def test_create_user_with_empty_password_is_not_allowed():
username = random_lower_string()
email = random_email()
with pytest.raises(ValidationError):
UserCreate(username=username, email=email, password=None)
with pytest.raises(ValidationError):
UnprivilegedUserCreate(username=username, email=email, password=None)
def test_create_user_existing_username(client: TestClient,
superuser_token_headers: dict,
db: Session) -> None:
username = random_email()
password = random_lower_string()
first_name = random_lower_string()
last_name = random_lower_string()
user_in = UserCreate(email=username,
password=password,
first_name=first_name,
last_name=last_name)
crud.user.create(db, obj_in=user_in)
data = {
"email": username,
"password": password,
"first_name": first_name,
"last_name": last_name
}
r = client.post(
f"{settings.API_V1_STR}/users/",
headers=superuser_token_headers,
json=data,
)
created_user = r.json()
assert r.status_code == 400
assert "_id" not in created_user
def test_create_user(db: Session) -> None:
email = random_email()
password = random_lower_string()
user_in = UserCreate(email=email, password=password)
user = services.user.create_user(user_in.to_dto())
assert user.email == email
assert hasattr(user, "password")
def test_create_user_new_email(
client: TestClient,
superuser_token_headers: dict,
uow: SqlAlchemyUnitOfWork = get_sqlalchemy_uow()
) -> None:
email = random_email()
name = random_lower_string()
password = random_lower_string()
data = {"email": email, "password": password, "name": name}
r = client.post(
f"{settings.API_V1_STR}/users/",
headers=superuser_token_headers,
json=data,
)
assert 200 <= r.status_code < 300
created_user = r.json()
user = user_services.get_user_by_email(email, uow)
assert user
assert user.email == created_user["email"]
assert user.id == created_user["id"]
assert user.id is not None
# Ensure we don't expose passwords
assert created_user.get("hashed_password") is None
assert created_user.get("password") is None
def create_random_user(db: Session,
type: str,
is_admin: bool = False,
school_id: Optional[str] = None,
permissions: Optional[int] = None) -> User:
"""
:param db: SQLAlchemy Session object pointing to the project database
:param type: Type of user to create
:param is_admin: True if user is an auxilary admin, else False
:param school_id: School that the user belongs to (optional)
:param permissions: permissions to be set if user is an admin
:return: User object created from random values and given type
"""
email = random_email()
password = random_password()
user_in = UserCreate(email=email,
password=password,
type=type,
is_admin=is_admin,
school_id=school_id)
user = crud.user.create(db=db, obj_in=user_in)
if user.is_admin and permissions:
if admin := crud.admin.get(db, user.id):
admin_in = AdminUpdate(user_id=user.id, permissions=permissions)
crud.admin.update(db=db, db_obj=admin, obj_in=admin_in)
def test_create_donation(
client: TestClient, db: Session
) -> None:
country = 'France'
data = dict(
donator_type="individual", # DonatorType.individual
email=random_email(),
name=random_lower_string(),
forname=random_lower_string(),
address=random_lower_string(),
complement=random_lower_string(),
zip_code=random_lower_string(),
country_code3=country_db[country].code3,
date=datetime.now().isoformat(),
donation_occurrence="once", # DonationOccurrence.once
int_amount=1000,
payment_method="card", # PaymentMethod.card
callback_url="http://localhost:3000/",
success_suffix_url="/success.html",
cancel_suffix_url="/cancel.html",
captcha=random_lower_string(),
)
response = client.post(
f"{settings.API_V1_STR}/donations/", json=data,
)
assert response.status_code == 200
content = response.json()
assert content["email"] == data["email"]
