app-MAIL-temp/tests/dashboard/test_api_keys.py

from time import time

import arrow
from flask import url_for

from app import config
from app.dashboard.views.api_key import clean_up_unused_or_old_api_keys
from app.db import Session
from app.models import User, ApiKey
from tests.utils import login, create_new_user


def test_api_key_page_requires_password(flask_client):
    r = flask_client.get(
        url_for("dashboard.api_key"),
    )

    assert r.status_code == 302


def test_create_delete_api_key(flask_client):
    user = login(flask_client)
    nb_api_key = ApiKey.count()

    # to bypass sudo mode
    with flask_client.session_transaction() as session:
        session["sudo_time"] = int(time())

    # create api_key
    create_r = flask_client.post(
        url_for("dashboard.api_key"),
        data={"form-name": "create", "name": "for test"},
        follow_redirects=True,
    )
    assert create_r.status_code == 200
    api_key = ApiKey.get_by(user_id=user.id)
    assert ApiKey.filter(ApiKey.user_id == user.id).count() == 1
    assert api_key.name == "for test"

    # create second api_key
    create_r = flask_client.post(
        url_for("dashboard.api_key"),
        data={"form-name": "create", "name": "for test 2"},
        follow_redirects=True,
    )
    assert create_r.status_code == 200
    api_key_2 = ApiKey.filter_by(user_id=user.id).order_by(ApiKey.id.desc()).first()
    assert ApiKey.filter(ApiKey.user_id == user.id).count() == 2
    assert api_key_2.name == "for test 2"

    # delete api_key
    delete_r = flask_client.post(
        url_for("dashboard.api_key"),
        data={"form-name": "delete", "api-key-id": api_key.id},
        follow_redirects=True,
    )
    assert delete_r.status_code == 200
    assert ApiKey.count() == nb_api_key + 1


def test_delete_all_api_keys(flask_client):
    nb_api_keys = ApiKey.count()

    # create two test users
    user_1 = login(flask_client)
    user_2 = User.create(
        email="a2@b.c", password="password", name="Test User 2", activated=True
    )
    Session.commit()

    # create api_key for both users
    ApiKey.create(user_1.id, "for test")
    ApiKey.create(user_1.id, "for test 2")
    ApiKey.create(user_2.id, "for test")
    Session.commit()

    assert (
        ApiKey.count() == nb_api_keys + 3
    )  # assert that the total number of API keys for all users is 3.
    # assert that each user has the API keys created
    assert ApiKey.filter(ApiKey.user_id == user_1.id).count() == 2
    assert ApiKey.filter(ApiKey.user_id == user_2.id).count() == 1

    # to bypass sudo mode
    with flask_client.session_transaction() as session:
        session["sudo_time"] = int(time())

    # delete all of user 1's API keys
    r = flask_client.post(
        url_for("dashboard.api_key"),
        data={"form-name": "delete-all"},
        follow_redirects=True,
    )
    assert r.status_code == 200
    assert (
        ApiKey.count() == nb_api_keys + 1
    )  # assert that the total number of API keys for all users is now 1.
    assert (
        ApiKey.filter(ApiKey.user_id == user_1.id).count() == 0
    )  # assert that user 1 now has 0 API keys
    assert (
        ApiKey.filter(ApiKey.user_id == user_2.id).count() == 1
    )  # assert that user 2 still has 1 API key


def test_cleanup_api_keys():
    user = create_new_user()
    ApiKey.create(
        user_id=user.id, name="used", last_used=arrow.utcnow().shift(days=-3), times=1
    )
    ApiKey.create(
        user_id=user.id, name="keep 1", last_used=arrow.utcnow().shift(days=-2), times=1
    )
    ApiKey.create(
        user_id=user.id, name="keep 2", last_used=arrow.utcnow().shift(days=-1), times=1
    )
    ApiKey.create(user_id=user.id, name="not used", last_used=None, times=1)
    Session.flush()
    old_max_api_keys = config.MAX_API_KEYS
    config.MAX_API_KEYS = 2
    clean_up_unused_or_old_api_keys(user.id)
    keys = ApiKey.filter_by(user_id=user.id).all()
    assert len(keys) == 2
    assert keys[0].name.find("keep") == 0
    assert keys[1].name.find("keep") == 0
    config.MAX_API_KEYS = old_max_api_keys
require password to use the api key page 2022-03-21 14:40:47 +01:00			`from time import time`

