From 97957e389c9c67f499c5dd0a4884771d8bb7bdff Mon Sep 17 00:00:00 2001
From: Simon Pirkelmann <simon.pirkelmann@gmail.com>
Date: Sat, 29 Jan 2022 23:46:20 +0100
Subject: [PATCH] added tests for admin management operations, streamlined
 testing a bit

---
 tests/test_webinterface.py | 90 +++++++++++++++++++++++++++++++-------
 1 file changed, 74 insertions(+), 16 deletions(-)

diff --git a/tests/test_webinterface.py b/tests/test_webinterface.py
index 3467844..499a01a 100644
--- a/tests/test_webinterface.py
+++ b/tests/test_webinterface.py
@@ -1,5 +1,7 @@
+import pytest
 from bs4 import BeautifulSoup
 from imaginaerraum_door_admin.door_handle import DoorHandle
+import re
 
 def test_login(browser, live_server):
     response = browser.get(f'http://localhost:{live_server.port}')
@@ -15,20 +17,26 @@ def test_login(browser, live_server):
     assert 'Tür öffnen' in browser.page_source
 
 
-def headless_login(client):
-    # extract csrf token from the login page source
-    response = client.get('/login')
+def extract_csrf_token(response):
     soup = BeautifulSoup(response.data)
     csrf_token = soup.find('input', attrs={'id': 'csrf_token'})['value']
+    return csrf_token
+
+
+def headless_login(client, user='gandalf@shire.me', password='shadowfax'):
+    # extract csrf token from the login page source
+    response = client.get('/login')
+    csrf_token = extract_csrf_token(response)
 
     # send login information
     payload = {
          'csrf_token': csrf_token,
-         'email': 'gandalf@shire.me',
-         'password': 'shadowfax'
+         'email': user,
+         'password': password
     }
     return client.post('/login', data=payload, follow_redirects=True)
 
+
 def test_login_headless(client):
     response = headless_login(client)
     soup = BeautifulSoup(response.data)
@@ -36,26 +44,76 @@ def test_login_headless(client):
     # make sure login succeeded -> Tür öffnen button will appear
     assert any(['Tür öffnen' in link.contents[0] for link in soup.findAll('a', attrs={'class': ['btn'], 'role': 'button'})])
 
-def test_open_door_button(client, mocker):
+
+@pytest.fixture
+def client_authenticated(client):
+    # log in using admin account for testing
+    headless_login(client)
+
+    yield client
+
+
+def test_open_door_button(client_authenticated, mocker):
     mocker.patch('imaginaerraum_door_admin.door_handle.DoorHandle.open_door')
 
-    # we need to log in in order to open the door
-    response = headless_login(client)
-
     # visit route for open
-    client.get('/open')
+    client_authenticated.get('/open')
 
     # make sure the open method was called
     DoorHandle.open_door.assert_called_once_with(user='gandalf')
 
-def test_close_door_button(client, mocker):
+
+def test_close_door_button(client_authenticated, mocker):
     mocker.patch('imaginaerraum_door_admin.door_handle.DoorHandle.close_door')
 
-    # we need to log in in order to open the door
-    response = headless_login(client)
-
     # visit route for open
-    client.get('/close')
+    client_authenticated.get('/close')
 
     # make sure the open method was called
-    DoorHandle.close_door.assert_called_once_with(user='gandalf')
\ No newline at end of file
+    DoorHandle.close_door.assert_called_once_with(user='gandalf')
+
+
+def test_manage_admins(client_authenticated):
+    # visit admin management page
+    response = client_authenticated.get('/manage_admins')
+
+    assert "Nutzer Übersicht" in response.data.decode()
+    assert "gandalf" in response.data.decode()
+    assert "gandalf@shire.me" in response.data.decode()
+
+
+def test_create_admin(client_authenticated):
+    # visit admin management page
+    response = client_authenticated.get('/manage_admins')
+    csrf_token = extract_csrf_token(response)
+
+    # post data for creating a new admin
+    payload = {'name': 'bilbo',
+               'email': 'bilbo@shire.me',
+               'csrf_token': csrf_token}
+    response = client_authenticated.post('/manage_admins', data=payload,
+                                         follow_redirects=True)
+
+    # after the new admin user is created, we should have been redirected to the
+    # /manage_admin page. there, the password for login is displayed
+    # we test if the newly created user can log in with that password
+    # extract password displayed on the page
+    match = re.search('Passwort (?P<password>.*) um', response.data.decode())
+    assert match is not None
+    extracted_password = match['password']
+
+    # log out current user
+    response = client_authenticated.get('/logout')
+
+    # try to log in new user using the extracted password
+    response = headless_login(client_authenticated, user='bilbo',
+                              password=extracted_password)
+    # - see if it works
+    soup = BeautifulSoup(response.data)
+
+    # make sure login succeeded
+    # -> username should be displayed
+    assert 'Benutzer <span>bilbo</span>' in soup.decode()
+    # -> Tür öffnen button will appear
+    assert any(['Tür öffnen' in link.contents[0] for link in soup.findAll('a', attrs={'class': ['btn'], 'role': 'button'})])
+