def test_can_get_all_users(db, cleanup):
email = "*****@*****.**"
password = "******"
user_in = UserCreate(email=email, password=password)
user = crud.create_user(db, user=user_in)
email2 = "*****@*****.**"
password = "******"
user_in2 = UserCreate(email=email2, password=password)
user2 = crud.create_user(db, user=user_in2)
response = client.get("/users/")
assert response.status_code == 200
resp = response.json()
assert resp[0]['email'] == '*****@*****.**'
assert resp[1]['email'] == '*****@*****.**'
assert len(resp) == 2
def test_create_invitation(db: Session, normal_user: User,
dataroom: Dataroom) -> None:
"""
GIVEN an existing dataroom
WHEN a invitation is created
THEN the invitation should exist in db
"""
with freeze_time("2021-01-01 12:00"):
EMAIL_STR = "*****@*****.**"
TOKEN_STR = "random_token_string"
EXPIRES_IN = calculate_expires_in_days(90)
create_user = UserCreate(email=EMAIL_STR, password=random_password())
invitee = crud.user.create_if_not_exists(db, obj_in=create_user)
obj_in = InviteCreate(
invitee=invitee,
jwt_token=TOKEN_STR,
dataroom=dataroom,
creator=normal_user,
expires_in=EXPIRES_IN,
)
metadata = crud.invite.create(db, obj_in=obj_in)
expected_expires_in = datetime(2021,
4,
2,
0,
0,
0,
tzinfo=timezone.utc)
assert metadata.expires_in == expected_expires_in
assert metadata.invitee.email == EMAIL_STR
assert metadata.jwt_token == TOKEN_STR
def test_user_image_has_default_value(db, cleanup):
email = "*****@*****.**"
password = "******"
username = "******"
user_in = UserCreate(email=email, password=password, username=username)
user = crud.create_user(db, user=user_in)
assert user.image == ''
def authentication_token_from_email(
*,
client: TestClient,
email: str,
db: Session,
user_type: str = "student",
school_id: Optional[str] = None,
type_: str = "access",
) -> dict[str, str]:
"""
Return a valid token for the user with given email.
If the user doesn't exist it is created first.
"""
password = random_password()
user = crud.user.get_by_email(db, email=email)
if not user:
user_in_create = UserCreate(email=email,
password=password,
type=user_type,
school_id=school_id)
crud.user.create(db, obj_in=user_in_create)
else:
user_in_update = UserUpdate(password=password)
crud.user.update(db, db_obj=user, obj_in=user_in_update)
return user_authentication_headers(client=client,
email=email,
password=password,
type_=type_)
def test_create_user_student(db: Session) -> None:
email = random_email()
password = random_password()
user_in = UserCreate(email=email, password=password, type="student")
user = crud.user.create(db, obj_in=user_in)
assert user.email == email
assert hasattr(user, "hashed_password")
def test_create_user(db: Session) -> None:
username = random_lower_string()
password = random_lower_string()
user_in = UserCreate(username=username, password=password)
user = crud.user.create(db, user_in)
assert user.username == username
assert hasattr(user, "password_hashed")
def create_random_user(db: Session,
type: str,
is_admin: bool = False,
school_id: Optional[str] = None,
permissions: Optional[int] = None) -> User:
"""
:param db: SQLAlchemy Session object pointing to the project database
:param type: Type of user to create
:param is_admin: True if user is an auxilary admin, else False
:param school_id: School that the user belongs to (optional)
:param permissions: permissions to be set if user is an admin
:return: User object created from random values and given type
"""
email = random_email()
password = random_password()
user_in = UserCreate(email=email,
password=password,
type=type,
is_admin=is_admin,
school_id=school_id)
user = crud.user.create(db=db, obj_in=user_in)
if user.is_admin and permissions:
if admin := crud.admin.get(db, user.id):
admin_in = AdminUpdate(user_id=user.id, permissions=permissions)
crud.admin.update(db=db, db_obj=admin, obj_in=admin_in)
def normal_user(db: Session) -> User:
email = NORMAL_USER_EMAIL
password = NORMAL_USER_PW
user_in = UserCreate(email=email,
password=password,
is_superuser=False,
is_active=True)
return crud.user.create(db, obj_in=user_in)
def test_authenticate_user_invalid_password(db: Session) -> None:
username = random_lower_string()
password = random_lower_string()
user_in = UserCreate(username=username, password=password)
