2021-09-09 08:51:29 -08:00
|
|
|
from fastapi.testclient import TestClient
|
|
|
|
|
|
2022-04-20 20:07:46 +02:00
|
|
|
from mealie.core.config import get_app_settings
|
2023-02-26 13:12:16 -06:00
|
|
|
from mealie.db.models.users.users import AuthMethod
|
2022-02-13 18:33:25 -09:00
|
|
|
from tests import utils
|
2022-10-18 14:49:41 -08:00
|
|
|
from tests.utils import api_routes
|
2022-02-13 18:33:25 -09:00
|
|
|
from tests.utils.factories import random_email, random_string
|
2021-09-09 08:51:29 -08:00
|
|
|
from tests.utils.fixture_schemas import TestUser
|
|
|
|
|
|
|
|
|
|
|
2022-02-13 18:33:25 -09:00
|
|
|
def generate_create_data() -> dict:
|
|
|
|
|
return {
|
|
|
|
|
"username": random_string(),
|
|
|
|
|
"fullName": random_string(),
|
|
|
|
|
"email": random_email(),
|
|
|
|
|
"admin": False,
|
|
|
|
|
"group": "Home",
|
|
|
|
|
"advanced": False,
|
|
|
|
|
"favoriteRecipes": [],
|
|
|
|
|
"canInvite": False,
|
|
|
|
|
"canManage": False,
|
|
|
|
|
"canOrganize": False,
|
|
|
|
|
"password": random_string(),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_init_superuser(api_client: TestClient, admin_user: TestUser):
|
2022-04-20 20:07:46 +02:00
|
|
|
settings = get_app_settings()
|
|
|
|
|
|
2022-10-18 14:49:41 -08:00
|
|
|
response = api_client.get(api_routes.admin_users_item_id(admin_user.user_id), headers=admin_user.token)
|
2021-09-09 08:51:29 -08:00
|
|
|
assert response.status_code == 200
|
|
|
|
|
|
|
|
|
|
admin_data = response.json()
|
|
|
|
|
|
|
|
|
|
assert admin_data["id"] == admin_user.user_id
|
|
|
|
|
assert admin_data["groupId"] == admin_user.group_id
|
|
|
|
|
|
|
|
|
|
assert admin_data["fullName"] == "Change Me"
|
2022-04-20 20:07:46 +02:00
|
|
|
assert admin_data["email"] == settings.DEFAULT_EMAIL
|
2021-09-09 08:51:29 -08:00
|
|
|
|
|
|
|
|
|
2022-10-18 14:49:41 -08:00
|
|
|
def test_create_user(api_client: TestClient, admin_token):
|
2022-02-13 18:33:25 -09:00
|
|
|
create_data = generate_create_data()
|
2022-10-18 14:49:41 -08:00
|
|
|
response = api_client.post(api_routes.admin_users, json=create_data, headers=admin_token)
|
2022-02-13 18:33:25 -09:00
|
|
|
assert response.status_code == 201
|
2021-09-09 08:51:29 -08:00
|
|
|
|
2022-02-13 18:33:25 -09:00
|
|
|
form_data = {"username": create_data["email"], "password": create_data["password"]}
|
2022-10-18 14:49:41 -08:00
|
|
|
header = utils.login(form_data, api_client)
|
2021-09-09 08:51:29 -08:00
|
|
|
|
2022-10-18 14:49:41 -08:00
|
|
|
response = api_client.get(api_routes.users_self, headers=header)
|
2022-02-13 18:33:25 -09:00
|
|
|
assert response.status_code == 200
|
2021-09-09 08:51:29 -08:00
|
|
|
|
|
|
|
|
user_data = response.json()
|
|
|
|
|
|
|
|
|
|
assert user_data["fullName"] == create_data["fullName"]
|
|
|
|
|
assert user_data["email"] == create_data["email"]
|
|
|
|
|
assert user_data["group"] == create_data["group"]
|
|
|
|
|
assert user_data["admin"] == create_data["admin"]
|
2023-02-26 13:12:16 -06:00
|
|
|
assert user_data["authMethod"] == AuthMethod.MEALIE.value
|
2021-09-09 08:51:29 -08:00
|
|
|
|
|
|
|
|
|
2022-02-13 18:33:25 -09:00
|
|
|
def test_create_user_as_non_admin(api_client: TestClient, user_token):
|
|
|
|
|
create_data = generate_create_data()
|
2022-10-18 14:49:41 -08:00
|
|
|
response = api_client.post(api_routes.admin_users, json=create_data, headers=user_token)
|
2022-02-13 18:33:25 -09:00
|
|
|
assert response.status_code == 403
|
2021-09-09 08:51:29 -08:00
|
|
|
|
|
|
|
|
|
2022-02-13 18:33:25 -09:00
|
|
|
def test_update_user(api_client: TestClient, admin_user: TestUser):
|
|
|
|
|
# Create a new user
|
|
|
|
|
create_data = generate_create_data()
|
2022-10-18 14:49:41 -08:00
|
|
|
