2017-12-16 21:00:46 +01:00
|
|
|
import json
|
2020-05-01 16:18:59 +02:00
|
|
|
from io import BytesIO
|
2017-12-16 21:00:46 +01:00
|
|
|
|
2018-06-07 14:15:27 +02:00
|
|
|
from fittrackee_api.users.models import User
|
2017-12-16 21:00:46 +01:00
|
|
|
|
|
|
|
|
2018-04-09 22:09:58 +02:00
|
|
|
def test_ping(app):
|
|
|
|
""" => Ensure the /ping route behaves correctly."""
|
|
|
|
client = app.test_client()
|
|
|
|
response = client.get('/api/ping')
|
|
|
|
data = json.loads(response.data.decode())
|
|
|
|
assert response.status_code == 200
|
|
|
|
assert 'pong' in data['message']
|
|
|
|
assert 'success' in data['status']
|
|
|
|
|
|
|
|
|
2020-02-08 13:09:01 +01:00
|
|
|
def test_single_user(app, user_1, user_2):
|
2018-04-09 22:09:58 +02:00
|
|
|
"""=> Get single user details"""
|
|
|
|
client = app.test_client()
|
2019-07-20 21:57:35 +02:00
|
|
|
resp_login = client.post(
|
|
|
|
'/api/auth/login',
|
2019-08-28 13:25:39 +02:00
|
|
|
data=json.dumps(dict(email='test@test.com', password='12345678')),
|
|
|
|
content_type='application/json',
|
2019-07-20 21:57:35 +02:00
|
|
|
)
|
|
|
|
response = client.get(
|
2020-02-08 13:09:01 +01:00
|
|
|
f'/api/users/{user_2.username}',
|
2019-07-20 21:57:35 +02:00
|
|
|
content_type='application/json',
|
|
|
|
headers=dict(
|
2019-08-28 13:25:39 +02:00
|
|
|
Authorization='Bearer '
|
|
|
|
+ json.loads(resp_login.data.decode())['auth_token']
|
|
|
|
),
|
2019-07-20 21:57:35 +02:00
|
|
|
)
|
2018-04-09 22:09:58 +02:00
|
|
|
data = json.loads(response.data.decode())
|
|
|
|
|
|
|
|
assert response.status_code == 200
|
2018-06-05 18:41:13 +02:00
|
|
|
assert data['status'] == 'success'
|
2020-02-08 12:36:03 +01:00
|
|
|
assert len(data['data']['users']) == 1
|
|
|
|
|
|
|
|
user = data['data']['users'][0]
|
2020-02-08 13:09:01 +01:00
|
|
|
assert user['username'] == 'toto'
|
|
|
|
assert user['email'] == 'toto@toto.com'
|
2020-02-08 12:36:03 +01:00
|
|
|
assert user['created_at']
|
|
|
|
assert not user['admin']
|
|
|
|
assert user['first_name'] is None
|
|
|
|
assert user['last_name'] is None
|
|
|
|
assert user['birth_date'] is None
|
|
|
|
assert user['bio'] is None
|
|
|
|
assert user['location'] is None
|
|
|
|
assert user['timezone'] is None
|
|
|
|
assert user['weekm'] is False
|
|
|
|
assert user['language'] is None
|
|
|
|
assert user['nb_activities'] == 0
|
|
|
|
assert user['nb_sports'] == 0
|
|
|
|
assert user['sports_list'] == []
|
|
|
|
assert user['total_distance'] == 0
|
|
|
|
assert user['total_duration'] == '0:00:00'
|
2018-06-05 18:41:13 +02:00
|
|
|
|
|
|
|
|
|
|
|
def test_single_user_with_activities(
|
2019-08-28 13:25:39 +02:00
|
|
|
app,
|
|
|
|
user_1,
|
|
|
|
sport_1_cycling,
|
|
|
|
sport_2_running,
|
|
|
|
activity_cycling_user_1,
|
|
|
|
activity_running_user_1,
|
2018-06-05 18:41:13 +02:00
|
|
|
):
|
|
|
|
"""=> Get single user details"""
|
|
|
|
client = app.test_client()
|
2019-07-20 21:57:35 +02:00
