updating testcases for password change

ooemperor · Jan 16, 2024 · e763108 · e763108
1 parent 04f5eb5
commit e763108
Show file tree

Hide file tree

Showing 2 changed files with 110 additions and 4 deletions.
diff --git a/tests/backend/api_tests/test_ApiAdmin.py b/tests/backend/api_tests/test_ApiAdmin.py
@@ -20,6 +20,7 @@
 import requests, json
 from codeGrader.backend.config import config
 from codeGrader.frontend.config import config as api_config
+import hashlib
 
 
 class ApiAdminUserTest(unittest.TestCase):
@@ -112,7 +113,9 @@ def test_createUpdateAndDeleteAdminUser(self):
         }
 
         # updating the user
-        r = requests.put(f"{adminUser_url}{adminUser_id}", json=new_user_dict, headers={'content-type': 'application/json', 'Authorization': f"{api_config.apiAuthentication} {api_config.apiToken}"})
+        r = requests.put(f"{adminUser_url}{adminUser_id}", json=new_user_dict,
+                         headers={'content-type': 'application/json',
+                                  'Authorization': f"{api_config.apiAuthentication} {api_config.apiToken}"})
         self.assertEqual(200, r.status_code)
 
         # checking again
@@ -128,6 +131,7 @@ def test_createUpdateAndDeleteAdminUser(self):
         r = requests.delete(f"{adminUser_url}{adminUser_id}", headers=self.headers)
         self.assertIsNotNone(r)
         self.assertEqual(204, r.status_code)
+
     def test_createAndDeleteAdminUser_withPasswordReset(self):
         """
         Test Case for creating and deleting the AdminUser with Password Reset
@@ -164,10 +168,64 @@ def test_createAndDeleteAdminUser_withPasswordReset(self):
         self.assertEqual("usertag", json.loads(r.text)["tag"])
 
         # passwordreset
-        r = requests.post(f"{adminUser_url}{adminUser_id}/passwordreset", headers=self.headers)
+        r = requests.post(f"{adminUser_url}{adminUser_id}/password/reset", headers=self.headers)
+        self.assertEqual(201, r.status_code)
+        self.assertIsNotNone(r)
+        self.assertTrue("password" in json.loads(r.text).keys())
+
+        # deleting the user after the test
+        r = requests.delete(f"{adminUser_url}{adminUser_id}", headers=self.headers)
+        self.assertEqual(204, r.status_code)
+        self.assertIsNotNone(r)
+
+    def test_createAndDeleteAdminUser_withPasswordUpdate(self):
+        """
+        Test Case for creating and deleting the AdminUser with Password Update
+        Covers post, get and delete for the api/user
+        @return: No return
+        """
+        headers = dict()
+        headers["Authorization"] = f"{api_config.apiAuthentication} {api_config.apiToken}"
+        create_url = f"http://{config.tests_ApiHost}:{config.tests_ApiPort}/admin/add"
+
+        adminUser_url = f"http://{config.tests_ApiHost}:{config.tests_ApiPort}/admin/"
+        adminUser_dict = {
+            "username": "admin_test",
+            "first_name": "admin",
+            "last_name": "user",
+            "email": "test.user@mail.com",
+            "password": "myPassword",
+            "tag": "usertag",
+            "admin_type": 1
+        }
+
+        # creating the user
+        r = requests.post(create_url, json=adminUser_dict, headers=self.headers)
+        self.assertIsNotNone(r)
+        self.assertEqual(201, r.status_code)
+        adminUser_id = json.loads(r.text)["response"]["id"]
+
+        # checks after creation
+        r = requests.get(f"{adminUser_url}{adminUser_id}", headers=self.headers)
+        self.assertEqual(200, r.status_code)
+        self.assertEqual("admin_test", json.loads(r.text)["username"])
+        self.assertEqual("admin", json.loads(r.text)["first_name"])
+        self.assertEqual("user", json.loads(r.text)["last_name"])
+        self.assertEqual("test.user@mail.com", json.loads(r.text)["email"])
+        self.assertEqual("usertag", json.loads(r.text)["tag"])
+
+        # password_udpate
+        new_password = "strongExamplePassword1"
+        password_update_dict = {"id": adminUser_id, "password": new_password}
+        r = requests.post(f"{adminUser_url}{adminUser_id}/password/update", headers=self.headers,
+                          json=password_update_dict)
         self.assertEqual(201, r.status_code)
         self.assertIsNotNone(r)
         self.assertTrue("password" in json.loads(r.text).keys())
+        new_password_hash = new_password.encode('UTF-8')
+        new_password_hash = hashlib.sha256(new_password_hash)
+        new_password_hash = new_password_hash.hexdigest()
+        self.assertEqual(new_password_hash, json.loads(r.text)["password"])
 
