generateur_v3/backend/api/tests/test_auth.py
2023-02-28 10:21:08 +01:00

248 lines
8.0 KiB
Python

from fastapi.testclient import TestClient
VALID_USERNAME = 'lilian'
VALID_PASSWORD = 'Test12345'
def test_register(client: TestClient, username = VALID_USERNAME):
r = client.post('/register', data={"username": username, 'password': VALID_PASSWORD, 'password_confirm': VALID_PASSWORD})
data = r.json()
assert r.status_code == 200
assert 'access_token' in data
assert 'refresh_token' in data
return {'access': data['access_token'], 'refresh': data['refresh_token']}
def test_register_username_too_long(client: TestClient):
r = client.post('/register', data={"username": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
'password':VALID_PASSWORD, 'password_confirm':VALID_PASSWORD})
data = r.json()
assert r.status_code == 422
assert data['detail']['username_error'] == 'ensure this value has at most 20 characters'
def test_register_mdp_not_corresponding(client: TestClient):
r = client.post('/register', data={"username": VALID_USERNAME,
'password': "Test12345", 'password_confirm': 'Test1234'})
data = r.json()
assert r.status_code == 422
assert data['detail']['password_confirm_error'] == 'Les mots de passe ne correspondent pas'
def test_register_mdp_missing_number(client: TestClient):
r = client.post('/register', data={"username": "lilian",
'password': "Testttttt", 'password_confirm': 'Testttttt'})
data = r.json()
assert r.status_code == 422
assert data['detail']['password_error'] == 'Le mot de passe doit contenir au moins un chiffre'
def test_register_mdp_missing_maj(client: TestClient):
r = client.post('/register', data={"username":VALID_USERNAME,
'password': "testttttt1", 'password_confirm': 'testttttt1'})
data = r.json()
assert r.status_code == 422
assert data['detail']['password_error'] == 'Le mot de passe doit contenir au moins une majuscule'
def test_register_mdp_too_short(client: TestClient):
r = client.post('/register', data={"username": VALID_USERNAME,
'password': "t", 'password_confirm': 't'})
data = r.json()
assert r.status_code == 422
assert data['detail'][
'password_error'] == 'Le mot de passe est trop court (8 caractères minimum)'
def test_register_username_indisponible(client: TestClient):
r = client.post('/register', data={"username": VALID_USERNAME,
'password':VALID_PASSWORD, 'password_confirm':VALID_PASSWORD})
rr = client.post('/register', data={"username": VALID_USERNAME,
'password':VALID_PASSWORD, 'password_confirm':VALID_PASSWORD})
data = rr.json()
assert rr.status_code == 400
assert data['detail'][
'username_error'] == "Nom d'utilisateur indisponible"
def test_login(client: TestClient):
test_register(client)
r = client.post('/login', data={"username": VALID_USERNAME, 'password': VALID_PASSWORD})
data = r.json()
assert r.status_code == 200
assert 'access_token' in data
assert 'refresh_token' in data
return data['refresh_token']
def test_login_invalid_password(client: TestClient):
test_register(client)
r = client.post('/login', data={"username": VALID_USERNAME, 'password': 'Test1234'})
data = r.json()
assert r.status_code == 401
assert data['detail'][
'password_error'] == "Mot de passe invalide"
def test_login_user_not_found(client: TestClient):
r = client.post('/login', data={"username": VALID_USERNAME, 'password': VALID_PASSWORD})
data = r.json()
assert r.status_code == 401
assert data['detail'][
'username_error'] == "Utilisateur introuvable"
def test_check_token(client: TestClient):
token = test_register(client)['access']
r = client.post(
'/check-access', headers={'Authorization': 'Bearer ' + token})
data = r.json()
assert r.status_code == 200
assert data['username'] == 'lilian'
def test_refresh(client: TestClient):
refresh = test_login(client)
r = client.post(
'/refresh', headers={'Authorization': 'Bearer ' + refresh})
data = r.json()
