Coverage for backend/tests/routers/test

1"""

2This module contains a set of test functions to validate the functionality of user creation, user login,

3and authentication workflows in the application. These tests ensure that the API endpoints for user-related

4operations behave as expected under various scenarios, including successful requests and erroneous cases.

5"""

7from fastapi import status

9from app import schemas, models

12class TestUser:

14 # ------------------------------------------------------- GET ------------------------------------------------------

16 def test_get_all_users_admin(self, authorised_clients, test_users) -> None:

17 """Test getting all users."""

19 response = authorised_clients[0].get("/users")

20 assert response.status_code == status.HTTP_200_OK

21 assert len(response.json()) == len(test_users)

23 def test_get_all_users_non_admin(self, authorised_clients, test_users) -> None:

24 """Test getting all users."""

26 response = authorised_clients[1].get("/users")

27 assert response.status_code == status.HTTP_403_FORBIDDEN

29 def test_get_all_users_unauthorised(self, client, test_users) -> None:

30 """Test getting all users."""

32 response = client.get("/users")

33 assert response.status_code == status.HTTP_401_UNAUTHORIZED

35 # ----------------------------------------------------- GET ME -----------------------------------------------------

37 def test_get_current_user_profile_success(self, authorised_clients, test_users) -> None:

38 """Test successfully getting current user profile."""

40 # Admin

41 response = authorised_clients[0].get("/users/me")

42 assert test_users[0].email == response.json()["email"]

44 # Non-admin

45 response = authorised_clients[1].get("/users/me")

46 assert test_users[1].email == response.json()["email"]

48 # ----------------------------------------------------- GET ID -----------------------------------------------------

50 def test_get_user_by_id(self, authorised_clients, test_users) -> None:

51 """Test successfully getting user by ID."""

53 response = authorised_clients[0].get("/users/1")

54 assert response.status_code == status.HTTP_200_OK

55 assert response.json()["email"] == test_users[0].email

57 def test_get_user_by_id_non_admin(self, authorised_clients, test_users) -> None:

58 """Test getting user by ID without admin privileges."""

60 response = authorised_clients[1].get("/users/1")

61 assert response.status_code == status.HTTP_403_FORBIDDEN

63 def test_get_user_by_id_unauthorised(self, client, test_users) -> None:

64 """Test getting user by ID without authentication."""

66 response = client.get("/users/1")

67 assert response.status_code == status.HTTP_401_UNAUTHORIZED

69 def test_get_user_by_id_not_found(self, authorised_clients) -> None:

70 """Test getting user by ID that does not exist."""

72 response = authorised_clients[0].get(f"/users/{len(authorised_clients) + 1}")

73 assert response.status_code == status.HTTP_404_NOT_FOUND

75 # --------------------------------------------------- PUT (ADMIN) --------------------------------------------------

77 @staticmethod

78 def get_user(user_id, session) -> models.User:

79 """Helper method to get a user by ID."""

81 return session.query(models.User).filter(models.User.id == user_id).first()

83 def test_update_same_user_admin(self, authorised_clients, test_users, session) -> None:

84 """Test successfully updating a different user profile.

85 The user password is not needed"""

87 update_data = {"email": "newemail@example.com"}

88 test_user = test_users[0]

89 response = authorised_clients[0].put(f"/users/{test_user.id}", json=update_data)

90 assert response.status_code == 200

91 assert self.get_user(test_user.id, session).email == update_data["email"]

93 def test_update_different_user_admin(self, authorised_clients, test_users, session) -> None:

94 """Test successfully updating a different user profile.

95 The user password is not needed"""

97 update_data = {"email": "newemail1@example.com"}

98 test_user = test_users[1]

99 response = authorised_clients[0].put(f"/users/{test_user.id}", json=update_data)

100 assert response.status_code == 200

101 assert self.get_user(test_user.id, session).email == update_data["email"]

102

103 def test_update_different_user_admin_existing(self, authorised_clients, test_users, session) -> None:

104 """Test successfully updating a different user profile.

105 The user password is not needed"""

106

107 update_data = {"email": test_users[1].email}

108 response = authorised_clients[0].put(f"/users/{test_users[0].id}", json=update_data)

109 assert response.status_code == 400

110

111 def test_update_different_user_admin_incorrect(self, authorised_clients, test_users, session) -> None:

112 """Test successfully updating a different user profile.