Add rate limit and maximum amount of api keys (#1788) Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-06-29 17:21:00 +02:00			`import arrow`
remove unused import 2022-03-21 14:43:27 +01:00			`from flask import url_for`
Test the dashboard POST request instead of directly testing the API. 2022-02-03 20:30:10 +01:00
Add rate limit and maximum amount of api keys (#1788) Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-06-29 17:21:00 +02:00			`from app import config`
			`from app.dashboard.views.api_key import clean_up_unused_or_old_api_keys`
Add unit tests for API keys. 2022-02-03 16:02:32 +01:00			`from app.db import Session`
			`from app.models import User, ApiKey`
Add rate limit and maximum amount of api keys (#1788) Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-06-29 17:21:00 +02:00			`from tests.utils import login, create_new_user`
Add unit tests for API keys. 2022-02-03 16:02:32 +01:00

require password to use the api key page 2022-03-21 14:40:47 +01:00			`def test_api_key_page_requires_password(flask_client):`
			`r = flask_client.get(`
			`url_for("dashboard.api_key"),`
			`)`

			`assert r.status_code == 302`


Add unit tests for API keys. 2022-02-03 16:02:32 +01:00			`def test_create_delete_api_key(flask_client):`
Login using the test utils method. 2022-02-03 20:20:39 +01:00			`user = login(flask_client)`
Improve test: disable rate limit during test and avoid conflicts between tests (#1349) * disable rate limit during test, avoid conflict between tests * fix test 2022-10-14 16:37:49 +02:00			`nb_api_key = ApiKey.count()`
Add unit tests for API keys. 2022-02-03 16:02:32 +01:00
require password to use the api key page 2022-03-21 14:40:47 +01:00			`# to bypass sudo mode`
			`with flask_client.session_transaction() as session:`
			`session["sudo_time"] = int(time())`

Add unit tests for API keys. 2022-02-03 16:02:32 +01:00			`# create api_key`
Use POST requests to create and delete through the dashboard. 2022-02-03 20:47:41 +01:00			`create_r = flask_client.post(`
			`url_for("dashboard.api_key"),`
			`data={"form-name": "create", "name": "for test"},`
			`follow_redirects=True,`
			`)`
			`assert create_r.status_code == 200`
Just get the API key by user ID. 2022-02-03 20:49:29 +01:00			`api_key = ApiKey.get_by(user_id=user.id)`
Improve test: disable rate limit during test and avoid conflicts between tests (#1349) * disable rate limit during test, avoid conflict between tests * fix test 2022-10-14 16:37:49 +02:00			`assert ApiKey.filter(ApiKey.user_id == user.id).count() == 1`
Add unit tests for API keys. 2022-02-03 16:02:32 +01:00			`assert api_key.name == "for test"`

Fix: Allow to create more than one api key if the user has more than one (#1822) Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-07-25 17:15:18 +02:00			`# create second api_key`
			`create_r = flask_client.post(`
			`url_for("dashboard.api_key"),`
			`data={"form-name": "create", "name": "for test 2"},`
			`follow_redirects=True,`
			`)`
			`assert create_r.status_code == 200`
			`api_key_2 = ApiKey.filter_by(user_id=user.id).order_by(ApiKey.id.desc()).first()`
			`assert ApiKey.filter(ApiKey.user_id == user.id).count() == 2`
			`assert api_key_2.name == "for test 2"`

Fix typo. 2022-02-03 22:44:27 +01:00			`# delete api_key`
Use POST requests to create and delete through the dashboard. 2022-02-03 20:47:41 +01:00			`delete_r = flask_client.post(`
			`url_for("dashboard.api_key"),`
			`data={"form-name": "delete", "api-key-id": api_key.id},`
			`follow_redirects=True,`
			`)`
			`assert delete_r.status_code == 200`
Fix: Allow to create more than one api key if the user has more than one (#1822) Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-07-25 17:15:18 +02:00			`assert ApiKey.count() == nb_api_key + 1`
Add unit tests for API keys. 2022-02-03 16:02:32 +01:00

