Home Explore Project
Register Sign In
python
/
fastapi
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: ba45ad99c6
Branches Tags
fastapi
/
backend
/
apps
/
tests
/
api
/
routes
/
test_users.py

test_users.py 15 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454 
  1. from unittest.mock import patch
    2. 

  2. 

  3. from app import crud
    4. 

  4. from app.core.config import settings
    5. 

  5. from apps.models import UserCreate
    6. 

  6. from apps.tests.utils.utils import random_email, random_lower_string
    7. 

  7. from sqlmodel import Session
    8. 

  8. 

  9. from fastapi.testclient import TestClient
    10. 

  10. 

  11. 

  12. def test_get_users_superuser_me(
    13. 

  13.     client: TestClient, superuser_token_headers: dict[str, str]
    14. 

  14. ) -> None:
    15. 

  15.     r = client.get(f"{settings.API_V1_STR}/users/me", headers=superuser_token_headers)
    16. 

  16.     current_user = r.json()
    17. 

  17.     assert current_user
    18. 

  18.     assert current_user["is_active"] is True
    19. 

  19.     assert current_user["is_superuser"]
    20. 

  20.     assert current_user["email"] == settings.FIRST_SUPERUSER
    21. 

  21. 

  22. 

  23. def test_get_users_normal_user_me(
    24. 

  24.     client: TestClient, normal_user_token_headers: dict[str, str]
    25. 

  25. ) -> None:
    26. 

  26.     r = client.get(f"{settings.API_V1_STR}/users/me", headers=normal_user_token_headers)
    27. 

  27.     current_user = r.json()
    28. 

  28.     assert current_user
    29. 

  29.     assert current_user["is_active"] is True
    30. 

  30.     assert current_user["is_superuser"] is False
    31. 

  31.     assert current_user["email"] == settings.EMAIL_TEST_USER
    32. 

  32. 

  33. 

  34. def test_create_user_new_email(
    35. 

  35.     client: TestClient, superuser_token_headers: dict[str, str], db: Session
    36. 

  36. ) -> None:
    37. 

  37.     with patch("app.utils.send_email", return_value=None), patch(
    38. 

  38.         "app.core.config.settings.SMTP_HOST", "smtp.example.com"
    39. 

  39.     ), patch("app.core.config.settings.SMTP_USER", "admin@example.com"):
    40. 

  40.         username = random_email()
    41. 

  41.         password = random_lower_string()
    42. 

  42.         data = {"email": username, "password": password}
    43. 

  43.         r = client.post(
    44. 

  44.             f"{settings.API_V1_STR}/users/",
    45. 

  45.             headers=superuser_token_headers,
    46. 

  46.             json=data,
    47. 

  47.         )
    48. 

  48.         assert 200 <= r.status_code < 300
    49. 

  49.         created_user = r.json()
    50. 

  50.         user = crud.get_user_by_email(session=db, email=username)
    51. 

  51.         assert user
    52. 

  52.         assert user.email == created_user["email"]
    53. 

  53. 

  54. 

  55. def test_get_existing_user(
    56. 

  56.     client: TestClient, superuser_token_headers: dict[str, str], db: Session
    57. 

  57. ) -> None:
    58. 

  58.     username = random_email()
    59. 

  59.     password = random_lower_string()
    60. 

  60.     user_in = UserCreate(email=username, password=password)
    61. 

  61.     user = crud.create_user(session=db, user_create=user_in)
    62. 

  62.     user_id = user.id
    63. 

  63.     r = client.get(
    64. 

  64.         f"{settings.API_V1_STR}/users/{user_id}",
    65. 

  65.         headers=superuser_token_headers,
    66. 

  66.     )
    67. 

  67.     assert 200 <= r.status_code < 300
    68. 

  68.     api_user = r.json()
    69. 

  69.     existing_user = crud.get_user_by_email(session=db, email=username)
    70. 

  70.     assert existing_user
    71. 

  71.     assert existing_user.email == api_user["email"]
    72. 

  72. 

  73. 

  74. def test_get_existing_user_current_user(client: TestClient, db: Session) -> None:
    75. 

  75.     username = random_email()
    76. 

  76.     password = random_lower_string()
    77. 

  77.     user_in = UserCreate(email=username, password=password)
    78. 

  78.     user = crud.create_user(session=db, user_create=user_in)
    79. 

  79.     user_id = user.id
    80. 

  80. 

  81.     login_data = {
    82. 

  82.         "username": username,
    83. 

  83.         "password": password,
    84. 

  84.     }
    85. 

  85.     r = client.post(f"{settings.API_V1_STR}/login/access-token", data=login_data)
    86. 