         # deleting the user after the test
         r = requests.delete(f"{adminUser_url}{adminUser_id}", headers=self.headers)

diff --git a/tests/backend/api_tests/test_ApiUser.py b/tests/backend/api_tests/test_ApiUser.py
@@ -15,7 +15,7 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with CodeGrader.  If not, see <http://www.gnu.org/licenses/>.
-
+import hashlib
 import unittest
 import requests, json
 from codeGrader.backend.config import config
@@ -158,10 +158,58 @@ def test_createAndDeleteUser_withPasswordReset(self):
         self.assertEqual("test.user@mail.com", json.loads(r.text)["email"])
         self.assertEqual("usertag", json.loads(r.text)["tag"])
 
-        r = requests.post(f"{user_url}{user_id}/passwordreset", headers=self.headers)
+        r = requests.post(f"{user_url}{user_id}/password/reset", headers=self.headers)
+        self.assertEqual(201, r.status_code)
+        self.assertIsNotNone(r)
+        self.assertTrue("password" in json.loads(r.text).keys())
+
+        # deleting the user after the test
+        r = requests.delete(f"{user_url}{user_id}", headers=self.headers)
+        self.assertEqual(204, r.status_code)
+        self.assertIsNotNone(r)
+
+    def test_createAndDeleteUser_withPasswordUpdate(self):
+        """
+        Test Case for creating and deleting the user with password reset
+        Covers post, get and delete for the api/user
+        @return: No return
+        """
+        create_url = f"http://{config.tests_ApiHost}:{config.tests_ApiPort}/user/add"
+        user_url = f"http://{config.tests_ApiHost}:{config.tests_ApiPort}/user/"
+        user_dict = {
+            "username": "tuser",
+            "first_name": "test",
+            "last_name": "user",
+            "email": "test.user@mail.com",
+            "password": "myPassword",
+            "tag": "usertag"
+        }
+
+        # creating the user
+        r = requests.post(create_url, json=user_dict, headers=self.headers)
+        self.assertIsNotNone(r)
+        self.assertEqual(201, r.status_code)
+        user_id = json.loads(r.text)["response"]["id"]
+
+        # checks after creation
+        r = requests.get(f"{user_url}{user_id}", headers=self.headers)
+        self.assertEqual(200, r.status_code)
+        self.assertEqual("tuser", json.loads(r.text)["username"])
+        self.assertEqual("test", json.loads(r.text)["first_name"])
+        self.assertEqual("user", json.loads(r.text)["last_name"])
+        self.assertEqual("test.user@mail.com", json.loads(r.text)["email"])
+        self.assertEqual("usertag", json.loads(r.text)["tag"])
+
+        new_password = "strongExamplePassword1"
+        password_update_dict = {"id": user_id, "password": new_password}
+        r = requests.post(f"{user_url}{user_id}/password/update", headers=self.headers, json=password_update_dict)
         self.assertEqual(201, r.status_code)
         self.assertIsNotNone(r)
         self.assertTrue("password" in json.loads(r.text).keys())
+        new_password_hash = new_password.encode('UTF-8')
+        new_password_hash = hashlib.sha256(new_password_hash)
+        new_password_hash = new_password_hash.hexdigest()
+        self.assertEqual(new_password_hash, json.loads(r.text)["password"])
 
         # deleting the user after the test
         r = requests.delete(f"{user_url}{user_id}", headers=self.headers)