rsw/score
1
0
Fork 0
Code Issues 2 Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Use proper HTTP status codes

Browse Source
This commit is contained in:
Sebastiaan
2025-06-09 22:35:53 +02:00
parent c4d1871835
commit eac43be278
10 changed files with 173 additions and 168 deletions
Download Patch File Download Diff File Expand all files Collapse all files

93
backend/app/tests/api/routes/test_events.py
View File

@@ -1,6 +1,7 @@
import uuid
import pytest
from fastapi import status
from fastapi.testclient import TestClient
from sqlmodel import Session
@@ -22,7 +23,7 @@ def test_create_event(client: TestClient, superuser_token_headers: dict[str, str
headers=superuser_token_headers,
json=data,
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
content = response.json()
assert content["name"] == data["name"]
assert content["contact"] == data["contact"]
@@ -43,7 +44,7 @@ def test_create_event_no_permission(client: TestClient, normal_user_token_header
headers=normal_user_token_headers,
json=data,
)
assert response.status_code == 403
assert response.status_code == status.HTTP_403_FORBIDDEN
assert response.json()["detail"] == "Not enough permissions"
@@ -56,7 +57,7 @@ def test_read_event(
f"{settings.API_V1_STR}/events/{event.id}",
headers=superuser_token_headers,
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
content = response.json()
assert content["name"] == event.name
assert content["contact"] == event.contact
@@ -73,7 +74,7 @@ def test_read_event_not_found(
f"{settings.API_V1_STR}/events/{uuid.uuid4()}",
headers=superuser_token_headers,
)
assert response.status_code == 404
assert response.status_code == status.HTTP_404_NOT_FOUND
assert response.json()["detail"] == "Event not found"
@@ -85,7 +86,7 @@ def test_read_event_not_enough_permissions(
f"{settings.API_V1_STR}/events/{event.id}",
headers=normal_user_token_headers,
)
assert response.status_code == 403
assert response.status_code == status.HTTP_403_FORBIDDEN
assert response.json()["detail"] == "Not enough permissions"
@@ -97,7 +98,7 @@ def test_read_event_with_event_user(
f"{settings.API_V1_STR}/events/{event.id}",
headers=event_user_token_headers.headers,
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
content = response.json()
assert content["name"] == event.name
assert content["contact"] == event.contact
@@ -116,7 +117,7 @@ def test_read_events(
f"{settings.API_V1_STR}/events/",
headers=superuser_token_headers,
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
content = response.json()
assert "count" in content
assert content["count"] >= 2
@@ -136,7 +137,7 @@ def test_read_events_with_event_user(
f"{settings.API_V1_STR}/events/",
headers=authentication_token_from_user(db=db, user=user, client=client),
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
content = response.json()
assert "count" in content
assert content["count"] == 1
@@ -158,7 +159,7 @@ def test_update_event(
headers=superuser_token_headers,
json=data,
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
content = response.json()
assert content["name"] == data["name"]
assert content["contact"] == data["contact"]
@@ -177,7 +178,7 @@ def test_update_event_not_found(
headers=superuser_token_headers,
json=data,
)
assert response.status_code == 404
assert response.status_code == status.HTTP_404_NOT_FOUND
assert response.json()["detail"] == "Event not found"
@@ -191,7 +192,7 @@ def test_update_event_not_enough_permissions(
headers=normal_user_token_headers,
json=data,
)
assert response.status_code == 403
assert response.status_code == status.HTTP_403_FORBIDDEN
assert response.json()["detail"] == "Not enough permissions"
@@ -208,7 +209,7 @@ def test_update_event_with_eventuser(
headers=event_user_token_headers.headers,
json=data,
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
content = response.json()
assert content["name"] == data["name"]
assert content["contact"] == data["contact"]
