''' Test package for ordr2.models.account ''' import pytest # tests for users.Role def test_role_principals(): ''' test Role.principal, a caluclated property ''' from ordr2.models.account import Role assert Role.UNVALIDATED.principal == 'role:unvalidated' assert Role.NEW.principal == 'role:new' assert Role.USER.principal == 'role:user' assert Role.PURCHASER.principal == 'role:purchaser' assert Role.ADMIN.principal == 'role:admin' assert Role.INACTIVE.principal == 'role:inactive' def test_role_str(): ''' test the string representation of roles ''' from ordr2.models.account import Role assert str(Role.UNVALIDATED) == 'Unvalidated' assert str(Role.NEW) == 'New' assert str(Role.USER) == 'User' assert str(Role.PURCHASER) == 'Purchaser' assert str(Role.ADMIN) == 'Admin' assert str(Role.INACTIVE) == 'Inactive' # tests for users.User def test_user_principal(): ''' test the user principal calculated property ''' from ordr2.models.account import User user = User(id=3) assert user.principal == 'user:3' @pytest.mark.parametrize( 'role_name, principals', [ ('UNVALIDATED', ['role:unvalidated']), ('NEW', ['role:new']), ('USER', ['role:user']), ('PURCHASER', ['role:purchaser', 'role:user']), ('ADMIN', ['role:admin', 'role:purchaser', 'role:user']), ('INACTIVE', ['role:inactive']) ] ) def test_user_role_principals(role_name, principals): ''' test the user's role principals calculated property ''' from ordr2.models.account import User, Role role = Role[role_name] user = User(role=role) assert user.role_principals == principals @pytest.mark.parametrize( 'role_name, is_active', [ ('UNVALIDATED', False), ('NEW', False), ('USER', True), ('PURCHASER', True), ('ADMIN', True), ('INACTIVE', False) ] ) def test_user_is_active(role_name, is_active): ''' test if is_active returns correct value based on the user's role ''' from ordr2.models.account import User, Role role = Role[role_name] user = User(role=role) assert user.is_active == is_active def test_user_set_password(): ''' test password hash generation ''' from ordr2.models.account import User, passlib_context passlib_context.update(schemes=['argon2', 'bcrypt']) user = User(password_hash=None) password = 'Fish Slapping Dance' user.set_password(password) assert user.password_hash.startswith('$argon2') assert password not in user.password_hash @pytest.mark.parametrize( 'password', [ 'Fish Slapping Dance', pytest.mark.xfail('Argument Clinic') ] ) def test_user_check_password_ok(password): ''' test password check ''' from ordr2.models.account import User, passlib_context passlib_context.update(schemes=['argon2', 'bcrypt'], deprecated='auto') user = User(password_hash=None) user.set_password('Fish Slapping Dance') assert user.check_password(password) def test_user_check_password_deprecated_hash(): ''' test password check updates deprecated hash with new algorithm ''' from ordr2.models.account import User from ordr2.security import passlib_context passlib_context.update(schemes=['argon2', 'bcrypt'], deprecated='auto') password = 'Fish Slapping Dance' bcrypt_hash = passlib_context.hash(password, scheme='bcrypt') user = User(password_hash=bcrypt_hash) assert user.check_password(password) assert user.password_hash != bcrypt_hash assert user.password_hash.startswith('$argon2') def test_user_string_representation(): ''' test the string representation of the user ''' from ordr2.models.account import User, Role user = User(username='FooBar') assert str(user) == 'FooBar'