Merge remote-tracking branch 'origin/master'

2022-01-12 18:17:46 +01:00 · 2022-01-12 18:17:46 +01:00 · cf6e0f6c9a
commit cf6e0f6c9a
parent 0a3ab090a6 d63b1cabd5
2 changed files with 424 additions and 0 deletions
--- a/backend/test/fictive_users.py
+++ b/backend/test/fictive_users.py
@ -0,0 +1,58 @@
+import os
+import sys
+sys.path.append("../application")
+from users_model import Users
+from api_functions import hash_password
+
+
+
+TAB_USER_WITH_PASSWORD = [
+    {
+         "id": 1,
+         "email": "riri@gmail.com",
+         "nickname": "Riri",
+         "password": "ririPass",
+         "is_admin": False       
+    },
+    {
+        "id": 2,
+        "email": "fifi@gmail.com",
+        "nickname": "Fifi",
+        "password": "fifiPass",
+        "is_admin": False  
+    },
+    {
+        "id": 3,
+        "email": "donald@gmail.com",
+        "nickname": "Donald",
+        "password": "donaldPass",
+        "is_admin": False
+    }, 
+    {
+        "id": 4,
+        "email": "daisy@gmail.com",
+        "nickname": "Daisy",
+        "password": "daisyPass",
+        "is_admin": True
+    }, 
+]
+
+
+
+# Convert user with passord (uwp) to user
+def uwp_to_user(uwp):
+    salt0 = os.urandom(32)
+    hash_pass0 = hash_password(salt0, uwp["password"])
+    return Users(
+        email = uwp["email"],
+        nickname = uwp["nickname"],
+        hash_pass = hash_pass0,
+        salt = salt0,
+        is_admin = uwp["is_admin"]
+    )
+
+
+
+TAB_USER = []
+for uwp in TAB_USER_WITH_PASSWORD:
+    TAB_USER.append(uwp_to_user(uwp))
--- a/backend/test/test.py
+++ b/backend/test/test.py
@ -0,0 +1,366 @@
+import unittest
+from flask.ext.testing import TestCase
+import json
+import sys
+
+sys.path.append("../application")
+from __init__ import app, db
+from users_model import Users
+from fictive_users import TAB_USER
+
+
+
+
+class BaseTestCase(TestCase):
+
+    def create_app(self):
+        FLASK_ENV = os.environ.get('FLASK_ENV', None)
+        if FLASK_ENV == 'production':
+            app.config.from_object("config.ProductionConfig")
+        elif FLASK_ENV == 'staging':
+            app.config.from_object("config.StagingConfig")
+        elif FLASK_ENV == 'development':
+            app.config.from_object("config.DevelopmentConfig")
+        else:
+            app.config.from_object("config.Config")
+        return app
+
+
+    def setUp(self):
+        db.create_all()
+        for user in TAB_USER:
+            db.session.add(user)
+        db.session.commit()
+
+
+    def tearDown(self):
+        db.session.remove()
+        db.drop_all()
+
+
+
+
+class FlaskTestCase(BaseTestCase):
+
+    # -- UTILS ---
+
+    def login(self, email, password):
+        data0 = json.dumps({
+            "email": email,
+            "passord": password
+        })
+        response = self.client.post('/api/login', data=data0)
+
+
+
+    # --- LOGIN ---
+
+    def test_login_no_fields(self):
+        data0 = json.dumps({})
+        response = self.client.post('/api/login', data=data0)
+        self.assertEqual(response.message, 'Need email, password fields.')
+
+
+    def test_login_empty_fields(self):
+        data0 = json.dumps({
+            "email": "",
+            "passord": "blabla"
+        })
+        response = self.client.post('/api/login', data=data0)
+        self.assertEqual(response.message, 'Empty email and/or password fields.')
+
+
+    def test_login_wrong_fields(self):
+        data0 = json.dumps({
+            "email": "nimp@gmail.com",
+            "passord": "nimp"
+        })
+        response = self.client.post('/api/login', data=data0)
+        self.assertEqual(response.message, 'Email or password invalid')
+
+
+    def test_login_success(self):
+        data0 = json.dumps({
+            "email": "riri@gmail.com",
+            "passord": "ririPass"
+        })
+        response = self.client.post('/api/login', data=data0)
+        self.assertEqual(response.message, 'User authenticated.')
+
+
+
+    # --- REGISTER ---
+
+    def test_register_no_fields(self):
+        data0 = json.dumps({})
+        response = self.client.post('/api/register', data=data0)
+        self.assertIn('Need', response.message)
+
+
+    def test_register_empty_fields(self):
+        data0 = json.dumps({
+            "email": "",
+            "passord": "blabla",
+            "nickname": "blabla"
+        })
+        response = self.client.post('/api/register', data=data0)
+        self.assertEqual(response.message, 'Empty email and/or password and/or nickname fields.')
+
+
+    def test_register_already_exist(self):
+        data0 = json.dumps({
+            "email": "riri@gmail.com",
+            "passord": "blabla",
+            "nickname": "blabla"
+        })
+        response = self.client.post('/api/register', data=data0)
+        self.assertIn('already exist', response.message)
+
+
+    def test_register_success(self):
+        data0 = json.dumps({
+            "email": "loulou@gmail.com",
+            "passord": "loulouPass",
+            "nickname": "Loulou"
+        })
+        response = self.client.post('/api/register', data=data0)
+        self.assertEqual(response.message, 'User registered.')
+
+
+
+    # --- LOGOUT ---
+
+    def test_logout_fail(self):
+        response = self.client.delete('/api/logout')
+        self.assertEqual(response.status_code, 500)
+
+
+    def test_logout_success(self):
+        self.login_user()
+        response = self.client.delete('/api/logout')
+        self.assertEqual(response.status_code, 200)
+
+
+    # --- SELF UPDATE  ---
+
+    def test_self_update_not_connected(self):
+        data0 = json.dumps({})
+        response = self.client.put('/api/user/update', data=data0)
+        self.assertEqual(response.status_code, 500)
+
+
+    def test_self_update_no_fields(self):
+        self.login('riri@gmail.com', 'ririPass')
+        data0 = json.dumps({})
+        response = self.client.put('/api/user/update', data=data0)
+        self.assertIn('Need', response.message)
+
+
+    def test_self_update_empty_fields(self):
+        self.login('riri@gmail.com', 'ririPass')
+        data0 = json.dumps({
+            "nickname": "",
+            "password": "blabla" 
+        })
+        response = self.client.put('/api/user/update', data=data0)
+        self.assertEqual(response.message, 'Empty nickname and/or password fields.')
+        
+
+    def test_self_update_success(self):
+        self.login('riri@gmail.com', 'ririPass')
+        data0 = json.dumps({
+            "nickname": "Ririri",
+            "password": "ririPass" 
+        })
+        response = self.client.put('/api/user/update', data=data0)
+        self.assertEqual(response.status_code, 200)
+
+
+
+    # --- SELF DELETE  ---
+
+    def test_self_delete_not_connected(self):
+        response = self.client.delete('/api/user/delete')
+        self.assertEqual(response.status_code, 500)
+
+
+    def test_self_delete_success(self):
+        self.login('donald@gmail.com', 'donaldPass')
+        response = self.client.delete('/api/user/delete')
+        self.assertEqual(response.status_code, 200)
+
+    
+    def test_self_delete_last_admin(self):
+        self.login('daisy@gmail.com', 'daisyPass')
+        response = self.client.delete('/api/user/delete')
+        self.assertEqual(response.message, 'Can\'t delete last admin')
+
+
+
+    # --- admin: CREATE USER ---
+
+    def test_admin_create_not_connected(self):
+        data0 = json.dumps({})
+        response = self.client.post('/api/admin/create/user', data=data0)
+        self.assertEqual(response.message, 'User not authenticated.')
+
+    
+    def test_admin_create_no_permission(self):
+        self.login('riri@gmail.com', 'ririPass')
+        data0 = json.dumps({})
+        response = self.client.post('/api/admin/create/user', data=data0)
+        self.assertEqual(response.message, 'User does not have permission.')
+
+
+    def test_admin_create_no_fields(self):
+        self.login('daisy@gmail.com', 'daisyPass')
+        data0 = json.dumps({})
+        response = self.client.post('/api/admin/create/user', data=data0)
+        self.assertIn('Need', response.message)
+
+    
+    def test_admin_create_empty_fields(self):
+        self.login('daisy@gmail.com', 'daisyPass')
+        data0 = json.dumps({
+            "email": "",
+            "nickname": "Mickey",
+            "password": "mickeyPass",
+            "is_admin": true, 
+        })
+        response = self.client.post('/api/admin/create/user', data=data0)
+        self.assertEqual(response.message, 'Empty email and/or nickname and/or password and/or is_admin fields.')