Use POST requests to create and delete through the dashboard. 2022-02-03 20:47:41 +01:00			`def test_delete_all_api_keys(flask_client):`
Improve test: disable rate limit during test and avoid conflicts between tests (#1349) * disable rate limit during test, avoid conflict between tests * fix test 2022-10-14 16:37:49 +02:00			`nb_api_keys = ApiKey.count()`

Add unit tests for API keys. 2022-02-03 16:02:32 +01:00			`# create two test users`
Test the dashboard POST request instead of directly testing the API. 2022-02-03 20:30:10 +01:00			`user_1 = login(flask_client)`
Add unit tests for API keys. 2022-02-03 16:02:32 +01:00			`user_2 = User.create(`
			`email="a2@b.c", password="password", name="Test User 2", activated=True`
			`)`
			`Session.commit()`

			`# create api_key for both users`
			`ApiKey.create(user_1.id, "for test")`
Add multiple API keys for test user 1. 2022-02-03 16:05:46 +01:00			`ApiKey.create(user_1.id, "for test 2")`
Add unit tests for API keys. 2022-02-03 16:02:32 +01:00			`ApiKey.create(user_2.id, "for test")`
			`Session.commit()`

			`assert (`
Improve test: disable rate limit during test and avoid conflicts between tests (#1349) * disable rate limit during test, avoid conflict between tests * fix test 2022-10-14 16:37:49 +02:00			`ApiKey.count() == nb_api_keys + 3`
Add multiple API keys for test user 1. 2022-02-03 16:05:46 +01:00			`) # assert that the total number of API keys for all users is 3.`
			`# assert that each user has the API keys created`
			`assert ApiKey.filter(ApiKey.user_id == user_1.id).count() == 2`
Add unit tests for API keys. 2022-02-03 16:02:32 +01:00			`assert ApiKey.filter(ApiKey.user_id == user_2.id).count() == 1`

require password to use the api key page 2022-03-21 14:40:47 +01:00			`# to bypass sudo mode`
			`with flask_client.session_transaction() as session:`
			`session["sudo_time"] = int(time())`

Add unit tests for API keys. 2022-02-03 16:02:32 +01:00			`# delete all of user 1's API keys`
Test the dashboard POST request instead of directly testing the API. 2022-02-03 20:30:10 +01:00			`r = flask_client.post(`
			`url_for("dashboard.api_key"),`
			`data={"form-name": "delete-all"},`
			`follow_redirects=True,`
			`)`
			`assert r.status_code == 200`
Add unit tests for API keys. 2022-02-03 16:02:32 +01:00			`assert (`
Improve test: disable rate limit during test and avoid conflicts between tests (#1349) * disable rate limit during test, avoid conflict between tests * fix test 2022-10-14 16:37:49 +02:00			`ApiKey.count() == nb_api_keys + 1`
Add unit tests for API keys. 2022-02-03 16:02:32 +01:00			`) # assert that the total number of API keys for all users is now 1.`
			`assert (`
			`ApiKey.filter(ApiKey.user_id == user_1.id).count() == 0`
			`) # assert that user 1 now has 0 API keys`
			`assert (`
			`ApiKey.filter(ApiKey.user_id == user_2.id).count() == 1`
			`) # assert that user 2 still has 1 API key`
Add rate limit and maximum amount of api keys (#1788) Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2023-06-29 17:21:00 +02:00

			`def test_cleanup_api_keys():`
			`user = create_new_user()`
			`ApiKey.create(`
			`user_id=user.id, name="used", last_used=arrow.utcnow().shift(days=-3), times=1`
			`)`
			`ApiKey.create(`
			`user_id=user.id, name="keep 1", last_used=arrow.utcnow().shift(days=-2), times=1`
			`)`
			`ApiKey.create(`
			`user_id=user.id, name="keep 2", last_used=arrow.utcnow().shift(days=-1), times=1`
			`)`
			`ApiKey.create(user_id=user.id, name="not used", last_used=None, times=1)`
			`Session.flush()`
			`old_max_api_keys = config.MAX_API_KEYS`
			`config.MAX_API_KEYS = 2`
			`clean_up_unused_or_old_api_keys(user.id)`
			`keys = ApiKey.filter_by(user_id=user.id).all()`
			`assert len(keys) == 2`
			`assert keys[0].name.find("keep") == 0`
			`assert keys[1].name.find("keep") == 0`
			`config.MAX_API_KEYS = old_max_api_keys`