python/fastapi-users
1
0
Fork 0
mirror of https://github.com/fastapi-users/fastapi-users.git synced 2025-08-14 18:58:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
fastapi-users/tests/test_fastapi_users.py
Daan Beverdam e59fb2c9b9 Return 403 instead of 401 when a user is known (#705) 
* return 403 instead of 401 if user is known

* return 403 for unverified users

* updated docs
2021-09-04 18:11:48 +02:00

470 lines
18 KiB
Python
Raw Blame History

from typing import AsyncGenerator
import httpx
import pytest
from fastapi import Depends, FastAPI, status
from fastapi_users import FastAPIUsers
from tests.conftest import User, UserCreate, UserDB, UserUpdate
@pytest.fixture
@pytest.mark.asyncio
async def test_app_client(
mock_user_db, mock_authentication, oauth_client, get_test_client, validate_password
) -> AsyncGenerator[httpx.AsyncClient, None]:
fastapi_users = FastAPIUsers(
mock_user_db,
[mock_authentication],
User,
UserCreate,
UserUpdate,
UserDB,
validate_password,
)
app = FastAPI()
app.include_router(fastapi_users.get_register_router())
app.include_router(fastapi_users.get_reset_password_router("SECRET"))
app.include_router(fastapi_users.get_auth_router(mock_authentication))
app.include_router(fastapi_users.get_oauth_router(oauth_client, "SECRET"))
app.include_router(fastapi_users.get_users_router(), prefix="/users")
app.include_router(fastapi_users.get_verify_router("SECRET"))
@app.delete("/users/me")
def custom_users_route():
return None
@app.get("/current-user")
def current_user(user=Depends(fastapi_users.get_current_user)):
return user
@app.get("/current-active-user")
def current_active_user(user=Depends(fastapi_users.get_current_active_user)):
return user
@app.get("/current-verified-user")
def current_verified_user(user=Depends(fastapi_users.get_current_verified_user)):
return user
@app.get("/current-superuser")
def current_superuser(user=Depends(fastapi_users.get_current_superuser)):
return user
@app.get("/current-verified-superuser")
def current_verified_superuser(
user=Depends(fastapi_users.get_current_verified_superuser),
):
return user
@app.get("/optional-current-user")
def optional_current_user(user=Depends(fastapi_users.get_optional_current_user)):
return user
@app.get("/optional-current-active-user")
def optional_current_active_user(
user=Depends(fastapi_users.get_optional_current_active_user),
):
return user
@app.get("/optional-current-verified-user")
def optional_current_verified_user(
user=Depends(fastapi_users.get_optional_current_verified_user),
):
return user
@app.get("/optional-current-superuser")
def optional_current_superuser(
user=Depends(fastapi_users.get_optional_current_superuser),
):
return user
@app.get("/optional-current-verified-superuser")
def optional_current_verified_superuser(
user=Depends(fastapi_users.get_optional_current_verified_superuser),
):
return user
async for client in get_test_client(app):
yield client
@pytest.mark.fastapi_users
@pytest.mark.asyncio
@pytest.mark.parametrize(
"path,method",
[
("/register", "POST"),
("/request-verify-token", "POST"),
("/verify", "POST"),
("/forgot-password", "POST"),
("/reset-password", "POST"),
("/login", "POST"),
("/logout", "POST"),
("/register", "POST"),
("/users/d35d213e-f3d8-4f08-954a-7e0d1bea286f", "GET"),
("/users/d35d213e-f3d8-4f08-954a-7e0d1bea286f", "PATCH"),
("/users/d35d213e-f3d8-4f08-954a-7e0d1bea286f", "DELETE"),
],
)
async def test_route_exists(test_app_client: httpx.AsyncClient, path: str, method: str):
response = await test_app_client.request(method, path)
assert response.status_code not in (
status.HTTP_404_NOT_FOUND,
status.HTTP_405_METHOD_NOT_ALLOWED,
)
@pytest.mark.fastapi_users
@pytest.mark.asyncio
async def test_custom_users_route_not_catched(test_app_client: httpx.AsyncClient):
response = await test_app_client.request("DELETE", "/users/me")
assert response.status_code == status.HTTP_200_OK
@pytest.mark.fastapi_users
@pytest.mark.asyncio
class TestGetCurrentUser:
async def test_missing_token(self, test_app_client: httpx.AsyncClient):
response = await test_app_client.get("/current-user")
assert response.status_code == status.HTTP_401_UNAUTHORIZED
async def test_invalid_token(self, test_app_client: httpx.AsyncClient):
response = await test_app_client.get(
"/current-user", headers={"Authorization": "Bearer foo"}
)
assert response.status_code == status.HTTP_401_UNAUTHORIZED
async def test_valid_token(self, test_app_client: httpx.AsyncClient, user: UserDB):
response = await test_app_client.get(
"/current-user", headers={"Authorization": f"Bearer {user.id}"}
)
assert response.status_code == status.HTTP_200_OK
@pytest.mark.fastapi_users
@pytest.mark.asyncio
class TestGetCurrentActiveUser:
async def test_missing_token(self, test_app_client: httpx.AsyncClient):
response = await test_app_client.get("/current-active-user")
assert response.status_code == status.HTTP_401_UNAUTHORIZED
async def test_invalid_token(self, test_app_client: httpx.AsyncClient):
response = await test_app_client.get(
"/current-active-user", headers={"Authorization": "Bearer foo"}
)
assert response.status_code == status.HTTP_401_UNAUTHORIZED
async def test_valid_token_inactive_user(
self, test_app_client: httpx.AsyncClient, inactive_user: UserDB
):
response = await test_app_client.get(
"/current-active-user",
headers={"Authorization": f"Bearer {inactive_user.id}"},
)
assert response.status_code == status.HTTP_401_UNAUTHORIZED
async def test_valid_token(self, test_app_client: httpx.AsyncClient, user: UserDB):
response = await test_app_client.get(
"/current-active-user", headers={"Authorization": f"Bearer {user.id}"}
)
assert response.status_code == status.HTTP_200_OK
@pytest.mark.fastapi_users
@pytest.mark.asyncio
class TestGetCurrentVerifiedUser:
async def test_missing_token(self, test_app_client: httpx.AsyncClient):
response = await test_app_client.get("/current-verified-user")
assert response.status_code == status.HTTP_401_UNAUTHORIZED
async def test_invalid_token(self, test_app_client: httpx.AsyncClient):
response = await test_app_client.get(
"/current-verified-user", headers={"Authorization": "Bearer foo"}
)
assert response.status_code == status.HTTP_401_UNAUTHORIZED
async def test_valid_token_unverified_user(
self, test_app_client: httpx.AsyncClient, user: UserDB
):
response = await test_app_client.get(
"/current-verified-user",
headers={"Authorization": f"Bearer {user.id}"},
)
assert response.status_code == status.HTTP_403_FORBIDDEN
async def test_valid_token_verified_user(
self, test_app_client: httpx.AsyncClient, verified_user: UserDB
):
response = await test_app_client.get(
"/current-verified-user",
headers={"Authorization": f"Bearer {verified_user.id}"},
)
assert response.status_code == status.HTTP_200_OK
@pytest.mark.fastapi_users
@pytest.mark.asyncio
class TestGetCurrentSuperuser:
async def test_missing_token(self, test_app_client: httpx.AsyncClient):
response = await test_app_client.get("/current-superuser")
assert response.status_code == status.HTTP_401_UNAUTHORIZED
async def test_invalid_token(self, test_app_client: httpx.AsyncClient):
response = await test_app_client.get(
"/current-superuser", headers={"Authorization": "Bearer foo"}
)
assert response.status_code == status.HTTP_401_UNAUTHORIZED
async def test_valid_token_regular_user(
self, test_app_client: httpx.AsyncClient, user: UserDB
):
response = await test_app_client.get(
"/current-superuser", headers={"Authorization": f"Bearer {user.id}"}
)
assert response.status_code == status.HTTP_403_FORBIDDEN
async def test_valid_token_superuser(
self, test_app_client: httpx.AsyncClient, superuser: UserDB
):
response = await test_app_client.get(
"/current-superuser", headers={"Authorization": f"Bearer {superuser.id}"}
)
assert response.status_code == status.HTTP_200_OK
@pytest.mark.fastapi_users
@pytest.mark.asyncio
class TestGetCurrentVerifiedSuperuser:
async def test_missing_token(self, test_app_client: httpx.AsyncClient):