  86.     tokens = r.json()
    87. 

  87.     a_token = tokens["access_token"]
    88. 

  88.     headers = {"Authorization": f"Bearer {a_token}"}
    89. 

  89. 

  90.     r = client.get(
    91. 

  91.         f"{settings.API_V1_STR}/users/{user_id}",
    92. 

  92.         headers=headers,
    93. 

  93.     )
    94. 

  94.     assert 200 <= r.status_code < 300
    95. 

  95.     api_user = r.json()
    96. 

  96.     existing_user = crud.get_user_by_email(session=db, email=username)
    97. 

  97.     assert existing_user
    98. 

  98.     assert existing_user.email == api_user["email"]
    99. 

  99. 

  100. 

  101. def test_get_existing_user_permissions_error(
    102. 

  102.     client: TestClient, normal_user_token_headers: dict[str, str], db: Session
    103. 

  103. ) -> None:
    104. 

  104.     r = client.get(
    105. 

  105.         f"{settings.API_V1_STR}/users/999999",
    106. 

  106.         headers=normal_user_token_headers,
    107. 

  107.     )
    108. 

  108.     assert r.status_code == 403
    109. 

  109.     assert r.json() == {"detail": "The user doesn't have enough privileges"}
    110. 

  110. 

  111. 

  112. def test_create_user_existing_username(
    113. 

  113.     client: TestClient, superuser_token_headers: dict[str, str], db: Session
    114. 

  114. ) -> None:
    115. 

  115.     username = random_email()
    116. 

  116.     # username = email
    117. 

  117.     password = random_lower_string()
    118. 

  118.     user_in = UserCreate(email=username, password=password)
    119. 

  119.     crud.create_user(session=db, user_create=user_in)
    120. 

  120.     data = {"email": username, "password": password}
    121. 

  121.     r = client.post(
    122. 

  122.         f"{settings.API_V1_STR}/users/",
    123. 

  123.         headers=superuser_token_headers,
    124. 

  124.         json=data,
    125. 

  125.     )
    126. 

  126.     created_user = r.json()
    127. 

  127.     assert r.status_code == 400
    128. 

  128.     assert "_id" not in created_user
    129. 

  129. 

  130. 

  131. def test_create_user_by_normal_user(
    132. 

  132.     client: TestClient, normal_user_token_headers: dict[str, str]
    133. 

  133. ) -> None:
    134. 

  134.     username = random_email()
    135. 

  135.     password = random_lower_string()
    136. 

  136.     data = {"email": username, "password": password}
    137. 

  137.     r = client.post(
    138. 

  138.         f"{settings.API_V1_STR}/users/",
    139. 

  139.         headers=normal_user_token_headers,
    140. 

  140.         json=data,
    141. 

  141.     )
    142. 

  142.     assert r.status_code == 400
    143. 

  143. 

  144. 

  145. def test_retrieve_users(
    146. 

  146.     client: TestClient, superuser_token_headers: dict[str, str], db: Session
    147. 

  147. ) -> None:
    148. 

  148.     username = random_email()
    149. 

  149.     password = random_lower_string()
    150. 

  150.     user_in = UserCreate(email=username, password=password)
    151. 

  151.     crud.create_user(session=db, user_create=user_in)
    152. 

  152. 

  153.     username2 = random_email()
    154. 

  154.     password2 = random_lower_string()
    155. 

  155.     user_in2 = UserCreate(email=username2, password=password2)
    156. 

  156.     crud.create_user(session=db, user_create=user_in2)
    157. 

  157. 

  158.     r = client.get(f"{settings.API_V1_STR}/users/", headers=superuser_token_headers)
    159. 

  159.     all_users = r.json()
    160. 

  160. 

  161.     assert len(all_users["data"]) > 1
    162. 

  162.     assert "count" in all_users
    163. 

  163.     for item in all_users["data"]:
    164. 

  164.         assert "email" in item
    165. 

  165. 

  166. 

  167. def test_update_user_me(
    168. 

  168.     client: TestClient, normal_user_token_headers: dict[str, str], db: Session
    169. 

  169. ) -> None:
    170. 

  170.     full_name = "Updated Name"
    171. 

  171.     email = random_email()
    172. 

  172.     data = {"full_name": full_name, "email": email}
    173. 

  173.     r = client.patch(
    174. 

  174.         f"{settings.API_V1_STR}/users/me",
    175. 

  175.         headers=normal_user_token_headers,
    176. 

  176.         json=data,
    177. 

  177.     )
    178. 

  178.     assert r.status_code == 200
    179. 

