2022-03-21 14:40:47 +01:00
|
|
|
from time import time
|
|
|
|
|
2022-03-21 14:43:27 +01:00
|
|
|
from flask import url_for
|
2022-02-03 20:30:10 +01:00
|
|
|
|
2022-02-03 16:02:32 +01:00
|
|
|
from app.db import Session
|
|
|
|
from app.models import User, ApiKey
|
2022-02-03 20:20:39 +01:00
|
|
|
from tests.utils import login
|
2022-02-03 16:02:32 +01:00
|
|
|
|
|
|
|
|
2022-03-21 14:40:47 +01:00
|
|
|
def test_api_key_page_requires_password(flask_client):
|
|
|
|
r = flask_client.get(
|
|
|
|
url_for("dashboard.api_key"),
|
|
|
|
)
|
|
|
|
|
|
|
|
assert r.status_code == 302
|
|
|
|
|
|
|
|
|
2022-02-03 16:02:32 +01:00
|
|
|
def test_create_delete_api_key(flask_client):
|
2022-02-03 20:20:39 +01:00
|
|
|
user = login(flask_client)
|
2022-10-13 18:55:22 +02:00
|
|
|
nb_api_key = ApiKey.count()
|
2022-02-03 16:02:32 +01:00
|
|
|
|
2022-03-21 14:40:47 +01:00
|
|
|
# to bypass sudo mode
|
|
|
|
with flask_client.session_transaction() as session:
|
|
|
|
session["sudo_time"] = int(time())
|
|
|
|
|
2022-02-03 16:02:32 +01:00
|
|
|
# create api_key
|
2022-02-03 20:47:41 +01:00
|
|
|
create_r = flask_client.post(
|
|
|
|
url_for("dashboard.api_key"),
|
|
|
|
data={"form-name": "create", "name": "for test"},
|
|
|
|
follow_redirects=True,
|
|
|
|
)
|
|
|
|
assert create_r.status_code == 200
|
2022-02-03 20:49:29 +01:00
|
|
|
api_key = ApiKey.get_by(user_id=user.id)
|
2022-10-13 18:55:22 +02:00
|
|
|
assert ApiKey.filter(ApiKey.user_id == user.id).count() == 1
|
2022-02-03 16:02:32 +01:00
|
|
|
assert api_key.name == "for test"
|
|
|
|
|
2022-02-03 22:44:27 +01:00
|
|
|
# delete api_key
|
2022-02-03 20:47:41 +01:00
|
|
|
delete_r = flask_client.post(
|
|
|
|
url_for("dashboard.api_key"),
|
|
|
|
data={"form-name": "delete", "api-key-id": api_key.id},
|
|
|
|
follow_redirects=True,
|
|
|
|
)
|
|
|
|
assert delete_r.status_code == 200
|
2022-10-13 18:55:22 +02:00
|
|
|
assert ApiKey.count() == nb_api_key
|
2022-02-03 16:02:32 +01:00
|
|
|
|
|
|
|
|
2022-02-03 20:47:41 +01:00
|
|
|
def test_delete_all_api_keys(flask_client):
|
2022-10-13 18:55:22 +02:00
|
|
|
nb_api_keys = ApiKey.count()
|
|
|
|
|
2022-02-03 16:02:32 +01:00
|
|
|
# create two test users
|
2022-02-03 20:30:10 +01:00
|
|
|
user_1 = login(flask_client)
|
2022-02-03 16:02:32 +01:00
|
|
|
user_2 = User.create(
|
|
|
|
email="a2@b.c", password="password", name="Test User 2", activated=True
|
|
|
|
)
|
|
|
|
Session.commit()
|
|
|
|
|
|
|
|
# create api_key for both users
|
|
|
|
ApiKey.create(user_1.id, "for test")
|
2022-02-03 16:05:46 +01:00
|
|
|
ApiKey.create(user_1.id, "for test 2")
|
2022-02-03 16:02:32 +01:00
|
|
|
ApiKey.create(user_2.id, "for test")
|
|
|
|
Session.commit()
|
|
|
|
|
|
|
|
assert (
|
2022-10-13 18:55:22 +02:00
|
|
|
ApiKey.count() == nb_api_keys + 3
|
2022-02-03 16:05:46 +01:00
|
|
|
) # assert that the total number of API keys for all users is 3.
|
|
|
|
# assert that each user has the API keys created
|
|
|
|
assert ApiKey.filter(ApiKey.user_id == user_1.id).count() == 2
|
2022-02-03 16:02:32 +01:00
|
|
|
assert ApiKey.filter(ApiKey.user_id == user_2.id).count() == 1
|
|
|
|
|
2022-03-21 14:40:47 +01:00
|
|
|
# to bypass sudo mode
|
|
|
|
with flask_client.session_transaction() as session:
|
|
|
|
session["sudo_time"] = int(time())
|
|
|
|
|
2022-02-03 16:02:32 +01:00
|
|
|
# delete all of user 1's API keys
|
2022-02-03 20:30:10 +01:00
|
|
|
r = flask_client.post(
|
|
|
|
url_for("dashboard.api_key"),
|
|
|
|
data={"form-name": "delete-all"},
|
|
|
|
follow_redirects=True,
|
|
|
|
)
|
|
|
|
assert r.status_code == 200
|
2022-02-03 16:02:32 +01:00
|
|
|
assert (
|
2022-10-13 18:55:22 +02:00
|
|
|
ApiKey.count() == nb_api_keys + 1
|
2022-02-03 16:02:32 +01:00
|
|
|
) # assert that the total number of API keys for all users is now 1.
|
|
|
|
assert (
|
|
|
|
ApiKey.filter(ApiKey.user_id == user_1.id).count() == 0
|
|
|
|
) # assert that user 1 now has 0 API keys
|
|
|
|
assert (
|
|
|
|
ApiKey.filter(ApiKey.user_id == user_2.id).count() == 1
|
|
|
|
) # assert that user 2 still has 1 API key
|