Use proper HTTP status codes

backend/app/api/routes/events.py

@@ -1,6 +1,6 @@
 from typing import Any
 
-from fastapi import APIRouter, HTTPException
+from fastapi import APIRouter, HTTPException, status
 from sqlmodel import func, select
 
 from app.api.deps import CurrentUser, SessionDep
@@ -83,14 +83,14 @@ def read_event(session: SessionDep, current_user: CurrentUser, id: RowId) -> Any
     """
     event = session.get(Event, id)
     if not event:
-        raise HTTPException(status_code=404, detail="Event not found")
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Event not found")
 
     if not current_user.has_permissions(
         module=PermissionModule.EVENT,
         part=PermissionPart.ADMIN,
         rights=PermissionRight.READ,
     ) and not (event.user_has_rights(user=current_user, rights=PermissionRight.READ)):
-        raise HTTPException(status_code=403, detail="Not enough permissions")
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions")
 
     return event
 
@@ -107,7 +107,7 @@ def create_event(
         part=PermissionPart.ADMIN,
         rights=PermissionRight.CREATE,
     ):
-        raise HTTPException(status_code=403, detail="Not enough permissions")
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions")
 
     event = Event.create(create_obj=event_in, session=session)
     event.add_user(user=current_user, rights=PermissionRight.ADMIN, session=session)
@@ -127,14 +127,14 @@ def update_event(
     """
     event = session.get(Event, id)
     if not event:
-        raise HTTPException(status_code=404, detail="Event not found")
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Event not found")
 
     if not current_user.has_permissions(
         module=PermissionModule.EVENT,
         part=PermissionPart.ADMIN,
         rights=PermissionRight.UPDATE,
     ) and not (event.user_has_rights(user=current_user, rights=PermissionRight.UPDATE)):
-        raise HTTPException(status_code=403, detail="Not enough permissions")
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions")
 
     return Event.update(db_obj=event, in_obj=event_in, session=session)
 
@@ -150,14 +150,14 @@ def delete_event(
     """
     event = session.get(Event, id)
     if not event:
-        raise HTTPException(status_code=404, detail="Event not found")
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Event not found")
 
     if not current_user.has_permissions(
         module=PermissionModule.EVENT,
         part=PermissionPart.ADMIN,
         rights=PermissionRight.DELETE,
     ) and not (event.user_has_rights(user=current_user, rights=PermissionRight.DELETE)):
-        raise HTTPException(status_code=403, detail="Not enough permissions")
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions")
 
     session.delete(event)
     session.commit()
@@ -180,14 +180,14 @@ def read_event_users(
 
     event = session.get(Event, event_id)
     if not event:
-        raise HTTPException(status_code=404, detail="Event not found")
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Event not found")
 
     if not current_user.has_permissions(
         module=PermissionModule.EVENT,
         part=PermissionPart.ADMIN,
         rights=PermissionRight.MANAGE_USERS,
     ) and not (event.user_has_rights(user=current_user, rights=PermissionRight.MANAGE_USERS)):
-        raise HTTPException(status_code=403, detail="Not enough permissions")
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions")
 
     count_statement = (select(func.count())
                        .select_from(EventUserLink)
@@ -217,26 +217,26 @@ def create_event_user(
 
     if user_in.rights & ~PermissionRight.ADMIN:
         # FIXME: find a proper richts checker
-        raise HTTPException(status_code=400, detail="Invalid permission rights")
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid permission rights")
 
     event = session.get(Event, event_id)
     if not event:
-        raise HTTPException(status_code=404, detail="Event not found")
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Event not found")
 
     if not current_user.has_permissions(
         module=PermissionModule.EVENT,
         part=PermissionPart.ADMIN,
         rights=PermissionRight.MANAGE_USERS,
     ) and not (event.user_has_rights(user=current_user, rights=(PermissionRight.MANAGE_USERS | user_in.rights))):
-        raise HTTPException(status_code=403, detail="Not enough permissions")
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions")
 
     user = session.get(User, user_in.user_id)
     if not user:
-        raise HTTPException(status_code=404, detail="User not found")
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User not found")
 
     user_link = event.get_user_link(user)
     if user_link:
-        raise HTTPException(status_code=400, detail="User already part of this event")
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="User already part of this event")
 
     return event.add_user(user=user, rights=user_in.rights, session=session)
 
@@ -255,27 +255,27 @@ def update_user_in_event(
 
     event = session.get(Event, event_id)
     if not event:
-        raise HTTPException(status_code=404, detail="Event not found")
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Event not found")
 
     user = session.get(User, user_id)
     if not user:
-        raise HTTPException(status_code=404, detail="User not found")
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User not found")
 
     valid_flags = sum(flag.value for flag in PermissionRight)
     if user_in.rights & ~valid_flags:
         # FIXME: find a proper richts checker
-        raise HTTPException(status_code=400, detail="Invalid permission rights")
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid permission rights")
 
     if not current_user.has_permissions(
         module=PermissionModule.EVENT,
         part=PermissionPart.ADMIN,
         rights=PermissionRight.MANAGE_USERS,
     ) and not (event.user_has_rights(user=current_user, rights=(PermissionRight.MANAGE_USERS | user_in.rights))):
-        raise HTTPException(status_code=403, detail="Not enough permissions")
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions")
 
     user_link = event.get_user_link(user)
     if not user_link:
-        raise HTTPException(status_code=404, detail="User is not part of this event")
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User is not part of this event")
 
     return event.update_user(user=user, rights=user_in.rights, session=session)
 
@@ -289,11 +289,11 @@ def remove_user_from_event(
     """
     event = session.get(Event, event_id)
     if not event:
-        raise HTTPException(status_code=404, detail="Event not found")
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Event not found")
 
     user = session.get(User, user_id)
     if not user:
-        raise HTTPException(status_code=404, detail="User not found")
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User not found")
 
     if not current_user.has_permissions(
         module=PermissionModule.EVENT,
@@ -301,14 +301,14 @@ def remove_user_from_event(
         rights=PermissionRight.MANAGE_USERS,
     ):
         if current_user.id == user.id:
-            raise HTTPException(status_code=403, detail="Users are not allowed to delete themselves when they are not an super admin")
+            raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Users are not allowed to delete themselves when they are not an super admin")
 
         if not event.user_has_rights(user=current_user, rights=PermissionRight.MANAGE_USERS):
-            raise HTTPException(status_code=403, detail="Not enough permissions")
+            raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions")
 
     user_link = event.get_user_link(user)
     if not user_link:
-        raise HTTPException(status_code=404, detail="User is not part of this event")
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User is not part of this event")
 
     event.remove_user(user=user, session=session)
     return Message(

backend/app/api/routes/login.py

@@ -1,7 +1,7 @@
 from datetime import timedelta
 from typing import Annotated, Any
 
