125 lines
4.4 KiB
Python
125 lines
4.4 KiB
Python
import pytest
|
|
from bs4 import BeautifulSoup
|
|
from imaginaerraum_door_admin.door_handle import DoorHandle
|
|
import re
|
|
|
|
def test_login(browser, live_server):
|
|
response = browser.get(f'http://localhost:{live_server.port}')
|
|
|
|
assert '<h1>Space Zugangsverwaltung</h1>' in browser.page_source
|
|
|
|
response = browser.get(f'http://localhost:{live_server.port}/login')
|
|
|
|
email_form = browser.find_element_by_id('email').send_keys('gandalf@shire.me')
|
|
password_form = browser.find_element_by_id('password').send_keys('shadowfax')
|
|
submit_button = browser.find_element_by_id('submit').click()
|
|
|
|
assert 'Tür öffnen' in browser.page_source
|
|
|
|
|
|
def extract_csrf_token(response):
|
|
soup = BeautifulSoup(response.data)
|
|
csrf_token = soup.find('input', attrs={'id': 'csrf_token'})['value']
|
|
return csrf_token
|
|
|
|
|
|
def headless_login(client, user='gandalf@shire.me', password='shadowfax'):
|
|
# extract csrf token from the login page source
|
|
response = client.get('/login')
|
|
csrf_token = extract_csrf_token(response)
|
|
|
|
# send login information
|
|
payload = {
|
|
'csrf_token': csrf_token,
|
|
'email': user,
|
|
'password': password
|
|
}
|
|
return client.post('/login', data=payload, follow_redirects=True)
|
|
|
|
|
|
def test_login_headless(client):
|
|
response = headless_login(client)
|
|
soup = BeautifulSoup(response.data)
|
|
|
|
# make sure login succeeded -> Tür öffnen button will appear
|
|
assert any(['Tür öffnen' in link.contents[0] for link in soup.findAll('a', attrs={'class': ['btn'], 'role': 'button'})])
|
|
|
|
|
|
@pytest.fixture
|
|
def client_authenticated(client):
|
|
# log in using admin account for testing
|
|
headless_login(client)
|
|
|
|
yield client
|
|
|
|
@pytest.mark.parametrize("url,function", [('/open', 'open_door'), ('/close', 'close_door')])
|
|
def test_access_door_button(client_authenticated, mocker, url, function):
|
|
mocker.patch('imaginaerraum_door_admin.door_handle.DoorHandle.' + function)
|
|
|
|
# visit route for open
|
|
client_authenticated.get(url)
|
|
|
|
# make sure the open method was called
|
|
getattr(DoorHandle, function).assert_called_once_with(user='gandalf')
|
|
|
|
|
|
@pytest.mark.parametrize("url,function", [('/open', 'open_door'), ('/close', 'close_door')])
|
|
def test_access_door_unauthenticated(client, mocker, url, function):
|
|
# test for trying to visit opening/closing door while not logged in
|
|
mocker.patch('imaginaerraum_door_admin.door_handle.DoorHandle.' + function)
|
|
|
|
# visit route for open
|
|
response = client.get(url, follow_redirects=True)
|
|
|
|
# we should get redirected to login page
|
|
assert 'login' in response.request.url
|
|
|
|
# the open door function should not be called
|
|
getattr(DoorHandle, function).assert_not_called()
|
|
|
|
|
|
def test_manage_admins(client_authenticated):
|
|
# visit admin management page
|
|
response = client_authenticated.get('/manage_admins')
|
|
|
|
assert "Nutzer Übersicht" in response.data.decode()
|
|
assert "gandalf" in response.data.decode()
|
|
assert "gandalf@shire.me" in response.data.decode()
|
|
|
|
|
|
def test_create_admin(client_authenticated):
|
|
# visit admin management page
|
|
response = client_authenticated.get('/manage_admins')
|
|
csrf_token = extract_csrf_token(response)
|
|
|
|
# post data for creating a new admin
|
|
payload = {'name': 'bilbo',
|
|
'email': 'bilbo@shire.me',
|
|
'csrf_token': csrf_token}
|
|
response = client_authenticated.post('/manage_admins', data=payload,
|
|
follow_redirects=True)
|
|
|
|
# after the new admin user is created, we should have been redirected to the
|
|
# /manage_admin page. there, the password for login is displayed
|
|
# we test if the newly created user can log in with that password
|
|
# extract password displayed on the page
|
|
match = re.search('Passwort (?P<password>.*) um', response.data.decode())
|
|
assert match is not None
|
|
extracted_password = match['password']
|
|
|
|
# log out current user
|
|
response = client_authenticated.get('/logout')
|
|
|
|
# try to log in new user using the extracted password
|
|
response = headless_login(client_authenticated, user='bilbo',
|
|
password=extracted_password)
|
|
# - see if it works
|
|
soup = BeautifulSoup(response.data)
|
|
|
|
# make sure login succeeded
|
|
# -> username should be displayed
|
|
assert 'Benutzer <span>bilbo</span>' in soup.decode()
|
|
# -> Tür öffnen button will appear
|
|
assert any(['Tür öffnen' in link.contents[0] for link in soup.findAll('a', attrs={'class': ['btn'], 'role': 'button'})])
|
|
|