  179.     updated_user = r.json()
    180. 

  180.     assert updated_user["email"] == email
    181. 

  181.     assert updated_user["full_name"] == full_name
    182. 

  182. 

  183. 

  184. def test_update_password_me(
    185. 

  185.     client: TestClient, superuser_token_headers: dict[str, str], db: Session
    186. 

  186. ) -> None:
    187. 

  187.     new_password = random_lower_string()
    188. 

  188.     data = {
    189. 

  189.         "current_password": settings.FIRST_SUPERUSER_PASSWORD,
    190. 

  190.         "new_password": new_password,
    191. 

  191.     }
    192. 

  192.     r = client.patch(
    193. 

  193.         f"{settings.API_V1_STR}/users/me/password",
    194. 

  194.         headers=superuser_token_headers,
    195. 

  195.         json=data,
    196. 

  196.     )
    197. 

  197.     assert r.status_code == 200
    198. 

  198.     updated_user = r.json()
    199. 

  199.     assert updated_user["message"] == "Password updated successfully"
    200. 

  200. 

  201.     # Revert to the old password to keep consistency in test
    202. 

  202.     old_data = {
    203. 

  203.         "current_password": new_password,
    204. 

  204.         "new_password": settings.FIRST_SUPERUSER_PASSWORD,
    205. 

  205.     }
    206. 

  206.     r = client.patch(
    207. 

  207.         f"{settings.API_V1_STR}/users/me/password",
    208. 

  208.         headers=superuser_token_headers,
    209. 

  209.         json=old_data,
    210. 

  210.     )
    211. 

  211.     assert r.status_code == 200
    212. 

  212. 

  213. 

  214. def test_update_password_me_incorrect_password(
    215. 

  215.     client: TestClient, superuser_token_headers: dict[str, str], db: Session
    216. 

  216. ) -> None:
    217. 

  217.     new_password = random_lower_string()
    218. 

  218.     data = {"current_password": new_password, "new_password": new_password}
    219. 

  219.     r = client.patch(
    220. 

  220.         f"{settings.API_V1_STR}/users/me/password",
    221. 

  221.         headers=superuser_token_headers,
    222. 

  222.         json=data,
    223. 

  223.     )
    224. 

  224.     assert r.status_code == 400
    225. 

  225.     updated_user = r.json()
    226. 

  226.     assert updated_user["detail"] == "Incorrect password"
    227. 

  227. 

  228. 

  229. def test_update_user_me_email_exists(
    230. 

  230.     client: TestClient, normal_user_token_headers: dict[str, str], db: Session
    231. 

  231. ) -> None:
    232. 

  232.     username = random_email()
    233. 

  233.     password = random_lower_string()
    234. 

  234.     user_in = UserCreate(email=username, password=password)
    235. 

  235.     user = crud.create_user(session=db, user_create=user_in)
    236. 

  236. 

  237.     data = {"email": user.email}
    238. 

  238.     r = client.patch(
    239. 

  239.         f"{settings.API_V1_STR}/users/me",
    240. 

  240.         headers=normal_user_token_headers,
    241. 

  241.         json=data,
    242. 

  242.     )
    243. 

  243.     assert r.status_code == 409
    244. 

  244.     assert r.json()["detail"] == "User with this email already exists"
    245. 

  245. 

  246. 

  247. def test_update_password_me_same_password_error(
    248. 

  248.     client: TestClient, superuser_token_headers: dict[str, str], db: Session
    249. 

  249. ) -> None:
    250. 

  250.     data = {
    251. 

  251.         "current_password": settings.FIRST_SUPERUSER_PASSWORD,
    252. 

  252.         "new_password": settings.FIRST_SUPERUSER_PASSWORD,
    253. 

  253.     }
    254. 

  254.     r = client.patch(
    255. 

  255.         f"{settings.API_V1_STR}/users/me/password",
    256. 

  256.         headers=superuser_token_headers,
    257. 

  257.         json=data,
    258. 

  258.     )
    259. 

  259.     assert r.status_code == 400
    260. 

  260.     updated_user = r.json()
    261. 

  261.     assert (
    262. 

  262.         updated_user["detail"] == "New password cannot be the same as the current one"
    263. 

  263.     )
    264. 

  264. 

  265. 

  266. def test_create_user_open(client: TestClient) -> None:
    267. 

  267.     with patch("app.core.config.settings.USERS_OPEN_REGISTRATION", True):
    268. 

  268.         username = random_email()
    269. 

  269.         password = random_lower_string()
    270. 

  270.         full_name = random_lower_string()
    271. 