-from fastapi import APIRouter, Depends, HTTPException
+from fastapi import APIRouter, Depends, HTTPException, status
 from fastapi.responses import HTMLResponse
 from fastapi.security import OAuth2PasswordRequestForm
 
@@ -33,9 +33,9 @@ def login_access_token(
         session=session, email=form_data.username, password=form_data.password
     )
     if not user:
-        raise HTTPException(status_code=400, detail="Incorrect email or password")
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Incorrect email or password")
     elif not user.is_active:
-        raise HTTPException(status_code=400, detail="Inactive user")
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Inactive user")
     access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
     return Token(
         access_token=security.create_access_token(
@@ -54,9 +54,9 @@ def login_apikey(
     """
     user = ApiKey.authenticate(session=session, api_key=api_key)
     if not user:
-        raise HTTPException(status_code=400, detail="Incorrect apikey")
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Incorrect apikey")
     elif not user.is_active:
-        raise HTTPException(status_code=400, detail="Inactive user")
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Inactive user")
     access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
     return Token(
         access_token=security.create_access_token(
@@ -82,7 +82,7 @@ def recover_password(email: str, session: SessionDep) -> Message:
 
     if not user:
         raise HTTPException(
-            status_code=404,
+            status_code=status.HTTP_404_NOT_FOUND,
             detail="The user with this email does not exist in the system.",
         )
     password_reset_token = generate_password_reset_token(email=email)
@@ -104,15 +104,15 @@ def reset_password(session: SessionDep, body: NewPassword) -> Message:
     """
     email = verify_password_reset_token(token=body.token)
     if not email:
-        raise HTTPException(status_code=400, detail="Invalid token")
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid token")
     user = User.get_by_email(session=session, email=email)
     if not user:
         raise HTTPException(
-            status_code=404,
+            status_code=status.HTTP_404_NOT_FOUND,
             detail="The user with this email does not exist in the system.",
         )
     elif not user.is_active:
-        raise HTTPException(status_code=400, detail="Inactive user")
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Inactive user")
     hashed_password = get_password_hash(password=body.new_password)
     user.hashed_password = hashed_password
     session.add(user)
@@ -133,7 +133,7 @@ def recover_password_html_content(email: str, session: SessionDep) -> Any:
 
     if not user:
         raise HTTPException(
-            status_code=404,
+            status_code=status.HTTP_404_NOT_FOUND,
             detail="The user with this username does not exist in the system.",
         )
     password_reset_token = generate_password_reset_token(email=email)

backend/app/api/routes/teams.py

@@ -1,6 +1,6 @@
 from typing import Any
 
-from fastapi import APIRouter, HTTPException
+from fastapi import APIRouter, HTTPException, status
 from sqlmodel import func, select
 
 from app.api.deps import CurrentUser, SessionDep
@@ -86,18 +86,18 @@ def read_team(session: SessionDep, current_user: CurrentUser, id: RowId) -> Any:
     """
     team = session.get(Team, id)
     if not team:
-        raise HTTPException(status_code=404, detail="Team not found")
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Team not found")
 
     event = session.get(Event, team.event_id)
     if not event:
-        raise HTTPException(status_code=404, detail="Event not found")
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Event not found")
 
     if not current_user.has_permissions(
             module=PermissionModule.TEAM,
             part=PermissionPart.ADMIN,
             rights=PermissionRight.READ,
     ) and not (event.user_has_rights(user=current_user, rights=PermissionRight.MANAGE_TEAMS)):
-        raise HTTPException(status_code=403, detail="Not enough permissions")
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions")
 
     return team
 
@@ -112,14 +112,14 @@ def create_team(
 
     event = session.get(Event, team_in.event_id)
     if not event:
-        raise HTTPException(status_code=404, detail="Event not found")
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Event not found")
 
     if not current_user.has_permissions(
         module=PermissionModule.TEAM,
         part=PermissionPart.ADMIN,
         rights=PermissionRight.UPDATE,
     ) and not (event.user_has_rights(user=current_user, rights=PermissionRight.MANAGE_TEAMS)):
-        raise HTTPException(status_code=403, detail="Not enough permissions")
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions")
 
     team = Team.create(create_obj=team_in, session=session)
     return team
@@ -134,32 +134,32 @@ def update_team(
     """
     team = session.get(Team, id)
     if not team:
-        raise HTTPException(status_code=404, detail="Team not found")
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Team not found")
 
     # Check user's permissions for the existing event
     event = session.get(Event, team.event_id)
     if not event:
-        raise HTTPException(status_code=404, detail="Event not found")
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Event not found")
 
     if not current_user.has_permissions(
         module=PermissionModule.TEAM,
         part=PermissionPart.ADMIN,
         rights=PermissionRight.UPDATE,
     ) and not (event.user_has_rights(user=current_user, rights=PermissionRight.MANAGE_TEAMS)):
-        raise HTTPException(status_code=403, detail="Not enough permissions")
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions")
 
     # Check rights for the new event data
     if team_in.event_id:
         event = session.get(Event, team_in.event_id)
         if not event:
-            raise HTTPException(status_code=404, detail="New event not found")
+            raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="New event not found")
 
         if not current_user.has_permissions(
                 module=PermissionModule.TEAM,
                 part=PermissionPart.ADMIN,
                 rights=PermissionRight.UPDATE,
         ) and not (event.user_has_rights(user=current_user, rights=PermissionRight.MANAGE_TEAMS)):
-            raise HTTPException(status_code=403, detail="Not enough permissions")
+            raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions")
 
     # Update the team
     team = Team.update(db_obj=team, in_obj=team_in, session=session)
@@ -173,18 +173,18 @@ def delete_team(session: SessionDep,current_user: CurrentUser, id: RowId) -> Mes
     """
     team = session.get(Team, id)
     if not team:
-        raise HTTPException(status_code=404, detail="Team not found")
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Team not found")
 
     event = session.get(Event, team.event_id)
     if not event:
-        raise HTTPException(status_code=404, detail="Event not found")
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Event not found")
 
     if not current_user.has_permissions(
         module=PermissionModule.TEAM,
         part=PermissionPart.ADMIN,
         rights=PermissionRight.DELETE,
     ) and not (event.user_has_rights(user=current_user, rights=PermissionRight.MANAGE_TEAMS)):
-        raise HTTPException(status_code=403, detail="Not enough permissions")
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Not enough permissions")
 
     session.delete(team)
     session.commit()

backend/app/api/routes/users.py

@@ -1,7 +1,7 @@
 import uuid
 from typing import Any
 
-from fastapi import APIRouter, Depends, HTTPException
+from fastapi import APIRouter, Depends, HTTPException, status
 from sqlmodel import func, select
 
 from app.api.deps import (
@@ -66,7 +66,7 @@ def create_user(*, session: SessionDep, user_in: UserCreate) -> Any:
     user = User.get_by_email(session=session, email=user_in.email)
     if user:
         raise HTTPException(
-            status_code=400,
+            status_code=status.HTTP_400_BAD_REQUEST,
             detail="The user with this email already exists in the system.",
         )
 