assert r.status_code == 200
assert 'access_token' in data
#TODO : token invalid
def test_update_user(client: TestClient):
token = test_register(client)['access']
r = client.put(
'/user', headers={'Authorization': 'Bearer ' + token}, data= {'username': 'lilian2', 'email': 'example@example.com', 'firstname': 'test', 'name': "test"})
data = r.json()
assert r.status_code == 200
assert data['username'] == 'lilian2'
assert data['email'] == 'example@example.com'
assert data['firstname'] == 'test'
assert data['name'] == 'test'
def test_update_user_invalid(client: TestClient):
token = test_register(client)['access']
r = client.put(
'/user', headers={'Authorization': 'Bearer ' + token}, data={'username': 'lilian222222222222222', 'email': 'example@example.com', 'firstname': 'test', 'name': "test"})
data = r.json()
assert r.status_code == 422
assert data['detail']['username_error'] == 'ensure this value has at most 20 characters'
def test_update_username_missing(client: TestClient):
token = test_register(client)['access']
r = client.put(
'/user', headers={'Authorization': 'Bearer ' + token}, data={ 'email': 'example@example.com', 'firstname': 'test', 'name': "test"})
data = r.json()
assert r.status_code == 422
assert data['detail']['username_error'] == 'field required'
def test_update_username_missing(client: TestClient):
r = client.put(
'/user', data={ 'email': 'example@example.com', 'firstname': 'test', 'name': "test"})
data = r.json()
assert r.status_code == 401
assert data['detail'] == 'Not authenticated'
#TODO invalid jwt
#Validation for delete user request work as same as login request so no need to test it
def test_delete_user(client: TestClient):
test_register(client)
r = client.delete(
'/user', data={'username': VALID_USERNAME, 'password': VALID_PASSWORD})
data = r.json()
assert r.status_code == 200
assert data['ok'] == True
def test_delete_invalid_password(client: TestClient):
test_register(client)
r = client.delete(
'/user', data={"username": VALID_USERNAME, 'password': 'Test1234'})
data = r.json()
assert r.status_code == 401
assert data['detail'][
'password_error'] == "Mot de passe invalide"
def test_delete_user_not_found(client: TestClient):
r = client.delete(
'/user', data={"username": VALID_USERNAME, 'password': VALID_PASSWORD})
data = r.json()
assert r.status_code == 401
assert data['detail'][
'username_error'] == "Utilisateur introuvable"
def test_update_password(client: TestClient):
tokens = test_register(client)
token = tokens['access']
new_password = "12345Test"
r = client.put(
'/user/password', data={'password': new_password, 'password_confirm': new_password, 'old_password': VALID_PASSWORD}, headers={'Authorization': 'Bearer ' + token})
data = r.json()
assert r.status_code == 200
assert 'access_token' in data
assert 'refresh_token' in data
new_token = data['access_token']
check_access = client.post('/check-access', headers = {'Authorization': 'Bearer ' + token})
assert check_access.json() == False
check_access = client.post(
'/check-access', headers={'Authorization': 'Bearer ' + new_token})
assert check_access.json()['username'] == VALID_USERNAME
log = client.post("/login", data={'username': VALID_USERNAME, 'password': new_password})
data = log.json()
assert log.status_code == 200
assert 'access_token' in data
assert 'refresh_token' in data
log = client.post("/login", data={'username': VALID_USERNAME, 'password': VALID_PASSWORD})
data = log.json()
assert log.status_code == 401
def test_logout(client: TestClient):
tokens = test_register(client)
token = tokens['access']
r = client.post('/logout', headers={'Authorization': 'Bearer ' + token})
data = r.json()
assert r.status_code == 200
assert data['ok'] == True
check_access = client.post(
'/check-access', headers={'Authorization': 'Bearer ' + token})
assert check_access.json() == False