From 15f79d158621767259fbe1919716f9dce2da436b Mon Sep 17 00:00:00 2001 From: Kuchenpirat <24235032+Kuchenpirat@users.noreply.github.com> Date: Mon, 16 Oct 2023 20:45:47 +0200 Subject: [PATCH] fix: User creation through API when signups are supposed to be disabled (#2622) * fix user creation when signups are supposed to be diabled * add user registration tests * run formatter * fix test filename --------- Co-authored-by: Michael Genson <71845777+michael-genson@users.noreply.github.com> --- .../user_services/registration_service.py | 10 +++--- .../user_tests/test_user_registration.py | 34 +++++++++++++++++++ 2 files changed, 39 insertions(+), 5 deletions(-) create mode 100644 tests/integration_tests/user_tests/test_user_registration.py diff --git a/mealie/services/user_services/registration_service.py b/mealie/services/user_services/registration_service.py index fc536fe1808a..a294e8152e9c 100644 --- a/mealie/services/user_services/registration_service.py +++ b/mealie/services/user_services/registration_service.py @@ -63,14 +63,10 @@ class RegistrationService: elif self.repos.users.get_one(registration.email, "email"): raise HTTPException(status.HTTP_409_CONFLICT, {"message": self.t("exceptions.email-conflict-error")}) - self.logger.info(f"Registering user {registration.username}") token_entry = None new_group = False - if registration.group: - new_group = True - group = self._register_new_group() - elif registration.group_token and registration.group_token != "": + if registration.group_token and registration.group_token != "": token_entry = self.repos.group_invite_tokens.get_one(registration.group_token) if not token_entry: raise HTTPException(status.HTTP_400_BAD_REQUEST, {"message": "Invalid group token"}) @@ -81,9 +77,13 @@ class RegistrationService: raise HTTPException(status.HTTP_400_BAD_REQUEST, {"message": "Invalid group token"}) group = maybe_none_group + elif registration.group: + new_group = True + group = self._register_new_group() else: raise HTTPException(status.HTTP_400_BAD_REQUEST, {"message": "Missing group"}) + self.logger.info(f"Registering user {registration.username}") user = self._create_new_user(group, new_group) if new_group and registration.seed_data: diff --git a/tests/integration_tests/user_tests/test_user_registration.py b/tests/integration_tests/user_tests/test_user_registration.py new file mode 100644 index 000000000000..596d2a57d531 --- /dev/null +++ b/tests/integration_tests/user_tests/test_user_registration.py @@ -0,0 +1,34 @@ +import random +import string + +from fastapi.testclient import TestClient +from mealie.core.config import get_app_settings +from tests.utils import api_routes +from tests.utils.factories import user_registration_factory + + +def test_register_user(api_client: TestClient, monkeypatch): + # create random registration + registration = user_registration_factory() + + # signup disabled but valid request + monkeypatch.setenv("ALLOW_SIGNUP", "False") + get_app_settings.cache_clear() + response = api_client.post(api_routes.users_register, json=registration.dict(by_alias=True)) + assert response.status_code == 403 + + # signup disabled, request includes non valid group token + registration.group_token = "".join(random.choice(string.ascii_lowercase + string.digits) for _ in range(10)).strip() + response = api_client.post(api_routes.users_register, json=registration.dict(by_alias=True)) + assert response.status_code == 400 + + # signup enabled but contains non valid group token + monkeypatch.setenv("ALLOW_SIGNUP", "True") + get_app_settings.cache_clear() + response = api_client.post(api_routes.users_register, json=registration.dict(by_alias=True)) + assert response.status_code == 400 + + # signup enabled and valid request + registration.group_token = None + response = api_client.post(api_routes.users_register, json=registration.dict(by_alias=True)) + assert response.status_code == 201