fix: User creation through API when signups are supposed to be disabled (#2622)

* fix user creation when signups are supposed to be diabled

* add user registration tests

* run formatter

* fix test filename

---------

Co-authored-by: Michael Genson <71845777+michael-genson@users.noreply.github.com>
This commit is contained in:
Kuchenpirat 2023-10-16 20:45:47 +02:00 committed by GitHub
parent ebe11da343
commit 15f79d1586
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 39 additions and 5 deletions

View File

@ -63,14 +63,10 @@ class RegistrationService:
elif self.repos.users.get_one(registration.email, "email"):
raise HTTPException(status.HTTP_409_CONFLICT, {"message": self.t("exceptions.email-conflict-error")})
self.logger.info(f"Registering user {registration.username}")
token_entry = None
new_group = False
if registration.group:
new_group = True
group = self._register_new_group()
elif registration.group_token and registration.group_token != "":
if registration.group_token and registration.group_token != "":
token_entry = self.repos.group_invite_tokens.get_one(registration.group_token)
if not token_entry:
raise HTTPException(status.HTTP_400_BAD_REQUEST, {"message": "Invalid group token"})
@ -81,9 +77,13 @@ class RegistrationService:
raise HTTPException(status.HTTP_400_BAD_REQUEST, {"message": "Invalid group token"})
group = maybe_none_group
elif registration.group:
new_group = True
group = self._register_new_group()
else:
raise HTTPException(status.HTTP_400_BAD_REQUEST, {"message": "Missing group"})
self.logger.info(f"Registering user {registration.username}")
user = self._create_new_user(group, new_group)
if new_group and registration.seed_data:

View File

@ -0,0 +1,34 @@
import random
import string
from fastapi.testclient import TestClient
from mealie.core.config import get_app_settings
from tests.utils import api_routes
from tests.utils.factories import user_registration_factory
def test_register_user(api_client: TestClient, monkeypatch):
# create random registration
registration = user_registration_factory()
# signup disabled but valid request
monkeypatch.setenv("ALLOW_SIGNUP", "False")
get_app_settings.cache_clear()
response = api_client.post(api_routes.users_register, json=registration.dict(by_alias=True))
assert response.status_code == 403
# signup disabled, request includes non valid group token
registration.group_token = "".join(random.choice(string.ascii_lowercase + string.digits) for _ in range(10)).strip()
response = api_client.post(api_routes.users_register, json=registration.dict(by_alias=True))
assert response.status_code == 400
# signup enabled but contains non valid group token
monkeypatch.setenv("ALLOW_SIGNUP", "True")
get_app_settings.cache_clear()
response = api_client.post(api_routes.users_register, json=registration.dict(by_alias=True))
assert response.status_code == 400
# signup enabled and valid request
registration.group_token = None
response = api_client.post(api_routes.users_register, json=registration.dict(by_alias=True))
assert response.status_code == 201