assert len(content["stripe_session_id"])
assert "donator" in content
def test_check_if_user_is_active_inactive(db: Session) -> None:
email = random_email()
password = random_lower_string()
user_in = UserCreate(email=email, password=password, disabled=True)
user = crud.user.create(db, obj_in=user_in)
is_active = crud.user.is_active(user)
assert is_active
def test_check_if_user_is_superuser_normal_user(db: Session) -> None:
username = random_email()
password = random_lower_string()
user_in = UserCreate(email=username, password=password)
user = crud.user.create(db, obj_in=user_in)
is_superuser = crud.user.is_superuser(user)
assert is_superuser is False
def test_check_if_user_is_superuser(db: Session) -> None:
email = random_email()
password = random_lower_string()
user_in = UserCreate(email=email, password=password, is_superuser=True)
user = crud.user.create(db, obj_in=user_in)
is_superuser = crud.user.is_superuser(user)
assert is_superuser is True
def test_get_school_invalid_student(client: TestClient, db: Session) -> None:
school = create_random_school(db)
admin_user_token_headers = authentication_token_from_email(
client=client, db=db, email=random_email())
r = client.get(f"{settings.API_V1_STR}/schools/{school.id}",
headers=admin_user_token_headers)
assert r.status_code == 403
def test_create_user_student(db: Session) -> None:
email = random_email()
password = random_password()
user_in = UserCreate(email=email, password=password, type="student")
user = crud.user.create(db, obj_in=user_in)
assert user.email == email
assert hasattr(user, "hashed_password")
def test_create_user_normal_user(client: TestClient, db: Session) -> None:
username = random_email()
password = random_lower_string()
user_group = create_random_user_group(db)
data = {"email": username, "password": password, "user_group_id": user_group.id}
user = create_random_user(db)
crud.user_group.add_user(db, user_group=user_group, user_id=user.id)
create_permission = crud.user_group.get_permission(
db, id=user_group.id, permission_type=PermissionTypeEnum.create
)
crud.permission.grant(
db, user_group_id=user_group.id, permission_id=create_permission.id
)
user_token_headers = authentication_token_from_email(
client=client, email=user.email, db=db
)
r = client.post(
f"{settings.API_V1_STR}/users/",
headers=user_token_headers,
json=data,
)
created_user = r.json()
user = crud.user.get_by_email(db, email=username)
assert 200 <= r.status_code < 300
assert user
assert user.email == created_user["email"]
assert user_group in user.user_groups
def test_check_if_user_is_active(db: Session) -> None:
email = random_email()
password = random_lower_string()
user_in = UserCreate(email=email, password=password)
user = user_repo.create(db, obj_in=user_in)
is_active = user_repo.is_active(user)
assert is_active is True
def test_create_user_fail_user_group_not_exists(
client: TestClient, db: Session
) -> None:
username = random_email()
password = random_lower_string()
data = {"email": username, "password": password, "user_group_id": -1}
user = create_random_user(db)
user_group = create_random_user_group(db)
crud.user_group.add_user(db, user_group=user_group, user_id=user.id)
create_permission = crud.user_group.get_permission(
db, id=user_group.id, permission_type=PermissionTypeEnum.create
)
crud.permission.grant(
db, user_group_id=user_group.id, permission_id=create_permission.id
)
user_token_headers = authentication_token_from_email(
client=client, email=user.email, db=db
)
r = client.post(
f"{settings.API_V1_STR}/users/",
headers=user_token_headers,
json=data,
)
content = r.json()
user = crud.user.get_by_email(db, email=username)
assert r.status_code == 404
assert user is None
assert content["detail"] == "Can not find user group."