@@ -226,7 +227,7 @@ def test_delete_event(
f"{settings.API_V1_STR}/events/{event.id}",
headers=superuser_token_headers,
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
assert response.json()["message"] == "Event deleted successfully"
@@ -237,7 +238,7 @@ def test_delete_event_not_found(
f"{settings.API_V1_STR}/events/{uuid.uuid4()}",
headers=superuser_token_headers,
)
assert response.status_code == 404
assert response.status_code == status.HTTP_404_NOT_FOUND
content = response.json()
assert content["detail"] == "Event not found"
@@ -250,7 +251,7 @@ def test_delete_event_not_enough_permissions(
f"{settings.API_V1_STR}/events/{event.id}",
headers=normal_user_token_headers,
)
assert response.status_code == 403
assert response.status_code == status.HTTP_403_FORBIDDEN
assert response.json()["detail"] == "Not enough permissions"
@@ -265,7 +266,7 @@ def test_delete_event_admin_user(
f"{settings.API_V1_STR}/events/{event.id}",
headers=authentication_token_from_user(db=db, user=user, client=client),
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
content = response.json()
assert content["message"] == "Event deleted successfully"
@@ -280,7 +281,7 @@ def test_delete_event_not_enough_permissions_for_this_event(
f"{settings.API_V1_STR}/events/{event.id}",
headers=authentication_token_from_user(db=db, user=user, client=client),
)
assert response.status_code == 403
assert response.status_code == status.HTTP_403_FORBIDDEN
assert response.json()["detail"] == "Not enough permissions"
@@ -295,7 +296,7 @@ def test_delete_event_event_user_read_only_rights(
f"{settings.API_V1_STR}/events/{event.id}",
headers=authentication_token_from_user(db=db, user=user, client=client),
)
assert response.status_code == 403
assert response.status_code == status.HTTP_403_FORBIDDEN
assert response.json()["detail"] == "Not enough permissions"
@@ -312,7 +313,7 @@ def test_read_all_event_users(
f"{settings.API_V1_STR}/events/{event.id}/users",
headers=superuser_token_headers,
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
content = response.json()
assert "count" in content
assert content["count"] == 2
@@ -330,7 +331,7 @@ def test_read_all_event_users_no_permission(
f"{settings.API_V1_STR}/events/{event.id}/users",
headers=normal_user_token_headers,
)
assert response.status_code == 403
assert response.status_code == status.HTTP_403_FORBIDDEN
assert response.json()["detail"] == "Not enough permissions"
@@ -345,7 +346,7 @@ def test_read_all_event_users_with_event_user(
f"{settings.API_V1_STR}/events/{event.id}/users",
headers=authentication_token_from_user(db=db, user=user, client=client),
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
content = response.json()
assert "count" in content
assert content["count"] == 1
@@ -365,7 +366,7 @@ def test_read_all_event_users_with_event_user_no_permission(
f"{settings.API_V1_STR}/events/{event.id}/users",
headers=authentication_token_from_user(db=db, user=user, client=client),
)
assert response.status_code == 403
assert response.status_code == status.HTTP_403_FORBIDDEN
assert response.json()["detail"] == "Not enough permissions"
@@ -376,7 +377,7 @@ def test_add_user_to_event_not_found(
f"{settings.API_V1_STR}/events/{uuid.uuid4()}/users",
headers=superuser_token_headers,
)
assert response.status_code == 404
assert response.status_code == status.HTTP_404_NOT_FOUND
assert response.json()["detail"] == "Event not found"
@@ -395,7 +396,7 @@ def test_add_user_to_event(
headers=superuser_token_headers,
json=data,
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
content = response.json()
assert "rights" in content
assert content["rights"] == PermissionRight.READ
@@ -417,7 +418,7 @@ def test_add_user_to_event_event_not_found(
headers=superuser_token_headers,
json=data,
)
assert response.status_code == 404
assert response.status_code == status.HTTP_404_NOT_FOUND
assert response.json()["detail"] == "Event not found"
