fastapi-project-template/tests/test_user_api.py at 66d9e286101678c7939cdadc2b2a3014f64ef63b · rochacbruno/fastapi-project-template · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
def test_user_list(api_client_authenticated):
    response = api_client_authenticated.get("/user/")
    assert response.status_code == 200
    result = response.json()
    assert "admin" in result[0]["username"]


def test_user_create(api_client_authenticated):
    response = api_client_authenticated.post(
        "/user/",
        json={
            "username": "foo",
            "password": "bar",
            "superuser": False,
            "disabled": False,
        },
    )
    assert response.status_code == 200
    result = response.json()
    assert result["username"] == "foo"


def test_get_my_profile(api_client_not_superuser):
    response = api_client_not_superuser.get("/user/me")
    assert response.status_code == 200
    result = response.json()
    assert result["username"] == "regular"
    assert result["id"] == 3


def test_get_other_profile_by_id(api_client_not_superuser):
    response = api_client_not_superuser.get("/user/1")
    assert response.status_code == 200
    result = response.json()
    assert result["username"] == "admin2"
    assert result["id"] == 1


def test_get_other_profile_by_name(api_client_not_superuser):
    response = api_client_not_superuser.get("/user/admin")
    assert response.status_code == 200
    result = response.json()
    assert result["username"] == "admin"
    assert result["id"] == 2


def test_get_other_profile_404(api_client_not_superuser):
    response = api_client_not_superuser.get("/user/99999")
    result = response.json()
    assert response.status_code == 404


def test_change_password_404(api_client_not_superuser):
    response = api_client_not_superuser.patch(
        "/user/99999/password/",
        json={"password": "string", "password_confirm": "string"},
    )
    result = response.text
    assert response.status_code == 404


def test_change_password_unauthorised(api_client_not_superuser):
    response = api_client_not_superuser.patch(
        "/user/1/password/",
        json={"password": "string", "password_confirm": "string"},
    )
    result = response.text
    assert response.status_code == 403


def test_change_password_no_match(api_client_not_superuser):
    my_user = api_client_not_superuser.get("/user/me/").json()
    response = api_client_not_superuser.patch(
        f"/user/{my_user['id']}/password/",
        json={"password": "string", "password_confirm": "string1"},
    )
    assert response.status_code == 400
    result = response.json()
    assert result["detail"] == "Passwords don't match"


def test_change_password(api_client_not_superuser):
    my_user = api_client_not_superuser.get("/user/me/").json()
    response = api_client_not_superuser.patch(
        f"/user/{my_user['id']}/password/",
        json={"password": "string", "password_confirm": "string"},
    )
    assert response.status_code == 200
    result = response.json()
    assert result == my_user


def test_change_password_by_admin(api_client_authenticated):
    regular_user = api_client_authenticated.get("/user/regular/").json()
    response = api_client_authenticated.patch(
        f"/user/{regular_user['id']}/password/",
        json={"password": "string", "password_confirm": "string"},
    )
    assert response.status_code == 200
    result = response.json()
    assert result == regular_user


def test_delete_user_404(api_client_authenticated):
    response = api_client_authenticated.delete(
        "/user/99999/",
    )
    assert response.status_code == 404


def test_delete_user_self_not_allowed(api_client_authenticated):
    my_user = api_client_authenticated.get("/user/me/").json()
    response = api_client_authenticated.delete(
        f"/user/{my_user['id']}/",
    )
    assert response.status_code == 403


def test_delete_user(api_client_authenticated):
    user = api_client_authenticated.get("/user/foo/").json()
    response = api_client_authenticated.delete(
        f"/user/{user['id']}/",
    )
    assert response.status_code == 200
    result = response.json()
    assert result["ok"] == True