Browse Source

Avoid repeated username in the same app

master
Alfred 1 year ago
parent
commit
5ea347f88c
3 changed files with 37 additions and 18 deletions
  1. 11
    7
      models/user.py
  2. 15
    3
      tests/test_application.py
  3. 11
    8
      views/main_view.py

+ 11
- 7
models/user.py View File

@@ -1,7 +1,7 @@
1 1
 #!/usr/bin/env python
2 2
 # -*- coding: utf-8 -*-
3 3
 
4
-from sqlalchemy import Column, Integer, String, ForeignKey, DateTime
4
+from sqlalchemy import Column, Integer, String, ForeignKey, DateTime, orm
5 5
 from werkzeug.security import generate_password_hash
6 6
 from app import db
7 7
 from datetime import datetime
@@ -10,7 +10,7 @@ from uuid import uuid4
10 10
 
11 11
 class User(db.Model):
12 12
     __tablename__ = 'users'
13
-    uid = Column(String(36), nullable=False, primary_key=True, unique=True)
13
+    uid = Column(String(36), nullable=False, unique=True)
14 14
     app_id = Column(Integer, ForeignKey('applications.id'), primary_key=True)
15 15
     username = Column(String(50), primary_key=True)
16 16
     password = Column(String(120))
@@ -36,11 +36,15 @@ class User(db.Model):
36 36
 
37 37
 
38 38
 def create_user(user_data):
39
-    user_data['password'] = generate_password_hash(user_data['password'])
40
-    user = User(**user_data)
41
-    db.session.add(user)
42
-    db.session.commit()
43
-    return user
39
+    try:
40
+        user_data['password'] = generate_password_hash(user_data['password'])
41
+        user = User(**user_data)
42
+        db.session.add(user)
43
+        db.session.commit()
44
+        return user
45
+    except orm.exc.FlushError:
46
+        raise Exception('Username already taken')
47
+
44 48
 
45 49
 
46 50
 def list_users(application=None):

+ 15
- 3
tests/test_application.py View File

@@ -135,10 +135,22 @@ class JaWThTestCase(unittest.TestCase):
135 135
         assert n_users == (n_users_new + 1)
136 136
 
137 137
     def test_delete_concrete_app_user(self):
138
-        assert False
138
+        user_1 = self.create_test_user(username='robocop')
139
+        self.create_test_user(username='robocop')
140
+        n_users = self.count_users()
141
+        self.make_authorized_unauthorized_tests('{}/users/{}'.format(user_1.app.name, user_1.username), 'DELETE')
142
+        n_users_new = self.count_users()
143
+        assert n_users_new == (n_users - 1)
139 144
 
140 145
     def test_forbid_same_username_in_app(self):
141
-        assert False
146
+        user_1 = self.create_test_user(username='robocop')
147
+        _app = user_1.app
148
+        n_users = self.count_users()
149
+        res = self.make_request('/{}/users'.format(_app.name), 'POST', self.good_password, self.good_secret_key, {
150
+            'username': user_1.username,
151
+            'password': 'password' + str(n_users)
152
+        })
153
+        assert res.status_code != 201
142 154
 
143 155
     def test_allow_same_username_in_different_app(self):
144 156
         app_1 = self.create_test_app()
@@ -207,7 +219,7 @@ class JaWThTestCase(unittest.TestCase):
207 219
         n_users = self.count_users()
208 220
         self.make_authorized_unauthorized_tests('{}/users/{}'.format(user.app.name, user.username), 'DELETE')
209 221
         n_users_new = self.count_users()
210
-        assert n_users == (n_users_new + 1)
222
+        assert n_users_new == (n_users - 1)
211 223
 
212 224
     def test_login(self):
213 225
         pwd = 'passwordtesting'

+ 11
- 8
views/main_view.py View File

@@ -61,14 +61,17 @@ def update_application(appname):
61 61
 def users(application=None):
62 62
     check_auth()
63 63
     _app = fap.get_app_by_name(application)
64
-    if request.method == 'GET':
65
-        lusers = fuser.list_users(_app)
66
-        return jsonify([u.get_json() for u in lusers]), 200
67
-    elif request.method == 'POST':
68
-        user_data = request.get_json()
69
-        user_data['app'] = _app.id if application is not None else user_data['app']
70
-        user = fuser.create_user(user_data)
71
-        return jsonify(user.get_json()), 201
64
+    try:
65
+        if request.method == 'GET':
66
+            lusers = fuser.list_users(_app)
67
+            return jsonify([u.get_json() for u in lusers]), 200
68
+        elif request.method == 'POST':
69
+            user_data = request.get_json()
70
+            user_data['app'] = _app.id if application is not None else user_data['app']
71
+            user = fuser.create_user(user_data)
72
+            return jsonify(user.get_json()), 201
73
+    except:
74
+        return '', 500
72 75
     return '', 404
73 76
 
74 77
 

Loading…
Cancel
Save