forked from kompetenzinventar/ki-backend
43 lines
1.6 KiB
Python
43 lines
1.6 KiB
Python
# SPDX-FileCopyrightText: WTF Kooperative eG <https://wtf-eg.de/>
|
|
#
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
import unittest
|
|
|
|
from ki.test.ApiTest import ApiTest
|
|
|
|
|
|
class TestFindProfilesEndpoint(ApiTest):
|
|
def test_find_profiles_options(self):
|
|
response = self.client.options("/users/profiles")
|
|
self.assertEqual(response.status_code, 200)
|
|
self.assertIn("Access-Control-Allow-Origin", response.headers)
|
|
self.assertEqual(response.headers["Access-Control-Allow-Origin"], "*")
|
|
|
|
def test_find_nobody(self):
|
|
token = self.login("peter", "geheim")["token"]
|
|
|
|
response = self.client.get("/users/profiles?nickname=horsthorsthorst",
|
|
headers={"Authorization": "Bearer " + token})
|
|
self.assertEqual(response.status_code, 200)
|
|
self.assertEqual(response.json, {"total": 0, "profiles": []})
|
|
|
|
def test_find_sql_specialchars(self):
|
|
token = self.login("peter", "geheim")["token"]
|
|
|
|
response = self.client.get("/users/profiles?nickname=%22%27%25", headers={"Authorization": "Bearer " + token})
|
|
self.assertEqual(response.status_code, 200)
|
|
self.assertEqual(response.json, {"total": 0, "profiles": []})
|
|
|
|
def test_find_all(self):
|
|
token = self.login("peter", "geheim")["token"]
|
|
|
|
response = self.client.get("/users/profiles", headers={"Authorization": "Bearer " + token})
|
|
self.assertEqual(response.status_code, 200)
|
|
self.assertDictContainsSubset({"total": 1}, response.json)
|
|
self.assertDictContainsSubset({"nickname": "dirtydieter"}, response.json["profiles"][0])
|
|
|
|
|
|
if __name__ == "main":
|
|
unittest.main()
|