From f945b7f79e4814af7196075a2fd47b71895f7994 Mon Sep 17 00:00:00 2001
From: Simon Pirkelmann <simon.pirkelmann@gmail.com>
Date: Mon, 31 Jan 2022 22:40:43 +0100
Subject: [PATCH] test for downloading token data + some formatting fixes

---
 tests/test_webinterface.py | 99 +++++++++++++++++++++++++-------------
 1 file changed, 65 insertions(+), 34 deletions(-)

diff --git a/tests/test_webinterface.py b/tests/test_webinterface.py
index e1e4878..f0c31d2 100644
--- a/tests/test_webinterface.py
+++ b/tests/test_webinterface.py
@@ -7,6 +7,7 @@ from imaginaerraum_door_admin.door_handle import DoorHandle
 import re
 import secrets
 import pathlib
+import json
 
 
 def test_login(browser, live_server):
@@ -48,7 +49,8 @@ def test_login_headless(client):
     soup = BeautifulSoup(response.data, 'html.parser')
 
     # make sure login succeeded -> Tür öffnen button will appear
-    assert any(['Tür öffnen' in link.contents[0] for link in soup.findAll('a', attrs={'class': ['btn'], 'role': 'button'})])
+    assert any(['Tür öffnen' in link.contents[0]
+                for link in soup.findAll('a', attrs={'class': ['btn'], 'role': 'button'})])
 
 
 @pytest.fixture
@@ -59,7 +61,8 @@ def client_authenticated(client):
     yield client
 
 
-@pytest.mark.parametrize("url,function", [('/open', 'open_door'), ('/close', 'close_door')])
+@pytest.mark.parametrize("url,function", [('/open', 'open_door'),
+                                          ('/close', 'close_door')])
 def test_access_door_button(client_authenticated, mocker, url, function):
     mocker.patch('imaginaerraum_door_admin.door_handle.DoorHandle.' + function)
 
@@ -172,13 +175,15 @@ def test_create_admin(client_authenticated):
 
 
 def test_activate_deactivate_user(temp_user, client_authenticated):
-    response = client_authenticated.get('/admin_toggle_active/nosuchuser',
-                                        follow_redirects=True)
+    response = client_authenticated.get(
+        '/admin_toggle_active/nosuchuser',
+        follow_redirects=True)
     assert 'Ungültiger Nutzer' in response.data.decode()
 
     # deactivate the user
-    response = client_authenticated.get(f"/admin_toggle_active/{temp_user['username']}",
-                                        follow_redirects=True)
+    response = client_authenticated.get(
+        f"/admin_toggle_active/{temp_user['username']}",
+        follow_redirects=True)
     # make sure the user is now inactive
     user = find_user(temp_user['username'])
     assert user is not None
@@ -196,13 +201,15 @@ def test_activate_deactivate_user(temp_user, client_authenticated):
 
 def test_delete_admin(temp_user, client_authenticated):
     # first we test deleting a non-existing user
-    response = client_authenticated.post('/delete_admins/nosuchuser',
-                                         follow_redirects=True)
+    response = client_authenticated.post(
+        '/delete_admins/nosuchuser',
+        follow_redirects=True)
     assert 'Ungültiger Nutzer' in response.data.decode()
 
     # next, we create a temporary user and try to delete that one
-    response = client_authenticated.post(f"/delete_admins/{temp_user['username']}",
-                                         follow_redirects=True)
+    response = client_authenticated.post(
+        f"/delete_admins/{temp_user['username']}",
+        follow_redirects=True)
 
     # we need to deactivate the user first
     assert 'Bitte den Benutzer zuerst deaktivieren.' in response.data.decode()
@@ -211,20 +218,24 @@ def test_delete_admin(temp_user, client_authenticated):
     assert user is not None
 
     # deactivate the user and try deleting it again
-    response = client_authenticated.get(f"/admin_toggle_active/{temp_user['username']}",
-                                        follow_redirects=True)
+    response = client_authenticated.get(
+        f"/admin_toggle_active/{temp_user['username']}",
+        follow_redirects=True)
 
     # try deleting it without filling in the confirmation form
-    response = client_authenticated.post(f"/delete_admins/{temp_user['username']}",
-                                         follow_redirects=True)
-    assert 'Der eingegebene Nutzername stimmt nicht überein' in response.data.decode()
+    response = client_authenticated.post(
+        f"/delete_admins/{temp_user['username']}",
+        follow_redirects=True)
+    assert 'Der eingegebene Nutzername stimmt nicht überein' \
+           in response.data.decode()
     # make sure the user still exists
     user = find_user(temp_user['username'])
     assert user is not None
 
