def test_create_user_student(db: Session) -> None: email = random_email() password = random_password() user_in = UserCreate(email=email, password=password, type="student") user = crud.user.create(db, obj_in=user_in) assert user.email == email assert hasattr(user, "hashed_password")
def authentication_token_from_email( *, client: TestClient, email: str, db: Session, user_type: str = "student", school_id: Optional[str] = None, type_: str = "access", ) -> dict[str, str]: """ Return a valid token for the user with given email. If the user doesn't exist it is created first. """ password = random_password() user = crud.user.get_by_email(db, email=email) if not user: user_in_create = UserCreate(email=email, password=password, type=user_type, school_id=school_id) crud.user.create(db, obj_in=user_in_create) else: user_in_update = UserUpdate(password=password) crud.user.update(db, db_obj=user, obj_in=user_in_update) return user_authentication_headers(client=client, email=email, password=password, type_=type_)
def create_random_user(db: Session, type: str, is_admin: bool = False, school_id: Optional[str] = None, permissions: Optional[int] = None) -> User: """ :param db: SQLAlchemy Session object pointing to the project database :param type: Type of user to create :param is_admin: True if user is an auxilary admin, else False :param school_id: School that the user belongs to (optional) :param permissions: permissions to be set if user is an admin :return: User object created from random values and given type """ email = random_email() password = random_password() user_in = UserCreate(email=email, password=password, type=type, is_admin=is_admin, school_id=school_id) user = crud.user.create(db=db, obj_in=user_in) if user.is_admin and permissions: if admin := crud.admin.get(db, user.id): admin_in = AdminUpdate(user_id=user.id, permissions=permissions) crud.admin.update(db=db, db_obj=admin, obj_in=admin_in)
def test_invalid_credentials(client: TestClient) -> None: login_data = { "username": random_email(), "password": random_password(), } r = client.post(f"{settings.API_V1_STR}/login/access-token", data=login_data) assert r.status_code == 401
def test_update_user_student(db: Session) -> None: user = create_random_user(db, type="student") new_password = random_password() user_in_update = UserUpdate(password=new_password) crud.user.update(db, db_obj=user, obj_in=user_in_update) user_2 = crud.user.get(db, id=user.id) assert user_2 assert user.email == user_2.email assert verify_password(new_password, user_2.hashed_password)
def test_authenticate_user_student_wrong_password(db: Session) -> None: email = random_email() password = random_password() user_in = UserCreate(email=email, password=password, type="student") crud.user.create(db, obj_in=user_in) authenticated_user = crud.user.authenticate(db, email=email, password=f"WRoNg{password}") assert authenticated_user is None
def test_create_superuser_by_superuser(client: TestClient, superuser_token_headers: dict[str, str]) -> None: username = random_email() password = random_password() data = {"email": username, "password": password, "type": "superuser"} r = client.post( f"{settings.API_V1_STR}/users/", headers=superuser_token_headers, json=data, ) assert r.status_code == 200
def test_authenticate_user_student(db: Session) -> None: email = random_email() password = random_password() user_in = UserCreate(email=email, password=password, type="student") user = crud.user.create(db, obj_in=user_in) authenticated_user = crud.user.authenticate(db, email=email, password=password) assert authenticated_user assert user.email == authenticated_user.email
def test_update_user_with_dict_superuser(db: Session) -> None: user = create_random_user(db, type="superuser") db.refresh(user) new_password = random_password() user_in_update = {"password": new_password} crud.user.update(db, db_obj=user, obj_in=user_in_update) user_2 = crud.user.get(db, id=user.id) assert user_2 assert user.email == user_2.email assert verify_password(new_password, user_2.hashed_password)
def test_create_user_existing_username(client: TestClient, superuser_token_headers: dict, db: Session) -> None: user = create_random_user(db=db, type="superuser") data = {"email": user.email, "password": random_password(), "type": "superuser"} r = client.post( f"{settings.API_V1_STR}/users/", headers=superuser_token_headers, json=data, ) created_user = r.json() assert r.status_code == 409 assert "_id" not in created_user
def test_create_superuser_by_normal_admin_with_user_perms(client: TestClient, db: Session) -> None: admin_user = create_random_user(db=db, type="admin", is_admin=True, permissions=1) username = random_email() password = random_password() data = {"email": username, "password": password, "type": "superuser"} r = client.post( f"{settings.API_V1_STR}/users/", headers=authentication_token_from_email(client=client, email=admin_user.email, db=db), json=data, ) assert r.status_code == 403
def test_update_user_normal_user(client: TestClient, normal_user_token_headers: dict[str, str], db: Session) -> None: user = create_random_user(db, type="student") full_name = random_lower_string() email = random_email() password = random_password() data = {"full_name": full_name, "email": email, "password": password} r = client.put( f"{settings.API_V1_STR}/users/{user.id}", headers=normal_user_token_headers, json=data, ) assert r.status_code == 403
def test_create_user_new_email(client: TestClient, superuser_token_headers: dict, db: Session) -> None: username = random_email() password = random_password() data = {"email": username, "password": password, "type": "superuser"} r = client.post( f"{settings.API_V1_STR}/users/", headers=superuser_token_headers, json=data, ) assert r.status_code == 200 created_user = r.json() user = crud.user.get_by_email(db, email=username) assert user compare_api_and_db_query_results(api_result=created_user, db_dict=to_json(user))
def test_user_update_me(client: TestClient, db: Session) -> None: user = create_random_user(db, type="student") full_name = random_lower_string() email = random_email() password = random_password() data = {"full_name": full_name, "email": email, "password": password} r = client.put( f"{settings.API_V1_STR}/users/me", headers=authentication_token_from_email(client=client, email=user.email, db=db), json=data, ) assert r.status_code == 200 updated_user = r.json() db.refresh(user) compare_api_and_db_query_results(api_result=updated_user, db_dict=to_json(user)) assert verify_password(password, user.hashed_password)
def test_not_authenticate_user(db: Session) -> None: email = random_email() password = random_password() user = crud.user.authenticate(db, email=email, password=password) assert user is None