@@ -435,7 +436,7 @@ def test_add_user_to_event_user_not_found(
headers=superuser_token_headers,
json=data,
)
assert response.status_code == 404
assert response.status_code == status.HTTP_404_NOT_FOUND
assert response.json()["detail"] == "User not found"
@@ -455,7 +456,7 @@ def test_add_user_to_event_already_exists(
headers=superuser_token_headers,
json=data,
)
assert response.status_code == 400
assert response.status_code == status.HTTP_400_BAD_REQUEST
assert response.json()["detail"] == "User already part of this event"
@@ -474,7 +475,7 @@ def test_add_user_to_event_no_permissions(
headers=normal_user_token_headers,
json=data,
)
assert response.status_code == 403
assert response.status_code == status.HTTP_403_FORBIDDEN
assert response.json()["detail"] == "Not enough permissions"
@@ -493,7 +494,7 @@ def test_add_user_to_event_unknown_rights(
headers=superuser_token_headers,
json=data,
)
assert response.status_code == 400
assert response.status_code == status.HTTP_400_BAD_REQUEST
assert response.json()["detail"] == "Invalid permission rights"
@@ -516,7 +517,7 @@ def test_add_user_with_more_rights_than_current_user(
headers=authentication_token_from_user(db=db, user=limited_user, client=client),
json=data,
)
assert response.status_code == 403
assert response.status_code == status.HTTP_403_FORBIDDEN
assert response.json()["detail"] == "Not enough permissions"
@@ -536,7 +537,7 @@ def test_add_user_rights_combined(
json=data,
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
content = response.json()
assert "rights" in content
assert content["rights"] == data["rights"]
@@ -558,7 +559,7 @@ def test_update_user_inside_event(
headers=superuser_token_headers,
json=data,
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
content = response.json()
assert "rights" in content
assert content["rights"] == data["rights"]
@@ -579,7 +580,7 @@ def test_update_event_user_event_not_found(
headers=superuser_token_headers,
json=data,
)
assert response.status_code == 404
assert response.status_code == status.HTTP_404_NOT_FOUND
assert response.json()["detail"] == "Event not found"
@@ -596,7 +597,7 @@ def test_update_event_user_user_not_found(
headers=superuser_token_headers,
json=data,
)
assert response.status_code == 404
assert response.status_code == status.HTTP_404_NOT_FOUND
assert response.json()["detail"] == "User not found"
@@ -615,7 +616,7 @@ def test_update_event_user_unknown_rights(
headers=superuser_token_headers,
json=data,
)
assert response.status_code == 400
assert response.status_code == status.HTTP_400_BAD_REQUEST
assert response.json()["detail"] == "Invalid permission rights"
@@ -634,7 +635,7 @@ def test_update_event_user_not_enough_permissions(
headers=normal_user_token_headers,
json=data,
)
assert response.status_code == 403
assert response.status_code == status.HTTP_403_FORBIDDEN
assert response.json()["detail"] == "Not enough permissions"
@@ -658,7 +659,7 @@ def test_update_event_user_with_event_user_same_event(
headers=authentication_token_from_user(db=db, user=user1, client=client),
json=data,
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
content = response.json()
assert content["rights"] == data["rights"]
assert content["user_id"] == str(user2.id)
@@ -686,7 +687,7 @@ def test_update_event_user_from_other_event_forbidden(
headers=authentication_token_from_user(db=db, user=user1, client=client),
json=data,
)
assert response.status_code == 403
assert response.status_code == status.HTTP_403_FORBIDDEN
assert response.json()["detail"] == "Not enough permissions"
@@ -711,7 +712,7 @@ def test_update_event_user_from_other_event_thru_own_event(
headers=authentication_token_from_user(db=db, user=user1, client=client),
json=data,
)
assert response.status_code == 404
assert response.status_code == status.HTTP_404_NOT_FOUND
assert response.json()["detail"] == "User is not part of this event"
@@ -734,7 +735,7 @@ def test_update_user_rights_combined(
