diff --git a/.env b/.env index 1d44286e25..ed2001bcad 100644 --- a/.env +++ b/.env @@ -42,4 +42,4 @@ SENTRY_DSN= # Configure these with your own Docker registry images DOCKER_IMAGE_BACKEND=backend -DOCKER_IMAGE_FRONTEND=frontend +DOCKER_IMAGE_FRONTEND=frontend \ No newline at end of file diff --git a/backend/app/tests/api/routes/test_items.py b/backend/app/tests/api/routes/test_items.py index c215238a69..69d1f5a2b0 100644 --- a/backend/app/tests/api/routes/test_items.py +++ b/backend/app/tests/api/routes/test_items.py @@ -4,6 +4,7 @@ from sqlmodel import Session from app.core.config import settings +from app.models import User from app.tests.utils.item import create_random_item @@ -79,6 +80,22 @@ def test_read_items( assert len(content["data"]) >= 2 +def test_read_items_by_normal_user( + client: TestClient, normal_user_token_headers: dict[str, str], db: Session +) -> None: + r = client.get(f"{settings.API_V1_STR}/users/me", headers=normal_user_token_headers) + user = User(**r.json()) + create_random_item(db, user) + create_random_item(db, user) + response = client.get( + f"{settings.API_V1_STR}/items/", + headers=normal_user_token_headers, + ) + assert response.status_code == 200 + content = response.json() + assert len(content["data"]) >= 2 + + def test_update_item( client: TestClient, superuser_token_headers: dict[str, str], db: Session ) -> None: diff --git a/backend/app/tests/api/routes/test_login.py b/backend/app/tests/api/routes/test_login.py index 34fe8ee560..69c303e261 100644 --- a/backend/app/tests/api/routes/test_login.py +++ b/backend/app/tests/api/routes/test_login.py @@ -5,7 +5,9 @@ from app.core.config import settings from app.core.security import verify_password -from app.models import User +from app.crud import update_user +from app.models import User, UserUpdate +from app.tests.utils.user import create_user from app.utils import generate_password_reset_token @@ -21,6 +23,20 @@ def test_get_access_token(client: TestClient) -> None: assert tokens["access_token"] +def test_get_access_token_inactive_user(client: TestClient, db: Session) -> None: + password = "secretpassword" + user = create_user(db, password=password) + update_user(session=db, db_user=user, user_in=UserUpdate(is_active=False)) + + login_data = { + "username": user.email, + "password": password, + } + r = client.post(f"{settings.API_V1_STR}/login/access-token", data=login_data) + assert r.status_code == 400 + assert r.json() == {"detail": "Inactive user"} + + def test_get_access_token_incorrect_password(client: TestClient) -> None: login_data = { "username": settings.FIRST_SUPERUSER, @@ -88,6 +104,39 @@ def test_reset_password( assert verify_password(data["new_password"], user.hashed_password) +def test_reset_password_no_such_user_email( + client: TestClient, superuser_token_headers: dict[str, str] +) -> None: + token = generate_password_reset_token(email="bad@email.com") + data = {"new_password": "changethis", "token": token} + r = client.post( + f"{settings.API_V1_STR}/reset-password/", + headers=superuser_token_headers, + json=data, + ) + assert r.status_code == 404 + assert r.json() == { + "detail": "The user with this email does not exist in the system." + } + + +def test_reset_password_inactive_user( + client: TestClient, superuser_token_headers: dict[str, str], db: Session +) -> None: + email = "demo@email.com" + user = create_user(db, email=email) + update_user(session=db, db_user=user, user_in=UserUpdate(is_active=False)) + token = generate_password_reset_token(email=email) + data = {"new_password": "changethis", "token": token} + r = client.post( + f"{settings.API_V1_STR}/reset-password/", + headers=superuser_token_headers, + json=data, + ) + assert r.status_code == 400 + assert r.json() == {"detail": "Inactive user"} + + def test_reset_password_invalid_token( client: TestClient, superuser_token_headers: dict[str, str] ) -> None: diff --git a/backend/app/tests/utils/item.py b/backend/app/tests/utils/item.py index 6e32b3a84a..018f2a7415 100644 --- a/backend/app/tests/utils/item.py +++ b/backend/app/tests/utils/item.py @@ -1,13 +1,14 @@ from sqlmodel import Session from app import crud -from app.models import Item, ItemCreate +from app.models import Item, ItemCreate, User from app.tests.utils.user import create_random_user from app.tests.utils.utils import random_lower_string -def create_random_item(db: Session) -> Item: - user = create_random_user(db) +def create_random_item(db: Session, user: User | None = None) -> Item: + if user is None: + user = create_random_user(db) owner_id = user.id assert owner_id is not None title = random_lower_string() diff --git a/backend/app/tests/utils/user.py b/backend/app/tests/utils/user.py index 9c1b073109..13ce2ed149 100644 --- a/backend/app/tests/utils/user.py +++ b/backend/app/tests/utils/user.py @@ -19,6 +19,18 @@ def user_authentication_headers( return headers +def create_user( + db: Session, *, email: str | None = None, password: str | None = None +) -> User: + if email is None: + email = random_email() + if password is None: + password = random_lower_string() + user_in = UserCreate(email=email, password=password) + user = crud.create_user(session=db, user_create=user_in) + return user + + def create_random_user(db: Session) -> User: email = random_email() password = random_lower_string() diff --git a/backend/scripts/tests-start.sh b/backend/scripts/tests-start.sh old mode 100644 new mode 100755