tests for deleting and deactivating tokens

imaginaerraum_door_admin/webapp.py

@@ -411,35 +411,39 @@ def delete_token(token):
     """
     tokens = current_app.door.get_tokens()
 
-    if token in tokens:
+    if token not in tokens:
-        token_to_delete = tokens[token]
-
-        # set up form for confirming deletion
-        form = ConfirmDeleteForm()
-        form.name_confirm.data = token_to_delete['name']
-
-        if request.method == 'GET':
-            # return page asking the user to confirm delete
-            return render_template('delete.html', token=token_to_delete, form=form)
-        elif form.validate():
-            # form validation successful -> can delete the token
-            tokens.pop(token)
-            try:
-                current_app.door.store_tokens(tokens)
-                current_app.logger.info(f"Token {token} was deleted from database by admin user {current_user.username}")
-            except Exception as e:
-                flash(f"Error during store_tokens. Exception: {e}")
-            flash(f"Token {token} wurde gelöscht!")
-            return redirect('/tokens')
-        else:
-            # form validation failed -> return to token overview and flash message
-            flash(
-                f"Der eingegebene Name stimmt nicht überein. Der Token {token} von {token_to_delete['name']} wurde nicht gelöscht.")
-            return redirect('/tokens')
-    else:
         flash(f'Ungültiger Token {token} für Löschung.')
         return redirect('/tokens')
 
+    token_to_delete = tokens[token]
+
+    # set up form for confirming deletion
+    form = ConfirmDeleteForm()
+    form.name_confirm.data = token_to_delete['name']
+
+    if request.method == 'GET':
+        # return page asking the user to confirm delete
+        return render_template('delete.html', token=token_to_delete, form=form)
+    elif form.validate():
+        # form validation successful -> can delete the token
+        tokens.pop(token)
+        try:
+            current_app.door.store_tokens(tokens)
+            current_app.logger.info(f"Token {token} was deleted from database "
+                                    f"by admin user {current_user.username}")
+        except Exception as e:
+            flash(f"Error during store_tokens. Exception: {e}")
+        flash(f"Token {token} wurde gelöscht!")
+        return redirect('/tokens')
+    else:
+        # form validation failed -> return to token overview and flash message
+        flash(
+            f"Der eingegebene Name stimmt nicht überein. Error: {form.errors}"
+            f"Der Token {token} von {token_to_delete['name']} wurde nicht "
+            "gelöscht."
+        )
+        return redirect('/tokens')
+
 
 @door_app.route('/deactivate-token/<token>')
 @roles_required('admin')
@@ -452,13 +456,17 @@ def deactivate_token(token):
         The token to deactivate.
     """
     tokens = current_app.door.get_tokens()
-    if token in tokens:
+
-        tokens[token]['inactive'] = True
+    if token not in tokens:
-        try:
+        flash(f'Ungültiger Token {token} für Deaktivierung.')
-            current_app.door.store_tokens(tokens)
+        return redirect('/tokens')
-            current_app.logger.info(f"Token {token} deactivated by admin user {current_user.username}")
+
-        except Exception as e:
+    tokens[token]['inactive'] = True
-            flash(f"Error during store_tokens. Exception: {e}")
+    try:
+        current_app.door.store_tokens(tokens)
+        current_app.logger.info(f"Token {token} deactivated by admin user {current_user.username}")
+    except Exception as e:
+        flash(f"Error during store_tokens. Exception: {e}")
     return redirect('/tokens')
 
 

tests/test_webinterface.py

@@ -6,6 +6,7 @@ from flask_security.utils import find_user
 from imaginaerraum_door_admin.door_handle import DoorHandle
 import re
 import secrets
+import pathlib
 
 
 def test_login(browser, live_server):
@@ -336,6 +337,11 @@ def test_register_token(client_authenticated, mocker):
     assert 'Elves' in page_src
     assert 'legolas@mirkwood.me' in page_src
 
+    # check that the token is created in the token file
+    token_data = pathlib.Path(client_authenticated.application.config['TOKEN_FILE']).read_text()
+    assert '042979fa181280' in token_data
+    assert 'Legolas' in token_data
+
 
 def test_edit_token(client_authenticated):
     # test with invalid token
@@ -373,4 +379,66 @@ def test_edit_token(client_authenticated):
     assert 'Dwarves' in page_src
     assert 'balin@erebor.me' in page_src
 
-    pass
+    # check that the token is changed in the token file
+    token_data = pathlib.Path(client_authenticated.application.config['TOKEN_FILE']).read_text()
+    assert '04538cfa186280' in token_data
+    assert 'Balin' in token_data
+
+
+def test_delete_token(client_authenticated):
+    token_data = pathlib.Path(
+        client_authenticated.application.config['TOKEN_FILE']).read_text()
+    assert '04538cfa186280' in token_data
+
+    # test with invalid token
+    response = client_authenticated.get(f"/delete-token/nosuchtoken",
+                                        follow_redirects=True)
+    page_src = response.data.decode()
+    assert 'Ungültiger Token' in page_src
+
+    # test using a valid token from the token file
+    response = client_authenticated.get(f"/delete-token/043a81fa186280",
+                                        follow_redirects=True)
+    csrf_token = extract_csrf_token(response)
+
+    # try deleting without form data
+    response = client_authenticated.post(f"/delete-token/043a81fa186280",
+                                         follow_redirects=True)
+    page_src = response.data.decode()
+    assert "wurde nicht gelöscht" in page_src
+
+    payload = {
+        'name': 'Bilbo',
+        'csrf_token': csrf_token
+    }
+    response = client_authenticated.post(f"/delete-token/043a81fa186280",
+                                         data=payload,
+                                         follow_redirects=True)
+    page_src = response.data.decode()
+    print(page_src)
+    assert "wurde gelöscht" in page_src
+
+    # check that the token is now gone from the token file
+    token_data = pathlib.Path(client_authenticated.application.config['TOKEN_FILE']).read_text()
+    assert '043a81fa186280' not in token_data
+
+
+def test_deactivate_token(client_authenticated):
+    token_data = pathlib.Path(
+        client_authenticated.application.config['TOKEN_FILE']).read_text()
+    assert '04387cfa186280' in token_data
+
+    # test with invalid token
+    response = client_authenticated.get(f"/deactivate-token/nosuchtoken",
+                                        follow_redirects=True)
+    page_src = response.data.decode()
+    assert 'Ungültiger Token' in page_src
+
+    # deactivate token
+    response = client_authenticated.get(f"/deactivate-token/04387cfa186280",
+                                         follow_redirects=True)
+
+    # check that the token is now gone from the token file
+    token_data = pathlib.Path(
+        client_authenticated.application.config['TOKEN_FILE']).read_text()
+    assert '#04387cfa186280' in token_data