|
|
|
resp_login = client.post(
|
|
|
|
'/api/auth/login',
|
2019-08-28 13:25:39 +02:00
|
|
|
data=json.dumps(dict(email='test@test.com', password='12345678')),
|
|
|
|
content_type='application/json',
|
2019-07-20 21:57:35 +02:00
|
|
|
)
|
|
|
|
response = client.get(
|
2020-02-08 13:09:01 +01:00
|
|
|
f'/api/users/{user_1.username}',
|
2019-07-20 21:57:35 +02:00
|
|
|
content_type='application/json',
|
|
|
|
headers=dict(
|
2019-08-28 13:25:39 +02:00
|
|
|
Authorization='Bearer '
|
|
|
|
+ json.loads(resp_login.data.decode())['auth_token']
|
|
|
|
),
|
2019-07-20 21:57:35 +02:00
|
|
|
)
|
2018-06-05 18:41:13 +02:00
|
|
|
data = json.loads(response.data.decode())
|
|
|
|
|
|
|
|
assert response.status_code == 200
|
|
|
|
assert data['status'] == 'success'
|
2020-02-08 12:36:03 +01:00
|
|
|
assert len(data['data']['users']) == 1
|
|
|
|
|
|
|
|
user = data['data']['users'][0]
|
|
|
|
assert user['username'] == 'test'
|
|
|
|
assert user['email'] == 'test@test.com'
|
|
|
|
assert user['created_at']
|
|
|
|
assert not user['admin']
|
|
|
|
assert user['first_name'] is None
|
|
|
|
assert user['last_name'] is None
|
|
|
|
assert user['birth_date'] is None
|
|
|
|
assert user['bio'] is None
|
|
|
|
assert user['location'] is None
|
|
|
|
assert user['timezone'] is None
|
|
|
|
assert user['weekm'] is False
|
|
|
|
assert user['language'] is None
|
|
|
|
assert user['nb_activities'] == 2
|
|
|
|
assert user['nb_sports'] == 2
|
|
|
|
assert user['sports_list'] == [1, 2]
|
|
|
|
assert user['total_distance'] == 22
|
|
|
|
assert user['total_duration'] == '1:57:04'
|
2018-04-09 22:09:58 +02:00
|
|
|
|
|
|
|
|
2020-02-08 13:09:01 +01:00
|
|
|
def test_single_user_no_existing(app, user_1):
|
2018-04-09 22:09:58 +02:00
|
|
|
"""=> Ensure error is thrown if the id does not exist."""
|
|
|
|
client = app.test_client()
|
2019-07-20 21:57:35 +02:00
|
|
|
resp_login = client.post(
|
|
|
|
'/api/auth/login',
|
2019-08-28 13:25:39 +02:00
|
|
|
data=json.dumps(dict(email='test@test.com', password='12345678')),
|
|
|
|
content_type='application/json',
|
2019-07-20 21:57:35 +02:00
|
|
|
)
|
|
|
|
response = client.get(
|
2020-02-08 13:09:01 +01:00
|
|
|
'/api/users/not_existing',
|
2019-07-20 21:57:35 +02:00
|
|
|
content_type='application/json',
|
|
|
|
headers=dict(
|
2019-08-28 13:25:39 +02:00
|
|
|
Authorization='Bearer '
|
|
|
|
+ json.loads(resp_login.data.decode())['auth_token']
|
|
|
|
),
|
2019-07-20 21:57:35 +02:00
|
|
|
)
|
2018-04-09 22:09:58 +02:00
|
|
|
data = json.loads(response.data.decode())
|
|
|
|
|
|
|
|
assert response.status_code == 404
|
|
|
|
assert 'fail' in data['status']
|
2019-07-20 21:57:35 +02:00
|
|
|
assert 'User does not exist.' in data['message']
|
2018-04-09 22:09:58 +02:00
|
|
|
|
|
|
|
|
2019-08-31 16:33:46 +02:00
|
|
|
def test_users_list(app, user_1, user_2, user_3):
|
2018-04-09 22:09:58 +02:00
|
|
|
"""=> Ensure get single user behaves correctly."""
