Use proper HTTP status codes

2025-06-09 22:35:53 +02:00
parent c4d1871835
commit eac43be278
10 changed files with 173 additions and 168 deletions
--- a/backend/app/api/routes/users.py
+++ b/backend/app/api/routes/users.py
@@ -1,7 +1,7 @@
 import uuid
 from typing import Any

-from fastapi import APIRouter, Depends, HTTPException
+from fastapi import APIRouter, Depends, HTTPException, status
 from sqlmodel import func, select

 from app.api.deps import (
@@ -66,7 +66,7 @@ def create_user(*, session: SessionDep, user_in: UserCreate) -> Any:
    user = User.get_by_email(session=session, email=user_in.email)
    if user:
        raise HTTPException(
-            status_code=400,
+            status_code=status.HTTP_400_BAD_REQUEST,
            detail="The user with this email already exists in the system.",
        )

@@ -95,7 +95,7 @@ def update_user_me(
        existing_user = User.get_by_email(session=session, email=user_in.email)
        if existing_user and existing_user.id != current_user.id:
            raise HTTPException(
-                status_code=409, detail="User with this email already exists"
+                status_code=status.HTTP_409_CONFLICT, detail="User with this email already exists"
            )
    user_data = user_in.model_dump(exclude_unset=True)
    current_user.sqlmodel_update(user_data)
@@ -113,10 +113,10 @@ def update_password_me(
    Update own password.
    """
    if not verify_password(body.current_password, current_user.hashed_password):
-        raise HTTPException(status_code=400, detail="Incorrect password")
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Incorrect password")
    if body.current_password == body.new_password:
        raise HTTPException(
-            status_code=400, detail="New password cannot be the same as the current one"
+            status_code=status.HTTP_400_BAD_REQUEST, detail="New password cannot be the same as the current one"
        )
    hashed_password = get_password_hash(body.new_password)
    current_user.hashed_password = hashed_password
@@ -184,7 +184,7 @@ def delete_apikey_me(
            session.commit()
            return Message(message="Api key deleted successfully")

-    raise HTTPException(status_code=404, detail="API key not found")
+    raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="API key not found")


@router.get("/me", response_model=UserPublic)
@@ -206,7 +206,7 @@ def delete_user_me(session: SessionDep, current_user: CurrentUser) -> Any:
        rights=PermissionRight.DELETE,
    ):
        raise HTTPException(
-            status_code=403, detail="Super users are not allowed to delete themselves"
+            status_code=status.HTTP_403_FORBIDDEN, detail="Super users are not allowed to delete themselves"
        )
    session.delete(current_user)
    session.commit()
@@ -221,7 +221,7 @@ def register_user(session: SessionDep, user_in: UserRegister) -> Any:
    user = User.get_by_email(session=session, email=user_in.email)
    if user:
        raise HTTPException(
-            status_code=400,
+            status_code=status.HTTP_400_BAD_REQUEST,
            detail="The user with this email already exists in the system",
        )
    user_create = UserCreate.model_validate(user_in)
@@ -245,7 +245,7 @@ def read_user_by_id(
        rights=PermissionRight.READ,
    ):
        raise HTTPException(
-            status_code=403,
+            status_code=status.HTTP_403_FORBIDDEN,
            detail="The user doesn't have enough privileges",
        )
    return user
@@ -269,14 +269,14 @@ def update_user(
    db_user = session.get(User, user_id)
    if not db_user:
        raise HTTPException(
-            status_code=404,
+            status_code=status.HTTP_404_NOT_FOUND,
            detail="The user with this id does not exist in the system",
        )
    if user_in.email:
        existing_user = User.get_by_email(session=session, email=user_in.email)
        if existing_user and existing_user.id != user_id:
            raise HTTPException(
-                status_code=409, detail="User with this email already exists"
+                status_code=status.HTTP_409_CONFLICT, detail="User with this email already exists"
            )

    db_user = User.update(session=session, db_obj=db_user, in_obj=user_in)
@@ -292,10 +292,10 @@ def delete_user(
    """
    user = session.get(User, user_id)
    if not user:
-        raise HTTPException(status_code=404, detail="User not found")
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User not found")
    if user == current_user:
        raise HTTPException(
-            status_code=403, detail="Super users are not allowed to delete themselves"
+            status_code=status.HTTP_403_FORBIDDEN, detail="Super users are not allowed to delete themselves"
        )
    # statement = delete(Item).where(col(Item.owner_id) == user_id)
    # session.exec(statement)  # type: ignore