json=data,
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
content = response.json()
assert "rights" in content
assert content["rights"] == data["rights"]
@@ -754,7 +755,7 @@ def test_remove_user_from_event(
headers=superuser_token_headers,
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
assert response.json()["message"] == "User removed successfully"
# assert not event.get_user_link(user)
@@ -771,7 +772,7 @@ def test_remove_user_from_event_event_not_found(
headers=superuser_token_headers,
)
assert response.status_code == 404
assert response.status_code == status.HTTP_404_NOT_FOUND
assert response.json()["detail"] == "Event not found"
@@ -785,7 +786,7 @@ def test_remove_user_from_event_user_not_found(
headers=superuser_token_headers,
)
assert response.status_code == 404
assert response.status_code == status.HTTP_404_NOT_FOUND
assert response.json()["detail"] == "User not found"
@@ -800,7 +801,7 @@ def test_remove_user_from_event_user_not_in_event(
headers=superuser_token_headers,
)
assert response.status_code == 404
assert response.status_code == status.HTTP_404_NOT_FOUND
assert response.json()["detail"] == "User is not part of this event"
@@ -819,7 +820,7 @@ def test_remove_user_from_event_insufficient_permissions(
headers=authentication_token_from_user(db=db, user=limited_user, client=client),
)
assert response.status_code == 403
assert response.status_code == status.HTTP_403_FORBIDDEN
assert response.json()["detail"] == "Not enough permissions"
@@ -835,5 +836,5 @@ def test_remove_own_user_from_event(
headers=authentication_token_from_user(db=db, user=user, client=client),
)
assert response.status_code == 403
assert response.status_code == status.HTTP_403_FORBIDDEN
assert response.json()["detail"] == "Users are not allowed to delete themselves when they are not an super admin"

21
backend/app/tests/api/routes/test_login.py
View File

@@ -1,5 +1,6 @@
from unittest.mock import patch
from fastapi import status
from fastapi.testclient import TestClient
from sqlmodel import Session
@@ -19,7 +20,7 @@ def test_get_access_token(client: TestClient) -> None:
}
r = client.post(f"{settings.API_V1_STR}/login/access-token", data=login_data)
tokens = r.json()
assert r.status_code == 200
assert r.status_code == status.HTTP_200_OK
assert "access_token" in tokens
assert tokens["access_token"]
@@ -30,7 +31,7 @@ def test_get_access_token_incorrect_password(client: TestClient) -> None:
"password": "incorrect",
}
r = client.post(f"{settings.API_V1_STR}/login/access-token", data=login_data)
assert r.status_code == 400
assert r.status_code == status.HTTP_400_BAD_REQUEST
def test_use_access_token(
@@ -41,7 +42,7 @@ def test_use_access_token(
headers=superuser_token_headers,
)
result = r.json()
assert r.status_code == 200
assert r.status_code == status.HTTP_200_OK
assert "email" in result
@@ -60,7 +61,7 @@ def test_use_api_key(client: TestClient, db: Session) -> None:
r = client.get(f"{settings.API_V1_STR}/login/api-key/{api_key.api_key}")
tokens = r.json()
assert r.status_code == 200
assert r.status_code == status.HTTP_200_OK
assert "access_token" in tokens
assert tokens["access_token"]
@@ -79,7 +80,7 @@ def test_use_api_key_inactive(client: TestClient, db: Session) -> None:
api_key = ApiKey.create(session=db, create_obj=create_obj)
r = client.get(f"{settings.API_V1_STR}/login/api-key/{api_key.api_key}")
assert r.status_code == 400
assert r.status_code == status.HTTP_400_BAD_REQUEST
def test_use_api_key_user_inactive(client: TestClient, db: Session) -> None:
@@ -101,7 +102,7 @@ def test_use_api_key_user_inactive(client: TestClient, db: Session) -> None:
api_key = ApiKey.create(session=db, create_obj=create_obj)
r = client.get(f"{settings.API_V1_STR}/login/api-key/{api_key.api_key}")
assert r.status_code == 400
assert r.status_code == status.HTTP_400_BAD_REQUEST
def test_recovery_password(
@@ -116,7 +117,7 @@ def test_recovery_password(