|
|
|
|
|
|
|
|
client = app.test_client()
|
2019-07-20 21:57:35 +02:00
|
|
|
resp_login = client.post(
|
|
|
|
'/api/auth/login',
|
2019-08-28 13:25:39 +02:00
|
|
|
data=json.dumps(dict(email='test@test.com', password='12345678')),
|
|
|
|
content_type='application/json',
|
2019-07-20 21:57:35 +02:00
|
|
|
)
|
|
|
|
response = client.get(
|
|
|
|
'/api/users',
|
|
|
|
headers=dict(
|
2019-08-28 13:25:39 +02:00
|
|
|
Authorization='Bearer '
|
|
|
|
+ json.loads(resp_login.data.decode())['auth_token']
|
|
|
|
),
|
2019-07-20 21:57:35 +02:00
|
|
|
)
|
2018-04-09 22:09:58 +02:00
|
|
|
data = json.loads(response.data.decode())
|
|
|
|
|
|
|
|
assert response.status_code == 200
|
|
|
|
assert 'success' in data['status']
|
|
|
|
|
2019-08-31 16:33:46 +02:00
|
|
|
assert len(data['data']['users']) == 3
|
2018-04-09 22:09:58 +02:00
|
|
|
assert 'created_at' in data['data']['users'][0]
|
|
|
|
assert 'created_at' in data['data']['users'][1]
|
2019-08-31 16:33:46 +02:00
|
|
|
assert 'created_at' in data['data']['users'][2]
|
2018-04-09 22:09:58 +02:00
|
|
|
assert 'test' in data['data']['users'][0]['username']
|
|
|
|
assert 'toto' in data['data']['users'][1]['username']
|
2019-08-31 16:33:46 +02:00
|
|
|
assert 'sam' in data['data']['users'][2]['username']
|
2018-04-09 22:09:58 +02:00
|
|
|
assert 'test@test.com' in data['data']['users'][0]['email']
|
|
|
|
assert 'toto@toto.com' in data['data']['users'][1]['email']
|
2019-08-31 16:33:46 +02:00
|
|
|
assert 'sam@test.com' in data['data']['users'][2]['email']
|
2018-06-11 15:10:18 +02:00
|
|
|
assert data['data']['users'][0]['timezone'] is None
|
2019-08-31 16:33:46 +02:00
|
|
|
assert data['data']['users'][0]['weekm'] is False
|
2019-09-16 14:19:21 +02:00
|
|
|
assert data['data']['users'][0]['language'] is None
|
2018-06-05 18:41:13 +02:00
|
|
|
assert data['data']['users'][0]['nb_activities'] == 0
|
|
|
|
assert data['data']['users'][0]['nb_sports'] == 0
|
2019-09-23 20:01:11 +02:00
|
|
|
assert data['data']['users'][0]['sports_list'] == []
|
2018-06-05 18:41:13 +02:00
|
|
|
assert data['data']['users'][0]['total_distance'] == 0
|
|
|
|
assert data['data']['users'][0]['total_duration'] == '0:00:00'
|
2018-06-11 15:10:18 +02:00
|
|
|
assert data['data']['users'][1]['timezone'] is None
|
2019-08-31 16:33:46 +02:00
|
|
|
assert data['data']['users'][1]['weekm'] is False
|
2019-09-16 14:19:21 +02:00
|
|
|
assert data['data']['users'][1]['language'] is None
|
2018-06-05 18:41:13 +02:00
|
|
|
assert data['data']['users'][1]['nb_activities'] == 0
|
|
|
|
assert data['data']['users'][1]['nb_sports'] == 0
|
2019-09-23 20:01:11 +02:00
|
|
|
assert data['data']['users'][1]['sports_list'] == []
|
2018-06-05 18:41:13 +02:00
|
|
|
assert data['data']['users'][1]['total_distance'] == 0
|
|
|
|
assert data['data']['users'][1]['total_duration'] == '0:00:00'
|
2019-08-31 16:33:46 +02:00
|
|
|
