diff --git a/backend/application/routes.py b/backend/application/routes.py index af7106d..a249e02 100644 --- a/backend/application/routes.py +++ b/backend/application/routes.py @@ -139,7 +139,7 @@ def admin_create_user(): try: post_ip = str(post_json['ip']) post_user_id = str(post_json['user_id']) - token_is_admin = str(post_json['token_is_admin']) + token_is_admin = bool(post_json['token_is_admin']) if token_is_admin: post_email = None post_nickname = None @@ -208,7 +208,7 @@ def admin_update_user(): try: post_ip = str(post_json['ip']) post_user_id = str(post_json['user_id']) - token_is_admin = str(post_json['token_is_admin']) + token_is_admin = bool(post_json['token_is_admin']) if token_is_admin: post_is_admin = None post_password = None @@ -271,7 +271,7 @@ def admin_delete_user(): try: post_ip = str(post_json['ip']) post_user_id = str(post_json['user_id']) - token_is_admin = str(post_json['token_is_admin']) + token_is_admin = bool(post_json['token_is_admin']) if token_is_admin: post_user_id_delete = None fields = '' diff --git a/backend/test.py b/backend/test.py index 2aa595f..bec92de 100644 --- a/backend/test.py +++ b/backend/test.py @@ -20,6 +20,7 @@ class BaseTestCase(TestCase): def tearDown(self): db.session.remove() db.drop_all() + db.create_all() class FlaskTestCase(BaseTestCase): @@ -28,6 +29,7 @@ class FlaskTestCase(BaseTestCase): def login(self, email, password): data0 = { + "ip": "127.0.0.1", "email": email, "password": password } @@ -46,6 +48,7 @@ class FlaskTestCase(BaseTestCase): def test_login_emptyFields_statusCode(self): data0 = { + "ip": "127.0.0.1", "email": "", "password": "blabla" } @@ -54,6 +57,7 @@ class FlaskTestCase(BaseTestCase): def test_login_emptyFields_message(self): data0 = { + "ip": "127.0.0.1", "email": "", "password": "blabla" } @@ -62,6 +66,7 @@ class FlaskTestCase(BaseTestCase): def test_login_wrongFields_statusCode(self): data0 = { + "ip": "127.0.0.1", "email": "nimp@gmail.com", "password": "nimp" } @@ -70,6 +75,7 @@ class FlaskTestCase(BaseTestCase): def test_login_wrongFields_message(self): data0 = { + "ip": "127.0.0.1", "email": "nimp@gmail.com", "password": "nimp" } @@ -78,6 +84,7 @@ class FlaskTestCase(BaseTestCase): def test_login_success_statusCode(self): data0 = { + "ip": "127.0.0.1", "email": "riri@gmail.com", "password": "ririPass" } @@ -86,6 +93,7 @@ class FlaskTestCase(BaseTestCase): def test_login_success_message(self): data0 = { + "ip": "127.0.0.1", "email": "riri@gmail.com", "password": "ririPass" } @@ -104,6 +112,7 @@ class FlaskTestCase(BaseTestCase): def test_register_emptyFields_statusCode(self): data0 = { + "ip": "127.0.0.1", "email": "", "password": "blabla", "nickname": "blabla" @@ -113,6 +122,7 @@ class FlaskTestCase(BaseTestCase): def test_register_emptyFields_message(self): data0 = { + "ip": "127.0.0.1", "email": "", "password": "blabla", "nickname": "blabla" @@ -122,6 +132,7 @@ class FlaskTestCase(BaseTestCase): def test_register_alreadyExist_statusCode(self): data0 = { + "ip": "127.0.0.1", "email": "riri@gmail.com", "password": "blabla", "nickname": "blabla" @@ -129,8 +140,9 @@ class FlaskTestCase(BaseTestCase): response = self.client.post('/api/register', json=data0) self.assertEqual(response.status_code, 500) - def test_register_alreadyExist_statusCode(self): + def test_register_alreadyExist_message(self): data0 = { + "ip": "127.0.0.1", "email": "riri@gmail.com", "password": "blabla", "nickname": "blabla" @@ -140,6 +152,7 @@ class FlaskTestCase(BaseTestCase): def test_register_success_statusCode(self): data0 = { + "ip": "127.0.0.1", "email": "loulou@gmail.com", "password": "loulouPass", "nickname": "Loulou" @@ -149,6 +162,7 @@ class FlaskTestCase(BaseTestCase): def test_register_success_message(self): data0 = { + "ip": "127.0.0.1", "email": "loulou@gmail.com", "password": "loulouPass", "nickname": "Loulou" @@ -159,25 +173,21 @@ class FlaskTestCase(BaseTestCase): # --- LOGOUT --- def test_logout_fail_(self): - response = self.client.delete('/api/logout') - self.assertEqual(response.status_code, 500) + response = self.client.delete('/api/logout', json={}) + self.assertEqual(response.status_code, 400) def test_logout_success(self): response = self.login("riri@gmail.com", "ririPass") self.assertEqual(response.status_code, 200) - response = self.client.delete('/api/logout') + data0 = { + "ip": "127.0.0.1", + "user_id": 0 + } + response = self.client.delete('/api/logout', json=data0) self.assertEqual(response.status_code, 200) # --- USER/UPDATE --- - def test_userUpdate_notConnected_statusCode(self): - response = self.client.put('/api/user/update', json={}) - self.assertEqual(response.status_code, 500) - - def test_userUpdate_notConnected_message(self): - response = self.client.put('/api/user/update', json={}) - self.assertEqual(response.json['message'], 'User not authenticated.') - def test_userUpdate_noFields_statusCode(self): response = self.login("riri@gmail.com", "ririPass") self.assertEqual(response.status_code, 200) @@ -194,6 +204,8 @@ class FlaskTestCase(BaseTestCase): response = self.login("riri@gmail.com", "ririPass") self.assertEqual(response.status_code, 200) data0 = { + "ip": "127.0.0.1", + "user_id": 0, "nickname": "", "password": "blabla" } @@ -204,6 +216,8 @@ class FlaskTestCase(BaseTestCase): response = self.login("riri@gmail.com", "ririPass") self.assertEqual(response.status_code, 200) data0 = { + "ip": "127.0.0.1", + "user_id": 0, "nickname": "", "password": "blabla" } @@ -214,6 +228,8 @@ class FlaskTestCase(BaseTestCase): response = self.login("riri@gmail.com", "ririPass") self.assertEqual(response.status_code, 200) data0 = { + "ip": "127.0.0.1", + "user_id": 1, "nickname": "Ririri", "password": "ririPass" } @@ -222,66 +238,92 @@ class FlaskTestCase(BaseTestCase): # --- USER/DELETE --- - def test_userDelete_notConnected_statusCode(self): - response = self.client.delete('/api/user/delete') - self.assertEqual(response.status_code, 500) - - def test_userDelete_notConnected_message(self): - response = self.client.delete('/api/user/delete') - self.assertEqual(response.json['message'], 'User not authenticated.') - def test_userDelete_success_statusCode(self): response = self.login('riri@gmail.com', 'ririPass') self.assertEqual(response.status_code, 200) - response = self.client.delete('/api/user/delete') + data0 = { + "ip": "127.0.0.1", + "user_id": 1 + } + response = self.client.delete('/api/user/delete', json=data0) self.assertEqual(response.status_code, 200) def test_userDelete_success_message(self): response = self.login('riri@gmail.com', 'ririPass') self.assertEqual(response.status_code, 200) - response = self.client.delete('/api/user/delete') + data0 = { + "ip": "127.0.0.1", + "user_id": 1 + } + response = self.client.delete('/api/user/delete', json=data0) self.assertEqual(response.json['message'], 'User deleted.') def test_userDelete_lastAdmin_statusCode(self): response = self.login('donald@gmail.com', 'donaldPass') self.assertEqual(response.status_code, 200) - response = self.client.delete('/api/user/delete') + data0 = { + "ip": "127.0.0.1", + "user_id": 3 + } + response = self.client.delete('/api/user/delete', json=data0) self.assertEqual(response.status_code, 200) response = self.login('daisy@gmail.com', 