@@ -95,7 +95,7 @@ def update_user_me(
         existing_user = User.get_by_email(session=session, email=user_in.email)
         if existing_user and existing_user.id != current_user.id:
             raise HTTPException(
-                status_code=409, detail="User with this email already exists"
+                status_code=status.HTTP_409_CONFLICT, detail="User with this email already exists"
             )
     user_data = user_in.model_dump(exclude_unset=True)
     current_user.sqlmodel_update(user_data)
@@ -113,10 +113,10 @@ def update_password_me(
     Update own password.
     """
     if not verify_password(body.current_password, current_user.hashed_password):
-        raise HTTPException(status_code=400, detail="Incorrect password")
+        raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST, detail="Incorrect password")
     if body.current_password == body.new_password:
         raise HTTPException(
-            status_code=400, detail="New password cannot be the same as the current one"
+            status_code=status.HTTP_400_BAD_REQUEST, detail="New password cannot be the same as the current one"
         )
     hashed_password = get_password_hash(body.new_password)
     current_user.hashed_password = hashed_password
@@ -184,7 +184,7 @@ def delete_apikey_me(
             session.commit()
             return Message(message="Api key deleted successfully")
 
-    raise HTTPException(status_code=404, detail="API key not found")
+    raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="API key not found")
 
 
 @router.get("/me", response_model=UserPublic)
@@ -206,7 +206,7 @@ def delete_user_me(session: SessionDep, current_user: CurrentUser) -> Any:
         rights=PermissionRight.DELETE,
     ):
         raise HTTPException(
-            status_code=403, detail="Super users are not allowed to delete themselves"
+            status_code=status.HTTP_403_FORBIDDEN, detail="Super users are not allowed to delete themselves"
         )
     session.delete(current_user)
     session.commit()
@@ -221,7 +221,7 @@ def register_user(session: SessionDep, user_in: UserRegister) -> Any:
     user = User.get_by_email(session=session, email=user_in.email)
     if user:
         raise HTTPException(
-            status_code=400,
+            status_code=status.HTTP_400_BAD_REQUEST,
             detail="The user with this email already exists in the system",
         )
     user_create = UserCreate.model_validate(user_in)
@@ -245,7 +245,7 @@ def read_user_by_id(
         rights=PermissionRight.READ,
     ):
         raise HTTPException(
-            status_code=403,
+            status_code=status.HTTP_403_FORBIDDEN,
             detail="The user doesn't have enough privileges",
         )
     return user
@@ -269,14 +269,14 @@ def update_user(
     db_user = session.get(User, user_id)
     if not db_user:
         raise HTTPException(
-            status_code=404,
+            status_code=status.HTTP_404_NOT_FOUND,
             detail="The user with this id does not exist in the system",
         )
     if user_in.email:
         existing_user = User.get_by_email(session=session, email=user_in.email)
         if existing_user and existing_user.id != user_id:
             raise HTTPException(
-                status_code=409, detail="User with this email already exists"
+                status_code=status.HTTP_409_CONFLICT, detail="User with this email already exists"
             )
 
     db_user = User.update(session=session, db_obj=db_user, in_obj=user_in)
@@ -292,10 +292,10 @@ def delete_user(
     """
     user = session.get(User, user_id)
     if not user:
-        raise HTTPException(status_code=404, detail="User not found")
+        raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="User not found")
     if user == current_user:
         raise HTTPException(
-            status_code=403, detail="Super users are not allowed to delete themselves"
+            status_code=status.HTTP_403_FORBIDDEN, detail="Super users are not allowed to delete themselves"
         )
     # statement = delete(Item).where(col(Item.owner_id) == user_id)
     # session.exec(statement)  # type: ignore

backend/app/api/routes/utils.py

@@ -1,4 +1,4 @@
-from fastapi import APIRouter, Depends
+from fastapi import APIRouter, Depends, status
 from pydantic.networks import EmailStr
 
 from app.api.deps import get_current_system_admin
@@ -11,7 +11,7 @@ router = APIRouter(prefix="/utils", tags=[ApiTags.UTILS])
 @router.post(
     "/test-email/",
     dependencies=[Depends(get_current_system_admin)],
-    status_code=201,
+    status_code=status.HTTP_201_CREATED,
 )
 def test_email(email_to: EmailStr) -> Message:
     """

backend/app/tests/api/routes/test_events.py

@@ -1,6 +1,7 @@
 import uuid
 
 import pytest
+from fastapi import status
 from fastapi.testclient import TestClient
 from sqlmodel import Session
 
@@ -22,7 +23,7 @@ def test_create_event(client: TestClient, superuser_token_headers: dict[str, str
         headers=superuser_token_headers,
         json=data,
     )
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     content = response.json()
     assert content["name"] == data["name"]
     assert content["contact"] == data["contact"]
@@ -43,7 +44,7 @@ def test_create_event_no_permission(client: TestClient, normal_user_token_header
         headers=normal_user_token_headers,
         json=data,
     )
-    assert response.status_code == 403
+    assert response.status_code == status.HTTP_403_FORBIDDEN
     assert response.json()["detail"] == "Not enough permissions"
 
 
@@ -56,7 +57,7 @@ def test_read_event(
         f"{settings.API_V1_STR}/events/{event.id}",
         headers=superuser_token_headers,
     )
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     content = response.json()
     assert content["name"] == event.name
     assert content["contact"] == event.contact
@@ -73,7 +74,7 @@ def test_read_event_not_found(
         f"{settings.API_V1_STR}/events/{uuid.uuid4()}",
         headers=superuser_token_headers,
     )
-    assert response.status_code == 404
+    assert response.status_code == status.HTTP_404_NOT_FOUND
     assert response.json()["detail"] == "Event not found"
 
