python/fastapi-users
1
0
Fork 0
mirror of https://github.com/fastapi-users/fastapi-users.git synced 2025-08-17 05:38:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix #17: prevent to set is_active/is_superuser on register route

Browse Source
This commit is contained in:
François Voron
2019-10-19 18:56:54 +02:00
parent 5d4979f9a9
commit 8d65a11a4f
2 changed files with 28 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
tests/test_router.py
View File

@ -91,6 +91,30 @@ class TestRegister:
assert "password" not in response_json
assert "id" in response_json
def test_valid_body_is_superuser(self, test_app_client: TestClient):
json = {
"email": "lancelot@camelot.bt",
"password": "guinevere",
"is_superuser": True,
}
response = test_app_client.post("/register", json=json)
assert response.status_code == status.HTTP_201_CREATED
response_json = response.json()
assert response_json["is_superuser"] is False
def test_valid_body_is_active(self, test_app_client: TestClient):
json = {
"email": "lancelot@camelot.bt",
"password": "guinevere",
"is_active": False,
}
response = test_app_client.post("/register", json=json)
assert response.status_code == status.HTTP_201_CREATED
response_json = response.json()
assert response_json["is_active"] is True
class TestLogin:
def test_empty_body(self, test_app_client: TestClient):