jjvijgen/OpenAssetManager
1
1
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Refresh some magic numbers with status codes, add delete for account and make people able to update password

Browse Source
This commit is contained in:
Jeroen Vijgen
2025-07-16 18:43:52 +00:00
parent c2801858c5
commit 9f8f7cc112
4 changed files with 80 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api/asset_manager/src/modules/organizations/router.py
+3 -3
View File
@@ -1,5 +1,5 @@
import uuid
from fastapi import APIRouter, Depends, HTTPException
from fastapi import APIRouter, Depends, HTTPException, status
from typing import Annotated, List
@@ -27,7 +27,7 @@ async def all_active_organizations(
organizations: List[Organization] = []
if len(memberships) < 1:
raise HTTPException(status_code=404, detail="No active organizations found!")
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="No active organizations found!")
for member in memberships:
organizations.append(member.organization)
@@ -35,7 +35,7 @@ async def all_active_organizations(
return organizations
@router.delete("/{org_id}", status_code=204)
@router.delete("/{org_id}", status_code=status.HTTP_204_NO_CONTENT)
async def delete_organization(
user: Annotated[User, Depends(get_current_active_user)], org_id: uuid.UUID
) -> None:
api/asset_manager/src/modules/users/router.py
+32 -7
View File
@@ -1,13 +1,14 @@
from typing import Annotated
from typing import Annotated, List
from fastapi import APIRouter, Depends
from fastapi import HTTPException, status
from tortoise.expressions import Q
from modules.auth.models import Token
from modules.users.utils import get_current_active_user
from modules.users.schemas import register_model, update_user_model
from modules.users.models import User
from modules.users.schemas import delete_user_model, register_model, update_user_model
from modules.users.models import Membership, User
from modules.users.schemas import user_model
from config import settings
@@ -54,8 +55,10 @@ async def create_user(user: register_model):
@router.put("/me", status_code=status.HTTP_204_NO_CONTENT)
async def update_user(user: Annotated[User, Depends(get_current_active_user)],
updated_user: update_user_model):
async def update_user(
user: Annotated[User, Depends(get_current_active_user)],
updated_user: update_user_model,
):
if updated_user.email:
user.email = updated_user.email
if updated_user.name:
@@ -63,12 +66,34 @@ async def update_user(user: Annotated[User, Depends(get_current_active_user)],
if updated_user.surname:
user.surname = updated_user.surname
if updated_user.old_password and updated_user.password and updated_user.validate_password:
user.update_password(updated_user.old_password, updated_user.password, updated_user.validate_password)
if (
updated_user.old_password
and updated_user.password
and updated_user.validate_password
):
user.update_password(
updated_user.old_password,
updated_user.password,
updated_user.validate_password,
)
await user.save()
@router.delete("/me", status_code=status.HTTP_204_NO_CONTENT)
async def update_user(
user: Annotated[User, Depends(get_current_active_user)],
):
memberships: List[Membership] = await Membership.filter(Q(user__id=user.id) & Q(disabled=False))
for membership in memberships:
await membership.acl.delete()
await membership.delete()
tokens: List[Token] = await Token.filter(Q(user__id=user.id) & Q(disabled=False))
for token in tokens:
await token.delete()
await user.delete()
@router.get("/me", response_model=user_model)
async def get_user(user: Annotated[User, Depends(get_current_active_user)]):
return user
api/asset_manager/src/modules/users/schemas.py
+4
View File
@@ -21,3 +21,7 @@ class update_user_model(BaseModel):
old_password: str | None
password: str | None
validate_password: str | None
class delete_user_model(BaseModel):
password: str
api/asset_manager/src/tests/test_users_routes/test_users.py
+41 -4
View File
@@ -5,6 +5,7 @@ from httpx import AsyncClient
from unittest.mock import ANY
from modules.users.models import User
class TestAccounts(Test):
async def test_setup_new_account(self, client: AsyncClient):
# Ensure account is never available. Prevents account already being available.
@@ -42,7 +43,6 @@ class TestAccounts(Test):
async def test_me_route(self, client: AsyncClient, create_user_with_org):
_, _, _, tokens = await create_user_with_org()
account = await client.get(
"https://localhost/api/v1/users/me",
headers={"Authorization": f"Bearer {tokens.access_token}"},
@@ -64,7 +64,6 @@ class TestAccounts(Test):
async def test_update_me_route(self, client: AsyncClient, create_user_with_org):
_, _, _, tokens = await create_user_with_org()
account = await client.get(
"https://localhost/api/v1/users/me",
headers={"Authorization": f"Bearer {tokens.access_token}"},
@@ -82,7 +81,7 @@ class TestAccounts(Test):
"surname": "user",
"username": "user",
}
account = await client.put(
"https://localhost/api/v1/users/me",
json={
@@ -114,4 +113,42 @@ class TestAccounts(Test):
"name": "awesome",
"surname": "bluey",
"username": "user",
}
}
async def test_remove_account(self, client: AsyncClient, create_user_with_org):
_, _, _, tokens = await create_user_with_org(email="sup3rus3r@gmail.com")
account = await client.get(
"https://localhost/api/v1/users/me",
headers={"Authorization": f"Bearer {tokens.access_token}"},
)
assert account.status_code == 200
assert account.json() == {
"created_at": ANY,
"disabled": False,
"disabled_at": None,
"email": "sup3rus3r@gmail.com",
"id": ANY,
"modified_at": ANY,
"name": "awesome",
"surname": "user",
"username": "user",
}
delete = await client.delete(
"https://localhost/api/v1/users/me",
headers={"Authorization": f"Bearer {tokens.access_token}"},
)
assert delete.status_code == 204
old = await client.get(
"https://localhost/api/v1/users/me",
headers={"Authorization": f"Bearer {tokens.access_token}"},
)
assert old.status_code == 401
assert old.json() == {
"detail": "The requested token does not exist or you are not logged in.",
}