113 The user password is not needed"""

114

115 update_data = {"email": "ff"}

116 response = authorised_clients[0].put(f"/users/{test_users[0].id}", json=update_data)

117 assert response.status_code == 422

118

119 # ------------------------------------------------- PUT (NON ADMIN) ------------------------------------------------

120

121 def test_update_same_user_non_admin(self, authorised_clients, test_users, session) -> None:

122 """Test updating a different user profile without admin privileges.

123 Require password"""

124

125 test_user = test_users[1]

126 update_data = {"email": "newemail@example.com", "current_password": test_user.password}

127 response = authorised_clients[1].put(f"/users/{test_user.id}", json=update_data)

128 assert response.status_code == 403

129

130 def test_update_different_user_non_admin(self, authorised_clients, test_users, session) -> None:

131 """Test updating a different user profile without admin privileges.

132 Require password"""

133

134 test_user = test_users[1]

135 update_data = {"email": "newemail1@example.com", "current_password": test_user.password}

136 test_user = test_users[0]

137 response = authorised_clients[1].put(f"/users/{test_user.id}", json=update_data)

138 assert response.status_code == 403

139

140 def test_update_me_user_non_admin(self, authorised_clients, test_users, session) -> None:

141 """Test updating a different user profile without admin privileges.

142 Require password"""

143

144 test_user = test_users[1]

145 update_data = {"email": "newemail@example.com", "current_password": test_user.password}

146 response = authorised_clients[1].put(f"/users/me", json=update_data)

147 assert response.status_code == 200

148 assert self.get_user(test_user.id, session).email == update_data["email"]

149

150 def test_update_nopassword_user_non_admin(self, authorised_clients, test_users, session) -> None:

151 """Test updating a different user profile without admin privileges.

152 Require password"""

153

154 test_user = test_users[1]

155 update_data = {"email": "newemail@example.com"}

156 response = authorised_clients[1].put(f"/users/{test_user.id}", json=update_data)

157 assert response.status_code == 403

158

159 def test_update_different_user_non_admin_existing(self, authorised_clients, test_users, session) -> None:

160 """Test updating a different user profile without admin privileges.

161 Require password"""

162

163 test_user = test_users[1]

164 update_data = {"email": test_users[0].email, "current_password": test_user.password}

165 response = authorised_clients[1].put(f"/users/{test_user.id}", json=update_data)

166 assert response.status_code == 403

167

168 def test_update_different_user_non_admin_incorrect(self, authorised_clients, test_users, session) -> None:

169 """Test updating a different user profile without admin privileges.

170 Require password"""

171

172 test_user = test_users[1]

173 update_data = {"email": "ff", "current_password": test_user.password}

174 response = authorised_clients[1].put(f"/users/{test_user.id}", json=update_data)

175 assert response.status_code == 422

176

177 def test_update_user_noemail(self, authorised_clients, test_users, session) -> None:

178 """Test updating a different user profile without admin privileges.

179 Require password"""

180

181 test_user = test_users[1]

182 update_data = {"current_password": test_user.password, "new_password": "newpassword1"}

183 response = authorised_clients[1].put(f"/users/{test_user.id}", json=update_data)

184 assert response.status_code == 403

185

186 # ----------------------------------------------- PUT (UNAUTHORISED) -----------------------------------------------

187

188 def test_update_user_unauthorised(self, client) -> None:

189 """Test updating current user profile without authentication."""

190

191 update_data = {"email": "newemail@example.com"}

192 response = client.put(f"/users/0", json=update_data)

193 assert response.status_code == 401

194

195 update_data = {"email": "newemail@example.com"}

196 response = client.put(f"/users/me", json=update_data)

197 assert response.status_code == 401

198

199 # ------------------------------------------------------ POST ------------------------------------------------------

200

201 def test_create_user(self, client) -> None:

202 """Test creating a new user."""

203

204 user_data = {

205 "email": "test_user@email.com",

206 "password": "test_password",

207 }

208 response = client.post("/users", json=user_data)

209 new_user = schemas.UserOut(**response.json())

210 assert new_user.email == user_data["email"]

211 assert response.status_code == status.HTTP_201_CREATED

212

213 def test_create_user_limited(self, client, test_settings) -> None:

214 """Test creating a new user when registration is limited"""

215

216 user_data = {

217 "email": "test_user1@email.com",

218 "password": "test_password",

219 }

220 response = client.post("/users", json=user_data)

221 assert response.status_code == status.HTTP_401_UNAUTHORIZED

Coverage for backend/tests/routers/test_user.py: 100%

108 statements