From 28836c72e8facc834ca9f5f9ca3b0871f942c592 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Victor=20L=C3=B6fgren?= <viclo211@student.liu.se>
Date: Sat, 22 May 2021 12:03:10 +0200
Subject: [PATCH] Fix test_auth_and_user_api
---
server/app/apis/auth.py | 15 +++++------
server/app/apis/users.py | 13 ++++++---
server/app/database/controller/add.py | 35 ++++++++++++++++++-------
server/app/database/controller/edit.py | 1 +
server/app/database/controller/get.py | 3 +--
server/requirements.txt | Bin 3432 -> 3432 bytes
server/tests/test_app.py | 31 +++++++++++-----------
7 files changed, 60 insertions(+), 38 deletions(-)
diff --git a/server/app/apis/auth.py b/server/app/apis/auth.py
index c7e997a8..b6379f28 100644
--- a/server/app/apis/auth.py
+++ b/server/app/apis/auth.py
@@ -57,13 +57,13 @@ def get_code_claims(item_code):
}
-# @api.route("/test")
-# class AuthSignup(Resource):
-# @protect_route(allowed_roles=["Admin"], allowed_views=["*"])
-# def get(self):
-# """ Tests that the user is an admin. """
-
-# return "ok"
+@blp.route("/test")
+class AuthSignup(MethodView):
+ @protect_route(allowed_roles=["Admin"], allowed_views=["*"])
+ @blp.response(http_codes.NO_CONTENT, None)
+ def get(self):
+ """ Tests that the user is admin or is in a competition. """
+ return None
@blp.route("/login")
@@ -75,7 +75,6 @@ class AuthLogin(MethodView):
email = args.get("email")
password = args.get("password")
-
item_user = dbc.get.user_by_email(email)
# Login with unknown email
diff --git a/server/app/apis/users.py b/server/app/apis/users.py
index 08dd4e29..a982bb0b 100644
--- a/server/app/apis/users.py
+++ b/server/app/apis/users.py
@@ -28,9 +28,9 @@ class UserAddArgsSchema(BaseSchema):
name = ma.auto_field()
password = fields.String(required=True)
- email = ma.auto_field()
- role_id = ma.auto_field()
- city_id = ma.auto_field()
+ email = ma.auto_field(required=True)
+ role_id = ma.auto_field(required=True)
+ city_id = ma.auto_field(required=True)
class UserEditArgsSchema(BaseSchema):
@@ -61,6 +61,13 @@ class Users(MethodView):
""" Get currently logged in user. """
return dbc.get.one(User, get_jwt_identity())
+ @protect_route(allowed_roles=["*"])
+ @blp.arguments(UserEditArgsSchema)
+ @blp.response(http_codes.OK, UserSchema)
+ def put(self, args):
+ """ Edit current user. """
+ return _edit_user(dbc.get.one(User, get_jwt_identity()), args)
+
@protect_route(allowed_roles=["Admin"])
@blp.arguments(UserAddArgsSchema)
@blp.response(http_codes.OK, UserSchema)
diff --git a/server/app/database/controller/add.py b/server/app/database/controller/add.py
index f8ead2dd..fb3d3487 100644
--- a/server/app/database/controller/add.py
+++ b/server/app/database/controller/add.py
@@ -7,19 +7,33 @@ import os
import app.database.controller as dbc
from app.apis import http_codes
from app.core import db
-from app.database.models import (Blacklist, City, Code, Competition,
- ComponentType, ImageComponent, Media,
- MediaType, Question, QuestionAlternative,
- QuestionAlternativeAnswer, QuestionComponent,
- QuestionScore, QuestionType, Role, Slide,
- Team, TextComponent, User, ViewType,
- Whitelist)
-from app.database.types import (IMAGE_COMPONENT_ID, QUESTION_COMPONENT_ID,
- TEXT_COMPONENT_ID)
+from app.database.models import (
+ Blacklist,
+ City,
+ Code,
+ Competition,
+ ComponentType,
+ ImageComponent,
+ Media,
+ MediaType,
+ Question,
+ QuestionAlternative,
+ QuestionAlternativeAnswer,
+ QuestionComponent,
+ QuestionScore,
+ QuestionType,
+ Role,
+ Slide,
+ Team,
+ TextComponent,
+ User,
+ ViewType,
+ Whitelist,
+)
+from app.database.types import IMAGE_COMPONENT_ID, QUESTION_COMPONENT_ID, TEXT_COMPONENT_ID
from flask import current_app
from flask.globals import current_app
from flask_smorest import abort
-# from flask_restx import abort
from PIL import Image
from sqlalchemy import exc
@@ -34,6 +48,7 @@ def db_add(item):
db.session.commit()
db.session.refresh(item)
except (exc.IntegrityError):
+ db.session.rollback()
abort(http_codes.CONFLICT, message=f"Kunde inte lägga objektet")
except (exc.SQLAlchemyError, exc.DBAPIError):
db.session.rollback()
diff --git a/server/app/database/controller/edit.py b/server/app/database/controller/edit.py
index 209c753b..a5e35352 100644
--- a/server/app/database/controller/edit.py
+++ b/server/app/database/controller/edit.py
@@ -34,6 +34,7 @@ def default(item, **kwargs):
try:
db.session.commit()
except exc.IntegrityError:
+ db.session.rollback()
abort(http_codes.CONFLICT, f"Kunde inte utföra ändringen")
db.session.refresh(item)