response = await test_app_client.get("/current-verified-superuser")
assert response.status_code == status.HTTP_401_UNAUTHORIZED
async def test_invalid_token(self, test_app_client: httpx.AsyncClient):
response = await test_app_client.get(
"/current-verified-superuser", headers={"Authorization": "Bearer foo"}
)
assert response.status_code == status.HTTP_401_UNAUTHORIZED
async def test_valid_token_regular_user(
self, test_app_client: httpx.AsyncClient, user: UserDB
):
response = await test_app_client.get(
"/current-verified-superuser",
headers={"Authorization": f"Bearer {user.id}"},
)
assert response.status_code == status.HTTP_403_FORBIDDEN
async def test_valid_token_verified_user(
self, test_app_client: httpx.AsyncClient, verified_user: UserDB
):
response = await test_app_client.get(
"/current-verified-superuser",
headers={"Authorization": f"Bearer {verified_user.id}"},
)
assert response.status_code == status.HTTP_403_FORBIDDEN
async def test_valid_token_superuser(
self, test_app_client: httpx.AsyncClient, superuser: UserDB
):
response = await test_app_client.get(
"/current-verified-superuser",
headers={"Authorization": f"Bearer {superuser.id}"},
)
assert response.status_code == status.HTTP_403_FORBIDDEN
async def test_valid_token_verified_superuser(
self, test_app_client: httpx.AsyncClient, verified_superuser: UserDB
):
response = await test_app_client.get(
"/current-verified-superuser",
headers={"Authorization": f"Bearer {verified_superuser.id}"},
)
assert response.status_code == status.HTTP_200_OK
@pytest.mark.fastapi_users
@pytest.mark.asyncio
class TestOptionalGetCurrentUser:
async def test_missing_token(self, test_app_client: httpx.AsyncClient):
response = await test_app_client.get("/optional-current-user")
assert response.status_code == status.HTTP_200_OK
assert response.json() is None
async def test_invalid_token(self, test_app_client: httpx.AsyncClient):
response = await test_app_client.get(
"/optional-current-user", headers={"Authorization": "Bearer foo"}
)
assert response.status_code == status.HTTP_200_OK
assert response.json() is None
async def test_valid_token(self, test_app_client: httpx.AsyncClient, user: UserDB):
response = await test_app_client.get(
"/optional-current-user", headers={"Authorization": f"Bearer {user.id}"}
)
assert response.status_code == status.HTTP_200_OK
assert response.json() is not None
@pytest.mark.fastapi_users
@pytest.mark.asyncio
class TestOptionalGetCurrentVerifiedUser:
async def test_missing_token(self, test_app_client: httpx.AsyncClient):
response = await test_app_client.get("/optional-current-verified-user")
assert response.status_code == status.HTTP_200_OK
assert response.json() is None
async def test_invalid_token(self, test_app_client: httpx.AsyncClient):
response = await test_app_client.get(
"/optional-current-verified-user", headers={"Authorization": "Bearer foo"}
)
assert response.status_code == status.HTTP_200_OK
assert response.json() is None
async def test_valid_token_unverified_user(
self, test_app_client: httpx.AsyncClient, user: UserDB
):
response = await test_app_client.get(
"/optional-current-verified-user",
headers={"Authorization": f"Bearer {user.id}"},
)
assert response.status_code == status.HTTP_200_OK
assert response.json() is None
async def test_valid_token_verified_user(
self, test_app_client: httpx.AsyncClient, verified_user: UserDB
):
response = await test_app_client.get(
"/optional-current-verified-user",
headers={"Authorization": f"Bearer {verified_user.id}"},
)
assert response.status_code == status.HTTP_200_OK
assert response.json() is not None
@pytest.mark.fastapi_users
@pytest.mark.asyncio
class TestOptionalGetCurrentActiveUser:
async def test_missing_token(self, test_app_client: httpx.AsyncClient):
response = await test_app_client.get("/optional-current-active-user")
assert response.status_code == status.HTTP_200_OK
assert response.json() is None
async def test_invalid_token(self, test_app_client: httpx.AsyncClient):
