app-MAIL-temp/tests/dashboard/test_api_keys.py

116 lines
3.5 KiB
Python
Raw Normal View History

from time import time
import arrow
2022-03-21 14:43:27 +01:00
from flask import url_for
from app import config
from app.dashboard.views.api_key import clean_up_unused_or_old_api_keys
2022-02-03 16:02:32 +01:00
from app.db import Session
from app.models import User, ApiKey
from tests.utils import login, create_new_user
2022-02-03 16:02:32 +01:00
def test_api_key_page_requires_password(flask_client):
r = flask_client.get(
url_for("dashboard.api_key"),
)
assert r.status_code == 302
2022-02-03 16:02:32 +01:00
def test_create_delete_api_key(flask_client):
2022-02-03 20:20:39 +01:00
user = login(flask_client)
nb_api_key = ApiKey.count()
2022-02-03 16:02:32 +01:00
# to bypass sudo mode
with flask_client.session_transaction() as session:
session["sudo_time"] = int(time())
2022-02-03 16:02:32 +01:00
# create api_key
create_r = flask_client.post(
url_for("dashboard.api_key"),
data={"form-name": "create", "name": "for test"},
follow_redirects=True,
)
assert create_r.status_code == 200
2022-02-03 20:49:29 +01:00
api_key = ApiKey.get_by(user_id=user.id)
assert ApiKey.filter(ApiKey.user_id == user.id).count() == 1
2022-02-03 16:02:32 +01:00
assert api_key.name == "for test"
2022-02-03 22:44:27 +01:00
# delete api_key
delete_r = flask_client.post(
url_for("dashboard.api_key"),
data={"form-name": "delete", "api-key-id": api_key.id},
follow_redirects=True,
)
assert delete_r.status_code == 200
assert ApiKey.count() == nb_api_key
2022-02-03 16:02:32 +01:00
def test_delete_all_api_keys(flask_client):
nb_api_keys = ApiKey.count()
2022-02-03 16:02:32 +01:00
# create two test users
user_1 = login(flask_client)
2022-02-03 16:02:32 +01:00
user_2 = User.create(
email="a2@b.c", password="password", name="Test User 2", activated=True
)
Session.commit()
# create api_key for both users
ApiKey.create(user_1.id, "for test")
2022-02-03 16:05:46 +01:00
ApiKey.create(user_1.id, "for test 2")
2022-02-03 16:02:32 +01:00
ApiKey.create(user_2.id, "for test")
Session.commit()
assert (
ApiKey.count() == nb_api_keys + 3
2022-02-03 16:05:46 +01:00
) # assert that the total number of API keys for all users is 3.
# assert that each user has the API keys created
assert ApiKey.filter(ApiKey.user_id == user_1.id).count() == 2
2022-02-03 16:02:32 +01:00
assert ApiKey.filter(ApiKey.user_id == user_2.id).count() == 1
# to bypass sudo mode
with flask_client.session_transaction() as session:
session["sudo_time"] = int(time())
2022-02-03 16:02:32 +01:00
# delete all of user 1's API keys
r = flask_client.post(
url_for("dashboard.api_key"),
data={"form-name": "delete-all"},
follow_redirects=True,
)
assert r.status_code == 200
2022-02-03 16:02:32 +01:00
assert (
ApiKey.count() == nb_api_keys + 1
2022-02-03 16:02:32 +01:00
) # assert that the total number of API keys for all users is now 1.
assert (
ApiKey.filter(ApiKey.user_id == user_1.id).count() == 0
) # assert that user 1 now has 0 API keys
assert (
ApiKey.filter(ApiKey.user_id == user_2.id).count() == 1
) # assert that user 2 still has 1 API key
def test_cleanup_api_keys():
user = create_new_user()
ApiKey.create(
user_id=user.id, name="used", last_used=arrow.utcnow().shift(days=-3), times=1
)
ApiKey.create(
user_id=user.id, name="keep 1", last_used=arrow.utcnow().shift(days=-2), times=1
)
ApiKey.create(
user_id=user.id, name="keep 2", last_used=arrow.utcnow().shift(days=-1), times=1
)
ApiKey.create(user_id=user.id, name="not used", last_used=None, times=1)
Session.flush()
old_max_api_keys = config.MAX_API_KEYS
config.MAX_API_KEYS = 2
clean_up_unused_or_old_api_keys(user.id)
keys = ApiKey.filter_by(user_id=user.id).all()
assert len(keys) == 2
assert keys[0].name.find("keep") == 0
assert keys[1].name.find("keep") == 0
config.MAX_API_KEYS = old_max_api_keys