diff --git a/server/app/database/controller/get.py b/server/app/database/controller/get.py
index 536a80a3..bcaece40 100644
--- a/server/app/database/controller/get.py
+++ b/server/app/database/controller/get.py
@@ -63,8 +63,7 @@ def user_exists(email):
def user_by_email(email):
""" Gets the user object associated with the provided email. """
-
- return User.query.filter(User.email == email).first_api(error_code=http_codes.UNAUTHORIZED)
+ return User.query.filter(User.email == email).first_api()
### Slides ###
diff --git a/server/requirements.txt b/server/requirements.txt
index 4a5b311d4572b4d435a681f818a8e97f74d0fcf3..b32db8af5507f9b307ec6f6ccfb03d1608b6ae75 100644
GIT binary patch
delta 46
zcmaDM^+IaHIwn~shGd2!hDwG4h7tx{1~-NrhD3&9hHM5~23rQh$#0n@H$P!&;Q|0K
CM+|}h
delta 50
zcmaDM^+IaHIwnOoh8%`OhGK?n23-axhGd2!hDwG4h7tx_23rOL20aGz$sd_TH$P!&
G;Q|0wPYmh+
diff --git a/server/tests/test_app.py b/server/tests/test_app.py
index cf35c54c..cf359da0 100644
--- a/server/tests/test_app.py
+++ b/server/tests/test_app.py
@@ -156,7 +156,7 @@ def test_auth_and_user_api(client):
# Create user
register_data = {"email": "test1@test.se", "password": "abc123", "role_id": 2, "city_id": 1}
- response, body = post(client, "/api/auth/signup", register_data, headers)
+ response, body = post(client, "/api/users", register_data, headers)
assert response.status_code == http_codes.OK
assert body["id"] == 2
assert "password" not in body
@@ -164,21 +164,21 @@ def test_auth_and_user_api(client):
# Try to create user with same email
register_data = {"email": "test1@test.se", "password": "354213", "role_id": 1, "city_id": 1}
- response, body = post(client, "/api/auth/signup", register_data, headers)
- assert response.status_code == http_codes.BAD_REQUEST
+ response, body = post(client, "/api/users", register_data, headers)
+ assert response.status_code == http_codes.CONFLICT
- # Try loggin with wrong PASSWORD
+ # Try login with wrong PASSWORD
response, body = post(client, "/api/auth/login", {"email": "test1@test.se", "password": "abc1234"})
assert response.status_code == http_codes.UNAUTHORIZED
- # Try loggin with wrong Email
+ # Try login with wrong Email
response, body = post(client, "/api/auth/login", {"email": "testx@test.se", "password": "abc1234"})
- assert response.status_code == http_codes.UNAUTHORIZED
+ assert response.status_code == http_codes.NOT_FOUND
- # Try loggin with right PASSWORD
+ # Login with right PASSWORD
response, body = post(client, "/api/auth/login", {"email": "test1@test.se", "password": "abc123"})
assert response.status_code == http_codes.OK
- # refresh_token = body["refresh_token"]
+
headers = {"Authorization": "Bearer " + body["access_token"]}
# Get the current user
@@ -190,7 +190,8 @@ def test_auth_and_user_api(client):
response, body = put(client, "/api/users", {"name": "carl carlsson", "city_id": 2, "role_id": 1}, headers=headers)
assert response.status_code == http_codes.OK
assert body["name"] == "Carl Carlsson"
- assert body["city_id"] == 2 and body["role_id"] == 1
+ assert body["city_id"] == 2
+ assert body["role_id"] == 1
# Find other user
response, body = get(
@@ -200,7 +201,7 @@ def test_auth_and_user_api(client):
headers=headers,
)
assert response.status_code == http_codes.OK
- assert body["count"] == 1
+ assert len(body) == 1
# Get user from ID
searched_user = body[0]
@@ -225,19 +226,19 @@ def test_auth_and_user_api(client):
# Edit user from ID but add the same email as other user
response, body = put(client, f"/api/users/{user_id}", {"email": "test@test.se"}, headers=headers)
- assert response.status_code == http_codes.BAD_REQUEST
+ assert response.status_code == http_codes.CONFLICT
# Delete other user
- response, body = delete(client, f"/api/auth/delete/{user_id}", headers=headers)
- assert response.status_code == http_codes.OK
+ response, body = delete(client, f"/api/users/{user_id}", headers=headers)
+ assert response.status_code == http_codes.NO_CONTENT
# Try to delete other user again
- response, body = delete(client, f"/api/auth/delete/{user_id}", headers=headers)
+ response, body = delete(client, f"/api/users/{user_id}", headers=headers)
assert response.status_code == http_codes.NOT_FOUND
# Logout and try to access current user
response, body = post(client, f"/api/auth/logout", headers=headers)
- assert response.status_code == http_codes.OK
+ assert response.status_code == http_codes.NO_CONTENT
# TODO: Check if current users jwt (jti) is in blacklist after logging out
response, body = get(client, "/api/users", headers=headers)
--
GitLab