'daisyPass') self.assertEqual(response.status_code, 200) - response = self.client.delete('/api/user/delete') + data0 = { + "ip": "127.0.0.1", + "user_id": 4 + } + response = self.client.delete('/api/user/delete', json=data0) self.assertEqual(response.status_code, 500) def test_userDelete_lastAdmin_message(self): response = self.login('donald@gmail.com', 'donaldPass') self.assertEqual(response.status_code, 200) - response = self.client.delete('/api/user/delete') + data0 = { + "ip": "127.0.0.1", + "user_id": 3 + } + response = self.client.delete('/api/user/delete', json=data0) self.assertEqual(response.status_code, 200) response = self.login('daisy@gmail.com', 'daisyPass') self.assertEqual(response.status_code, 200) - response = self.client.delete('/api/user/delete') + data0 = { + "ip": "127.0.0.1", + "user_id": 4 + } + response = self.client.delete('/api/user/delete', json=data0) self.assertEqual(response.json['message'], 'Can\'t delete last admin') # --- ADMIN/CREATE/USER --- - def test_adminCreate_notConnected_statusCode(self): - response = self.client.post('/api/admin/create/user', json={}) - self.assertEqual(response.status_code, 500) - - def test_adminCreate_notConnected_message(self): - response = self.client.post('/api/admin/create/user', json={}) - self.assertEqual(response.json['message'], 'User not authenticated.') - def test_adminCreate_noPermission_statusCode(self): response = self.login('riri@gmail.com', 'ririPass') self.assertEqual(response.status_code, 200) - response = self.client.post('/api/admin/create/user', json={}) + data0 = { + "ip": "127.0.0.1", + "user_id": 1, + "token_is_admin": False, + "email": "azd", + "nickname": "Mickey", + "password": "mickeyPass", + "is_admin": True + } + response = self.client.post('/api/admin/create/user', json=data0) self.assertEqual(response.status_code, 500) def test_adminCreate_noPermission_message(self): response = self.login('riri@gmail.com', 'ririPass') self.assertEqual(response.status_code, 200) - response = self.client.post('/api/admin/create/user', json={}) + data0 = { + "ip": "127.0.0.1", + "user_id": 1, + "token_is_admin": False, + "email": "azd", + "nickname": "Mickey", + "password": "mickeyPass", + "is_admin": True + } + response = self.client.post('/api/admin/create/user', json=data0) self.assertEqual(response.json['message'], 'User does not have permission.') def test_adminCreate_noFields_statusCode(self): @@ -300,6 +342,9 @@ class FlaskTestCase(BaseTestCase): response = self.login('daisy@gmail.com', 'daisyPass') self.assertEqual(response.status_code, 200) data0 = { + "ip": "127.0.0.1", + "user_id": 4, + "token_is_admin": True, "email": "", "nickname": "Mickey", "password": "mickeyPass", @@ -312,6 +357,9 @@ class FlaskTestCase(BaseTestCase): response = self.login('daisy@gmail.com', 'daisyPass') self.assertEqual(response.status_code, 200) data0 = { + "ip": "127.0.0.1", + "user_id": 4, + "token_is_admin": True, "email": "", "nickname": "Mickey", "password": "mickeyPass", @@ -325,6 +373,9 @@ class FlaskTestCase(BaseTestCase): response = self.login('daisy@gmail.com', 'daisyPass') self.assertEqual(response.status_code, 200) data0 = { + "ip": "127.0.0.1", + "user_id": 4, + "token_is_admin": True, "email": "riri@gmail.com", "passord": "blabla", "nickname": "blabla", @@ -336,6 +387,9 @@ class FlaskTestCase(BaseTestCase): response = self.login('daisy@gmail.com', 'daisyPass') self.assertEqual(response.status_code, 200) data0 = { + "ip": "127.0.0.1", + "user_id": 4, + "token_is_admin": True, "email": "riri@gmail.com", "passord": "blabla", "nickname": "blabla", @@ -347,6 +401,9 @@ class