  271.         data = {"email": username, "password": password, "full_name": full_name}
    272. 

  272.         r = client.post(
    273. 

  273.             f"{settings.API_V1_STR}/users/open",
    274. 

  274.             json=data,
    275. 

  275.         )
    276. 

  276.         assert r.status_code == 200
    277. 

  277.         created_user = r.json()
    278. 

  278.         assert created_user["email"] == username
    279. 

  279.         assert created_user["full_name"] == full_name
    280. 

  280. 

  281. 

  282. def test_create_user_open_forbidden_error(client: TestClient) -> None:
    283. 

  283.     with patch("app.core.config.settings.USERS_OPEN_REGISTRATION", False):
    284. 

  284.         username = random_email()
    285. 

  285.         password = random_lower_string()
    286. 

  286.         full_name = random_lower_string()
    287. 

  287.         data = {"email": username, "password": password, "full_name": full_name}
    288. 

  288.         r = client.post(
    289. 

  289.             f"{settings.API_V1_STR}/users/open",
    290. 

  290.             json=data,
    291. 

  291.         )
    292. 

  292.         assert r.status_code == 403
    293. 

  293.         assert (
    294. 

  294.             r.json()["detail"] == "Open user registration is forbidden on this server"
    295. 

  295.         )
    296. 

  296. 

  297. 

  298. def test_create_user_open_already_exists_error(client: TestClient) -> None:
    299. 

  299.     with patch("app.core.config.settings.USERS_OPEN_REGISTRATION", True):
    300. 

  300.         password = random_lower_string()
    301. 

  301.         full_name = random_lower_string()
    302. 

  302.         data = {
    303. 

  303.             "email": settings.FIRST_SUPERUSER,
    304. 

  304.             "password": password,
    305. 

  305.             "full_name": full_name,
    306. 

  306.         }
    307. 

  307.         r = client.post(
    308. 

  308.             f"{settings.API_V1_STR}/users/open",
    309. 

  309.             json=data,
    310. 

  310.         )
    311. 

  311.         assert r.status_code == 400
    312. 

  312.         assert (
    313. 

  313.             r.json()["detail"]
    314. 

  314.             == "The user with this email already exists in the system"
    315. 

  315.         )
    316. 

  316. 

  317. 

  318. def test_update_user(
    319. 

  319.     client: TestClient, superuser_token_headers: dict[str, str], db: Session
    320. 

  320. ) -> None:
    321. 

  321.     username = random_email()
    322. 

  322.     password = random_lower_string()
    323. 

  323.     user_in = UserCreate(email=username, password=password)
    324. 

  324.     user = crud.create_user(session=db, user_create=user_in)
    325. 

  325. 

  326.     data = {"full_name": "Updated_full_name"}
    327. 

  327.     r = client.patch(
    328. 

  328.         f"{settings.API_V1_STR}/users/{user.id}",
    329. 

  329.         headers=superuser_token_headers,
    330. 

  330.         json=data,
    331. 

  331.     )
    332. 

  332.     assert r.status_code == 200
    333. 

  333.     updated_user = r.json()
    334. 

  334.     assert updated_user["full_name"] == "Updated_full_name"
    335. 

  335. 

  336. 

  337. def test_update_user_not_exists(
    338. 

  338.     client: TestClient, superuser_token_headers: dict[str, str], db: Session
    339. 

  339. ) -> None:
    340. 

  340.     data = {"full_name": "Updated_full_name"}
    341. 

  341.     r = client.patch(
    342. 

  342.         f"{settings.API_V1_STR}/users/99999999",
    343. 

  343.         headers=superuser_token_headers,
    344. 

  344.         json=data,
    345. 

  345.     )
    346. 

  346.     assert r.status_code == 404
    347. 

  347.     assert r.json()["detail"] == "The user with this id does not exist in the system"
    348. 

  348. 

  349. 

  350. def test_update_user_email_exists(
    351. 

  351.     client: TestClient, superuser_token_headers: dict[str, str], db: Session
    352. 

  352. ) -> None:
    353. 

  353.     username = random_email()
    354. 

  354.     password = random_lower_string()
    355. 

  355.     user_in = UserCreate(email=username, password=password)
    356. 

  356.     user = crud.create_user(session=db, user_create=user_in)
    357. 

  357. 

  358.     username2 = random_email()
    359. 

  359.     password2 = random_lower_string()
    360. 

  360.     user_in2 = UserCreate(email=username2, password=password2)
    361. 

  361.     user2 = crud.create_user(session=db, user_create=user_in2)
    362. 

  362. 

  363.     data = {"email": user2.email}
    364. 