 
@@ -85,7 +86,7 @@ def test_read_event_not_enough_permissions(
         f"{settings.API_V1_STR}/events/{event.id}",
         headers=normal_user_token_headers,
     )
-    assert response.status_code == 403
+    assert response.status_code == status.HTTP_403_FORBIDDEN
     assert response.json()["detail"] == "Not enough permissions"
 
 
@@ -97,7 +98,7 @@ def test_read_event_with_event_user(
         f"{settings.API_V1_STR}/events/{event.id}",
         headers=event_user_token_headers.headers,
     )
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     content = response.json()
     assert content["name"] == event.name
     assert content["contact"] == event.contact
@@ -116,7 +117,7 @@ def test_read_events(
         f"{settings.API_V1_STR}/events/",
         headers=superuser_token_headers,
     )
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     content = response.json()
     assert "count" in content
     assert content["count"] >= 2
@@ -136,7 +137,7 @@ def test_read_events_with_event_user(
         f"{settings.API_V1_STR}/events/",
         headers=authentication_token_from_user(db=db, user=user, client=client),
     )
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     content = response.json()
     assert "count" in content
     assert content["count"] == 1
@@ -158,7 +159,7 @@ def test_update_event(
         headers=superuser_token_headers,
         json=data,
     )
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     content = response.json()
     assert content["name"] == data["name"]
     assert content["contact"] == data["contact"]
@@ -177,7 +178,7 @@ def test_update_event_not_found(
         headers=superuser_token_headers,
         json=data,
     )
-    assert response.status_code == 404
+    assert response.status_code == status.HTTP_404_NOT_FOUND
     assert response.json()["detail"] == "Event not found"
 
 
@@ -191,7 +192,7 @@ def test_update_event_not_enough_permissions(
         headers=normal_user_token_headers,
         json=data,
     )
-    assert response.status_code == 403
+    assert response.status_code == status.HTTP_403_FORBIDDEN
     assert response.json()["detail"] == "Not enough permissions"
 
 
@@ -208,7 +209,7 @@ def test_update_event_with_eventuser(
         headers=event_user_token_headers.headers,
         json=data,
     )
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     content = response.json()
     assert content["name"] == data["name"]
     assert content["contact"] == data["contact"]
@@ -226,7 +227,7 @@ def test_delete_event(
         f"{settings.API_V1_STR}/events/{event.id}",
         headers=superuser_token_headers,
     )
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     assert response.json()["message"] == "Event deleted successfully"
 
 
@@ -237,7 +238,7 @@ def test_delete_event_not_found(
         f"{settings.API_V1_STR}/events/{uuid.uuid4()}",
         headers=superuser_token_headers,
     )
-    assert response.status_code == 404
+    assert response.status_code == status.HTTP_404_NOT_FOUND
     content = response.json()
     assert content["detail"] == "Event not found"
 
@@ -250,7 +251,7 @@ def test_delete_event_not_enough_permissions(
         f"{settings.API_V1_STR}/events/{event.id}",
         headers=normal_user_token_headers,
     )
-    assert response.status_code == 403
+    assert response.status_code == status.HTTP_403_FORBIDDEN
     assert response.json()["detail"] == "Not enough permissions"
 
 
@@ -265,7 +266,7 @@ def test_delete_event_admin_user(
         f"{settings.API_V1_STR}/events/{event.id}",
         headers=authentication_token_from_user(db=db, user=user, client=client),
     )
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     content = response.json()
     assert content["message"] == "Event deleted successfully"
 
@@ -280,7 +281,7 @@ def test_delete_event_not_enough_permissions_for_this_event(
         f"{settings.API_V1_STR}/events/{event.id}",
         headers=authentication_token_from_user(db=db, user=user, client=client),
     )
-    assert response.status_code == 403
+    assert response.status_code == status.HTTP_403_FORBIDDEN
     assert response.json()["detail"] == "Not enough permissions"
 
 
@@ -295,7 +296,7 @@ def test_delete_event_event_user_read_only_rights(
         f"{settings.API_V1_STR}/events/{event.id}",
         headers=authentication_token_from_user(db=db, user=user, client=client),
     )
-    assert response.status_code == 403
+    assert response.status_code == status.HTTP_403_FORBIDDEN
     assert response.json()["detail"] == "Not enough permissions"
 
 
@@ -312,7 +313,7 @@ def test_read_all_event_users(
         f"{settings.API_V1_STR}/events/{event.id}/users",
         headers=superuser_token_headers,
     )
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     content = response.json()
     assert "count" in content
     assert content["count"] == 2
@@ -330,7 +331,7 @@ def test_read_all_event_users_no_permission(
         f"{settings.API_V1_STR}/events/{event.id}/users",
         headers=normal_user_token_headers,
     )
-    assert response.status_code == 403
+    assert response.status_code == status.HTTP_403_FORBIDDEN
     assert response.json()["detail"] == "Not enough permissions"
 
 
@@ -345,7 +346,7 @@ def test_read_all_event_users_with_event_user(
         f"{settings.API_V1_STR}/events/{event.id}/users",
         headers=authentication_token_from_user(db=db, user=user, client=client),
     )
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     content = response.json()
     assert "count" in content
     assert content["count"] == 1
@@ -365,7 +366,7 @@ def test_read_all_event_users_with_event_user_no_permission(
         f"{settings.API_V1_STR}/events/{event.id}/users",
         headers=authentication_token_from_user(db=db, user=user, client=client),
     )
-    assert response.status_code == 403
+    assert response.status_code == status.HTTP_403_FORBIDDEN
     assert response.json()["detail"] == "Not enough permissions"
 
 
@@ -376,7 +377,7 @@ def test_add_user_to_event_not_found(
         f"{settings.API_V1_STR}/events/{uuid.uuid4()}/users",
         headers=superuser_token_headers,
     )
-    assert response.status_code == 404
+    assert response.status_code == status.HTTP_404_NOT_FOUND
     assert response.json()["detail"] == "Event not found"
 
 
@@ -395,7 +396,7 @@ def test_add_user_to_event(
         headers=superuser_token_headers,
         json=data,
     )
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     content = response.json()
     assert "rights" in content
     assert content["rights"] == PermissionRight.READ
@@ -417,7 +418,7 @@ def test_add_user_to_event_event_not_found(
         headers=superuser_token_headers,
         json=data,
     )
-    assert response.status_code == 404
+    assert response.status_code == status.HTTP_404_NOT_FOUND
     assert response.json()["detail"] == "Event not found"
 
 
@@ -435,7 +436,7 @@ def test_add_user_to_event_user_not_found(
         headers=superuser_token_headers,
         json=data,
     )
-    assert response.status_code == 404
+    assert response.status_code == status.HTTP_404_NOT_FOUND
     assert response.json()["detail"] == "User not found"
 
