Davide Scaini
68 lines
2.1 KiB
Python
68 lines
2.1 KiB
Python
"""Tests for invite management endpoints."""
|
|
|
|
from __future__ import annotations
|
|
|
|
from bincio.auth.db import create_invite
|
|
|
|
from .conftest import auth_cookies
|
|
|
|
|
|
def test_list_invites_empty(client, user):
|
|
cookies = auth_cookies("alice", "alicepass1", client)
|
|
r = client.get("/api/invites", cookies=cookies)
|
|
assert r.status_code == 200
|
|
assert r.json() == []
|
|
|
|
|
|
def test_create_and_list_invite(client, user):
|
|
cookies = auth_cookies("alice", "alicepass1", client)
|
|
r = client.post("/api/invites", json={}, cookies=cookies)
|
|
assert r.status_code == 200
|
|
code = r.json()["code"]
|
|
assert len(code) > 0
|
|
|
|
r2 = client.get("/api/invites", cookies=cookies)
|
|
codes = [i["code"] for i in r2.json()]
|
|
assert code in codes
|
|
|
|
|
|
def test_invite_limit_regular_user(client, user):
|
|
cookies = auth_cookies("alice", "alicepass1", client)
|
|
# Regular users capped at 3
|
|
for _ in range(3):
|
|
r = client.post("/api/invites", json={}, cookies=cookies)
|
|
assert r.status_code == 200
|
|
r = client.post("/api/invites", json={}, cookies=cookies)
|
|
assert r.status_code == 400
|
|
|
|
|
|
def test_admin_has_no_invite_limit(client, admin):
|
|
cookies = auth_cookies("admin", "adminpass1", client)
|
|
for _ in range(5):
|
|
r = client.post("/api/invites", json={}, cookies=cookies)
|
|
assert r.status_code == 200
|
|
|
|
|
|
def test_create_invite_unauthenticated(client):
|
|
r = client.post("/api/invites", json={})
|
|
assert r.status_code == 401
|
|
|
|
|
|
def test_list_invites_unauthenticated(client):
|
|
r = client.get("/api/invites")
|
|
assert r.status_code == 401
|
|
|
|
|
|
def test_invite_grants_activity_flag(client, admin):
|
|
cookies = auth_cookies("admin", "adminpass1", client)
|
|
r = client.post("/api/invites", json={"grants_activity": True}, cookies=cookies)
|
|
assert r.status_code == 200
|
|
assert r.json()["grants_activity"] is True
|
|
|
|
|
|
def test_regular_user_cannot_grant_activity_they_dont_have(client, user):
|
|
# alice has no activity_access
|
|
cookies = auth_cookies("alice", "alicepass1", client)
|
|
r = client.post("/api/invites", json={"grants_activity": True}, cookies=cookies)
|
|
assert r.status_code == 400
|