API & Client - complete users administration

fittrackee/tests/users/test_users_api.py

@@ -1156,6 +1156,24 @@ class TestUpdateUser(ApiTestCaseMixin):
 
         self.assert_400(response, 'valid email must be provided')
 
+    def test_it_returns_error_when_new_email_is_same_as_current_email(
+        self, app: Flask, user_1_admin: User, user_2: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.patch(
+            f'/api/users/{user_2.username}',
+            content_type='application/json',
+            data=json.dumps(dict(new_email=user_2.email)),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_400(
+            response, 'new email must be different than curent email'
+        )
+
     def test_it_does_not_send_email_when_error_on_updating_email(
         self,
         app: Flask,
@@ -1233,6 +1251,52 @@ class TestUpdateUser(ApiTestCaseMixin):
             },
         )
 
+    def test_it_activates_user_account(
+        self, app: Flask, user_1_admin: User, inactive_user: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.patch(
+            f'/api/users/{inactive_user.username}',
+            content_type='application/json',
+            data=json.dumps(dict(activate=True)),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 1
+        user = data['data']['users'][0]
+        assert user['email'] == inactive_user.email
+        assert user['is_active'] is True
+        assert inactive_user.confirmation_token is None
+
+    def test_it_can_only_activate_user_account(
+        self, app: Flask, user_1_admin: User, user_2: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1_admin.email
+        )
+
+        response = client.patch(
+            f'/api/users/{user_2.username}',
+            content_type='application/json',
+            data=json.dumps(dict(activate=False)),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert 'success' in data['status']
+        assert len(data['data']['users']) == 1
+        user = data['data']['users'][0]
+        assert user['email'] == user_2.email
+        assert user['is_active'] is True
+        assert user_2.confirmation_token is None
+
 
 class TestDeleteUser(ApiTestCaseMixin):
     def test_user_can_delete_its_own_account(

fittrackee/users/users.py

@@ -395,7 +395,11 @@ def get_picture(user_name: str) -> Any:
 @authenticate_as_admin
 def update_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
     """
-    Update user to add admin rights
+    Update user account
+    - add/remove admin rights
+    - reset password and send email to update user password
+    - update user email
+    - activate account for an inactive user
 
     Only user with admin rights can modify another user
 
@@ -484,11 +488,18 @@ def update_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
 
     :param string user_name: user name
 
+    :<json boolean activate: activate user account
     :<json boolean admin: does the user have administrator rights
+    :<json boolean new_email: new user email
+    :<json boolean reset_password: reset user password
 
     :reqheader Authorization: OAuth 2.0 Bearer Token
 
     :statuscode 200: success
+    :statuscode 400:
+        - invalid payload
+        - valid email must be provided
+        - new email must be different than curent email
     :statuscode 401:
         - provide a valid auth token
         - signature expired, please log in again
@@ -512,10 +523,11 @@ def update_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
         if 'admin' in user_data:
             user.admin = user_data['admin']
 
-        if (
-            'reset_password' in user_data
-            and user_data['reset_password'] is True
-        ):
+        if user_data.get('activate', False):
+            user.is_active = True
+            user.confirmation_token = None
+
+        if user_data.get('reset_password', False):
             new_password = secrets.token_urlsafe(30)
             user.password = bcrypt.generate_password_hash(
                 new_password, current_app.config.get('BCRYPT_LOG_ROUNDS')
@@ -524,6 +536,10 @@ def update_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
 
         if 'new_email' in user_data:
             if is_valid_email(user_data['new_email']):
+                if user_data['new_email'] == user.email:
+                    return InvalidPayloadErrorResponse(
+                        'new email must be different than curent email'
+                    )
                 user.email_to_confirm = user_data['new_email']
                 user.confirmation_token = secrets.token_urlsafe(30)
                 send_new_address_email = True