+
+
+    def test_admin_create_already_exist(self):
+        self.login('daisy@gmail.com', 'daisyPass')
+        data0 = json.dumps({
+            "email": "riri@gmail.com",
+            "passord": "blabla",
+            "nickname": "blabla",
+        })
+        response = self.client.post('/api/admin/create/user', data=data0)
+        self.assertIn('already exist', response.message)
+
+
+    def test_admin_create_success(self):
+        self.login('daisy@gmail.com', 'daisyPass')
+        data0 = json.dumps({
+            "email": "mickey@gmail.com",
+            "nickname": "Mickey",
+            "password": "mickeyPass",
+            "is_admin": true, 
+        })
+        response = self.client.post('/api/admin/create/user', data=data0)
+        self.assertEqual(response.message, 'User registered.')
+    
+
+
+    # --- admin: UPDATE USER ---
+
+    def test_admin_update_not_connected(self):
+        data0 = json.dumps({})
+        response = self.client.put('/api/admin/update/user', data=data0)
+        self.assertEqual(response.message, 'User not authenticated.')
+
+    
+    def test_admin_update_no_permission(self):
+        self.login('riri@gmail.com', 'ririPass')
+        data0 = json.dumps({})
+        response = self.client.put('/api/admin/update/user', data=data0)
+        self.assertEqual(response.message, 'User does not have permission.')
+
+
+    def test_admin_update_no_fields(self):
+        self.login('daisy@gmail.com', 'daisyPass')
+        data0 = json.dumps({})
+        response = self.client.put('/api/admin/update/user', data=data0)
+        self.assertIn('Need', response.message)
+
+    
+    def test_admin_update_empty_fields(self):
+        self.login('daisy@gmail.com', 'daisyPass')
+        data0 = json.dumps({
+            "id": 1,
+            "password": "",
+            "is_admin": false,
+        })
+        response = self.client.put('/api/admin/update/user', data=data0)
+        self.assertEqual(response.message, 'Empty is_admin and/or password fields.')
+
+
+    def test_admin_update_not_exists(self):
+        self.login('daisy@gmail.com', 'daisyPass')
+        data0 = json.dumps({
+            "id": 99,
+            "password": "",
+            "is_admin": false,
+        })
+        response = self.client.put('/api/admin/update/user', data=data0)
+        self.assertEqual(response.message, 'User do not exist.')
+
+
+    def test_admin_update_success(self):
+        self.login('daisy@gmail.com', 'daisyPass')
+        data0 = json.dumps({
+            "id": 1,
+            "password": "roroPass",
+            "is_admin": false, 
+        })
+        response = self.client.put('/api/admin/update/user', data=data0)
+        self.assertEqual(response.status_code, 200)
+
+
+
+    # --- admin: DELETE USER ---
+
+    def test_admin_delete_not_connected(self):
+        response = self.client.delete('/api/admin/delete/user')
+        self.assertEqual(response.message, 'User not authenticated.')
+
+    
+    def test_admin_delete_no_permission(self):
+        self.login('riri@gmail.com', 'ririPass')
+        response = self.client.delete('/api/admin/delete/user')
+        self.assertEqual(response.message, 'User does not have permission.')
+
+
+    def test_admin_delete_no_fields(self):
+        self.login('daisy@gmail.com', 'daisyPass')
+        data0 = json.dumps({})
+        response = self.client.delete('/api/admin/delete/user')
+        self.assertIn('Need', response.message)
+
+    
+    def test_admin_delete_not_exists(self):
+        self.login('daisy@gmail.com', 'daisyPass')
+        data0 = json.dumps({"id": 99})
+        response = self.client.delete('/api/admin/delete/user')
+        self.assertEqual(response.message, 'User do not exist.')
+
+    
+    def test_admin_delete_success(self):
+        self.login('daisy@gmail.com', 'daisyPass')
+        data0 = json.dumps({"id": 2})
+        response = self.client.delete('/api/admin/delete/user', data=data0)
+        self.assertEqual(response.status_code, 200)
+
+
+
+    # --- LIST OF USER ---
+
+    def test_list_of_users_fail(self):
+        response = self.client.get('/api/users')
+        self.assertEqual(response.status_code, 500)
+
+
+    def test_list_of_users_success(self):
+        self.login('riri@gmail.com', 'ririPass')
+        response = self.client.get('/api/users')
+        self.assertEqual(response.status_code, 200)
+
+
+
+
+
+if __name__ == '__main__':
+    unittest.main()