fix: improve test coverage

Author: RobertKeyser

clients/admin-ui/src/features/user-management/EditUserForm.tsx

@@ -93,7 +93,7 @@ const ReinviteSection = ({ user }: ReinviteSectionProps) => {
           message={user.invite_expired ? "Invite expired" : "Invite pending"}
           description={
             user.invite_expired
-              ? "This user's invitation has expired. Click the button below to send a new invitation email."
+              ? "This user's invitation has expired. Use the button to send a new invitation email."
               : "This user has not yet accepted their invitation. You can resend the invitation if needed."
           }
           type={user.invite_expired ? "warning" : "info"}

clients/admin-ui/src/pages/login.tsx

@@ -32,6 +32,7 @@ import {
 } from "~/features/auth";
 import { CustomTextInput } from "~/features/common/form/inputs";
 import { passwordValidation } from "~/features/common/form/validation";
+import { getErrorMessage } from "~/features/common/helpers";
 import { useGetAllOpenIDProvidersSimpleQuery } from "~/features/openid-authentication/openprovider.slice";
 
 const parseQueryParam = (query: ParsedUrlQuery) => {
@@ -138,10 +139,13 @@ const useLogin = () => {
     } catch (error) {
       // eslint-disable-next-line no-console
       console.log(error);
+      const errorMsg = getErrorMessage(
+        error,
+        "Login failed. Please check your credentials and try again.",
+      );
       toast({
         status: "error",
-        description:
-          "Login failed. Please check your credentials and try again.",
+        description: errorMsg,
       });
     }
   };

src/fides/api/api/v1/endpoints/user_endpoints.py

@@ -840,12 +840,6 @@ def verify_invite_code(
     user_invite = FidesUserInvite.get_by(db, field="username", value=username)
 
     if not user_invite:
-        raise HTTPException(
-            status_code=HTTP_404_NOT_FOUND,
-            detail="User not found.",
-        )
-
-    if not user_invite.invite_code_valid(invite_code):
         raise HTTPException(
             status_code=HTTP_400_BAD_REQUEST,
             detail="Invite code is invalid.",
@@ -857,6 +851,12 @@ def verify_invite_code(
             detail="Invite code has expired.",
         )
 
+    if not user_invite.invite_code_valid(invite_code):
+        raise HTTPException(
+            status_code=HTTP_400_BAD_REQUEST,
+            detail="Invite code is invalid.",
+        )
+
     return user_invite
 
 

tests/ops/api/v1/endpoints/test_user_endpoints.py

@@ -985,6 +985,98 @@ def test_get_users_include_external_with_username_filter(
         for user in regular_users:
             assert user.id in user_ids
 
+    def test_get_users_includes_invite_status(
+        self,
+        api_client: TestClient,
+        generate_auth_header,
+        url: str,
+        db,
+    ):
+        """Test that get_users includes invite status fields for all users"""
+        from datetime import timedelta, timezone
+
+        password = str_to_b64_str("Password123!")
+
+        # User with active invite
+        user_with_invite = FidesUser.create(
+            db=db,
+            data={
+                "username": "user_with_invite",
+                "email_address": "[email protected]",
+                "disabled": True,
+            },
+        )
+        FidesUserInvite.create(
+            db=db,
+            data={"username": "user_with_invite", "invite_code": "test_code"},
+        )
+
+        # User with expired invite
+        user_with_expired = FidesUser.create(
+            db=db,
+            data={
+                "username": "user_expired",
+                "email_address": "[email protected]",
+                "disabled": True,
+            },
+        )
+        expired_invite = FidesUserInvite.create(
+            db=db,
+            data={"username": "user_expired", "invite_code": "test_code"},
+        )
+        expired_invite.updated_at = datetime.now(timezone.utc) - timedelta(
+            hours=INVITE_CODE_TTL_HOURS + 1
+        )
+        expired_invite.save(db)
+
+        # User without invite
+        user_no_invite = FidesUser.create(
+            db=db,
+            data={
+                "username": "user_no_invite",
+                "password": password,
+                "email_address": "[email protected]",
+            },
+        )
+
+        # User without username
+        user_no_username = FidesUser.create(
+            db=db,
+            data={
+                "username": None,
+                "email_address": "[email protected]",
+            },
+        )
+
+        auth_header = generate_auth_header(scopes=[USER_READ])
+        resp = api_client.get(url, headers=auth_header)
+        assert resp.status_code == HTTP_200_OK
+        response_body = resp.json()
+
+        # Find users in response
+        users_by_id = {user["id"]: user for user in response_body["items"]}
+
+        # Check user with active invite
+        assert users_by_id[user_with_invite.id]["has_invite"] is True
+        assert users_by_id[user_with_invite.id]["invite_expired"] is False
+
+        # Check user with expired invite
+        assert users_by_id[user_with_expired.id]["has_invite"] is True
+        assert users_by_id[user_with_expired.id]["invite_expired"] is True
+
+        # Check user without invite
+        assert users_by_id[user_no_invite.id]["has_invite"] is False
+        assert users_by_id[user_no_invite.id]["invite_expired"] is None
+
+        # Check user without username
+        assert users_by_id[user_no_username.id]["has_invite"] is False
+        assert users_by_id[user_no_username.id]["invite_expired"] is None
+
+        user_with_invite.delete(db)
+        user_with_expired.delete(db)
+        user_no_invite.delete(db)
+        user_no_username.delete(db)
+
 