crud.user.create(db, user_in)
authenticated_user = crud.user.authenticate(db,
username=username,
password=password + "1")
assert authenticated_user is None
def test_can_create_a_favorite_with_no_existing_market(db, cleanup):
market_id = 123
email = "*****@*****.**"
password = "******"
user_in = UserCreate(email=email, password=password)
user = crud.create_user(db, user=user_in)
response = client.post(f"/users/{user.id}/favorites",
json={"fmid": market_id})
assert response.status_code == 200
def test_authenticate_user_student_wrong_password(db: Session) -> None:
email = random_email()
password = random_password()
user_in = UserCreate(email=email, password=password, type="student")
crud.user.create(db, obj_in=user_in)
authenticated_user = crud.user.authenticate(db,
email=email,
password=f"WRoNg{password}")
assert authenticated_user is None
def test_create_existing_user(client: TestClient, db: Session) -> None:
username = random_lower_string()
password = random_lower_string()
data = {"username": username, "password": password}
user_in = UserCreate(username=username, password=password)
crud.user.create(db, user_in)
response = client.post("/users", json=data)
json = response.json()
assert response.status_code == 400
assert json["detail"] == "User already exists."
def room_user(db: Session, dataroom: Dataroom) -> User:
email = ROOM_USER_EMAIL
password = ROOM_USER_PW
user_in = UserCreate(email=email,
password=password,
is_superuser=False,
is_active=True)
user = crud.user.create(db, obj_in=user_in)
oso_roles.add_user_role(db, user, dataroom, "MEMBER", commit=True)
return user
def test_authenticate_user_student(db: Session) -> None:
email = random_email()
password = random_password()
user_in = UserCreate(email=email, password=password, type="student")
user = crud.user.create(db, obj_in=user_in)
authenticated_user = crud.user.authenticate(db,
email=email,
password=password)
assert authenticated_user
assert user.email == authenticated_user.email
def test_can_get_a_single_user(db, cleanup):
email = "*****@*****.**"
password = "******"
user_in = UserCreate(email=email, password=password)
user = crud.create_user(db, user=user_in)
response = client.get("/users/1")
assert response.status_code == 200
resp = response.json()
assert resp['email'] == '*****@*****.**'
assert resp['id'] == 1
assert resp['favorites'] == []
def test_create_user(db_session):
assert create_user(
db_session,
UserCreate(
username="******",
email="*****@*****.**",
password="******",
is_active=True,
is_superuser=False,
),
)
def add_members(
organization_id: int,
*,
invites: List[UserInvite] = Body(...),
auth=Depends(authorization("organizations:add_members")),
db: Session = Depends(get_db),
current_user: User = Depends(get_current_user),
):
try:
members = crud.organization.get_members(db, id=organization_id)
users_to_add = (invite for invite in invites
if invite.email not in (u.get("email")
for u in members))
for invite in users_to_add:
user_in_db = user.get_by_email(db, email=invite.email)
role = invite.role if invite.role else "guest"
if not user_in_db:
user_in_db = user.create(
db,
obj_in=UserCreate(
full_name=invite.full_name,
email=invite.email,
password=pwd.genword(),
),
)
else:
organization_in_db = crud.organization.get(db,
id=organization_id)
if organization_in_db:
send_new_invitation_email_task.delay(
full_name=user_in_db.full_name,
email_to=user_in_db.email,
organization=organization_in_db.name,
role=role)
enforcer.add_role_for_user_in_domain(
str(user_in_db.id),
role,
str(organization_id),
)
enforcer.load_policy()
return [
user for user in get_members(
organization_id, auth=auth, db=db, current_user=current_user)
if user.get("email") in (invite.email for invite in invites)
]
except Exception as e:
logging.error(e)
def test_create_user(db, cleanup):
email = "*****@*****.**"
password = "******"
username = "******"
image = "12674.jpg"
user_in = UserCreate(email=email,
password=password,
username=username,
image=image)
user = crud.create_user(db, user=user_in)
assert user.email == email
assert user.username == username
assert user.image == image
def test_create_defaults(db_session):
example_user_schema = UserCreate(
email='*****@*****.**',
password='******'
)
user: User = create(db_session, example_user_schema)
assert user.email == example_user_schema.email
assert user.is_admin is False
assert user.lists == []
assert user.username == 'example'
assert user.hashed_password
def test_get_user(db: Session) -> None:
username = random_lower_string()
password = random_lower_string()
user_in = UserCreate(username=username, password=password)
user = crud.user.create(db, user_in)
user2 = crud.user.get(db, user.id)
assert user2
assert jsonable_encoder(user2) == jsonable_encoder(user)
user3 = crud.user.get_by_username(db, username=user.username)
assert user3
assert jsonable_encoder(user3) == jsonable_encoder(user)
def test_retrieve_users(client: TestClient, superuser_token_headers: Dict[str,
str],
db: Session) -> None:
username = random_lower_string()
email = random_email()
password = random_lower_string()
user_in = UserCreate(email=email, password=password, username=username)
crud.user.create(db, obj_in=user_in)
username2 = random_lower_string()
email2 = random_email()
password2 = random_lower_string()
user_in2 = UserCreate(email=email2, password=password2, username=username2)
crud.user.create(db, obj_in=user_in2)
r = client.get(f"{settings.API_V1_STR}/users/",
headers=superuser_token_headers)
all_users = r.json()
assert len(all_users) > 1
for fact in all_users:
assert "email" in fact
def create_organization_root_node(
*,
db: Session = Depends(get_db),
organization_in: OrganizationCreateRoot,
current_user: User = Depends(get_current_user),
) -> Optional[Organization]:
"""
Create a new **root node for organizations tree**;
If `owner_email` is present organization tree ownership will be affected to *existing or newly created user*,
else organizations tree ownership will be affected to *superuser*.
"""
if not current_user.is_superuser:
raise HTTPException(
status_code=403,
detail="You are not authorized to perform this action.")
new_organization_root_node = organization.create_root(
db, obj_in=organization_in).to_schema()
if organization_in.owner_email:
user_in_db = user.get_by_email(db, email=organization_in.owner_email)
if not user_in_db:
user_in_db = user.create(
db,
obj_in=UserCreate(
full_name=organization_in.owner_email.split("@")[0],
email=organization_in.owner_email,
password=pwd.genword(),
),
)
if new_organization_root_node:
send_new_invitation_email_task.delay(
full_name=user_in_db.full_name,
email_to=user_in_db.email,
organization=new_organization_root_node.name,
role="owner")
enforcer.add_role_for_user_in_domain(
str(user_in_db.id), "owner",
str(new_organization_root_node.id))
enforcer.load_policy()
else:
enforcer.add_role_for_user_in_domain(
str(current_user.id), "owner", str(new_organization_root_node.id))
enforcer.load_policy()
current_roles = enforcer.get_roles_for_user_in_domain(
str(current_user.id), str(new_organization_root_node.id))
if len(current_roles) > 0:
new_organization_root_node.current_user_role = current_roles[0]
if current_user.is_superuser:
new_organization_root_node.current_user_role = 'admin'
# new_organization_root_node.current_user_role = current_roles[0]
return new_organization_root_node
def test_it_can_get_all_user_favorites(db, cleanup):
market_id = 123456
market_in = MarketCreate(market_id=market_id)
market = crud.create_market(db, market=market_in)
email = "*****@*****.**"
password = "******"
user_in = UserCreate(email=email, password=password)
user = crud.create_user(db, user=user_in)
client.post(f"/users/{user.id}/favorites", json={"fmid": market_id})
response = client.get(f"/users/{user.id}/favorites")
assert response.status_code == 200
resp = response.json()
assert resp['favorites'] == [{'market_id': 123456, 'id': 1}]
def test_it_cant_create_a_favorite_if_user_already_has_one(db, cleanup):
market_id = 123
email = "*****@*****.**"
password = "******"
user_in = UserCreate(email=email, password=password)
user = crud.create_user(db, user=user_in)
market_in = MarketCreate(market_id=market_id)
market = crud.create_market(db, market=market_in)
favorite_in = FavoriteCreate(user_id=user.id, market_id=market.id)
favorite = crud.favorite_market(db, favorite=favorite_in)
response = client.post(f"/users/{user.id}/favorites",
json={"fmid": market_id})
assert response.status_code == 400
resp = response.json()
assert resp['detail'] == 'That market is already favorited!'