f"{settings.API_V1_STR}/password-recovery/{email}",
headers=normal_user_token_headers,
)
assert r.status_code == 200
assert r.status_code == status.HTTP_200_OK
assert r.json() == {"message": "Password recovery email sent"}
@@ -129,7 +130,7 @@ def test_recovery_password_user_not_exits(
headers=normal_user_token_headers,
)
assert (
r.status_code == 404
r.status_code == status.HTTP_404_NOT_FOUND
) # TODO: Fix testing and do not leak known emails with 404
@@ -155,7 +156,7 @@ def test_reset_password(client: TestClient, db: Session) -> None:
json=data,
)
assert r.status_code == 200
assert r.status_code == status.HTTP_200_OK
assert r.json() == {"message": "Password updated successfully"}
db.refresh(user)
@@ -174,5 +175,5 @@ def test_reset_password_invalid_token(
response = r.json()
assert "detail" in response
assert r.status_code == 400
assert r.status_code == status.HTTP_400_BAD_REQUEST
assert response["detail"] == "Invalid token"

3
backend/app/tests/api/routes/test_private.py
View File

@@ -1,3 +1,4 @@
from fastapi import status
from fastapi.testclient import TestClient
from sqlmodel import Session, select
@@ -15,7 +16,7 @@ def test_create_user(client: TestClient, db: Session) -> None:
},
)
assert r.status_code == 200
assert r.status_code == status.HTTP_200_OK
data = r.json()

47
backend/app/tests/api/routes/test_teams.py
View File

@@ -1,5 +1,6 @@
import uuid
from fastapi import status
from fastapi.testclient import TestClient
from sqlmodel import Session
@@ -23,7 +24,7 @@ def test_create_team(client: TestClient, superuser_token_headers: dict[str, str]
headers=superuser_token_headers,
json=data,
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
content = response.json()
assert content["theme_name"] == data["theme_name"]
assert content["event_id"] == str(event.id)
@@ -38,7 +39,7 @@ def test_create_team_without_event(client: TestClient, superuser_token_headers:
headers=superuser_token_headers,
json=data,
)
assert response.status_code == 422
assert response.status_code == status.HTTP_422_UNPROCESSABLE_ENTITY
assert response.json()["detail"][0]["loc"] == ["body", "event_id"]
@@ -52,7 +53,7 @@ def test_create_team_with_incorrect_event(client: TestClient, superuser_token_he
headers=superuser_token_headers,
json=data,
)
assert response.status_code == 404
assert response.status_code == status.HTTP_404_NOT_FOUND
assert response.json()["detail"] == "Event not found"
def test_read_team(client: TestClient, superuser_token_headers: dict[str, str], db: Session) -> None:
@@ -61,7 +62,7 @@ def test_read_team(client: TestClient, superuser_token_headers: dict[str, str],
f"{settings.API_V1_STR}/teams/{team.id}",
headers=superuser_token_headers,
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
content = response.json()
assert content["id"] == str(team.id)
assert content["theme_name"] == team.theme_name
@@ -72,7 +73,7 @@ def test_read_team_not_found(client: TestClient, superuser_token_headers: dict[s
f"{settings.API_V1_STR}/teams/{uuid.uuid4()}",
headers=superuser_token_headers,
)
assert response.status_code == 404
assert response.status_code == status.HTTP_404_NOT_FOUND
assert response.json()["detail"] == "Team not found"
@@ -82,7 +83,7 @@ def test_read_event_not_enough_permissions(client: TestClient, normal_user_token
f"{settings.API_V1_STR}/teams/{team.id}",
headers=normal_user_token_headers,
)
assert response.status_code == 403
assert response.status_code == status.HTTP_403_FORBIDDEN
assert response.json()["detail"] == "Not enough permissions"
@@ -94,7 +95,7 @@ def test_read_team_with_event_user(client: TestClient, event_user_token_headers:
headers=event_user_token_headers.headers,
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
content = response.json()
assert content["id"] == str(team.id)
assert content["theme_name"] == team.theme_name
@@ -108,7 +109,7 @@ def test_read_teams(client: TestClient, superuser_token_headers: dict[str, str],
