linmihigo/CMT
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Chore: moving changes - migrating Desktop from nobara 42 to windows(WSL)

Browse Source
This commit is contained in:
LinMihigo
2025-11-05 22:29:28 +02:00
parent c086f64363
commit 934d8fc35f
8 changed files with 826 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/tests/api/v1/test_users.py
+556 -30
View File
@@ -2,62 +2,84 @@ import pytest
from fastapi.testclient import TestClient
def test_create_user(client: TestClient, admin_token: str):
"""Test user creation with admin authentication."""
def test_create_user_public_registration(client: TestClient):
"""Test public user registration (no authentication required)."""
user_data = {
"username": "testuser",
"password": "testpassword",
"role": "read_only"
}
response = client.post("/api/v1/users/",
json=user_data,
headers={"Authorization": f"Bearer {admin_token}"})
response = client.post("/api/v1/users/", json=user_data)
assert response.status_code == 201
data = response.json()
assert data["username"] == "testuser"
assert data["role"] == "read_only"
assert data["is_approved"] == False # Should not be approved by default
assert "id" in data
def test_create_user_unauthorized(client: TestClient):
"""Test user creation without authentication should fail."""
def test_unapproved_user_cannot_login(client: TestClient):
"""Test that unapproved users cannot login."""
# Create user (should be unapproved by default)
user_data = {
"username": "testuser2",
"username": "unapproveduser",
"password": "testpassword",
"role": "read_only"
}
response = client.post("/api/v1/users/", json=user_data)
# HTTPBearer returns 403 when no Authorization header is provided
assert response.status_code == 201
assert response.json()["is_approved"] == False
# Try to login - should fail with specific error
login_data = {
"username": "unapproveduser",
"password": "testpassword"
}
response = client.post("/api/v1/users/login", json=login_data)
assert response.status_code == 403
assert "pending admin approval" in response.json()["detail"].lower()
def test_create_user_invalid_token(client: TestClient):
"""Test user creation with invalid token should fail."""
def test_admin_can_approve_users(client: TestClient, admin_token: str):
"""Test that admin can approve user accounts."""
# Create user
user_data = {
"username": "testuser3",
"username": "toapprove",
"password": "testpassword",
"role": "read_only"
}
response = client.post("/api/v1/users/",
json=user_data,
headers={"Authorization": "Bearer invalid_token"})
# Invalid token should return 401
assert response.status_code == 401
create_response = client.post("/api/v1/users/", json=user_data)
user_id = create_response.json()["id"]
# Admin approves the user
approval_data = {"is_approved": True}
response = client.put(f"/api/v1/users/{user_id}/approval",
json=approval_data,
headers={"Authorization": f"Bearer {admin_token}"})
assert response.status_code == 200
data = response.json()
assert data["is_approved"] == True
assert data["username"] == "toapprove"
def test_login_user(client: TestClient, admin_token: str):
"""Test user login."""
# First create a user using admin token
def test_approved_user_can_login(client: TestClient, admin_token: str):
"""Test that approved users can login successfully."""
# Create user
user_data = {
"username": "logintest",
"password": "testpassword",
"role": "read_only"
}
client.post("/api/v1/users/",
json=user_data,
headers={"Authorization": f"Bearer {admin_token}"})
create_response = client.post("/api/v1/users/", json=user_data)
user_id = create_response.json()["id"]
# Then try to login
# Admin approves the user
approval_data = {"is_approved": True}
client.put(f"/api/v1/users/{user_id}/approval",
json=approval_data,
headers={"Authorization": f"Bearer {admin_token}"})
# Now user can login
login_data = {
"username": "logintest",
"password": "testpassword"
@@ -68,20 +90,27 @@ def test_login_user(client: TestClient, admin_token: str):
assert "access_token" in data
assert data["token_type"] == "bearer"
assert "expires_in" in data
assert data["user"]["is_approved"] == True
def test_get_current_user(client: TestClient, admin_token: str):
"""Test getting current user info."""
# Create and login user
# Create user
user_data = {
"username": "currenttest",
"password": "testpassword",
"role": "admin"
"role": "write"
}
client.post("/api/v1/users/",
json=user_data,
headers={"Authorization": f"Bearer {admin_token}"})
create_response = client.post("/api/v1/users/", json=user_data)
user_id = create_response.json()["id"]
# Admin approves the user
approval_data = {"is_approved": True}
client.put(f"/api/v1/users/{user_id}/approval",
json=approval_data,
headers={"Authorization": f"Bearer {admin_token}"})
# Login user
login_response = client.post("/api/v1/users/login", json={
"username": "currenttest",
"password": "testpassword"
@@ -95,4 +124,501 @@ def test_get_current_user(client: TestClient, admin_token: str):
assert response.status_code == 200
data = response.json()
assert data["username"] == "currenttest"
assert data["role"] == "admin"
assert data["role"] == "write"
assert data["is_approved"] == True
def test_admin_can_reject_users(client: TestClient, admin_token: str):
"""Test that admin can reject/unapprove user accounts."""