assert data['data']['users'][2]['timezone'] is None
|
|
|
|
assert data['data']['users'][2]['weekm'] is True
|
2019-09-16 14:19:21 +02:00
|
|
|
assert data['data']['users'][2]['language'] is None
|
2019-08-31 16:33:46 +02:00
|
|
|
assert data['data']['users'][2]['nb_activities'] == 0
|
|
|
|
assert data['data']['users'][2]['nb_sports'] == 0
|
2019-09-23 20:01:11 +02:00
|
|
|
assert data['data']['users'][2]['sports_list'] == []
|
2019-08-31 16:33:46 +02:00
|
|
|
assert data['data']['users'][2]['total_distance'] == 0
|
|
|
|
assert data['data']['users'][2]['total_duration'] == '0:00:00'
|
2019-09-23 14:43:56 +02:00
|
|
|
|
|
|
|
|
|
|
|
def test_users_list_with_activities(
|
|
|
|
app,
|
|
|
|
user_1,
|
|
|
|
user_2,
|
|
|
|
user_3,
|
|
|
|
sport_1_cycling,
|
|
|
|
activity_cycling_user_1,
|
|
|
|
sport_2_running,
|
|
|
|
activity_running_user_1,
|
|
|
|
activity_cycling_user_2,
|
|
|
|
):
|
|
|
|
|
|
|
|
client = app.test_client()
|
|
|
|
resp_login = client.post(
|
|
|
|
'/api/auth/login',
|
|
|
|
data=json.dumps(dict(email='test@test.com', password='12345678')),
|
|
|
|
content_type='application/json',
|
|
|
|
)
|
|
|
|
response = client.get(
|
|
|
|
'/api/users',
|
|
|
|
headers=dict(
|
|
|
|
Authorization='Bearer '
|
|
|
|
+ json.loads(resp_login.data.decode())['auth_token']
|
|
|
|
),
|
|
|
|
)
|
|
|
|
data = json.loads(response.data.decode())
|
|
|
|
|
|
|
|
assert response.status_code == 200
|
|
|
|
assert 'success' in data['status']
|
|
|
|
|
|
|
|
assert len(data['data']['users']) == 3
|
|
|
|
assert 'created_at' in data['data']['users'][0]
|
|
|
|
assert 'created_at' in data['data']['users'][1]
|
|
|
|
assert 'created_at' in data['data']['users'][2]
|
|
|
|
assert 'test' in data['data']['users'][0]['username']
|
|
|
|
assert 'toto' in data['data']['users'][1]['username']
|
|
|
|
assert 'sam' in data['data']['users'][2]['username']
|
|
|
|
assert 'test@test.com' in data['data']['users'][0]['email']
|
|
|
|
assert 'toto@toto.com' in data['data']['users'][1]['email']
|
|
|
|
assert 'sam@test.com' in data['data']['users'][2]['email']
|
|
|
|
assert data['data']['users'][0]['timezone'] is None
|
|
|
|
assert data['data']['users'][0]['weekm'] is False
|
|
|
|
assert data['data']['users'][0]['nb_activities'] == 2
|
|
|
|
assert data['data']['users'][0]['nb_sports'] == 2
|
2019-09-23 20:01:11 +02:00
|
|
|
assert data['data']['users'][0]['sports_list'] == [1, 2]
|
2019-09-23 14:43:56 +02:00
|
|
|
assert data['data']['users'][0]['total_distance'] == 22.0
|
|
|
|
assert data['data']['users'][0]['total_duration'] == '1:57:04'
|
|
|
|
assert data['data']['users'][1]['timezone'] is None
|
|
|
|
assert data['data']['users'][1]['weekm'] is False
|
|
|
|
assert data['data']['users'][1]['nb_activities'] == 1
|
|
|
|
assert data['data']['users'][1]['nb_sports'] == 1
|
2019-09-23 20:01:11 +02:00
|
|
|
assert data['data']['users'][1]['sports_list'] == [1]