 
@@ -455,7 +456,7 @@ def test_add_user_to_event_already_exists(
         headers=superuser_token_headers,
         json=data,
     )
-    assert response.status_code == 400
+    assert response.status_code == status.HTTP_400_BAD_REQUEST
     assert response.json()["detail"] == "User already part of this event"
 
 
@@ -474,7 +475,7 @@ def test_add_user_to_event_no_permissions(
         headers=normal_user_token_headers,
         json=data,
     )
-    assert response.status_code == 403
+    assert response.status_code == status.HTTP_403_FORBIDDEN
     assert response.json()["detail"] == "Not enough permissions"
 
 
@@ -493,7 +494,7 @@ def test_add_user_to_event_unknown_rights(
         headers=superuser_token_headers,
         json=data,
     )
-    assert response.status_code == 400
+    assert response.status_code == status.HTTP_400_BAD_REQUEST
     assert response.json()["detail"] == "Invalid permission rights"
 
 
@@ -516,7 +517,7 @@ def test_add_user_with_more_rights_than_current_user(
         headers=authentication_token_from_user(db=db, user=limited_user, client=client),
         json=data,
     )
-    assert response.status_code == 403
+    assert response.status_code == status.HTTP_403_FORBIDDEN
     assert response.json()["detail"] == "Not enough permissions"
 
 
@@ -536,7 +537,7 @@ def test_add_user_rights_combined(
         json=data,
     )
 
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     content = response.json()
     assert "rights" in content
     assert content["rights"] == data["rights"]
@@ -558,7 +559,7 @@ def test_update_user_inside_event(
         headers=superuser_token_headers,
         json=data,
     )
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     content = response.json()
     assert "rights" in content
     assert content["rights"] == data["rights"]
@@ -579,7 +580,7 @@ def test_update_event_user_event_not_found(
         headers=superuser_token_headers,
         json=data,
     )
-    assert response.status_code == 404
+    assert response.status_code == status.HTTP_404_NOT_FOUND
     assert response.json()["detail"] == "Event not found"
 
 
@@ -596,7 +597,7 @@ def test_update_event_user_user_not_found(
         headers=superuser_token_headers,
         json=data,
     )
-    assert response.status_code == 404
+    assert response.status_code == status.HTTP_404_NOT_FOUND
     assert response.json()["detail"] == "User not found"
 
 
@@ -615,7 +616,7 @@ def test_update_event_user_unknown_rights(
         headers=superuser_token_headers,
         json=data,
     )
-    assert response.status_code == 400
+    assert response.status_code == status.HTTP_400_BAD_REQUEST
     assert response.json()["detail"] == "Invalid permission rights"
 
 
@@ -634,7 +635,7 @@ def test_update_event_user_not_enough_permissions(
         headers=normal_user_token_headers,
         json=data,
     )
-    assert response.status_code == 403
+    assert response.status_code == status.HTTP_403_FORBIDDEN
     assert response.json()["detail"] == "Not enough permissions"
 
 
@@ -658,7 +659,7 @@ def test_update_event_user_with_event_user_same_event(
         headers=authentication_token_from_user(db=db, user=user1, client=client),
         json=data,
     )
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     content = response.json()
     assert content["rights"] == data["rights"]
     assert content["user_id"] == str(user2.id)
@@ -686,7 +687,7 @@ def test_update_event_user_from_other_event_forbidden(
         headers=authentication_token_from_user(db=db, user=user1, client=client),
         json=data,
     )
-    assert response.status_code == 403
+    assert response.status_code == status.HTTP_403_FORBIDDEN
     assert response.json()["detail"] == "Not enough permissions"
 
 
@@ -711,7 +712,7 @@ def test_update_event_user_from_other_event_thru_own_event(
         headers=authentication_token_from_user(db=db, user=user1, client=client),
         json=data,
     )
-    assert response.status_code == 404
+    assert response.status_code == status.HTTP_404_NOT_FOUND
     assert response.json()["detail"] == "User is not part of this event"
 
 
@@ -734,7 +735,7 @@ def test_update_user_rights_combined(
         json=data,
     )
 
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     content = response.json()
     assert "rights" in content
     assert content["rights"] == data["rights"]
@@ -754,7 +755,7 @@ def test_remove_user_from_event(
         headers=superuser_token_headers,
     )
 
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     assert response.json()["message"] == "User removed successfully"
     # assert not event.get_user_link(user)
 
@@ -771,7 +772,7 @@ def test_remove_user_from_event_event_not_found(
         headers=superuser_token_headers,
     )
 
-    assert response.status_code == 404
+    assert response.status_code == status.HTTP_404_NOT_FOUND
     assert response.json()["detail"] == "Event not found"
 
 
@@ -785,7 +786,7 @@ def test_remove_user_from_event_user_not_found(
         headers=superuser_token_headers,
     )
 
-    assert response.status_code == 404
+    assert response.status_code == status.HTTP_404_NOT_FOUND
     assert response.json()["detail"] == "User not found"
 
 
@@ -800,7 +801,7 @@ def test_remove_user_from_event_user_not_in_event(
         headers=superuser_token_headers,
     )
 
-    assert response.status_code == 404
+    assert response.status_code == status.HTTP_404_NOT_FOUND
     assert response.json()["detail"] == "User is not part of this event"
 
 
@@ -819,7 +820,7 @@ def test_remove_user_from_event_insufficient_permissions(
         headers=authentication_token_from_user(db=db, user=limited_user, client=client),
     )
 
-    assert response.status_code == 403
+    assert response.status_code == status.HTTP_403_FORBIDDEN
     assert response.json()["detail"] == "Not enough permissions"
 
 
@@ -835,5 +836,5 @@ def test_remove_own_user_from_event(
         headers=authentication_token_from_user(db=db, user=user, client=client),
     )
 
-    assert response.status_code == 403
+    assert response.status_code == status.HTTP_403_FORBIDDEN
     assert response.json()["detail"] == "Users are not allowed to delete themselves when they are not an super admin"

backend/app/tests/api/routes/test_login.py

@@ -1,5 +1,6 @@
 from unittest.mock import patch
 
+from fastapi import status
 from fastapi.testclient import TestClient
 from sqlmodel import Session
 
@@ -19,7 +20,7 @@ def test_get_access_token(client: TestClient) -> None:
     }
     r = client.post(f"{settings.API_V1_STR}/login/access-token", data=login_data)
     tokens = r.json()
-    assert r.status_code == 200
+    assert r.status_code == status.HTTP_200_OK
     assert "access_token" in tokens
     assert tokens["access_token"]
 