def test_it_can_login_a_user(db, cleanup):
email = "*****@*****.**"
password = "******"
user_in = UserCreate(email=email, password=password)
user = crud.create_user(db, user=user_in)
response = client.post("/login/token",
data={
"username": email,
"password": password
})
resp = response.json()
assert response.status_code == 200
assert "access_token" in resp
assert resp["access_token"]
def test_access_token_works(db, cleanup):
email = "*****@*****.**"
password = "******"
user_in = UserCreate(email=email, password=password)
user = crud.create_user(db, user=user_in)
response = client.post("/login/token",
data={
"username": email,
"password": password
})
token = response.json()
a_token = token["access_token"]
headers = {"Authorization": f"Bearer {a_token}"}
response2 = client.post("/login/token_check", headers=headers)
assert response2.status_code == 200
def test_create(db_session):
example_user_schema = UserCreate(
email='*****@*****.**',
password='******',
username='******',
is_admin=True
)
user: User = create(db_session, example_user_schema)
assert user.email == example_user_schema.email
assert user.username == example_user_schema.username
assert user.is_admin is True
assert user.lists == []
assert user.hashed_password
def test_create_user_existing_email(client: TestClient,
superuser_token_headers: Dict[str, str],
db: Session) -> None:
username = random_lower_string()
email = random_email()
password = random_lower_string()
user_in = UserCreate(email=email, password=password, username=username)
crud.user.create(db, obj_in=user_in)
data = {"email": email, "password": password, "username": username}
r = client.post(
f"{settings.API_V1_STR}/users/",
headers=superuser_token_headers,
json=data,
)
created_user = r.json()
assert r.status_code == 400
assert "_id" not in created_user
def test_it_can_update_a_users_password(db, cleanup):
email = "*****@*****.**"
password = "******"
user_in = UserCreate(email=email, password=password)
user = crud.create_user(db, user=user_in)
update_response = client.put(f"/users/{user.id}",
json={"password": "******"})
assert update_response.status_code == 200
response = client.post("/login/token",
data={
"username": email,
"password": '******'
})
token = response.json()
assert response.status_code == 200
assert "access_token" in token
assert token["access_token"]
def test_get_existing_user(client: TestClient,
superuser_token_headers: Dict[str, str],
db: Session) -> None:
username = random_lower_string()
email = random_email()
password = random_lower_string()
user_in = UserCreate(email=email, password=password, username=username)
user = crud.user.create(db, obj_in=user_in)
user_id = user.id
r = client.get(
f"{settings.API_V1_STR}/users/{user_id}",
headers=superuser_token_headers,
)
assert 200 <= r.status_code < 300
api_user = r.json()
existing_user = crud.user.get_by_email(db, email=email)
assert existing_user
assert existing_user.email == api_user["email"]
assert existing_user.username == api_user["username"]