test_session.py 7.0KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217
  1. # coding=utf-8
  2. import datetime
  3. import pytest
  4. import transaction
  5. from sqlalchemy.exc import OperationalError
  6. from tracim_backend import models
  7. from tracim_backend.lib.core.group import GroupApi
  8. from tracim_backend.lib.core.user import UserApi
  9. from tracim_backend.models import get_tm_session
  10. from tracim_backend.tests import FunctionalTest
  11. from tracim_backend.tests import FunctionalTestNoDB
  12. class TestLogoutEndpoint(FunctionalTest):
  13. def test_api__access_logout_get_enpoint__ok__nominal_case(self):
  14. res = self.testapp.post_json('/api/v2/sessions/logout', status=204)
  15. def test_api__access_logout_post_enpoint__ok__nominal_case(self):
  16. res = self.testapp.get('/api/v2/sessions/logout', status=204)
  17. class TestLoginEndpointUnititedDB(FunctionalTestNoDB):
  18. def test_api__try_login_enpoint__err_500__no_inited_db(self):
  19. params = {
  20. 'email': 'admin@admin.admin',
  21. 'password': 'admin@admin.admin',
  22. }
  23. res = self.testapp.post_json(
  24. '/api/v2/sessions/login',
  25. params=params,
  26. status=500,
  27. )
  28. assert isinstance(res.json, dict)
  29. assert 'code' in res.json.keys()
  30. assert 'message' in res.json.keys()
  31. assert 'details' in res.json.keys()
  32. class TestLoginEndpoint(FunctionalTest):
  33. def test_api__try_login_enpoint__ok_200__nominal_case(self):
  34. params = {
  35. 'email': 'admin@admin.admin',
  36. 'password': 'admin@admin.admin',
  37. }
  38. res = self.testapp.post_json(
  39. '/api/v2/sessions/login',
  40. params=params,
  41. status=200,
  42. )
  43. assert res.json_body['created']
  44. datetime.datetime.strptime(
  45. res.json_body['created'],
  46. '%Y-%m-%dT%H:%M:%SZ'
  47. )
  48. assert res.json_body['public_name'] == 'Global manager'
  49. assert res.json_body['email'] == 'admin@admin.admin'
  50. assert res.json_body['is_active']
  51. assert res.json_body['profile']
  52. assert res.json_body['profile'] == 'administrators'
  53. assert res.json_body['caldav_url'] is None
  54. assert res.json_body['avatar_url'] is None
  55. def test_api__try_login_enpoint__err_401__user_not_activated(self):
  56. dbsession = get_tm_session(self.session_factory, transaction.manager)
  57. admin = dbsession.query(models.User) \
  58. .filter(models.User.email == 'admin@admin.admin') \
  59. .one()
  60. uapi = UserApi(
  61. current_user=admin,
  62. session=dbsession,
  63. config=self.app_config,
  64. )
  65. gapi = GroupApi(
  66. current_user=admin,
  67. session=dbsession,
  68. config=self.app_config,
  69. )
  70. groups = [gapi.get_one_with_name('users')]
  71. test_user = uapi.create_user(
  72. email='test@test.test',
  73. password='pass',
  74. name='bob',
  75. groups=groups,
  76. timezone='Europe/Paris',
  77. do_save=True,
  78. do_notify=False,
  79. )
  80. uapi.save(test_user)
  81. uapi.disable(test_user)
  82. transaction.commit()
  83. params = {
  84. 'email': 'test@test.test',
  85. 'password': 'test@test.test',
  86. }
  87. res = self.testapp.post_json(
  88. '/api/v2/sessions/login',
  89. params=params,
  90. status=403,
  91. )
  92. def test_api__try_login_enpoint__err_403__bad_password(self):
  93. params = {
  94. 'email': 'admin@admin.admin',
  95. 'password': 'bad_password',
  96. }
  97. res = self.testapp.post_json(
  98. '/api/v2/sessions/login',
  99. status=403,
  100. params=params,
  101. )
  102. assert isinstance(res.json, dict)
  103. assert 'code' in res.json.keys()
  104. assert 'message' in res.json.keys()
  105. assert 'details' in res.json.keys()
  106. def test_api__try_login_enpoint__err_403__unregistered_user(self):
  107. params = {
  108. 'email': 'unknown_user@unknown.unknown',
  109. 'password': 'bad_password',
  110. }
  111. res = self.testapp.post_json(
  112. '/api/v2/sessions/login',
  113. status=403,
  114. params=params,
  115. )
  116. assert isinstance(res.json, dict)
  117. assert 'code' in res.json.keys()
  118. assert 'message' in res.json.keys()
  119. assert 'details' in res.json.keys()
  120. def test_api__try_login_enpoint__err_400__no_json_body(self):
  121. res = self.testapp.post_json('/api/v2/sessions/login', status=400)
  122. assert isinstance(res.json, dict)
  123. assert 'code' in res.json.keys()
  124. assert 'message' in res.json.keys()
  125. assert 'details' in res.json.keys()
  126. class TestWhoamiEndpoint(FunctionalTest):
  127. def test_api__try_whoami_enpoint__ok_200__nominal_case(self):
  128. self.testapp.authorization = (
  129. 'Basic',
  130. (
  131. 'admin@admin.admin',
  132. 'admin@admin.admin'
  133. )
  134. )
  135. res = self.testapp.get('/api/v2/sessions/whoami', status=200)
  136. assert res.json_body['public_name'] == 'Global manager'
  137. assert res.json_body['email'] == 'admin@admin.admin'
  138. assert res.json_body['created']
  139. assert res.json_body['is_active']
  140. assert res.json_body['profile']
  141. assert res.json_body['profile'] == 'administrators'
  142. assert res.json_body['caldav_url'] is None
  143. assert res.json_body['avatar_url'] is None
  144. assert res.json_body['lang'] is None
  145. def test_api__try_whoami_enpoint__err_401__user_is_not_active(self):
  146. dbsession = get_tm_session(self.session_factory, transaction.manager)
  147. admin = dbsession.query(models.User) \
  148. .filter(models.User.email == 'admin@admin.admin') \
  149. .one()
  150. uapi = UserApi(
  151. current_user=admin,
  152. session=dbsession,
  153. config=self.app_config,
  154. )
  155. gapi = GroupApi(
  156. current_user=admin,
  157. session=dbsession,
  158. config=self.app_config,
  159. )
  160. groups = [gapi.get_one_with_name('users')]
  161. test_user = uapi.create_user(
  162. email='test@test.test',
  163. password='pass',
  164. name='bob',
  165. groups=groups,
  166. timezone='Europe/Paris',
  167. lang='en',
  168. do_save=True,
  169. do_notify=False,
  170. )
  171. uapi.save(test_user)
  172. uapi.disable(test_user)
  173. transaction.commit()
  174. self.testapp.authorization = (
  175. 'Basic',
  176. (
  177. 'test@test.test',
  178. 'pass'
  179. )
  180. )
  181. res = self.testapp.get('/api/v2/sessions/whoami', status=401)
  182. def test_api__try_whoami_enpoint__err_401__unauthenticated(self):
  183. self.testapp.authorization = (
  184. 'Basic',
  185. (
  186. 'john@doe.doe',
  187. 'lapin'
  188. )
  189. )
  190. res = self.testapp.get('/api/v2/sessions/whoami', status=401)
  191. assert isinstance(res.json, dict)
  192. assert 'code' in res.json.keys()
  193. assert 'message' in res.json.keys()
  194. assert 'details' in res.json.keys()