok__nominal_case(self):
  14. res = self.testapp.post_json('/api/v2/sessions/logout', status=204)
  15. def test_api__access_logout_post_enpoint__ok__nominal_case(self):
  16. res = self.testapp.get('/api/v2/sessions/logout', status=204)
  17. class TestLoginEndpointUnititedDB(FunctionalTestNoDB):
  18. def test_api__try_login_enpoint__err_500__no_inited_db(self):
  19. params = {
  20. 'email': 'admin@admin.admin',
  21. 'password': 'admin@admin.admin',
  22. }
  23. res = self.testapp.post_json(
  24. '/api/v2/sessions/login',
  25. params=params,
  26. status=500,
  27. )
  28. assert isinstance(res.json, dict)
  29. assert 'code' in res.json.keys()
  30. assert 'message' in res.json.keys()
  31. assert 'details' in res.json.keys()
  32. class TestLoginEndpoint(FunctionalTest):
  33. def test_api__try_login_enpoint__ok_200__nominal_case(self):
  34. params = {
  35. 'email': 'admin@admin.admin',
  36. 'password': 'admin@admin.admin',
  37. }
  38. res = self.testapp.post_json(
  39. '/api/v2/sessions/login',
  40. params=params,
  41. status=200,
  42. )
  43. assert res.json_body['created']
  44. datetime.datetime.strptime(
  45. res.json_body['created'],
  46. '%Y-%m-%dT%H:%M:%SZ'
  47. )
  48. assert res.json_body['public_name'] == 'Global manager'
  49. assert res.json_body['email'] == 'admin@admin.admin'
  50. assert res.json_body['is_active']
  51. assert res.json_body['profile']
  52. assert res.json_body['profile'] == 'administrators'
  53. assert res.json_body['caldav_url'] is None
  54. assert res.json_body['avatar_url'] is None
  55. def test_api__try_login_enpoint__err_401__user_not_activated(self):
  56. dbsession = get_tm_session(self.session_factory, transaction.manager)
  57. admin = dbsession.query(models.User) \
  58. .filter(models.User.email == 'admin@admin.admin') \
  59. .one()
  60. uapi = UserApi(
  61. current_user=admin,
  62. session=dbsession,
  63. config=self.app_config,
  64. )
  65. gapi = GroupApi(
  66. current_user=admin,
  67. session=dbsession,
  68. config=self.app_config,
  69. )
  70. groups = [gapi.get_one_with_name('users')]
  71. test_user = uapi.create_user(
  72. email='test@test.test',
  73. password='pass',
  74. name='bob',
  75. groups=groups,
  76. timezone='Europe/Paris',
  77. do_save=True,
  78. do_notify=False,
  79. )
  80. uapi.save(test_user)
  81. uapi.disable(test_user)
  82. transaction.commit()
  83. params = {
  84. 'email': 'test@test.test',
  85. 'password': 'test@test.test',
  86. }
  87. res = self.testapp.post_json(
  88. '/api/v2/sessions/login',
  89. params=params,
  90. status=403,
  91. )
  92. def test_api__try_login_enpoint__err_403__bad_password(self):
  93. params = {
  94. 'email': 'admin@admin.admin',
  95. 'password': 'bad_password',
  96. }
  97. res = self.testapp.post_json(
  98. '/api/v2/sessions/login',
  99. status=403,
  100. params=params,
  101. )
  102. assert isinstance(res.json, dict)
  103. assert 'code' in res.json.keys()
  104. assert 'message' in res.json.keys()
  105. assert 'details' in res.json.keys()
  106. def test_api__try_login_enpoint__err_403__unregistered_user(self):
  107. params = {
  108. 'email': 'unknown_user@unknown.unknown',
  109. 'password': 'bad_password',
  110. }
  111. res = self.testapp.post_json(
  112. '/api/v2/sessions/login',
  113. status=403,
  114. params=params,
  115. )
  116. assert isinstance(res.json, dict)
  117. assert 'code' in res.json.keys()
  118. assert 'message' in res.json.keys()
  119. assert 'details' in res.json.keys()
  120. def test_api__try_login_enpoint__err_400__no_json_body(self):
  121. res = self.testapp.post_json('/api/v2/sessions/login', status=400)
  122. assert isinstance(res.json, dict)
  123. assert 'code' in res.json.keys()
  124. assert 'message' in res.json.keys()
  125. assert 'details' in res.json.keys()
  126. class TestWhoamiEndpoint(FunctionalTest):
  127. def test_api__try_whoami_enpoint__ok_200__nominal_case(self):
  128. self.testapp.authorization = (
  129. 'Basic',
  130. (
  131. 'admin@admin.admin',
  132. 'admin@admin.admin'
  133. )
  134. )
  135. res = self.testapp.get('/api/v2/sessions/whoami', status=200)
  136. assert res.json_body['public_name'] == 'Global manager'
  137. assert res.json_body['email'] == 'admin@admin.admin'
  138. assert res.json_body['created']
  139. assert res.json_body['is_active']
  140. assert res.json_body['profile']
  141. assert res.json_body['profile'] == 'administrators'
  142. assert res.json_body['caldav_url'] is None
  143. assert res.json_body['avatar_url'] is None
  144. def test_api__try_whoami_enpoint__err_401__user_is_not_active(self):
  145. dbsession = get_tm_session(self.session_factory, transaction.manager)
  146. admin = dbsession.query(models.User) \
  147. .filter(models.User.email == 'admin@admin.admin') \
  148. .one()
  149. uapi = UserApi(
  150. current_user=admin,
  151. session=dbsession,
  152. config=self.app_config,
  153. )
  154. gapi = GroupApi(
  155. current_user=admin,
  156. session=dbsession,
  157. config=self.app_config,
  158. )
  159. groups = [gapi.get_one_with_name('users')]
  160. test_user = uapi.create_user(
  161. email='test@test.test',
  162. password='pass',
  163. name='bob',
  164. groups=groups,
  165. timezone='Europe/Paris',
  166. do_save=True,
  167. do_notify=False,
  168. )
  169. uapi.save(test_user)
  170. uapi.disable(test_user)
  171. transaction.commit()
  172. self.testapp.authorization = (
  173. 'Basic',
  174. (
  175. 'test@test.test',
  176. 'pass'
  177. )
  178. )
  179. res = self.testapp.get('/api/v2/sessions/whoami', status=401)
  180. def test_api__try_whoami_enpoint__err_401__unauthenticated(self):
  181. self.testapp.authorization = (
  182. 'Basic',
  183. (
  184. 'john@doe.doe',
  185. 'lapin'
  186. )
  187. )
  188. res = self.testapp.get('/api/v2/sessions/whoami', status=401)
  189. assert isinstance(res.json, dict)
  190. assert 'code' in res.json.keys()
  191. assert 'message' in res.json.keys()
  192. assert 'details' in res.json.keys()