response = await test_app_client.get(
"/optional-current-active-user", headers={"Authorization": "Bearer foo"}
)
assert response.status_code == status.HTTP_200_OK
assert response.json() is None
async def test_valid_token_inactive_user(
self, test_app_client: httpx.AsyncClient, inactive_user: UserDB
):
response = await test_app_client.get(
"/optional-current-active-user",
headers={"Authorization": f"Bearer {inactive_user.id}"},
)
assert response.status_code == status.HTTP_200_OK
assert response.json() is None
async def test_valid_token(self, test_app_client: httpx.AsyncClient, user: UserDB):
response = await test_app_client.get(
"/optional-current-active-user",
headers={"Authorization": f"Bearer {user.id}"},
)
assert response.status_code == status.HTTP_200_OK
assert response.json() is not None
@pytest.mark.fastapi_users
@pytest.mark.asyncio
class TestOptionalGetCurrentSuperuser:
async def test_missing_token(self, test_app_client: httpx.AsyncClient):
response = await test_app_client.get("/optional-current-superuser")
assert response.status_code == status.HTTP_200_OK
assert response.json() is None
async def test_invalid_token(self, test_app_client: httpx.AsyncClient):
response = await test_app_client.get(
"/optional-current-superuser", headers={"Authorization": "Bearer foo"}
)
assert response.status_code == status.HTTP_200_OK
assert response.json() is None
async def test_valid_token_regular_user(
self, test_app_client: httpx.AsyncClient, user: UserDB
):
response = await test_app_client.get(
"/optional-current-superuser",
headers={"Authorization": f"Bearer {user.id}"},
)
assert response.status_code == status.HTTP_200_OK
assert response.json() is None
async def test_valid_token_superuser(
self, test_app_client: httpx.AsyncClient, superuser: UserDB
):
response = await test_app_client.get(
"/optional-current-superuser",
headers={"Authorization": f"Bearer {superuser.id}"},
)
assert response.status_code == status.HTTP_200_OK
assert response.json() is not None
@pytest.mark.fastapi_users
@pytest.mark.asyncio
class TestOptionalGetCurrentVerifiedSuperuser:
async def test_missing_token(self, test_app_client: httpx.AsyncClient):
response = await test_app_client.get("/optional-current-verified-superuser")
assert response.status_code == status.HTTP_200_OK
assert response.json() is None
async def test_invalid_token(self, test_app_client: httpx.AsyncClient):
response = await test_app_client.get(
"/optional-current-verified-superuser",
headers={"Authorization": "Bearer foo"},
)
assert response.status_code == status.HTTP_200_OK
assert response.json() is None
async def test_valid_token_regular_user(
self, test_app_client: httpx.AsyncClient, user: UserDB
):
response = await test_app_client.get(
"/optional-current-verified-superuser",
headers={"Authorization": f"Bearer {user.id}"},
)
assert response.status_code == status.HTTP_200_OK
assert response.json() is None
async def test_valid_token_verified_user(
self, test_app_client: httpx.AsyncClient, verified_user: UserDB
):
response = await test_app_client.get(
"/optional-current-verified-superuser",
headers={"Authorization": f"Bearer {verified_user.id}"},
)
assert response.status_code == status.HTTP_200_OK
assert response.json() is None
async def test_valid_token_superuser(
self, test_app_client: httpx.AsyncClient, superuser: UserDB
):
response = await test_app_client.get(
"/optional-current-verified-superuser",
headers={"Authorization": f"Bearer {superuser.id}"},
)
assert response.status_code == status.HTTP_200_OK
assert response.json() is None
async def test_valid_token_verified_superuser(
self, test_app_client: httpx.AsyncClient, verified_superuser: UserDB
):
response = await test_app_client.get(
"/optional-current-verified-superuser",
headers={"Authorization": f"Bearer {verified_superuser.id}"},
)
assert response.status_code == status.HTTP_200_OK
assert response.json() is not None
Reference in New Issue View Git Blame Copy Permalink