FlaskTestCase(BaseTestCase): response = self.login('daisy@gmail.com', 'daisyPass') self.assertEqual(response.status_code, 200) data0 = { + "ip": "127.0.0.1", + "user_id": 4, + "token_is_admin": True, "email": "mickey@gmail.com", "nickname": "Mickey", "password": "mickeyPass", @@ -359,6 +416,9 @@ class FlaskTestCase(BaseTestCase): response = self.login('daisy@gmail.com', 'daisyPass') self.assertEqual(response.status_code, 200) data0 = { + "ip": "127.0.0.1", + "user_id": 4, + "token_is_admin": True, "email": "mickey@gmail.com", "nickname": "Mickey", "password": "mickeyPass", @@ -369,24 +429,26 @@ class FlaskTestCase(BaseTestCase): # --- ADMIN/UPDATE/USER --- - def test_adminUpdate_notConnected_statusCode(self): - response = self.client.put('/api/admin/update/user', json={}) - self.assertEqual(response.status_code, 500) - - def test_adminUpdate_notConnected_message(self): - response = self.client.put('/api/admin/update/user', json={}) - self.assertEqual(response.json['message'], 'User not authenticated.') - def test_adminUpdate_noPermission_statusCode(self): response = self.login('riri@gmail.com', 'ririPass') self.assertEqual(response.status_code, 200) - response = self.client.put('/api/admin/update/user', json={}) + data0 = { + "ip": "127.0.0.1", + "user_id": 1, + "token_is_admin": False + } + response = self.client.put('/api/admin/update/user', json=data0) self.assertEqual(response.status_code, 500) def test_adminUpdate_noPermission_message(self): response = self.login('riri@gmail.com', 'ririPass') self.assertEqual(response.status_code, 200) - response = self.client.put('/api/admin/update/user', json={}) + data0 = { + "ip": "127.0.0.1", + "user_id": 1, + "token_is_admin": False + } + response = self.client.put('/api/admin/update/user', json=data0) self.assertEqual(response.json['message'], 'User does not have permission.') def test_adminUpdate_noFields_statusCode(self): @@ -405,6 +467,9 @@ class FlaskTestCase(BaseTestCase): response = self.login('daisy@gmail.com', 'daisyPass') self.assertEqual(response.status_code, 200) data0 = { + "ip": "127.0.0.1", + "user_id": 4, + "token_is_admin": True, "id": 1, "password": "", "is_admin": False, @@ -416,6 +481,9 @@ class FlaskTestCase(BaseTestCase): response = self.login('daisy@gmail.com', 'daisyPass') self.assertEqual(response.status_code, 200) data0 = { + "ip": "127.0.0.1", + "user_id": 4, + "token_is_admin": True, "id": 1, "password": "", "is_admin": False, @@ -427,6 +495,9 @@ class FlaskTestCase(BaseTestCase): response = self.login('daisy@gmail.com', 'daisyPass') self.assertEqual(response.status_code, 200) data0 = { + "ip": "127.0.0.1", + "user_id": 4, + "token_is_admin": True, "id": 99, "password": "blabla", "is_admin": False @@ -438,6 +509,9 @@ class FlaskTestCase(BaseTestCase): response = self.login('daisy@gmail.com', 'daisyPass') self.assertEqual(response.status_code, 200) data0 = { + "ip": "127.0.0.1", + "user_id": 4, + "token_is_admin": True, "id": 99, "password": "blabla", "is_admin": False @@ -449,6 +523,9 @@ class FlaskTestCase(BaseTestCase): response = self.login('daisy@gmail.com', 'daisyPass') self.assertEqual(response.status_code, 200) data0 = { + "ip": "127.0.0.1", + "user_id": 4, + "token_is_admin": True, "id": 1, "password": "roroPass", "is_admin": False, @@ -460,33 +537,37 @@ class FlaskTestCase(BaseTestCase): response = self.login('daisy@gmail.com', 'daisyPass') self.assertEqual(response.status_code, 200) data0 = { + "ip": "127.0.0.1", + "user_id": 4, + "token_is_admin": True, "id": 1, "password": "roroPass", "is_admin": False, } response = self.client.put('/api/admin/update/user', json=data0) self.assertIn("updated", response.json['message']) - # --- ADMIN/DELETE/USER --- - def test_adminDelete_notConnected_statusCode(self): - response = self.client.delete('/api/admin/delete/user/1') - self.assertEqual(response.status_code, 500) - - def test_adminDelete_notConnected_message(self): - response = self.client.delete('/api/admin/delete/user/1') - self.assertEqual(response.json['message'], 'User not authenticated.') - def test_adminDelete_noPermission_statusCode(self): response = self.login('riri@gmail.com', 'ririPass') self.assertEqual(response.status_code, 200) - response = self.client.delete('/api/admin/delete/user/1') + data0 = { + "ip": "127.0.0.1", + "user_id": 1, + "token_is_admin": False + } + response = self.client.delete('/api/admin/delete/user', json=data0) self.assertEqual(response.status_code, 500) def test_adminDelete_noPermission_message(self): response = self.login('riri@gmail.com', 'ririPass') self.assertEqual(response.status_code, 200) - response = self.client.delete('/api/admin/delete/user/1') + data0 = { + "ip": "127.0.0.1", + "user_id": 1, + "token_is_admin": False + } + response = self.client.delete('/api/admin/delete/user', json=data0) self.assertEqual(response.json['message'], 'User does not have permission.') def test_adminDelete_noFields_statusCode(self): @@ -498,39 +579,59 @@ class FlaskTestCase(BaseTestCase): def test_adminDelete_no_fields(self): response = self.login('daisy@gmail.com', 'daisyPass') self.assertEqual(response.status_code, 200) - response = self.client.delete('/api/admin/delete/user') + response = self.client.delete('/api/admin/delete/user/') self.assertEqual('Not Found', response.json['message']) def test_adminDelete_notExists_statusCode(self): response = self.login('daisy@gmail.com', 'daisyPass') self.assertEqual(response.status_code, 200) - response = self.client.delete('/api/admin/delete/user/99') + data0 = { + "ip": "127.0.0.1", + "user_id": 4, + "token_is_admin": True, + "id": 99 + } + response = self.client.delete('/api/admin/delete/user', json=data0) self.assertEqual(response.status_code, 500) def test_adminDelete_notExists_message(self): response = self.login('daisy@gmail.com', 'daisyPass') self.assertEqual(response.status_code, 200) - response = self.client.delete('/api/admin/delete/user/99') + data0 = { + "ip": "127.0.0.1", + "user_id": 4, + "token_is_admin": True, + "id": 99 + } + response = self.client.delete('/api/admin/delete/user', json=data0) self.assertEqual(response.json['message'], 'User do not exist.') def test_adminDelete_success_statusCode(self): response = self.login('daisy@gmail.com', 'daisyPass') self.assertEqual(response.status_code, 200) - response = self.client.delete('/api/admin/delete/user/2') + data0 = { + "ip": "127.0.0.1", + "user_id": 4, + "token_is_admin": True, + "id": 2 + } + response = self.client.delete('/api/admin/delete/user', json=data0) self.assertEqual(response.status_code, 200) def test_adminDelete_success_message(self): response = self.login('daisy@gmail.com', 'daisyPass') self.assertEqual(response.status_code, 200) - response = self.client.delete('/api/admin/delete/user/2') + data0 = { + "ip": "127.0.0.1", + "user_id": 4, + "token_is_admin": True, + "id": 2 + } + response = self.client.delete('/api/admin/delete/user', json=data0) self.assertEqual(response.json['message'], 'User deleted.') # --- LIST OF USER --- - def test_listOfUsers_fail(self): - response = self.client.get('/api/users') - self.assertEqual(response.status_code, 500) - def test_listOfUsers_success(self): response = self.login('riri@gmail.com', 'ririPass') self.assertEqual(response.status_code, 200)