f"{settings.API_V1_STR}/teams/",
headers=superuser_token_headers,
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
content = response.json()
assert "count" in content
assert content["count"] >= 2
@@ -124,7 +125,7 @@ def test_read_teams_with_normal_user(client: TestClient, normal_user_token_heade
f"{settings.API_V1_STR}/teams/",
headers=normal_user_token_headers,
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
content = response.json()
assert "count" in content
assert content["count"] == 0
@@ -144,7 +145,7 @@ def test_read_teams_with_event_user_readonly(client: TestClient, db: Session) ->
headers=authentication_token_from_user(db=db, user=user, client=client),
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
content = response.json()
assert "count" in content
assert content["count"] == 1
@@ -164,7 +165,7 @@ def test_read_teams_with_event_user_team_manager(client: TestClient, db: Session
headers=authentication_token_from_user(db=db, user=user, client=client),
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
content = response.json()
assert "count" in content
assert content["count"] == 1
@@ -181,7 +182,7 @@ def test_update_team_name(client: TestClient, superuser_token_headers: dict[str,
headers=superuser_token_headers,
json=data,
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
content = response.json()
assert content["id"] == str(team.id)
assert content["theme_name"] == data["theme_name"]
@@ -195,7 +196,7 @@ def test_update_team_not_found(client: TestClient, superuser_token_headers: dict
headers=superuser_token_headers,
json=data,
)
assert response.status_code == 404
assert response.status_code == status.HTTP_404_NOT_FOUND
assert response.json()["detail"] == "Team not found"
@@ -207,7 +208,7 @@ def test_update_team_not_enough_permissions(client: TestClient, normal_user_toke
headers=normal_user_token_headers,
json=data,
)
assert response.status_code == 403
assert response.status_code == status.HTTP_403_FORBIDDEN
assert response.json()["detail"] == "Not enough permissions"
@@ -219,7 +220,7 @@ def test_update_team_name_with_event_permissions(client: TestClient, event_user_
headers=event_user_token_headers.headers,
json=data,
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
content = response.json()
assert content["id"] == str(team.id)
assert content["theme_name"] == data["theme_name"]
@@ -236,7 +237,7 @@ def test_update_team_event(client: TestClient, superuser_token_headers: dict[str
headers=superuser_token_headers,
json=data,
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
content = response.json()
assert content["id"] == str(team.id)
assert content["theme_name"] == team.theme_name
@@ -252,7 +253,7 @@ def test_update_team_event_not_found(client: TestClient, superuser_token_headers
headers=superuser_token_headers,
json=data,
)
assert response.status_code == 404
assert response.status_code == status.HTTP_404_NOT_FOUND
assert response.json()["detail"] == "New event not found"
@@ -269,7 +270,7 @@ def test_update_team_event_with_event_user(client: TestClient, event_user_token_
json=data,
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
content = response.json()
assert content["id"] == str(team.id)
assert content["theme_name"] == team.theme_name
@@ -288,7 +289,7 @@ def test_update_team_event_with_event_user_not_enough_permissions(client: TestCl
json=data,
)
assert response.status_code == 403
assert response.status_code == status.HTTP_403_FORBIDDEN
assert response.json()["detail"] == "Not enough permissions"
@@ -298,7 +299,7 @@ def test_delete_team(client: TestClient, superuser_token_headers: dict[str, str]
f"{settings.API_V1_STR}/teams/{team.id}",
headers=superuser_token_headers,
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
assert response.json()["message"] == "Team deleted successfully"
@@ -307,7 +308,7 @@ def test_delete_team_not_found(client: TestClient, superuser_token_headers: dict