# Create user
user_data = {
"username": "toreject",
"password": "testpassword",
"role": "read_only"
}
create_response = client.post("/api/v1/users/", json=user_data)
user_id = create_response.json()["id"]
# Admin first approves, then rejects the user
approval_data = {"is_approved": True}
client.put(f"/api/v1/users/{user_id}/approval",
json=approval_data,
headers={"Authorization": f"Bearer {admin_token}"})
# Now reject/unapprove
rejection_data = {"is_approved": False}
response = client.put(f"/api/v1/users/{user_id}/approval",
json=rejection_data,
headers={"Authorization": f"Bearer {admin_token}"})
assert response.status_code == 200
assert response.json()["is_approved"] == False
def test_non_admin_cannot_approve_users(client: TestClient, admin_token: str):
"""Test that non-admin users cannot approve other users."""
# Create two users
user1_data = {
"username": "user1",
"password": "testpassword",
"role": "write"
}
user2_data = {
"username": "user2",
"password": "testpassword",
"role": "read_only"
}
create_response1 = client.post("/api/v1/users/", json=user1_data)
user1_id = create_response1.json()["id"]
create_response2 = client.post("/api/v1/users/", json=user2_data)
user2_id = create_response2.json()["id"]
# Admin approves user1 so they can login
approval_data = {"is_approved": True}
client.put(f"/api/v1/users/{user1_id}/approval",
json=approval_data,
headers={"Authorization": f"Bearer {admin_token}"})
# User1 logs in
login_response = client.post("/api/v1/users/login", json={
"username": "user1",
"password": "testpassword"
})
user1_token = login_response.json()["access_token"]
# User1 tries to approve user2 - should fail
response = client.put(f"/api/v1/users/{user2_id}/approval",
json=approval_data,
headers={"Authorization": f"Bearer {user1_token}"})
assert response.status_code == 403
def test_login_error_messages(client: TestClient):
"""Test specific login error messages."""
# Test non-existent user
response = client.post("/api/v1/users/login", json={
"username": "nonexistent",
"password": "password"
})
assert response.status_code == 401
assert "Username not found" in response.json()["detail"]
# Create user for testing wrong password
user_data = {
"username": "wrongpasstest",
"password": "correctpassword",
"role": "read_only"
}
client.post("/api/v1/users/", json=user_data)
# Test wrong password
response = client.post("/api/v1/users/login", json={
"username": "wrongpasstest",
"password": "wrongpassword"
})
assert response.status_code == 401
assert "Incorrect password" in response.json()["detail"]
def test_duplicate_username_registration(client: TestClient):
"""Test that duplicate usernames are not allowed."""
user_data = {
"username": "duplicate",
"password": "password1",
"role": "read_only"
}
# First registration should succeed
response1 = client.post("/api/v1/users/", json=user_data)
assert response1.status_code == 201
# Second registration with same username should fail
user_data["password"] = "password2" # Different password, same username
response2 = client.post("/api/v1/users/", json=user_data)
assert response2.status_code == 400
assert "Username already registered" in response2.json()["detail"]
def test_admin_can_delete_users(client: TestClient, admin_token: str):
"""Test that admin can delete user accounts."""
# Create user to delete
user_data = {
"username": "todelete",
"password": "testpassword",
"role": "read_only"
}
create_response = client.post("/api/v1/users/", json=user_data)
user_id = create_response.json()["id"]
# Admin deletes the user
response = client.delete(f"/api/v1/users/{user_id}",
headers={"Authorization": f"Bearer {admin_token}"})
assert response.status_code == 204
# Verify user is deleted - try to get user should return 404
get_response = client.get(f"/api/v1/users/{user_id}",
headers={"Authorization": f"Bearer {admin_token}"})
assert get_response.status_code == 404
def test_admin_cannot_delete_self(client: TestClient, admin_token: str):
"""Test that admin cannot delete their own account."""
# Get admin user info
me_response = client.get("/api/v1/users/me",
headers={"Authorization": f"Bearer {admin_token}"})
admin_user_id = me_response.json()["id"]
# Try to delete self - should fail
response = client.delete(f"/api/v1/users/{admin_user_id}",
headers={"Authorization": f"Bearer {admin_token}"})
assert response.status_code == 400
assert "Cannot delete your own account" in response.json()["detail"]
def test_non_admin_cannot_delete_users(client: TestClient, admin_token: str):
"""Test that non-admin users cannot delete other users."""