|
2019-09-23 14:43:56 +02:00
|
|
|
assert data['data']['users'][1]['total_distance'] == 15
|
|
|
|
assert data['data']['users'][1]['total_duration'] == '1:00:00'
|
|
|
|
assert data['data']['users'][2]['timezone'] is None
|
|
|
|
assert data['data']['users'][2]['weekm'] is True
|
|
|
|
assert data['data']['users'][2]['nb_activities'] == 0
|
|
|
|
assert data['data']['users'][2]['nb_sports'] == 0
|
2019-09-23 20:01:11 +02:00
|
|
|
assert data['data']['users'][2]['sports_list'] == []
|
2019-09-23 14:43:56 +02:00
|
|
|
assert data['data']['users'][2]['total_distance'] == 0
|
|
|
|
assert data['data']['users'][2]['total_duration'] == '0:00:00'
|
2018-04-09 22:09:58 +02:00
|
|
|
|
|
|
|
|
2018-05-13 18:36:31 +02:00
|
|
|
def test_encode_auth_token(app, user_1):
|
2018-04-09 22:09:58 +02:00
|
|
|
"""=> Ensure correct auth token generation"""
|
2018-05-13 18:36:31 +02:00
|
|
|
auth_token = user_1.encode_auth_token(user_1.id)
|
2018-04-09 22:09:58 +02:00
|
|
|
assert isinstance(auth_token, bytes)
|
|
|
|
|
|
|
|
|
2018-05-13 18:36:31 +02:00
|
|
|
def test_decode_auth_token(app, user_1):
|
|
|
|
auth_token = user_1.encode_auth_token(user_1.id)
|
2018-04-09 22:09:58 +02:00
|
|
|
assert isinstance(auth_token, bytes)
|
2018-05-13 18:36:31 +02:00
|
|
|
assert User.decode_auth_token(auth_token) == user_1.id
|
2019-07-20 21:57:35 +02:00
|
|
|
|
|
|
|
|
|
|
|
def test_user_no_picture(app, user_1):
|
|
|
|
client = app.test_client()
|
2020-02-08 14:49:37 +01:00
|
|
|
response = client.get(f'/api/users/{user_1.username}/picture')
|
2019-07-20 21:57:35 +02:00
|
|
|
data = json.loads(response.data.decode())
|
|
|
|
|
|
|
|
assert response.status_code == 404
|
|
|
|
assert 'not found' in data['status']
|
|
|
|
assert 'No picture.' in data['message']
|
|
|
|
|
|
|
|
|
|
|
|
def test_user_picture_no_user(app, user_1):
|
|
|
|
client = app.test_client()
|
2020-02-08 14:49:37 +01:00
|
|
|
response = client.get('/api/users/not_existing/picture')
|
2019-07-20 21:57:35 +02:00
|
|
|
data = json.loads(response.data.decode())
|
|
|
|
|
|
|
|
assert response.status_code == 404
|
|
|
|
assert 'fail' in data['status']
|
|
|
|
assert 'User does not exist.' in data['message']
|
2020-05-01 12:12:48 +02:00
|
|
|
|
|
|
|
|
|
|
|
def test_it_adds_admin_rights_to_a_user(app, user_1_admin, user_2):
|
|
|
|
client = app.test_client()
|
|
|
|
resp_login = client.post(
|
|
|
|
'/api/auth/login',
|
|
|
|
data=json.dumps(dict(email='admin@example.com', password='12345678')),
|
|
|
|
content_type='application/json',
|
|
|
|
)
|
|
|
|
response = client.patch(
|
|
|
|
'/api/users/toto',
|
|
|
|
content_type='application/json',
|
|
|
|
data=json.dumps(dict(admin=True)),
|
|
|
|
headers=dict(
|
|
|
|
Authorization='Bearer '
|
|
|
|
+ json.loads(resp_login.data.decode())['auth_token']
|
|
|
|
),
|
|
|
|
)
|
|
|
|
data = json.loads(response.data.decode())
|
|
|
|
|