response = api_client.post(api_routes.admin_users, json=create_data, headers=admin_user.token)
|
2022-02-13 18:33:25 -09:00
|
|
|
assert response.status_code == 201
|
|
|
|
|
update_data = response.json()
|
2021-09-09 08:51:29 -08:00
|
|
|
|
2022-02-13 18:33:25 -09:00
|
|
|
# Change data
|
|
|
|
|
update_data["fullName"] = random_string()
|
|
|
|
|
update_data["email"] = random_email()
|
2023-02-26 13:12:16 -06:00
|
|
|
update_data["authMethod"] = AuthMethod.LDAP.value
|
2021-09-09 08:51:29 -08:00
|
|
|
|
2022-02-13 18:33:25 -09:00
|
|
|
response = api_client.put(
|
2022-10-18 14:49:41 -08:00
|
|
|
api_routes.admin_users_item_id(update_data["id"]), headers=admin_user.token, json=update_data
|
2022-02-13 18:33:25 -09:00
|
|
|
)
|
2021-09-09 08:51:29 -08:00
|
|
|
|
|
|
|
|
assert response.status_code == 200
|
|
|
|
|
|
2023-02-26 13:12:16 -06:00
|
|
|
user_data = response.json()
|
|
|
|
|
assert user_data["fullName"] == update_data["fullName"]
|
|
|
|
|
assert user_data["email"] == update_data["email"]
|
|
|
|
|
assert user_data["authMethod"] == update_data["authMethod"]
|
|
|
|
|
|
2021-09-09 08:51:29 -08:00
|
|
|
|
2022-02-13 18:33:25 -09:00
|
|
|
def test_update_other_user_as_not_admin(api_client: TestClient, unique_user: TestUser, g2_user: TestUser):
|
2022-04-20 20:07:46 +02:00
|
|
|
settings = get_app_settings()
|
|
|
|
|
|
2021-12-18 19:04:36 -09:00
|
|
|
update_data = {
|
|
|
|
|
"id": unique_user.user_id,
|
|
|
|
|
"fullName": "Updated Name",
|
2022-04-20 20:07:46 +02:00
|
|
|
"email": settings.DEFAULT_EMAIL,
|
2021-12-18 19:04:36 -09:00
|
|
|
"group": "Home",
|
|
|
|
|
"admin": True,
|
|
|
|
|
}
|
2022-02-13 18:33:25 -09:00
|
|
|
response = api_client.put(
|
2022-10-18 14:49:41 -08:00
|
|
|
api_routes.admin_users_item_id(g2_user.user_id), headers=unique_user.token, json=update_data
|
2022-02-13 18:33:25 -09:00
|
|
|
)
|
2021-09-09 08:51:29 -08:00
|
|
|
|
|
|
|
|
assert response.status_code == 403
|
|
|
|
|
|
|
|
|
|
|
2022-02-13 18:33:25 -09:00
|
|
|
def test_self_demote_admin(api_client: TestClient, admin_user: TestUser):
|
2022-10-18 14:49:41 -08:00
|
|
|
response = api_client.get(api_routes.users_self, headers=admin_user.token)
|
2022-02-13 18:33:25 -09:00
|
|
|
assert response.status_code == 200
|
|
|
|
|
|
|
|
|
|
user_data = response.json()
|
|
|
|
|
user_data["admin"] = False
|
|
|
|
|
|
|
|
|
|
response = api_client.put(
|
2022-10-18 14:49:41 -08:00
|
|
|
api_routes.admin_users_item_id(admin_user.user_id), headers=admin_user.token, json=user_data
|
2022-02-13 18:33:25 -09:00
|
|
|
)
|
2021-09-09 08:51:29 -08:00
|
|
|
|
|
|
|
|
assert response.status_code == 403
|
|
|
|
|
|
|
|
|
|
|
2022-02-13 18:33:25 -09:00
|
|
|
def test_self_promote_admin(api_client: TestClient, unique_user: TestUser):
|
2021-12-18 19:04:36 -09:00
|
|
|
update_data = {
|
|
|
|
|
"id": unique_user.user_id,
|
|
|
|
|
"fullName": "Updated Name",
|
2023-09-23 15:56:34 +00:00
|
|
|
"email": "user@example.com",
|
2021-12-18 19:04:36 -09:00
|
|
|
"group": "Home",
|
|
|
|
|
"admin": True,
|
|
|
|
|
}
|
2022-02-13 18:33:25 -09:00
|
|
|
response = api_client.put(
|
2022-10-18 14:49:41 -08:00
|
|
|
api_routes.admin_users_item_id(unique_user.user_id), headers=unique_user.token, json=update_data
|
2022-02-13 18:33:25 -09:00
|
|
|
)
|
2021-09-09 08:51:29 -08:00
|
|
|
|
|
|
|
|
assert response.status_code == 403
|
|
|
|
|
|
|
|
|
|
|
2022-02-13 18:33:25 -09:00
|
|
|
def test_delete_user(api_client: TestClient, admin_token, unique_user: TestUser):
|
2022-10-18 14:49:41 -08:00
|
|
|
response = api_client.delete(api_routes.admin_users_item_id(unique_user.user_id), headers=admin_token)
|
2021-09-09 08:51:29 -08:00
|
|
|
assert response.status_code == 200
|