  364.     r = client.patch(
    365. 

  365.         f"{settings.API_V1_STR}/users/{user.id}",
    366. 

  366.         headers=superuser_token_headers,
    367. 

  367.         json=data,
    368. 

  368.     )
    369. 

  369.     assert r.status_code == 409
    370. 

  370.     assert r.json()["detail"] == "User with this email already exists"
    371. 

  371. 

  372. 

  373. def test_delete_user_super_user(
    374. 

  374.     client: TestClient, superuser_token_headers: dict[str, str], db: Session
    375. 

  375. ) -> None:
    376. 

  376.     username = random_email()
    377. 

  377.     password = random_lower_string()
    378. 

  378.     user_in = UserCreate(email=username, password=password)
    379. 

  379.     user = crud.create_user(session=db, user_create=user_in)
    380. 

  380.     user_id = user.id
    381. 

  381.     r = client.delete(
    382. 

  382.         f"{settings.API_V1_STR}/users/{user_id}",
    383. 

  383.         headers=superuser_token_headers,
    384. 

  384.     )
    385. 

  385.     assert r.status_code == 200
    386. 

  386.     deleted_user = r.json()
    387. 

  387.     assert deleted_user["message"] == "User deleted successfully"
    388. 

  388. 

  389. 

  390. def test_delete_user_current_user(client: TestClient, db: Session) -> None:
    391. 

  391.     username = random_email()
    392. 

  392.     password = random_lower_string()
    393. 

  393.     user_in = UserCreate(email=username, password=password)
    394. 

  394.     user = crud.create_user(session=db, user_create=user_in)
    395. 

  395.     user_id = user.id
    396. 

  396. 

  397.     login_data = {
    398. 

  398.         "username": username,
    399. 

  399.         "password": password,
    400. 

  400.     }
    401. 

  401.     r = client.post(f"{settings.API_V1_STR}/login/access-token", data=login_data)
    402. 

  402.     tokens = r.json()
    403. 

  403.     a_token = tokens["access_token"]
    404. 

  404.     headers = {"Authorization": f"Bearer {a_token}"}
    405. 

  405. 

  406.     r = client.delete(
    407. 

  407.         f"{settings.API_V1_STR}/users/{user_id}",
    408. 

  408.         headers=headers,
    409. 

  409.     )
    410. 

  410.     assert r.status_code == 200
    411. 

  411.     deleted_user = r.json()
    412. 

  412.     assert deleted_user["message"] == "User deleted successfully"
    413. 

  413. 

  414. 

  415. def test_delete_user_not_found(
    416. 

  416.     client: TestClient, superuser_token_headers: dict[str, str], db: Session
    417. 

  417. ) -> None:
    418. 

  418.     r = client.delete(
    419. 

  419.         f"{settings.API_V1_STR}/users/99999999",
    420. 

  420.         headers=superuser_token_headers,
    421. 

  421.     )
    422. 

  422.     assert r.status_code == 404
    423. 

  423.     assert r.json()["detail"] == "User not found"
    424. 

  424. 

  425. 

  426. def test_delete_user_current_super_user_error(
    427. 

  427.     client: TestClient, superuser_token_headers: dict[str, str], db: Session
    428. 

  428. ) -> None:
    429. 

  429.     super_user = crud.get_user_by_email(session=db, email=settings.FIRST_SUPERUSER)
    430. 

  430.     assert super_user
    431. 

  431.     user_id = super_user.id
    432. 

  432. 

  433.     r = client.delete(
    434. 

  434.         f"{settings.API_V1_STR}/users/{user_id}",
    435. 

  435.         headers=superuser_token_headers,
    436. 

  436.     )
    437. 

  437.     assert r.status_code == 403
    438. 

  438.     assert r.json()["detail"] == "Super users are not allowed to delete themselves"
    439. 

  439. 

  440. 

  441. def test_delete_user_without_privileges(
    442. 

  442.     client: TestClient, normal_user_token_headers: dict[str, str], db: Session
    443. 

  443. ) -> None:
    444. 

  444.     username = random_email()
    445. 

  445.     password = random_lower_string()
    446. 

  446.     user_in = UserCreate(email=username, password=password)
    447. 

  447.     user = crud.create_user(session=db, user_create=user_in)
    448. 

  448. 

  449.     r = client.delete(
    450. 

  450.         f"{settings.API_V1_STR}/users/{user.id}",
    451. 

  451.         headers=normal_user_token_headers,
    452. 

  452.     )
    453. 

  453.     assert r.status_code == 403
    454. 

  454.     assert r.json()["detail"] == "The user doesn't have enough privileges"
    455.