     # now we send the confirmation data with the request
-    response = client_authenticated.get(f"/delete_admins/{temp_user['username']}",
-                                         follow_redirects=True)
+    response = client_authenticated.get(
+        f"/delete_admins/{temp_user['username']}",
+        follow_redirects=True)
     csrf_token = extract_csrf_token(response)
     payload = {'name': temp_user['username'], 'csrf_token': csrf_token}
     response = client_authenticated.post(
@@ -240,41 +251,47 @@ def test_delete_admin(temp_user, client_authenticated):
 
 def test_promote_user(temp_user, client_authenticated):
     # first we test with a non-existing user
-    response = client_authenticated.get('/promote_admin/nosuchuser',
-                                         follow_redirects=True)
+    response = client_authenticated.get(
+        '/promote_admin/nosuchuser',
+        follow_redirects=True)
     assert 'Ungültiger Nutzer' in response.data.decode()
 
     user = find_user(temp_user['username'])
     assert user is not None
     assert not user.has_role('admin')
     # grant admin permissions to test user
-    response = client_authenticated.get(f"/promote_admin/{temp_user['username']}",
-                                         follow_redirects=True)
+    response = client_authenticated.get(
+        f"/promote_admin/{temp_user['username']}",
+        follow_redirects=True)
     assert user.has_role('admin')
 
     # try granting admin permissions again
-    response = client_authenticated.get(f"/promote_admin/{temp_user['username']}",
-                                         follow_redirects=True)
+    response = client_authenticated.get(
+        f"/promote_admin/{temp_user['username']}",
+        follow_redirects=True)
     assert f"Benutzer {temp_user['username']} hat bereits Admin-Rechte!"
     assert user.has_role('admin')
 
 
 def test_demote_user(temp_admin, client_authenticated):
     # first we test with a non-existing user
-    response = client_authenticated.get('/demote_admin/nosuchuser',
-                                         follow_redirects=True)
+    response = client_authenticated.get(
+        '/demote_admin/nosuchuser',
+        follow_redirects=True)
     assert 'Ungültiger Nutzer' in response.data.decode()
 
     user = find_user(temp_admin['username'])
     assert user.has_role('admin')
     # try removing admin permissions
-    response = client_authenticated.get(f"/demote_admin/{temp_admin['username']}",
-                                         follow_redirects=True)
+    response = client_authenticated.get(
+        f"/demote_admin/{temp_admin['username']}",
+        follow_redirects=True)
     assert not user.has_role('admin')
 
     # try removing admin permissions
-    response = client_authenticated.get(f"/demote_admin/{temp_admin['username']}",
-                                         follow_redirects=True)
+    response = client_authenticated.get(
+        f"/demote_admin/{temp_admin['username']}",
+        follow_redirects=True)
     assert f"Benutzer {temp_admin['username']} ist bereits kein Admin!"
     assert not user.has_role('admin')
 
@@ -299,14 +316,27 @@ def test_token_log(client_authenticated):
     assert "2021-04-17 13:09:06,207" in page_src
 
 
+def test_backup_tokens(client_authenticated):
+    # test with invalid token
+    response = client_authenticated.get(f"/backup_tokens",
+                                        follow_redirects=True)
+    token_data = json.loads(response.data)
+
+    assert {'04387cfa186280', '043a81fa186280', '04538cfa186280',
+            '042979fa186280'}.issubset(token_data.keys())
+
+
 def test_register_token(client_authenticated, mocker):
-    # test to make sure message is displayed when no tokens were recently scanned
-    response = client_authenticated.get(f"/register-token", follow_redirects=True)
+    # test to make sure message is displayed when no tokens were recently
+    # scanned
+    response = client_authenticated.get(f"/register-token",
+                                        follow_redirects=True)
     page_src = response.data.decode()
     assert 'Keine unregistrierten Tokens in MQTT Nachrichten.' in page_src
 
     # mockup scanned token
-    mocker.patch('imaginaerraum_door_admin.door_handle.DoorHandle.get_most_recent_token',
+    mocker.patch(
+        'imaginaerraum_door_admin.door_handle.DoorHandle.get_most_recent_token',
                  lambda x: {'timestamp': datetime.datetime.now(),
                             'token': '042979fa181280'})
     response = client_authenticated.get(f"/register-token", follow_redirects=True)
@@ -338,7 +368,8 @@ def test_register_token(client_authenticated, mocker):
     assert 'legolas@mirkwood.me' in page_src
 
     # check that the token is created in the token file
-    token_data = pathlib.Path(client_authenticated.application.config['TOKEN_FILE']).read_text()
+    token_data = pathlib.Path(
+        client_authenticated.application.config['TOKEN_FILE']).read_text()
     assert '042979fa181280' in token_data
     assert 'Legolas' in token_data
 
@@ -441,4 +472,4 @@ def test_deactivate_token(client_authenticated):
     # check that the token is now gone from the token file
     token_data = pathlib.Path(
         client_authenticated.application.config['TOKEN_FILE']).read_text()
-    assert '#04387cfa186280' in token_data
\ No newline at end of file
+    assert '#04387cfa186280' in token_data