Davide Scaini
97 lines
3.2 KiB
Python
97 lines
3.2 KiB
Python
"""Tests for admin user-management endpoints."""
|
|
|
|
from __future__ import annotations
|
|
|
|
from .conftest import auth_cookies
|
|
|
|
|
|
def test_list_users_admin(client, admin, user):
|
|
cookies = auth_cookies("admin", "adminpass1", client)
|
|
r = client.get("/api/admin/users", cookies=cookies)
|
|
assert r.status_code == 200
|
|
handles = [u["handle"] for u in r.json()]
|
|
assert "admin" in handles
|
|
assert "alice" in handles
|
|
|
|
|
|
def test_list_users_non_admin(client, user):
|
|
cookies = auth_cookies("alice", "alicepass1", client)
|
|
r = client.get("/api/admin/users", cookies=cookies)
|
|
assert r.status_code == 403
|
|
|
|
|
|
def test_list_users_unauthenticated(client):
|
|
r = client.get("/api/admin/users")
|
|
assert r.status_code == 401
|
|
|
|
|
|
def test_suspend_and_unsuspend(client, admin, user):
|
|
cookies = auth_cookies("admin", "adminpass1", client)
|
|
|
|
r = client.post("/api/admin/users/alice/suspend", cookies=cookies)
|
|
assert r.status_code == 200
|
|
assert r.json()["status"] == "suspended"
|
|
|
|
# Suspended user can't log in
|
|
r2 = client.post("/api/auth/login", json={"handle": "alice", "password": "alicepass1"})
|
|
assert r2.status_code == 401
|
|
|
|
r3 = client.post("/api/admin/users/alice/unsuspend", cookies=cookies)
|
|
assert r3.status_code == 200
|
|
|
|
r4 = client.post("/api/auth/login", json={"handle": "alice", "password": "alicepass1"})
|
|
assert r4.status_code == 200
|
|
|
|
|
|
def test_suspend_self(client, admin):
|
|
cookies = auth_cookies("admin", "adminpass1", client)
|
|
r = client.post("/api/admin/users/admin/suspend", cookies=cookies)
|
|
assert r.status_code == 400
|
|
|
|
|
|
def test_delete_user(client, admin, user):
|
|
cookies = auth_cookies("admin", "adminpass1", client)
|
|
r = client.delete("/api/admin/users/alice", cookies=cookies)
|
|
assert r.status_code == 200
|
|
|
|
users = client.get("/api/admin/users", cookies=cookies).json()
|
|
assert not any(u["handle"] == "alice" for u in users)
|
|
|
|
|
|
def test_delete_self(client, admin):
|
|
cookies = auth_cookies("admin", "adminpass1", client)
|
|
r = client.delete("/api/admin/users/admin", cookies=cookies)
|
|
assert r.status_code == 400
|
|
|
|
|
|
def test_delete_nonexistent_user(client, admin):
|
|
cookies = auth_cookies("admin", "adminpass1", client)
|
|
r = client.delete("/api/admin/users/ghost", cookies=cookies)
|
|
assert r.status_code == 404
|
|
|
|
|
|
def test_set_access_flags(client, admin, user):
|
|
cookies = auth_cookies("admin", "adminpass1", client)
|
|
|
|
r = client.patch("/api/admin/users/alice/access",
|
|
json={"activity_access": True, "wiki_access": False},
|
|
cookies=cookies)
|
|
assert r.status_code == 200
|
|
|
|
users = client.get("/api/admin/users", cookies=cookies).json()
|
|
alice = next(u for u in users if u["handle"] == "alice")
|
|
assert alice["activity_access"] is True
|
|
assert alice["wiki_access"] is False
|
|
|
|
|
|
def test_set_access_non_admin(client, user):
|
|
cookies = auth_cookies("alice", "alicepass1", client)
|
|
r = client.patch("/api/admin/users/alice/access", json={"wiki_access": False}, cookies=cookies)
|
|
assert r.status_code == 403
|
|
|
|
|
|
def test_reset_password_code_for_unknown_user(client, admin):
|
|
cookies = auth_cookies("admin", "adminpass1", client)
|
|
r = client.post("/api/admin/users/ghost/reset-password-code", cookies=cookies)
|
|
assert r.status_code == 404
|