Mateus Tavares
2b1668206d
- padronizando o nome de get_db_connection e session para get_db_session, para não confundir com session do Flask ou sessoes web
- corrigindo potenciais erros
-- has_permission nao consegue com lazy load carregar permission depois de load_user fechar a conexao, entao joinedLoad com Permission antes de fechar
-- db.rollback não existe caso db = get_db_session() apareça muito depois dentro do try, padronizando antes de try
--- comparar role por nivel (Role.SECRETARIO_GERAL) e nao por nome ("Secretario Geral")
- unificacao de get_otp_qr_code
- mudança de nowutc() para now(UTC) conforme novo padrão
100 lines
3.1 KiB
Python
100 lines
3.1 KiB
Python
import pytest
|
|
from flask import url_for
|
|
from functions.database import Usuario, get_db_session
|
|
from werkzeug.security import generate_password_hash
|
|
import json
|
|
|
|
@pytest.fixture
|
|
def admin_user(client):
|
|
"""Fixture que cria um usuário admin para testes"""
|
|
db = get_db_session()
|
|
try:
|
|
admin = Usuario(
|
|
username='admin_test',
|
|
email='admin@test.com',
|
|
password_hash=generate_password_hash('admin123'),
|
|
is_admin=True,
|
|
is_active=True
|
|
)
|
|
db.add(admin)
|
|
db.commit()
|
|
return admin
|
|
finally:
|
|
db.close()
|
|
|
|
@pytest.fixture
|
|
def auth_admin_client(client, admin_user):
|
|
"""Fixture que retorna um cliente autenticado como admin"""
|
|
client.post('/login', data={
|
|
'email': 'admin@test.com',
|
|
'password': 'admin123'
|
|
})
|
|
return client
|
|
|
|
def test_dashboard_access_sem_login(client):
|
|
"""Testa acesso ao dashboard sem login"""
|
|
response = client.get('/admin/')
|
|
assert response.status_code == 302
|
|
assert '/login' in response.headers['Location']
|
|
|
|
def test_dashboard_access_com_login(auth_admin_client):
|
|
"""Testa acesso ao dashboard com login de admin"""
|
|
response = auth_admin_client.get('/admin/')
|
|
assert response.status_code == 200
|
|
assert b'Dashboard Administrativo' in response.data
|
|
|
|
def test_lista_usuarios(auth_admin_client):
|
|
"""Testa listagem de usuários"""
|
|
response = auth_admin_client.get('/admin/users')
|
|
assert response.status_code == 200
|
|
assert b'Lista de' in response.data
|
|
assert b'admin_test' in response.data
|
|
|
|
def test_reset_otp(auth_admin_client, admin_user):
|
|
"""Testa reset de OTP"""
|
|
response = auth_admin_client.post(f'/admin/users/{admin_user.id}/reset-otp')
|
|
assert response.status_code == 302
|
|
assert 'success' in response.headers['Location']
|
|
|
|
def test_reset_password(auth_admin_client, admin_user):
|
|
"""Testa reset de senha"""
|
|
response = auth_admin_client.post(f'/admin/users/{admin_user.id}/reset-password')
|
|
assert response.status_code == 302
|
|
assert 'success' in response.headers['Location']
|
|
|
|
def test_toggle_status(auth_admin_client, admin_user):
|
|
"""Testa alteração de status do usuário"""
|
|
response = auth_admin_client.post(
|
|
f'/admin/users/{admin_user.id}/toggle-status',
|
|
headers={'Content-Type': 'application/json'}
|
|
)
|
|
data = json.loads(response.data)
|
|
assert response.status_code == 200
|
|
assert data['success'] is True
|
|
|
|
def test_acesso_nao_admin(client):
|
|
"""Testa acesso de usuário não admin"""
|
|
db = get_db_session()
|
|
try:
|
|
# Criar usuário normal
|
|
user = Usuario(
|
|
username='normal_user',
|
|
email='user@test.com',
|
|
password_hash=generate_password_hash('user123'),
|
|
is_admin=False,
|
|
is_active=True
|
|
)
|
|
db.add(user)
|
|
db.commit()
|
|
|
|
# Login
|
|
client.post('/login', data={
|
|
'email': 'user@test.com',
|
|
'password': 'user123'
|
|
})
|
|
|
|
# Tentar acessar área admin
|
|
response = client.get('/admin/')
|
|
assert response.status_code == 403
|
|
finally:
|
|
db.close() |