# Create two users
user1_data = {
"username": "user1delete",
"password": "testpassword",
"role": "write"
}
user2_data = {
"username": "user2delete",
"password": "testpassword",
"role": "read_only"
}
create_response1 = client.post("/api/v1/users/", json=user1_data)
user1_id = create_response1.json()["id"]
create_response2 = client.post("/api/v1/users/", json=user2_data)
user2_id = create_response2.json()["id"]
# Admin approves user1
approval_data = {"is_approved": True}
client.put(f"/api/v1/users/{user1_id}/approval",
json=approval_data,
headers={"Authorization": f"Bearer {admin_token}"})
# User1 logs in
login_response = client.post("/api/v1/users/login", json={
"username": "user1delete",
"password": "testpassword"
})
user1_token = login_response.json()["access_token"]
# User1 tries to delete user2 - should fail
response = client.delete(f"/api/v1/users/{user2_id}",
headers={"Authorization": f"Bearer {user1_token}"})
assert response.status_code == 403
def test_delete_nonexistent_user(client: TestClient, admin_token: str):
"""Test deleting a user that doesn't exist."""
response = client.delete("/api/v1/users/99999",
headers={"Authorization": f"Bearer {admin_token}"})
assert response.status_code == 404
assert "User not found" in response.json()["detail"]
def test_admin_can_update_user_details(client: TestClient, admin_token: str):
"""Test that admin can update user details."""
# Create user to update
user_data = {
"username": "toupdate",
"password": "originalpassword",
"role": "read_only"
}
create_response = client.post("/api/v1/users/", json=user_data)
user_id = create_response.json()["id"]
# Admin updates the user
update_data = {
"username": "updated_username",
"role": "write"
}
response = client.put(f"/api/v1/users/{user_id}",
json=update_data,
headers={"Authorization": f"Bearer {admin_token}"})
assert response.status_code == 200
data = response.json()
assert data["username"] == "updated_username"
assert data["role"] == "write"
assert data["is_approved"] == False # Should remain unchanged
def test_admin_can_update_user_password(client: TestClient, admin_token: str):
"""Test that admin can update user password."""
# Create and approve user
user_data = {
"username": "passwordupdate",
"password": "oldpassword",
"role": "read_only"
}
create_response = client.post("/api/v1/users/", json=user_data)
user_id = create_response.json()["id"]
# Approve user first
approval_data = {"is_approved": True}
client.put(f"/api/v1/users/{user_id}/approval",
json=approval_data,
headers={"Authorization": f"Bearer {admin_token}"})
# Verify login works with old password
login_response = client.post("/api/v1/users/login", json={
"username": "passwordupdate",
"password": "oldpassword"
})
assert login_response.status_code == 200
# Admin updates password
update_data = {
"password": "newpassword"
}
response = client.put(f"/api/v1/users/{user_id}",
json=update_data,
headers={"Authorization": f"Bearer {admin_token}"})
assert response.status_code == 200
# Verify old password no longer works
old_login_response = client.post("/api/v1/users/login", json={
"username": "passwordupdate",
"password": "oldpassword"
})
assert old_login_response.status_code == 401
# Verify new password works
new_login_response = client.post("/api/v1/users/login", json={
"username": "passwordupdate",
"password": "newpassword"
})
assert new_login_response.status_code == 200
def test_partial_user_update(client: TestClient, admin_token: str):
"""Test partial user updates (only some fields)."""
# Create user
user_data = {
"username": "partialupdate",
"password": "password123",
"role": "read_only"
}
create_response = client.post("/api/v1/users/", json=user_data)
user_id = create_response.json()["id"]
original_username = create_response.json()["username"]
# Update only role
update_data = {
"role": "write"
}
response = client.put(f"/api/v1/users/{user_id}",
json=update_data,
headers={"Authorization": f"Bearer {admin_token}"})
assert response.status_code == 200
data = response.json()
assert data["username"] == original_username # Should remain unchanged
assert data["role"] == "write" # Should be updated
def test_non_admin_cannot_update_users(client: TestClient, admin_token: str):
"""Test that non-admin users cannot update other users."""
# Create two users
user1_data = {
"username": "user1update",
"password": "testpassword",
"role": "write"
}
user2_data = {
"username": "user2update",
"password": "testpassword",
"role": "read_only"
}
create_response1 = client.post("/api/v1/users/", json=user1_data)
user1_id = create_response1.json()["id"]
create_response2 = client.post("/api/v1/users/", json=user2_data)
user2_id = create_response2.json()["id"]
# Admin approves user1
approval_data = {"is_approved": True}
client.put(f"/api/v1/users/{user1_id}/approval",
json=approval_data,
headers={"Authorization": f"Bearer {admin_token}"})
# User1 logs in
login_response = client.post("/api/v1/users/login", json={
"username": "user1update",
"password": "testpassword"
})
user1_token = login_response.json()["access_token"]
# User1 tries to update user2 - should fail
update_data = {"role": "admin"}
response = client.put(f"/api/v1/users/{user2_id}",
json=update_data,
headers={"Authorization": f"Bearer {user1_token}"})
assert response.status_code == 403
def test_update_nonexistent_user(client: TestClient, admin_token: str):
"""Test updating a user that doesn't exist."""