@@ -30,7 +31,7 @@ def test_get_access_token_incorrect_password(client: TestClient) -> None:
         "password": "incorrect",
     }
     r = client.post(f"{settings.API_V1_STR}/login/access-token", data=login_data)
-    assert r.status_code == 400
+    assert r.status_code == status.HTTP_400_BAD_REQUEST
 
 
 def test_use_access_token(
@@ -41,7 +42,7 @@ def test_use_access_token(
         headers=superuser_token_headers,
     )
     result = r.json()
-    assert r.status_code == 200
+    assert r.status_code == status.HTTP_200_OK
     assert "email" in result
 
 
@@ -60,7 +61,7 @@ def test_use_api_key(client: TestClient, db: Session) -> None:
 
     r = client.get(f"{settings.API_V1_STR}/login/api-key/{api_key.api_key}")
     tokens = r.json()
-    assert r.status_code == 200
+    assert r.status_code == status.HTTP_200_OK
     assert "access_token" in tokens
     assert tokens["access_token"]
 
@@ -79,7 +80,7 @@ def test_use_api_key_inactive(client: TestClient, db: Session) -> None:
     api_key = ApiKey.create(session=db, create_obj=create_obj)
 
     r = client.get(f"{settings.API_V1_STR}/login/api-key/{api_key.api_key}")
-    assert r.status_code == 400
+    assert r.status_code == status.HTTP_400_BAD_REQUEST
 
 
 def test_use_api_key_user_inactive(client: TestClient, db: Session) -> None:
@@ -101,7 +102,7 @@ def test_use_api_key_user_inactive(client: TestClient, db: Session) -> None:
     api_key = ApiKey.create(session=db, create_obj=create_obj)
 
     r = client.get(f"{settings.API_V1_STR}/login/api-key/{api_key.api_key}")
-    assert r.status_code == 400
+    assert r.status_code == status.HTTP_400_BAD_REQUEST
 
 
 def test_recovery_password(
@@ -116,7 +117,7 @@ def test_recovery_password(
             f"{settings.API_V1_STR}/password-recovery/{email}",
             headers=normal_user_token_headers,
         )
-        assert r.status_code == 200
+        assert r.status_code == status.HTTP_200_OK
         assert r.json() == {"message": "Password recovery email sent"}
 
 
@@ -129,7 +130,7 @@ def test_recovery_password_user_not_exits(
         headers=normal_user_token_headers,
     )
     assert (
-        r.status_code == 404
+        r.status_code == status.HTTP_404_NOT_FOUND
     )  # TODO: Fix testing and do not leak known emails with 404
 
 
@@ -155,7 +156,7 @@ def test_reset_password(client: TestClient, db: Session) -> None:
         json=data,
     )
 
-    assert r.status_code == 200
+    assert r.status_code == status.HTTP_200_OK
     assert r.json() == {"message": "Password updated successfully"}
 
     db.refresh(user)
@@ -174,5 +175,5 @@ def test_reset_password_invalid_token(
     response = r.json()
 
     assert "detail" in response
-    assert r.status_code == 400
+    assert r.status_code == status.HTTP_400_BAD_REQUEST
     assert response["detail"] == "Invalid token"

backend/app/tests/api/routes/test_private.py

@@ -1,3 +1,4 @@
+from fastapi import status
 from fastapi.testclient import TestClient
 from sqlmodel import Session, select
 
@@ -15,7 +16,7 @@ def test_create_user(client: TestClient, db: Session) -> None:
         },
     )
 
-    assert r.status_code == 200
+    assert r.status_code == status.HTTP_200_OK
 
     data = r.json()
 

backend/app/tests/api/routes/test_teams.py

@@ -1,5 +1,6 @@
 import uuid
 
+from fastapi import status
 from fastapi.testclient import TestClient
 from sqlmodel import Session
 
@@ -23,7 +24,7 @@ def test_create_team(client: TestClient, superuser_token_headers: dict[str, str]
         headers=superuser_token_headers,
         json=data,
     )
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     content = response.json()
     assert content["theme_name"] == data["theme_name"]
     assert content["event_id"] == str(event.id)
@@ -38,7 +39,7 @@ def test_create_team_without_event(client: TestClient, superuser_token_headers:
         headers=superuser_token_headers,
         json=data,
     )
-    assert response.status_code == 422
+    assert response.status_code == status.HTTP_422_UNPROCESSABLE_ENTITY
     assert response.json()["detail"][0]["loc"] == ["body", "event_id"]
 
 
@@ -52,7 +53,7 @@ def test_create_team_with_incorrect_event(client: TestClient, superuser_token_he
         headers=superuser_token_headers,
         json=data,
     )
-    assert response.status_code == 404
+    assert response.status_code == status.HTTP_404_NOT_FOUND
     assert response.json()["detail"] == "Event not found"
 
 def test_read_team(client: TestClient, superuser_token_headers: dict[str, str], db: Session) -> None:
@@ -61,7 +62,7 @@ def test_read_team(client: TestClient, superuser_token_headers: dict[str, str],
         f"{settings.API_V1_STR}/teams/{team.id}",
         headers=superuser_token_headers,
     )
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     content = response.json()
     assert content["id"] == str(team.id)
     assert content["theme_name"] == team.theme_name
@@ -72,7 +73,7 @@ def test_read_team_not_found(client: TestClient, superuser_token_headers: dict[s
         f"{settings.API_V1_STR}/teams/{uuid.uuid4()}",
         headers=superuser_token_headers,
     )
-    assert response.status_code == 404
+    assert response.status_code == status.HTTP_404_NOT_FOUND
     assert response.json()["detail"] == "Team not found"
 
 
@@ -82,7 +83,7 @@ def test_read_event_not_enough_permissions(client: TestClient, normal_user_token
         f"{settings.API_V1_STR}/teams/{team.id}",
         headers=normal_user_token_headers,
     )
-    assert response.status_code == 403
+    assert response.status_code == status.HTTP_403_FORBIDDEN
     assert response.json()["detail"] == "Not enough permissions"
 
 
@@ -94,7 +95,7 @@ def test_read_team_with_event_user(client: TestClient, event_user_token_headers:
         headers=event_user_token_headers.headers,
     )
 