f"{settings.API_V1_STR}/teams/{uuid.uuid4()}",
headers=superuser_token_headers,
)
assert response.status_code == 404
assert response.status_code == status.HTTP_404_NOT_FOUND
assert response.json()["detail"] == "Team not found"
@@ -317,7 +318,7 @@ def test_delete_not_enough_permissions(client: TestClient, normal_user_token_hea
f"{settings.API_V1_STR}/teams/{team.id}",
headers=normal_user_token_headers,
)
assert response.status_code == 403
assert response.status_code == status.HTTP_403_FORBIDDEN
assert response.json()["detail"] == "Not enough permissions"
@@ -327,5 +328,5 @@ def test_delete_team_with_event_user(client: TestClient, event_user_token_header
f"{settings.API_V1_STR}/teams/{team.id}",
headers=event_user_token_headers.headers,
)
assert response.status_code == 200
assert response.status_code == status.HTTP_200_OK
assert response.json()["message"] == "Team deleted successfully"

49
backend/app/tests/api/routes/test_users.py
View File

@@ -1,6 +1,7 @@
import uuid
from unittest.mock import patch
from fastapi import status
from fastapi.testclient import TestClient
from sqlmodel import Session, select
@@ -48,7 +49,7 @@ def test_create_user_new_email(
headers=superuser_token_headers,
json=data,
)
assert 200 <= r.status_code < 300
assert status.HTTP_200_OK <= r.status_code < 300
created_user = r.json()
user = User.get_by_email(session=db, email=username)
assert user
@@ -67,7 +68,7 @@ def test_get_existing_user(
f"{settings.API_V1_STR}/users/{user_id}",
headers=superuser_token_headers,
)
assert 200 <= r.status_code < 300
assert status.HTTP_200_OK <= r.status_code < 300
api_user = r.json()
existing_user = User.get_by_email(session=db, email=username)
assert existing_user
@@ -94,7 +95,7 @@ def test_get_existing_user_current_user(client: TestClient, db: Session) -> None
f"{settings.API_V1_STR}/users/{user_id}",
headers=headers,
)
assert 200 <= r.status_code < 300
assert status.HTTP_200_OK <= r.status_code < 300
api_user = r.json()
existing_user = User.get_by_email(session=db, email=username)
assert existing_user
@@ -108,7 +109,7 @@ def test_get_existing_user_permissions_error(
f"{settings.API_V1_STR}/users/{uuid.uuid4()}",
headers=normal_user_token_headers,
)
assert r.status_code == 403
assert r.status_code == status.HTTP_403_FORBIDDEN
assert r.json() == {"detail": "The user doesn't have enough privileges"}
@@ -127,7 +128,7 @@ def test_create_user_existing_username(
json=data,
)
created_user = r.json()
assert r.status_code == 400
assert r.status_code == status.HTTP_400_BAD_REQUEST
assert "_id" not in created_user
@@ -142,7 +143,7 @@ def test_create_user_by_normal_user(
headers=normal_user_token_headers,
json=data,
)
assert r.status_code == 403
assert r.status_code == status.HTTP_403_FORBIDDEN
def test_retrieve_users(
@@ -179,7 +180,7 @@ def test_update_user_me(
headers=normal_user_token_headers,
json=data,
)
assert r.status_code == 200
assert r.status_code == status.HTTP_200_OK
updated_user = r.json()
assert updated_user["email"] == email
assert updated_user["full_name"] == full_name
@@ -204,7 +205,7 @@ def test_update_password_me(
headers=superuser_token_headers,
json=data,
)
assert r.status_code == 200
assert r.status_code == status.HTTP_200_OK
updated_user = r.json()
assert updated_user["message"] == "Password updated successfully"
@@ -226,7 +227,7 @@ def test_update_password_me(
)
db.refresh(user_db)
assert r.status_code == 200
assert r.status_code == status.HTTP_200_OK
assert verify_password(settings.FIRST_SUPERUSER_PASSWORD, user_db.hashed_password)
@@ -239,7 +240,7 @@ def test_generate_api_key_me(
headers=superuser_token_headers,
json=data,
)
assert r.status_code == 200
assert r.status_code == status.HTTP_200_OK
api_key = r.json()
assert "api_key" in api_key
assert api_key["name"] == data["name"]
@@ -265,7 +266,7 @@ def test_update_password_me_incorrect_password(
headers=superuser_token_headers,
json=data,
)
assert r.status_code == 400