|
|
|
assert response.status_code == 200
|
|
|
|
assert 'success' in data['status']
|
|
|
|
assert len(data['data']['users']) == 1
|
|
|
|
|
|
|
|
user = data['data']['users'][0]
|
|
|
|
assert user['email'] == 'toto@toto.com'
|
|
|
|
assert user['admin'] is True
|
|
|
|
|
|
|
|
|
|
|
|
def test_it_removes_admin_rights_to_a_user(app, user_1_admin, user_2):
|
|
|
|
client = app.test_client()
|
|
|
|
resp_login = client.post(
|
|
|
|
'/api/auth/login',
|
|
|
|
data=json.dumps(dict(email='admin@example.com', password='12345678')),
|
|
|
|
content_type='application/json',
|
|
|
|
)
|
|
|
|
response = client.patch(
|
|
|
|
'/api/users/toto',
|
|
|
|
content_type='application/json',
|
|
|
|
data=json.dumps(dict(admin=False)),
|
|
|
|
headers=dict(
|
|
|
|
Authorization='Bearer '
|
|
|
|
+ json.loads(resp_login.data.decode())['auth_token']
|
|
|
|
),
|
|
|
|
)
|
|
|
|
data = json.loads(response.data.decode())
|
|
|
|
|
|
|
|
assert response.status_code == 200
|
|
|
|
assert 'success' in data['status']
|
|
|
|
assert len(data['data']['users']) == 1
|
|
|
|
|
|
|
|
user = data['data']['users'][0]
|
|
|
|
assert user['email'] == 'toto@toto.com'
|
|
|
|
assert user['admin'] is False
|
|
|
|
|
|
|
|
|
|
|
|
def test_it_returns_error_if_payload_for_admin_rights_is_empty(
|
|
|
|
app, user_1_admin, user_2
|
|
|
|
):
|
|
|
|
client = app.test_client()
|
|
|
|
resp_login = client.post(
|
|
|
|
'/api/auth/login',
|
|
|
|
data=json.dumps(dict(email='admin@example.com', password='12345678')),
|
|
|
|
content_type='application/json',
|
|
|
|
)
|
|
|
|
response = client.patch(
|
|
|
|
'/api/users/toto',
|
|
|
|
content_type='application/json',
|
|
|
|
data=json.dumps(dict()),
|
|
|
|
headers=dict(
|
|
|
|
Authorization='Bearer '
|
|
|
|
+ json.loads(resp_login.data.decode())['auth_token']
|
|
|
|
),
|
|
|
|
)
|
|
|
|
data = json.loads(response.data.decode())
|
|
|
|
|
|
|
|
assert response.status_code == 400
|
|
|
|
assert 'error' in data['status']
|
|
|
|
assert 'Invalid payload.' in data['message']
|
|
|
|
|
|
|
|
|
|
|
|
def test_it_returns_error_if_payload_for_admin_rights_is_invalid(
|
|
|
|
app, user_1_admin, user_2
|
|
|
|
):
|
|
|
|
client = app.test_client()
|
|
|
|
resp_login = client.post(
|
|
|
|
'/api/auth/login',
|
|
|
|
data=json.dumps(dict(email='admin@example.com', password='12345678')),
|
|
|
|
content_type='application/json',
|
|
|
|
)
|
|
|
|
response = client.patch(
|
|
|
|
'/api/users/toto',
|
|
|
|
content_type='application/json',
|
|
|
|
data=json.dumps(dict(admin="")),
|
|
|
|
headers=dict(
|
|
|
|
Authorization='Bearer '
|
|
|
|
+ json.loads(resp_login.data.decode())['auth_token']
|
|
|
|
),
|
|
|
|
)
|
|
|
|
data = json.loads(response.data.decode())
|
|
|
|
|
|
|
|
assert response.status_code == 500
|
|
|
|
assert 'error' in data['status']
|
|
|
|
assert (
|
|
|
|
'Error. Please try again or contact the administrator.'
|
|
|
|
in data['message']
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
def test_it_returns_error_if_user_can_not_change_admin_rights(
|
|
|
|
app, user_1, user_2
|
|
|
|
):
|
|
|
|
client = app.test_client()
|
|
|
|
resp_login = client.post(
|
|
|
|
'/api/auth/login',
|
|
|
|
data=json.dumps(dict(email='test@test.com', password='12345678')),
|
|
|
|
content_type='application/json',
|
|
|
|
)
|
|
|
|
response = client.patch(
|
|
|
|
'/api/users/toto',
|
|
|
|
content_type='application/json',
|
|
|
|
data=json.dumps(dict(admin=True)),
|
|
|
|
headers=dict(
|
|
|
|
Authorization='Bearer '
|
|
|
|
+ json.loads(resp_login.data.decode())['auth_token']
|
|
|
|
),
|
|
|
|
)
|
|
|
|
data = json.loads(response.data.decode())
|
|
|
|
|
|
|
|
assert response.status_code == 403
|
|
|
|
assert 'error' in data['status']
|
|
|
|
assert 'You do not have permissions.' in data['message']
|
2020-05-01 16:18:59 +02:00
|
|
|
|
|
|
|
|
|
|
|
def test_user_can_delete_its_own_account(app, user_1):
|
|
|
|
client = app.test_client()
|
|
|
|
resp_login = client.post(
|
|
|
|
'/api/auth/login',
|
|
|
|
data=json.dumps(dict(email='test@test.com', password='12345678')),
|
|
|
|
content_type='application/json',
|
|
|
|
)
|
|
|
|
response = client.delete(
|
|
|
|
'/api/users/test',
|
|
|
|
headers=dict(
|
|
|
|
Authorization='Bearer '
|
|
|
|
+ json.loads(resp_login.data.decode())['auth_token']
|
|
|
|
),
|
|
|
|
)
|
|
|
|
|
|
|
|
assert response.status_code == 204
|
|
|
|
|
|
|
|
|
|
|
|
def test_user_with_activity_can_delete_its_own_account(
|
|
|
|
app, user_1, sport_1_cycling, gpx_file
|
|
|
|
):
|
|
|
|
client = app.test_client()
|
|
|
|
resp_login = client.post(
|
|
|
|
'/api/auth/login',
|
|
|
|
data=json.dumps(dict(email='test@test.com', password='12345678')),
|
|
|
|
content_type='application/json',
|
|
|
|
)
|
|
|
|
client.post(
|
|
|
|
'/api/activities',
|
|
|
|
data=dict(
|
|
|
|
file=(BytesIO(str.encode(gpx_file)), 'example.gpx'),
|
|
|
|
data='{"sport_id": 1}',
|
|
|
|
),
|
|
|
|
headers=dict(
|
|
|
|
content_type='multipart/form-data',
|
|
|
|
Authorization='Bearer '
|
|
|
|
+ json.loads(resp_login.data.decode())['auth_token'],
|
|
|
|
),
|
|
|
|
)
|
|
|
|
response = client.delete(
|
|
|
|
'/api/users/test',
|
|
|
|
headers=dict(
|
|
|
|
Authorization='Bearer '
|
|
|
|
+ json.loads(resp_login.data.decode())['auth_token']
|
|
|
|
),
|
|
|
|
)
|
|
|
|
|
|
|
|
assert response.status_code == 204
|
|
|
|
|
|
|
|
|
|
|
|
def test_user_with_picture_can_delete_its_own_account(
|
|
|
|
app, user_1, sport_1_cycling, gpx_file
|
|
|
|
):
|
|
|
|
client = app.test_client()
|
|
|
|
resp_login = client.post(
|
|
|
|
'/api/auth/login',
|
|
|
|
data=json.dumps(dict(email='test@test.com', password='12345678')),
|
|
|
|
content_type='application/json',
|
|
|
|
)
|
|
|
|
client.post(
|
|
|
|
'/api/auth/picture',
|
|
|
|
data=dict(file=(BytesIO(b'avatar'), 'avatar.png')),
|
|
|
|
headers=dict(
|
|
|
|
content_type='multipart/form-data',
|
|
|
|
authorization='Bearer '
|
|
|
|
+ json.loads(resp_login.data.decode())['auth_token'],
|
|
|
|
),
|
|
|
|
)
|
|
|
|
response = client.delete(
|
|
|
|
'/api/users/test',
|
|
|
|
headers=dict(
|
|
|
|
Authorization='Bearer '
|
|
|
|
+ json.loads(resp_login.data.decode())['auth_token']
|
|
|
|
),
|
|
|
|
)
|
|
|
|
|
|
|
|
assert response.status_code == 204
|
|
|
|
|
|
|
|
|
|
|
|
