tests for deleting and deactivating tokens

2022-01-31 22:27:38 +01:00 · 2022-01-31 22:27:38 +01:00 · 3bbf60b42f
commit 3bbf60b42f
parent 8d02e669f8
2 changed files with 110 additions and 34 deletions
--- a/imaginaerraum_door_admin/webapp.py
+++ b/imaginaerraum_door_admin/webapp.py
@ -411,35 +411,39 @@ def delete_token(token):
    """
    tokens = current_app.door.get_tokens()

-    if token in tokens:
-        token_to_delete = tokens[token]
-
-        # set up form for confirming deletion
-        form = ConfirmDeleteForm()
-        form.name_confirm.data = token_to_delete['name']
-
-        if request.method == 'GET':
-            # return page asking the user to confirm delete
-            return render_template('delete.html', token=token_to_delete, form=form)
-        elif form.validate():
-            # form validation successful -> can delete the token
-            tokens.pop(token)
-            try:
-                current_app.door.store_tokens(tokens)
-                current_app.logger.info(f"Token {token} was deleted from database by admin user {current_user.username}")
-            except Exception as e:
-                flash(f"Error during store_tokens. Exception: {e}")
-            flash(f"Token {token} wurde gelöscht!")
-            return redirect('/tokens')
-        else:
-            # form validation failed -> return to token overview and flash message
-            flash(
-                f"Der eingegebene Name stimmt nicht überein. Der Token {token} von {token_to_delete['name']} wurde nicht gelöscht.")
-            return redirect('/tokens')
-    else:
+    if token not in tokens:
        flash(f'Ungültiger Token {token} für Löschung.')
        return redirect('/tokens')

+    token_to_delete = tokens[token]
+
+    # set up form for confirming deletion
+    form = ConfirmDeleteForm()
+    form.name_confirm.data = token_to_delete['name']
+
+    if request.method == 'GET':
+        # return page asking the user to confirm delete
+        return render_template('delete.html', token=token_to_delete, form=form)
+    elif form.validate():
+        # form validation successful -> can delete the token
+        tokens.pop(token)
+        try:
+            current_app.door.store_tokens(tokens)
+            current_app.logger.info(f"Token {token} was deleted from database "
+                                    f"by admin user {current_user.username}")
+        except Exception as e:
+            flash(f"Error during store_tokens. Exception: {e}")
+        flash(f"Token {token} wurde gelöscht!")
+        return redirect('/tokens')
+    else:
+        # form validation failed -> return to token overview and flash message
+        flash(
+            f"Der eingegebene Name stimmt nicht überein. Error: {form.errors}"
+            f"Der Token {token} von {token_to_delete['name']} wurde nicht "
+            "gelöscht."
+        )
+        return redirect('/tokens')
+

@door_app.route('/deactivate-token/<token>')
@roles_required('admin')
@ -452,13 +456,17 @@ def deactivate_token(token):
        The token to deactivate.
    """
    tokens = current_app.door.get_tokens()
-    if token in tokens:
-        tokens[token]['inactive'] = True
-        try:
-            current_app.door.store_tokens(tokens)
-            current_app.logger.info(f"Token {token} deactivated by admin user {current_user.username}")
-        except Exception as e:
-            flash(f"Error during store_tokens. Exception: {e}")
+
+    if token not in tokens:
+        flash(f'Ungültiger Token {token} für Deaktivierung.')
+        return redirect('/tokens')
+
+    tokens[token]['inactive'] = True
+    try:
+        current_app.door.store_tokens(tokens)
+        current_app.logger.info(f"Token {token} deactivated by admin user {current_user.username}")
+    except Exception as e:
+        flash(f"Error during store_tokens. Exception: {e}")
    return redirect('/tokens')


--- a/tests/test_webinterface.py
+++ b/tests/test_webinterface.py
@ -6,6 +6,7 @@ from flask_security.utils import find_user
 from imaginaerraum_door_admin.door_handle import DoorHandle
 import re
 import secrets
+import pathlib


 def test_login(browser, live_server):
@ -336,6 +337,11 @@ def test_register_token(client_authenticated, mocker):
    assert 'Elves' in page_src
    assert 'legolas@mirkwood.me' in page_src

+    # check that the token is created in the token file
+    token_data = pathlib.Path(client_authenticated.application.config['TOKEN_FILE']).read_text()
+    assert '042979fa181280' in token_data
+    assert 'Legolas' in token_data
+

 def test_edit_token(client_authenticated):
    # test with invalid token
@ -373,4 +379,66 @@ def test_edit_token(client_authenticated):
    assert 'Dwarves' in page_src
    assert 'balin@erebor.me' in page_src

-    pass
+    # check that the token is changed in the token file
+    token_data = pathlib.Path(client_authenticated.application.config['TOKEN_FILE']).read_text()
+    assert '04538cfa186280' in token_data
+    assert 'Balin' in token_data
+
+
+def test_delete_token(client_authenticated):
+    token_data = pathlib.Path(
+        client_authenticated.application.config['TOKEN_FILE']).read_text()
+    assert '04538cfa186280' in token_data
+
+    # test with invalid token
+    response = client_authenticated.get(f"/delete-token/nosuchtoken",
+                                        follow_redirects=True)
+    page_src = response.data.decode()
+    assert 'Ungültiger Token' in page_src
+
+    # test using a valid token from the token file
+    response = client_authenticated.get(f"/delete-token/043a81fa186280",
+                                        follow_redirects=True)
+    csrf_token = extract_csrf_token(response)
+
+    # try deleting without form data
+    response = client_authenticated.post(f"/delete-token/043a81fa186280",
+                                         follow_redirects=True)
+    page_src = response.data.decode()
+    assert "wurde nicht gelöscht" in page_src
+
+    payload = {
+        'name': 'Bilbo',
+        'csrf_token': csrf_token
+    }
+    response = client_authenticated.post(f"/delete-token/043a81fa186280",
+                                         data=payload,
+                                         follow_redirects=True)
+    page_src = response.data.decode()
+    print(page_src)
+    assert "wurde gelöscht" in page_src
+
+    # check that the token is now gone from the token file
+    token_data = pathlib.Path(client_authenticated.application.config['TOKEN_FILE']).read_text()
+    assert '043a81fa186280' not in token_data
+
+
+def test_deactivate_token(client_authenticated):
+    token_data = pathlib.Path(
+        client_authenticated.application.config['TOKEN_FILE']).read_text()
+    assert '04387cfa186280' in token_data
+
+    # test with invalid token
+    response = client_authenticated.get(f"/deactivate-token/nosuchtoken",
+                                        follow_redirects=True)
+    page_src = response.data.decode()
+    assert 'Ungültiger Token' in page_src
+
+    # deactivate token
+    response = client_authenticated.get(f"/deactivate-token/04387cfa186280",
+                                         follow_redirects=True)
+
+    # check that the token is now gone from the token file
+    token_data = pathlib.Path(
+        client_authenticated.application.config['TOKEN_FILE']).read_text()
+    assert '#04387cfa186280' in token_data