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     content = response.json()
     assert content["id"] == str(team.id)
     assert content["theme_name"] == team.theme_name
@@ -108,7 +109,7 @@ def test_read_teams(client: TestClient, superuser_token_headers: dict[str, str],
         f"{settings.API_V1_STR}/teams/",
         headers=superuser_token_headers,
     )
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     content = response.json()
     assert "count" in content
     assert content["count"] >= 2
@@ -124,7 +125,7 @@ def test_read_teams_with_normal_user(client: TestClient, normal_user_token_heade
         f"{settings.API_V1_STR}/teams/",
         headers=normal_user_token_headers,
     )
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     content = response.json()
     assert "count" in content
     assert content["count"] == 0
@@ -144,7 +145,7 @@ def test_read_teams_with_event_user_readonly(client: TestClient, db: Session) ->
         headers=authentication_token_from_user(db=db, user=user, client=client),
     )
 
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     content = response.json()
     assert "count" in content
     assert content["count"] == 1
@@ -164,7 +165,7 @@ def test_read_teams_with_event_user_team_manager(client: TestClient, db: Session
         headers=authentication_token_from_user(db=db, user=user, client=client),
     )
 
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     content = response.json()
     assert "count" in content
     assert content["count"] == 1
@@ -181,7 +182,7 @@ def test_update_team_name(client: TestClient, superuser_token_headers: dict[str,
         headers=superuser_token_headers,
         json=data,
     )
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     content = response.json()
     assert content["id"] == str(team.id)
     assert content["theme_name"] == data["theme_name"]
@@ -195,7 +196,7 @@ def test_update_team_not_found(client: TestClient, superuser_token_headers: dict
         headers=superuser_token_headers,
         json=data,
     )
-    assert response.status_code == 404
+    assert response.status_code == status.HTTP_404_NOT_FOUND
     assert response.json()["detail"] == "Team not found"
 
 
@@ -207,7 +208,7 @@ def test_update_team_not_enough_permissions(client: TestClient, normal_user_toke
         headers=normal_user_token_headers,
         json=data,
     )
-    assert response.status_code == 403
+    assert response.status_code == status.HTTP_403_FORBIDDEN
     assert response.json()["detail"] == "Not enough permissions"
 
 
@@ -219,7 +220,7 @@ def test_update_team_name_with_event_permissions(client: TestClient, event_user_
         headers=event_user_token_headers.headers,
         json=data,
     )
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     content = response.json()
     assert content["id"] == str(team.id)
     assert content["theme_name"] == data["theme_name"]
@@ -236,7 +237,7 @@ def test_update_team_event(client: TestClient, superuser_token_headers: dict[str
         headers=superuser_token_headers,
         json=data,
     )
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     content = response.json()
     assert content["id"] == str(team.id)
     assert content["theme_name"] == team.theme_name
@@ -252,7 +253,7 @@ def test_update_team_event_not_found(client: TestClient, superuser_token_headers
         headers=superuser_token_headers,
         json=data,
     )
-    assert response.status_code == 404
+    assert response.status_code == status.HTTP_404_NOT_FOUND
     assert response.json()["detail"] == "New event not found"
 
 
@@ -269,7 +270,7 @@ def test_update_team_event_with_event_user(client: TestClient, event_user_token_
         json=data,
     )
 
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     content = response.json()
     assert content["id"] == str(team.id)
     assert content["theme_name"] == team.theme_name
@@ -288,7 +289,7 @@ def test_update_team_event_with_event_user_not_enough_permissions(client: TestCl
         json=data,
     )
 
-    assert response.status_code == 403
+    assert response.status_code == status.HTTP_403_FORBIDDEN
     assert response.json()["detail"] == "Not enough permissions"
 
 
@@ -298,7 +299,7 @@ def test_delete_team(client: TestClient, superuser_token_headers: dict[str, str]
         f"{settings.API_V1_STR}/teams/{team.id}",
         headers=superuser_token_headers,
     )
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     assert response.json()["message"] == "Team deleted successfully"
 
 
@@ -307,7 +308,7 @@ def test_delete_team_not_found(client: TestClient, superuser_token_headers: dict
         f"{settings.API_V1_STR}/teams/{uuid.uuid4()}",
         headers=superuser_token_headers,
     )
-    assert response.status_code == 404
+    assert response.status_code == status.HTTP_404_NOT_FOUND
     assert response.json()["detail"] == "Team not found"
 
 
@@ -317,7 +318,7 @@ def test_delete_not_enough_permissions(client: TestClient, normal_user_token_hea
         f"{settings.API_V1_STR}/teams/{team.id}",
         headers=normal_user_token_headers,
     )
-    assert response.status_code == 403
+    assert response.status_code == status.HTTP_403_FORBIDDEN
     assert response.json()["detail"] == "Not enough permissions"
 
 
@@ -327,5 +328,5 @@ def test_delete_team_with_event_user(client: TestClient, event_user_token_header
         f"{settings.API_V1_STR}/teams/{team.id}",
         headers=event_user_token_headers.headers,
     )
-    assert response.status_code == 200
+    assert response.status_code == status.HTTP_200_OK
     assert response.json()["message"] == "Team deleted successfully"

backend/app/tests/api/routes/test_users.py

@@ -1,6 +1,7 @@
 import uuid
 from unittest.mock import patch
 
+from fastapi import status
 from fastapi.testclient import TestClient
 from sqlmodel import Session, select
 
@@ -48,7 +49,7 @@ def test_create_user_new_email(
             headers=superuser_token_headers,
             json=data,
         )
-        assert 200 <= r.status_code < 300
+        assert status.HTTP_200_OK <= r.status_code < 300
         created_user = r.json()
         user = User.get_by_email(session=db, email=username)
         assert user
@@ -67,7 +68,7 @@ def test_get_existing_user(
         f"{settings.API_V1_STR}/users/{user_id}",
         headers=superuser_token_headers,
     )
-    assert 200 <= r.status_code < 300
+    assert status.HTTP_200_OK <= r.status_code < 300
     api_user = r.json()
     existing_user = User.get_by_email(session=db, email=username)
     assert existing_user
@@ -94,7 +95,7 @@ def test_get_existing_user_current_user(client: TestClient, db: Session) -> None
         f"{settings.API_V1_STR}/users/{user_id}",
         headers=headers,
     )
-    assert 200 <= r.status_code < 300
+    assert status.HTTP_200_OK <= r.status_code < 300
     api_user = r.json()
     existing_user = User.get_by_email(session=db, email=username)
     assert existing_user
@@ -108,7 +109,7 @@ def test_get_existing_user_permissions_error(
         f"{settings.API_V1_STR}/users/{uuid.uuid4()}",
         headers=normal_user_token_headers,
     )
-    assert r.status_code == 403
+    assert r.status_code == status.HTTP_403_FORBIDDEN
     assert r.json() == {"detail": "The user doesn't have enough privileges"}
 