def test_user_can_not_delete_another_user_account(app, user_1, user_2):
|
|
|
|
client = app.test_client()
|
|
|
|
resp_login = client.post(
|
|
|
|
'/api/auth/login',
|
|
|
|
data=json.dumps(dict(email='test@test.com', password='12345678')),
|
|
|
|
content_type='application/json',
|
|
|
|
)
|
|
|
|
response = client.delete(
|
|
|
|
'/api/users/toto',
|
|
|
|
headers=dict(
|
|
|
|
Authorization='Bearer '
|
|
|
|
+ json.loads(resp_login.data.decode())['auth_token']
|
|
|
|
),
|
|
|
|
)
|
|
|
|
|
|
|
|
data = json.loads(response.data.decode())
|
|
|
|
assert response.status_code == 403
|
|
|
|
assert 'error' in data['status']
|
|
|
|
assert 'You do not have permissions.' in data['message']
|
|
|
|
|
|
|
|
|
|
|
|
def test_it_returns_error_when_deleting_non_existing_user(app, user_1):
|
|
|
|
client = app.test_client()
|
|
|
|
resp_login = client.post(
|
|
|
|
'/api/auth/login',
|
|
|
|
data=json.dumps(dict(email='test@test.com', password='12345678')),
|
|
|
|
content_type='application/json',
|
|
|
|
)
|
|
|
|
response = client.delete(
|
|
|
|
'/api/users/not_existing',
|
|
|
|
headers=dict(
|
|
|
|
Authorization='Bearer '
|
|
|
|
+ json.loads(resp_login.data.decode())['auth_token']
|
|
|
|
),
|
|
|
|
)
|
|
|
|
|
|
|
|
data = json.loads(response.data.decode())
|
|
|
|
assert response.status_code == 404
|
|
|
|
assert 'not found' in data['status']
|
|
|
|
assert 'User does not exist.' in data['message']
|
|
|
|
|
|
|
|
|
|
|
|
def test_admin_can_delete_another_user_account(app, user_1_admin, user_2):
|
|
|
|
client = app.test_client()
|
|
|
|
resp_login = client.post(
|
|
|
|
'/api/auth/login',
|
|
|
|
data=json.dumps(dict(email='admin@example.com', password='12345678')),
|
|
|
|
content_type='application/json',
|
|
|
|
)
|
|
|
|
response = client.delete(
|
|
|
|
'/api/users/toto',
|
|
|
|
headers=dict(
|
|
|
|
Authorization='Bearer '
|
|
|
|
+ json.loads(resp_login.data.decode())['auth_token']
|
|
|
|
),
|
|
|
|
)
|
|
|
|
|
|
|
|
assert response.status_code == 204
|
|
|
|
|
|
|
|
|
|
|
|
def test_admin_can_delete_its_own_account(app, user_1_admin, user_2_admin):
|
|
|
|
client = app.test_client()
|
|
|
|
resp_login = client.post(
|
|
|
|
'/api/auth/login',
|
|
|
|
data=json.dumps(dict(email='admin@example.com', password='12345678')),
|
|
|
|
content_type='application/json',
|
|
|
|
)
|
|
|
|
response = client.delete(
|
|
|
|
'/api/users/admin',
|
|
|
|
headers=dict(
|
|
|
|
Authorization='Bearer '
|
|
|
|
+ json.loads(resp_login.data.decode())['auth_token']
|
|
|
|
),
|
|
|
|
)
|
|
|
|
|
|
|
|
assert response.status_code == 204
|
|
|
|
|
|
|
|
|
|
|
|
def test_admin_can_not_delete_its_own_account_if_no_other_admin(
|
|
|
|
app, user_1_admin, user_2
|
|
|
|
):
|
|
|
|
client = app.test_client()
|
|
|
|
resp_login = client.post(
|
|
|
|
'/api/auth/login',
|
|
|
|
data=json.dumps(dict(email='admin@example.com', password='12345678')),
|
|
|
|
content_type='application/json',
|
|
|
|
)
|
|
|
|
response = client.delete(
|
|
|
|
'/api/users/admin',
|
|
|
|
headers=dict(
|
|
|
|
Authorization='Bearer '
|
|
|
|
+ json.loads(resp_login.data.decode())['auth_token']
|
|
|
|
),
|
|
|
|
)
|
|
|
|
|
|
|
|
data = json.loads(response.data.decode())
|
|
|
|
assert response.status_code == 403
|
|
|
|
assert 'error' in data['status']
|
|
|
|
assert (
|
|
|
|
'You can not delete your account, no other user has admin rights.'
|
|
|
|
in data['message']
|
|
|
|
)
|