update_data = {
"username": "newname",
"role": "write"
}
response = client.put("/api/v1/users/99999",
json=update_data,
headers={"Authorization": f"Bearer {admin_token}"})
assert response.status_code == 404
assert "User not found" in response.json()["detail"]
def test_update_user_with_duplicate_username(client: TestClient, admin_token: str):
"""Test that updating a user with an existing username fails."""
# Create two users
user1_data = {
"username": "user1unique",
"password": "password1",
"role": "read_only"
}
user2_data = {
"username": "user2unique",
"password": "password2",
"role": "read_only"
}
create_response1 = client.post("/api/v1/users/", json=user1_data)
user1_id = create_response1.json()["id"]
client.post("/api/v1/users/", json=user2_data)
# Try to update user1 to have user2's username
update_data = {
"username": "user2unique"
}
response = client.put(f"/api/v1/users/{user1_id}",
json=update_data,
headers={"Authorization": f"Bearer {admin_token}"})
# This should fail - but we need to implement this validation in the endpoint
# For now, let's just check if it fails with any 4xx error
assert response.status_code >= 400
def test_user_can_change_own_password(client: TestClient, admin_token: str):
"""Test that users can change their own password."""
# Create and approve user
user_data = {
"username": "selfpasschange",
"password": "oldpassword123",
"role": "read_only"
}
create_response = client.post("/api/v1/users/", json=user_data)
user_id = create_response.json()["id"]
# Admin approves the user
approval_data = {"is_approved": True}
client.put(f"/api/v1/users/{user_id}/approval",
json=approval_data,
headers={"Authorization": f"Bearer {admin_token}"})
# User logs in
login_response = client.post("/api/v1/users/login", json={
"username": "selfpasschange",
"password": "oldpassword123"
})
user_token = login_response.json()["access_token"]
# User changes their own password
password_change_data = {
"current_password": "oldpassword123",
"new_password": "newpassword456"
}
response = client.put("/api/v1/users/me/change-password",
json=password_change_data,
headers={"Authorization": f"Bearer {user_token}"})
assert response.status_code == 200
assert "Password changed successfully" in response.json()["message"]
# Verify old password no longer works
old_login_response = client.post("/api/v1/users/login", json={
"username": "selfpasschange",
"password": "oldpassword123"
})
assert old_login_response.status_code == 401
# Verify new password works
new_login_response = client.post("/api/v1/users/login", json={
"username": "selfpasschange",
"password": "newpassword456"
})
assert new_login_response.status_code == 200
def test_password_change_with_wrong_current_password(client: TestClient, admin_token: str):
"""Test that password change fails with incorrect current password."""
# Create and approve user
user_data = {
"username": "wrongpasstest",
"password": "correctpassword",
"role": "read_only"
}
create_response = client.post("/api/v1/users/", json=user_data)
user_id = create_response.json()["id"]
# Admin approves the user
approval_data = {"is_approved": True}
client.put(f"/api/v1/users/{user_id}/approval",
json=approval_data,
headers={"Authorization": f"Bearer {admin_token}"})
# User logs in
login_response = client.post("/api/v1/users/login", json={
"username": "wrongpasstest",
"password": "correctpassword"
})
user_token = login_response.json()["access_token"]
# Try to change password with wrong current password
password_change_data = {
"current_password": "wrongpassword",
"new_password": "newpassword456"
}
response = client.put("/api/v1/users/me/change-password",
json=password_change_data,
headers={"Authorization": f"Bearer {user_token}"})
assert response.status_code == 400
assert "Current password is incorrect" in response.json()["detail"]
def test_email_verification_password_reset_request(client: TestClient):
"""Test password reset request via email verification."""
# Create user
user_data = {
"username": "emailresettest",
"password": "password123",
"role": "read_only"
}
client.post("/api/v1/users/", json=user_data)
# Request password reset (should always return success)
reset_request_data = {
"username": "emailresettest",
"email": "user@example.com"
}
response = client.post("/api/v1/users/request-password-reset",
json=reset_request_data)
assert response.status_code == 200
assert "receive instructions" in response.json()["message"]
# Test with non-existent user (should also return success for security)
reset_request_data = {
"username": "nonexistentuser",
"email": "fake@example.com"
}
response = client.post("/api/v1/users/request-password-reset",
json=reset_request_data)
assert response.status_code == 200
assert "receive instructions" in response.json()["message"]