 
@@ -127,7 +128,7 @@ def test_create_user_existing_username(
         json=data,
     )
     created_user = r.json()
-    assert r.status_code == 400
+    assert r.status_code == status.HTTP_400_BAD_REQUEST
     assert "_id" not in created_user
 
 
@@ -142,7 +143,7 @@ def test_create_user_by_normal_user(
         headers=normal_user_token_headers,
         json=data,
     )
-    assert r.status_code == 403
+    assert r.status_code == status.HTTP_403_FORBIDDEN
 
 
 def test_retrieve_users(
@@ -179,7 +180,7 @@ def test_update_user_me(
         headers=normal_user_token_headers,
         json=data,
     )
-    assert r.status_code == 200
+    assert r.status_code == status.HTTP_200_OK
     updated_user = r.json()
     assert updated_user["email"] == email
     assert updated_user["full_name"] == full_name
@@ -204,7 +205,7 @@ def test_update_password_me(
         headers=superuser_token_headers,
         json=data,
     )
-    assert r.status_code == 200
+    assert r.status_code == status.HTTP_200_OK
     updated_user = r.json()
     assert updated_user["message"] == "Password updated successfully"
 
@@ -226,7 +227,7 @@ def test_update_password_me(
     )
     db.refresh(user_db)
 
-    assert r.status_code == 200
+    assert r.status_code == status.HTTP_200_OK
     assert verify_password(settings.FIRST_SUPERUSER_PASSWORD, user_db.hashed_password)
 
 
@@ -239,7 +240,7 @@ def test_generate_api_key_me(
         headers=superuser_token_headers,
         json=data,
     )
-    assert r.status_code == 200
+    assert r.status_code == status.HTTP_200_OK
     api_key = r.json()
     assert "api_key" in api_key
     assert api_key["name"] == data["name"]
@@ -265,7 +266,7 @@ def test_update_password_me_incorrect_password(
         headers=superuser_token_headers,
         json=data,
     )
-    assert r.status_code == 400
+    assert r.status_code == status.HTTP_400_BAD_REQUEST
     updated_user = r.json()
     assert updated_user["detail"] == "Incorrect password"
 
@@ -284,7 +285,7 @@ def test_update_user_me_email_exists(
         headers=normal_user_token_headers,
         json=data,
     )
-    assert r.status_code == 409
+    assert r.status_code == status.HTTP_409_CONFLICT
     assert r.json()["detail"] == "User with this email already exists"
 
 
@@ -300,7 +301,7 @@ def test_update_password_me_same_password_error(
         headers=superuser_token_headers,
         json=data,
     )
-    assert r.status_code == 400
+    assert r.status_code == status.HTTP_400_BAD_REQUEST
     updated_user = r.json()
     assert (
         updated_user["detail"] == "New password cannot be the same as the current one"
@@ -316,7 +317,7 @@ def test_register_user(client: TestClient, db: Session) -> None:
         f"{settings.API_V1_STR}/users/signup",
         json=data,
     )
-    assert r.status_code == 200
+    assert r.status_code == status.HTTP_200_OK
     created_user = r.json()
     assert created_user["email"] == username
     assert created_user["full_name"] == full_name
@@ -341,7 +342,7 @@ def test_register_user_already_exists_error(client: TestClient) -> None:
         f"{settings.API_V1_STR}/users/signup",
         json=data,
     )
-    assert r.status_code == 400
+    assert r.status_code == status.HTTP_400_BAD_REQUEST
     assert r.json()["detail"] == "The user with this email already exists in the system"
 
 
@@ -359,7 +360,7 @@ def test_update_user(
         headers=superuser_token_headers,
         json=data,
     )
-    assert r.status_code == 200
+    assert r.status_code == status.HTTP_200_OK
     updated_user = r.json()
 
     assert updated_user["full_name"] == "Updated_full_name"
@@ -380,7 +381,7 @@ def test_update_user_not_exists(
         headers=superuser_token_headers,
         json=data,
     )
-    assert r.status_code == 404
+    assert r.status_code == status.HTTP_404_NOT_FOUND
     assert r.json()["detail"] == "The user with this id does not exist in the system"
 
 
@@ -403,7 +404,7 @@ def test_update_user_email_exists(
         headers=superuser_token_headers,
         json=data,
     )
-    assert r.status_code == 409
+    assert r.status_code == status.HTTP_409_CONFLICT
     assert r.json()["detail"] == "User with this email already exists"
 
 
@@ -427,7 +428,7 @@ def test_delete_user_me(client: TestClient, db: Session) -> None:
         f"{settings.API_V1_STR}/users/me",
         headers=headers,
     )
-    assert r.status_code == 200
+    assert r.status_code == status.HTTP_200_OK
     deleted_user = r.json()
     assert deleted_user["message"] == "User deleted successfully"
     result = db.exec(select(User).where(User.id == user_id)).first()
@@ -445,7 +446,7 @@ def test_delete_user_me_as_superuser(
         f"{settings.API_V1_STR}/users/me",
         headers=superuser_token_headers,
     )
-    assert r.status_code == 403
+    assert r.status_code == status.HTTP_403_FORBIDDEN
     response = r.json()
     assert response["detail"] == "Super users are not allowed to delete themselves"
 
@@ -462,7 +463,7 @@ def test_delete_user_super_user(
         f"{settings.API_V1_STR}/users/{user_id}",
         headers=superuser_token_headers,
     )
-    assert r.status_code == 200
+    assert r.status_code == status.HTTP_200_OK
     deleted_user = r.json()
     assert deleted_user["message"] == "User deleted successfully"
     result = db.exec(select(User).where(User.id == user_id)).first()
@@ -476,7 +477,7 @@ def test_delete_user_not_found(
         f"{settings.API_V1_STR}/users/{uuid.uuid4()}",
         headers=superuser_token_headers,
     )
-    assert r.status_code == 404
+    assert r.status_code == status.HTTP_404_NOT_FOUND
     assert r.json()["detail"] == "User not found"
 
 
@@ -491,7 +492,7 @@ def test_delete_user_current_super_user_error(
         f"{settings.API_V1_STR}/users/{user_id}",
         headers=superuser_token_headers,
     )
-    assert r.status_code == 403
+    assert r.status_code == status.HTTP_403_FORBIDDEN
     assert r.json()["detail"] == "Super users are not allowed to delete themselves"
 
 
@@ -507,5 +508,5 @@ def test_delete_user_without_privileges(
         f"{settings.API_V1_STR}/users/{user.id}",
         headers=normal_user_token_headers,
     )
-    assert r.status_code == 403
+    assert r.status_code == status.HTTP_403_FORBIDDEN
     assert r.json()["detail"] == "The user doesn't have enough privileges"