 class TestGetUser:
     @pytest.fixture(scope="function")
@@ -1054,6 +1146,9 @@ def test_get_user_with_user_read_own_scope_own_data(
         assert user_data["username"] == respondent.username
         assert user_data["id"] == respondent.id
         assert user_data["created_at"] == stringify_date(respondent.created_at)
+        # Verify invite status fields are included
+        assert "has_invite" in user_data
+        assert "invite_expired" in user_data
 
     def test_get_user_with_user_read_own_scope_other_user_data(
         self,
@@ -1179,6 +1274,124 @@ def test_get_user_with_root_user_can_access_any_user(
             assert user_data["id"] == test_user.id
             assert user_data["created_at"] == stringify_date(test_user.created_at)
 
+    def test_get_user_includes_invite_status_with_active_invite(
+        self,
+        api_client: TestClient,
+        generate_auth_header,
+        url_no_id: str,
+        db,
+    ):
+        """Test that get_user includes invite status fields when user has an active invite"""
+        user = FidesUser.create(
+            db=db,
+            data={
+                "username": "invited_user",
+                "email_address": "[email protected]",
+                "disabled": True,
+            },
+        )
+        FidesUserInvite.create(
+            db=db,
+            data={"username": "invited_user", "invite_code": "test_code"},
+        )
+
+        auth_header = generate_auth_header(scopes=[USER_READ])
+        resp = api_client.get(f"{url_no_id}/{user.id}", headers=auth_header)
+        assert resp.status_code == HTTP_200_OK
+        user_data = resp.json()
+        assert user_data["has_invite"] is True
+        assert user_data["invite_expired"] is False
+
+        user.delete(db)
+
+    def test_get_user_includes_invite_status_with_expired_invite(
+        self,
+        api_client: TestClient,
+        generate_auth_header,
+        url_no_id: str,
+        db,
+    ):
+        """Test that get_user includes invite status fields when user has an expired invite"""
+        from datetime import timedelta, timezone
+
+        user = FidesUser.create(
+            db=db,
+            data={
+                "username": "invited_user",
+                "email_address": "[email protected]",
+                "disabled": True,
+            },
+        )
+        invite = FidesUserInvite.create(
+            db=db,
+            data={"username": "invited_user", "invite_code": "test_code"},
+        )
+        invite.updated_at = datetime.now(timezone.utc) - timedelta(
+            hours=INVITE_CODE_TTL_HOURS + 1
+        )
+        invite.save(db)
+
+        auth_header = generate_auth_header(scopes=[USER_READ])
+        resp = api_client.get(f"{url_no_id}/{user.id}", headers=auth_header)
+        assert resp.status_code == HTTP_200_OK
+        user_data = resp.json()
+        assert user_data["has_invite"] is True
+        assert user_data["invite_expired"] is True
+
+        user.delete(db)
+
+    def test_get_user_includes_invite_status_without_invite(
+        self,
+        api_client: TestClient,
+        generate_auth_header,
+        url_no_id: str,
+        db,
+    ):
+        """Test that get_user includes invite status fields when user has no invite"""
+        password = str_to_b64_str("Password123!")
+        user = FidesUser.create(
+            db=db,
+            data={
+                "username": "no_invite_user",
+                "password": password,
+                "email_address": "[email protected]",
+            },
+        )
+
+        auth_header = generate_auth_header(scopes=[USER_READ])
+        resp = api_client.get(f"{url_no_id}/{user.id}", headers=auth_header)
+        assert resp.status_code == HTTP_200_OK
+        user_data = resp.json()
+        assert user_data["has_invite"] is False
+        assert user_data["invite_expired"] is None
+
+        user.delete(db)
+
+    def test_get_user_includes_invite_status_without_username(
+        self,
+        api_client: TestClient,
+        generate_auth_header,
+        url_no_id: str,
+        db,
+    ):
+        """Test that get_user includes invite status fields when user has no username"""
+        user = FidesUser.create(
+            db=db,
+            data={
+                "username": None,
+                "email_address": "[email protected]",
+            },
+        )
+
+        auth_header = generate_auth_header(scopes=[USER_READ])
+        resp = api_client.get(f"{url_no_id}/{user.id}", headers=auth_header)
+        assert resp.status_code == HTTP_200_OK
+        user_data = resp.json()
+        assert user_data["has_invite"] is False
+        assert user_data["invite_expired"] is None
+
+        user.delete(db)
+
 
 class TestUpdateUser:
     @pytest.fixture(scope="function")
@@ -2595,8 +2808,8 @@ def test_accept_invite_nonexistent_user(self, api_client, url):
                 "new_password": "Testpassword1!",
             },
         )
-        assert response.status_code == HTTP_404_NOT_FOUND
-        assert response.json()["detail"] == "User not found."
+        assert response.status_code == HTTP_400_BAD_REQUEST
+        assert response.json()["detail"] == "Invite code is invalid."
 
 
 class TestReinviteUser: