aeecleclair
diff --git a/‎app/core/groups/groups_type.py‎
Lines changed: 1 addition & 0 deletions b/‎app/core/groups/groups_type.py‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎app/core/payment/types_payment.py‎
Lines changed: 1 addition & 0 deletions b/‎app/core/payment/types_payment.py‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎app/core/schools/factory_schools.py‎
Lines changed: 4 additions & 2 deletions b/‎app/core/schools/factory_schools.py‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎app/dependencies.py‎
Lines changed: 41 additions & 11 deletions b/‎app/dependencies.py‎
Lines changed: 41 additions & 11 deletions
@@ -26,6 +26,7 @@ class GroupType(str, Enum):
     eclair = "1f841bd9-00be-41a7-96e1-860a18a46105"
     BDS = "61af3e52-7ef9-4608-823a-39d51e83d1db"
     seed_library = "09153d2a-14f4-49a4-be57-5d0f265261b9"
+    competition_admin = "2b1fc736-1288-4043-b293-14bc23adae68"
 
     # Auth related groups
 
 
@@ -39,6 +39,7 @@ class HelloAssoConfigName(Enum):
     CDR = "CDR"
     RAID = "RAID"
     MYECLPAY = "MYECLPAY"
+    CHALLENGER = "CHALLENGER"
 
 
 class HelloAssoConfig(BaseModel):
 
@@ -1,4 +1,4 @@
-from uuid import uuid4
+from uuid import UUID, uuid4
 
 from sqlalchemy.ext.asyncio import AsyncSession
 
@@ -11,11 +11,13 @@
 class CoreSchoolsFactory(Factory):
     depends_on = []
 
+    school_id: UUID = uuid4()
+
     @classmethod
     async def run(cls, db: AsyncSession, settings: Settings) -> None:
         await cruds_schools.create_school(
             CoreSchool(
-                id=uuid4(),
+                id=cls.school_id,
                 name="ENS",
                 email_regex=r"^[a-zA-Z0-9_.+-]+@ens\.fr$",
             ),
 
@@ -25,7 +25,7 @@ async def get_users(db: AsyncSession = Depends(get_db)):
 from app.core.groups.groups_type import AccountType, GroupType, get_ecl_account_types
 from app.core.payment.payment_tool import PaymentTool
 from app.core.payment.types_payment import HelloAssoConfigName
-from app.core.users import models_users
+from app.core.users import cruds_users, models_users
 from app.core.utils import security
 from app.core.utils.config import Settings, construct_prod_settings
 from app.modules.raid.utils.drive.drive_file_manager import DriveFileManager
@@ -322,10 +322,42 @@ def get_token_data(
     )
 
 
+def get_user_id_from_token_with_scopes(
+    scopes: list[list[ScopeType]],
+) -> Callable[
+    [schemas_auth.TokenData],
+    Coroutine[Any, Any, str],
+]:
+    """
+    Generate a dependency which will:
+     * check the request header contain a valid JWT token
+     * make sure the token contain the given scopes
+     * return the corresponding user_id of the token
+
+    This endpoint allows to require scopes other than the API scope. This should only be used by the auth endpoints.
+    To restrict an endpoint from the API, use `is_user_in`.
+    """
+
+    async def get_current_user_id(
+        token_data: schemas_auth.TokenData = Depends(get_token_data),
+    ) -> str:
+        """
+        Dependency that makes sure the token is valid, contains the expected scopes and returns the corresponding user_id.
+        The expected scopes are passed as list of list of scopes, each list of scopes is an "AND" condition, and the list of list of scopes is an "OR" condition.
+        """
+
+        return await auth_utils.get_user_id_from_token_with_scopes(
+            scopes=scopes,
+            token_data=token_data,
+        )
+
+    return get_current_user_id
+
+
 def get_user_from_token_with_scopes(
     scopes: list[list[ScopeType]],
 ) -> Callable[
-    [AsyncSession, schemas_auth.TokenData],
+    [AsyncSession, str],
     Coroutine[Any, Any, models_users.CoreUser],
 ]:
     """
@@ -338,22 +370,20 @@ def get_user_from_token_with_scopes(
     To restrict an endpoint from the API, use `is_user_in`.
     """
 
-    async def get_current_user(
+    async def get_user_from_user_id(
         db: AsyncSession = Depends(get_db),
-        token_data: schemas_auth.TokenData = Depends(get_token_data),
+        user_id: str = Depends(get_user_id_from_token_with_scopes(scopes)),
     ) -> models_users.CoreUser:
         """
         Dependency that makes sure the token is valid, contains the expected scopes and returns the corresponding user.
         The expected scopes are passed as list of list of scopes, each list of scopes is an "AND" condition, and the list of list of scopes is an "OR" condition.
         """
+        user = await cruds_users.get_user_by_id(db=db, user_id=user_id)
+        if not user:
+            raise HTTPException(status_code=404, detail="User not found")
+        return user
 
-        return await auth_utils.get_user_from_token_with_scopes(
-            scopes=scopes,
-            db=db,
-            token_data=token_data,
-        )
-
-    return get_current_user
+    return get_user_from_user_id
 
 
 def is_user(