2024-03-13 18:57:19 -05:00
|
|
|
from unittest.mock import patch
|
|
|
|
|
|
2020-04-20 20:31:29 +02:00
|
|
|
from fastapi.testclient import TestClient
|
2025-02-19 07:37:16 +00:00
|
|
|
from sqlmodel import Session
|
2019-02-09 19:42:36 +04:00
|
|
|
|
2020-04-16 23:56:10 -06:00
|
|
|
from app.core.config import settings
|
2024-04-22 21:18:41 -05:00
|
|
|
from app.core.security import verify_password
|
2025-02-19 07:37:16 +00:00
|
|
|
from app.crud import create_user
|
|
|
|
|
from app.models import UserCreate
|
|
|
|
|
from app.tests.utils.user import user_authentication_headers
|
|
|
|
|
from app.tests.utils.utils import random_email, random_lower_string
|
2024-03-10 14:47:21 -05:00
|
|
|
from app.utils import generate_password_reset_token
|
2019-02-09 19:42:36 +04:00
|
|
|
|
|
|
|
|
|
2020-04-20 20:31:29 +02:00
|
|
|
def test_get_access_token(client: TestClient) -> None:
|
2019-02-09 19:42:36 +04:00
|
|
|
login_data = {
|
2020-04-16 23:56:10 -06:00
|
|
|
"username": settings.FIRST_SUPERUSER,
|
|
|
|
|
"password": settings.FIRST_SUPERUSER_PASSWORD,
|
2019-02-09 19:42:36 +04:00
|
|
|
}
|
2020-04-20 20:31:29 +02:00
|
|
|
r = client.post(f"{settings.API_V1_STR}/login/access-token", data=login_data)
|
2019-02-09 19:42:36 +04:00
|
|
|
tokens = r.json()
|
|
|
|
|
assert r.status_code == 200
|
|
|
|
|
assert "access_token" in tokens
|
|
|
|
|
assert tokens["access_token"]
|
|
|
|
|
|
|
|
|
|
|
2024-03-07 18:21:46 -05:00
|
|
|
def test_get_access_token_incorrect_password(client: TestClient) -> None:
|
|
|
|
|
login_data = {
|
|
|
|
|
"username": settings.FIRST_SUPERUSER,
|
|
|
|
|
"password": "incorrect",
|
|
|
|
|
}
|
|
|
|
|
r = client.post(f"{settings.API_V1_STR}/login/access-token", data=login_data)
|
|
|
|
|
assert r.status_code == 400
|
|
|
|
|
|
|
|
|
|
|
2020-04-20 20:31:29 +02:00
|
|
|
def test_use_access_token(
|
2024-02-25 19:39:33 +01:00
|
|
|
client: TestClient, superuser_token_headers: dict[str, str]
|
2020-04-20 20:31:29 +02:00
|
|
|
) -> None:
|
|
|
|
|
r = client.post(
|
2024-02-25 19:39:33 +01:00
|
|
|
f"{settings.API_V1_STR}/login/test-token",
|
|
|
|
|
headers=superuser_token_headers,
|
2019-02-09 19:42:36 +04:00
|
|
|
)
|
|
|
|
|
result = r.json()
|
|
|
|
|
assert r.status_code == 200
|
2019-02-23 18:44:29 +04:00
|
|
|
assert "email" in result
|
2024-03-07 18:21:46 -05:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_recovery_password(
|
2024-03-13 18:57:19 -05:00
|
|
|
client: TestClient, normal_user_token_headers: dict[str, str]
|
2024-03-07 18:21:46 -05:00
|
|
|
) -> None:
|
2024-04-05 21:59:40 +02:00
|
|
|
with (
|
|
|
|
|
patch("app.core.config.settings.SMTP_HOST", "smtp.example.com"),
|
|
|
|
|
patch("app.core.config.settings.SMTP_USER", "admin@example.com"),
|
2024-03-13 18:57:19 -05:00
|
|
|
):
|
|
|
|
|
email = "test@example.com"
|
|
|
|
|
r = client.post(
|
|
|
|
|
f"{settings.API_V1_STR}/password-recovery/{email}",
|
|
|
|
|
headers=normal_user_token_headers,
|
|
|
|
|
)
|
|
|
|
|
assert r.status_code == 200
|
|
|
|
|
assert r.json() == {"message": "Password recovery email sent"}
|
2024-03-07 18:21:46 -05:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_recovery_password_user_not_exits(
|
|
|
|
|
client: TestClient, normal_user_token_headers: dict[str, str]
|
|
|
|
|
) -> None:
|
|
|
|
|
email = "jVgQr@example.com"
|
|
|
|
|
r = client.post(
|
|
|
|
|
f"{settings.API_V1_STR}/password-recovery/{email}",
|
|
|
|
|
headers=normal_user_token_headers,
|
|
|
|
|
)
|
|
|
|
|
assert r.status_code == 404
|
|
|
|
|
|
|
|
|
|
|
2025-02-19 07:37:16 +00:00
|
|
|
def test_reset_password(client: TestClient, db: Session) -> None:
|
|
|
|
|
email = random_email()
|
|
|
|
|
password = random_lower_string()
|
|
|
|
|
new_password = random_lower_string()
|
|
|
|
|
|
|
|
|
|
user_create = UserCreate(
|
|
|
|
|
email=email,
|
|
|
|
|
full_name="Test User",
|
|
|
|
|
password=password,
|
|
|
|
|
is_active=True,
|
|
|
|
|
is_superuser=False,
|
|
|
|
|
)
|
|
|
|
|
user = create_user(session=db, user_create=user_create)
|
|
|
|
|
token = generate_password_reset_token(email=email)
|
|
|
|
|
headers = user_authentication_headers(client=client, email=email, password=password)
|
|
|
|
|
data = {"new_password": new_password, "token": token}
|
|
|
|
|
|
2024-03-07 18:21:46 -05:00
|
|
|
r = client.post(
|
|
|
|
|
f"{settings.API_V1_STR}/reset-password/",
|
2025-02-19 07:37:16 +00:00
|
|
|
headers=headers,
|
2024-03-10 00:02:36 +01:00
|
|
|
json=data,
|
2024-03-07 18:21:46 -05:00
|
|
|
)
|
2025-02-19 07:37:16 +00:00
|
|
|
|
2024-03-07 18:21:46 -05:00
|
|
|
assert r.status_code == 200
|
|
|
|
|
assert r.json() == {"message": "Password updated successfully"}
|
|
|
|
|
|
2025-02-19 07:37:16 +00:00
|
|
|
db.refresh(user)
|
|
|
|
|
assert verify_password(new_password, user.hashed_password)
|
2024-04-22 21:18:41 -05:00
|
|
|
|
2024-03-07 18:21:46 -05:00
|
|
|
|
|
|
|
|
def test_reset_password_invalid_token(
|
|
|
|
|
client: TestClient, superuser_token_headers: dict[str, str]
|
|
|
|
|
) -> None:
|
|
|
|
|
data = {"new_password": "changethis", "token": "invalid"}
|
|
|
|
|
r = client.post(
|
|
|
|
|
f"{settings.API_V1_STR}/reset-password/",
|
|
|
|
|
headers=superuser_token_headers,
|
2024-03-10 00:02:36 +01:00
|
|
|
json=data,
|
2024-03-07 18:21:46 -05:00
|
|
|
)
|
|
|
|
|
response = r.json()
|
|
|
|
|
|
|
|
|
|
assert "detail" in response
|
|
|
|
|
assert r.status_code == 400
|
|
|
|
|
assert response["detail"] == "Invalid token"
|