assert r.status_code == status.HTTP_400_BAD_REQUEST
updated_user = r.json()
assert updated_user["detail"] == "Incorrect password"
@@ -284,7 +285,7 @@ def test_update_user_me_email_exists(
headers=normal_user_token_headers,
json=data,
)
assert r.status_code == 409
assert r.status_code == status.HTTP_409_CONFLICT
assert r.json()["detail"] == "User with this email already exists"
@@ -300,7 +301,7 @@ def test_update_password_me_same_password_error(
headers=superuser_token_headers,
json=data,
)
assert r.status_code == 400
assert r.status_code == status.HTTP_400_BAD_REQUEST
updated_user = r.json()
assert (
updated_user["detail"] == "New password cannot be the same as the current one"
@@ -316,7 +317,7 @@ def test_register_user(client: TestClient, db: Session) -> None:
f"{settings.API_V1_STR}/users/signup",
json=data,
)
assert r.status_code == 200
assert r.status_code == status.HTTP_200_OK
created_user = r.json()
assert created_user["email"] == username
assert created_user["full_name"] == full_name
@@ -341,7 +342,7 @@ def test_register_user_already_exists_error(client: TestClient) -> None:
f"{settings.API_V1_STR}/users/signup",
json=data,
)
assert r.status_code == 400
assert r.status_code == status.HTTP_400_BAD_REQUEST
assert r.json()["detail"] == "The user with this email already exists in the system"
@@ -359,7 +360,7 @@ def test_update_user(
headers=superuser_token_headers,
json=data,
)
assert r.status_code == 200
assert r.status_code == status.HTTP_200_OK
updated_user = r.json()
assert updated_user["full_name"] == "Updated_full_name"
@@ -380,7 +381,7 @@ def test_update_user_not_exists(
headers=superuser_token_headers,
json=data,
)
assert r.status_code == 404
assert r.status_code == status.HTTP_404_NOT_FOUND
assert r.json()["detail"] == "The user with this id does not exist in the system"
@@ -403,7 +404,7 @@ def test_update_user_email_exists(
headers=superuser_token_headers,
json=data,
)
assert r.status_code == 409
assert r.status_code == status.HTTP_409_CONFLICT
assert r.json()["detail"] == "User with this email already exists"
@@ -427,7 +428,7 @@ def test_delete_user_me(client: TestClient, db: Session) -> None:
f"{settings.API_V1_STR}/users/me",
headers=headers,
)
assert r.status_code == 200
assert r.status_code == status.HTTP_200_OK
deleted_user = r.json()
assert deleted_user["message"] == "User deleted successfully"
result = db.exec(select(User).where(User.id == user_id)).first()
@@ -445,7 +446,7 @@ def test_delete_user_me_as_superuser(
f"{settings.API_V1_STR}/users/me",
headers=superuser_token_headers,
)
assert r.status_code == 403
assert r.status_code == status.HTTP_403_FORBIDDEN
response = r.json()
assert response["detail"] == "Super users are not allowed to delete themselves"
@@ -462,7 +463,7 @@ def test_delete_user_super_user(
f"{settings.API_V1_STR}/users/{user_id}",
headers=superuser_token_headers,
)
assert r.status_code == 200
assert r.status_code == status.HTTP_200_OK
deleted_user = r.json()
assert deleted_user["message"] == "User deleted successfully"
result = db.exec(select(User).where(User.id == user_id)).first()
@@ -476,7 +477,7 @@ def test_delete_user_not_found(
f"{settings.API_V1_STR}/users/{uuid.uuid4()}",
headers=superuser_token_headers,
)
assert r.status_code == 404
assert r.status_code == status.HTTP_404_NOT_FOUND
assert r.json()["detail"] == "User not found"
@@ -491,7 +492,7 @@ def test_delete_user_current_super_user_error(
f"{settings.API_V1_STR}/users/{user_id}",
headers=superuser_token_headers,
)
assert r.status_code == 403
assert r.status_code == status.HTTP_403_FORBIDDEN
assert r.json()["detail"] == "Super users are not allowed to delete themselves"
@@ -507,5 +508,5 @@ def test_delete_user_without_privileges(
f"{settings.API_V1_STR}/users/{user.id}",
headers=normal_user_token_headers,
)
assert r.status_code == 403
assert r.status_code == status.HTTP_403_FORBIDDEN
assert r.json()["detail"] == "The user doesn't have enough privileges"