def test_create_user_fail_normal_user_no_permission(
client: TestClient, db: Session
) -> None:
username = random_email()
password = random_lower_string()
user_group = create_random_user_group(db)
data = {"email": username, "password": password, "user_group_id": user_group.id}
user = create_random_user(db)
crud.user_group.add_user(db, user_group=user_group, user_id=user.id)
user_token_headers = authentication_token_from_email(
client=client, email=user.email, db=db
)
r = client.post(
f"{settings.API_V1_STR}/users/",
headers=user_token_headers,
json=data,
)
content = r.json()
returned_user = crud.user.get_by_email(db, email=username)
assert r.status_code == 403
assert returned_user is None
assert content["detail"] == (
f"User ID {user.id} does not have create permissions for "
f"user_group ID {user_group.id}"
)
def test_check_if_user_is_active():
email = random_email()
password = random_lower_string()
user_in = UserCreate(email=email, password=password)
user = crud.user.create(obj_in=user_in)
is_active = crud.user.is_active(user)
assert is_active is True
def test_create_user(db: Session) -> None:
email = random_email()
password = random_lower_string()
user_in = UserCreate(email=email, password=password)
user = crud.user.create(db, obj_in=user_in)
assert user.email == email
assert hasattr(user, "hashed_password")
async def test_check_if_user_is_active(db: AsyncSession) -> None:
email = random_email()
password = random_lower_string()
user_in = UserCreate(email=email, password=password)
user = await crud.user.create(db, obj_in=user_in)
is_active = crud.user.is_active(user)
assert is_active is True
def test_invalid_credentials(client: TestClient) -> None:
login_data = {
"username": random_email(),
"password": random_password(),
}
r = client.post(f"{settings.API_V1_STR}/login/access-token",
data=login_data)
assert r.status_code == 401
def create_random_user(db: Session) -> User:
email = random_email()
password = random_lower_string()
first_name = random_lower_string()
last_name = random_lower_string()
user_in = UserCreate(username=email, email=email, password=password, first_name=first_name, last_name=last_name)
user = crud.user.create(db=db, obj_in=user_in)
return user
def test_authenticate_user():
email = random_email()
password = random_lower_string()
user_in = UserCreate(email=email, password=password)
user = crud.user.create(obj_in=user_in)
authenticated_user = crud.user.authenticate(email=email, password=password)
assert authenticated_user
assert user.email == authenticated_user.email
def test_create_user() -> None:
full_name = random_lower_string()
email = random_email()
password = random_lower_string()
user_in = UserCreate(full_name=full_name, email=email, password=password)
user = crud.user.create(obj_in=user_in)
assert user.email == email
assert hasattr(user, "hashed_password")
def test_user_is_superuser_not(client: TestClient, event_loop: EventLoop):
email = random_email()
password_hash = random_lower_string()
user = event_loop.run_until_complete(
User.create(email=email,
password_hash=password_hash,
is_superuser=False))
assert crud.user.is_superuser(user) == False
def test_check_if_user_is_superuser_normal_user() -> None:
full_name = random_lower_string()
email = random_email()
password = random_lower_string()
user_in = UserCreate(full_name=full_name, email=email, password=password)
user = crud.user.create(obj_in=user_in)
is_superuser = crud.user.is_superuser(user)
assert is_superuser is False
def test_get_user():
password = random_lower_string()
username = random_email()
user_in = UserCreate(email=username, password=password, is_superuser=True)
user = crud.user.create(db_session, obj_in=user_in)
user_2 = crud.user.get(db_session, id=user.id)
assert user.email == user_2.email
assert jsonable_encoder(user) == jsonable_encoder(user_2)
def test_get_user(db: Session) -> None:
email = random_email()
password = random_lower_string()
user_in = UserCreate(email=email, password=password)
user = services.user.create_user(user_in.to_dto())
user_2 = services.user.get_user(user.uuid)
assert user_2
assert user.email == user_2.email
assert jsonable_encoder(user) == jsonable_encoder(user_2)
def test_get_user(db: Session) -> None:
password = random_lower_string()
username = random_email()
user_in = UserCreateDto(email=username, password=password, is_admin=True)
user = services.user.create(db, obj_in=user_in)
user_2 = services.user.get(db, _id=user.id)
assert user_2
assert user.email == user_2.email
assert jsonable_encoder(user) == jsonable_encoder(user_2)
def test_user_create_me(client: TestClient, event_loop: EventLoop):
email = random_email()
password = random_lower_string()
user_in = UserCreateMe(email=email, password=password)
user = event_loop.run_until_complete(crud.user.create_me(user_in))
assert user.email == email
assert hasattr(user, "password_hash")
assert user.is_superuser == False
def test_authenticate_user_student_wrong_password(db: Session) -> None:
email = random_email()
password = random_password()
user_in = UserCreate(email=email, password=password, type="student")
crud.user.create(db, obj_in=user_in)
authenticated_user = crud.user.authenticate(db,
email=email,
password=f"WRoNg{password}")
assert authenticated_user is None
async def test_get_user(db: AsyncSession) -> None:
password = random_lower_string()
username = random_email()
user_in = UserCreate(email=username, password=password, is_superuser=True)
user = await crud.user.create(db, obj_in=user_in)
user_2 = await crud.user.get(db, id=user.id)
assert user_2
assert user.email == user_2.email
assert jsonable_encoder(user) == jsonable_encoder(user_2)
