Browse Source

check for non-JSON requests, missing fields and duplicate usernames

master
Julio Biason 11 years ago
parent
commit
3c4bf90bc5
  1. 31
      luncho/blueprints/users.py
  2. 10
      luncho/helpers.py
  3. 49
      tests/users_tests.py

31
luncho/blueprints/users.py

@ -6,13 +6,13 @@
from flask import Blueprint from flask import Blueprint
from flask import request from flask import request
from flask import jsonify from flask import jsonify
# from flask import current_app
# from pony.orm import commit from sqlalchemy.exc import IntegrityError
from luncho.helpers import ForceJSON from luncho.helpers import ForceJSON
from luncho.server import User from luncho.server import User
from luncho.server import db
users = Blueprint('users', __name__) users = Blueprint('users', __name__)
@ -23,14 +23,19 @@ def create_user():
"""Create a new user. Request must be: """Create a new user. Request must be:
{ "username": "username", "full_name": "Full Name", "password": "hash" }""" { "username": "username", "full_name": "Full Name", "password": "hash" }"""
json = request.get_json(force=True) json = request.get_json(force=True)
# new_user = User(username=json['username'],
# fullname=json['full_name'], try:
# passhash=json['password'], new_user = User(username=json['username'],
# validated=False) fullname=json['full_name'],
User(username=json['username'], passhash=json['password'],
fullname=json['full_name'], validated=False)
passhash=json['password'],
validated=False) db.session.add(new_user)
# commit() db.session.commit()
return jsonify(status='OK') return jsonify(status='OK')
except IntegrityError:
resp = jsonify(status='ERROR',
error='username already exists')
resp.status_code = 409
return resp

10
luncho/helpers.py

@ -18,8 +18,10 @@ class ForceJSON(object):
def check_json(*args, **kwargs): def check_json(*args, **kwargs):
json = request.get_json(force=True, silent=True) json = request.get_json(force=True, silent=True)
if not json: if not json:
return jsonify(status='ERROR', resp = jsonify(status='ERROR',
error='Request MUST be in JSON format'), 400 error='Request MUST be in JSON format')
resp.status_code = 400
return resp
# now we have the JSON, let's check if all the fields are here. # now we have the JSON, let's check if all the fields are here.
missing = [] missing = []
@ -30,8 +32,10 @@ class ForceJSON(object):
if missing: if missing:
fields = ', '.join(missing) fields = ', '.join(missing)
error = 'Missing fields: {fields}'.format(fields=fields) error = 'Missing fields: {fields}'.format(fields=fields)
return jsonify(status='ERROR', resp = jsonify(status='ERROR',
error=error) error=error)
resp.status_code = 400
return resp
return func(*args, **kwargs) return func(*args, **kwargs)
return check_json return check_json

49
tests/users_tests.py

@ -15,21 +15,64 @@ class TestUsers(unittest.TestCase):
server.app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite://' server.app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite://'
server.app.config['TESTING'] = True server.app.config['TESTING'] = True
print server.app.config['SQLALCHEMY_DATABASE_URI']
self.app = server.app.test_client() self.app = server.app.test_client()
server.db.create_all()
# def tearDown(self): def tearDown(self):
# os.unlink(server.app.config['SQLITE_FILENAME']) server.db.drop_all(bind=None)
def test_create_user(self): def test_create_user(self):
"""Simple user creation."""
request = {'username': 'username', request = {'username': 'username',
'full_name': 'full name', 'full_name': 'full name',
'password': 'hash'} 'password': 'hash'}
rv = self.app.put('/user/', rv = self.app.put('/user/',
data=json.dumps(request), data=json.dumps(request),
content_type='application/json') content_type='application/json')
self.assertEqual(rv.status_code, 200) self.assertEqual(rv.status_code, 200)
self.assertEqual(json.loads(rv.data), {'status': 'OK'}) self.assertEqual(json.loads(rv.data), {'status': 'OK'})
def test_duplicate_user(self):
"""Check the status for trying to create a user that it is already
in the database."""
self.test_create_user() # create the first user
# now duplicate
request = {'username': 'username',
'full_name': 'full name',
'password': 'hash'}
rv = self.app.put('/user/',
data=json.dumps(request),
content_type='application/json')
expected = {"status": "ERROR",
"error": "username already exists"}
self.assertEqual(rv.status_code, 409)
self.assertEqual(json.loads(rv.data), expected)
def test_no_json(self):
"""Check the status when doing a request that it's not JSON."""
rv = self.app.put('/user/',
data='',
content_type='text/html')
expected = {"error": "Request MUST be in JSON format",
"status": "ERROR"}
self.assertEqual(rv.status_code, 400)
self.assertEqual(json.loads(rv.data), expected)
def test_missing_fields(self):
request = {'password': 'hash'}
rv = self.app.put('/user/',
data=json.dumps(request),
content_type='application/json')
resp = {'error': 'Missing fields: username, full_name',
'status': 'ERROR'}
self.assertEqual(rv.status_code, 400)
self.assertEqual(json.loads(rv.data), resp)
if __name__ == '__main__': if __name__ == '__main__':
unittest.main() unittest.main()

Loading…
Cancel
Save