API - add route to accept privacy policy

2023-02-26 10:47:48 +01:00 · 2023-02-26 10:47:48 +01:00 · 8a3f9a5d59
commit 8a3f9a5d59
parent 1c1d2a77b7
2 changed files with 127 additions and 1 deletions
--- a/fittrackee/tests/users/test_auth_api.py
+++ b/fittrackee/tests/users/test_auth_api.py
@ -1,7 +1,7 @@
 import json
 from datetime import datetime, timedelta
 from io import BytesIO
-from typing import Optional
+from typing import Optional, Union
 from unittest.mock import MagicMock, Mock, patch

 import pytest
@ -2749,3 +2749,76 @@ class TestUserLogout(ApiTestCaseMixin):
        )

        self.assert_invalid_token(response)
+
+
+class TestUserPrivacyPolicyUpdate(ApiTestCaseMixin):
+    def test_it_returns_error_if_user_is_not_authenticated(
+        self, app: Flask, user_1: User
+    ) -> None:
+        client = app.test_client()
+
+        response = client.post(
+            '/api/auth/profile/edit/preferences',
+            content_type='application/json',
+            data=json.dumps(dict(accepted_policy=True)),
+        )
+
+        self.assert_401(response)
+
+    def test_it_returns_error_if_accepted_policy_is_missing(
+        self, app: Flask, user_1: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            '/api/auth/account/privacy-policy',
+            content_type='application/json',
+            data=json.dumps(dict()),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_400(response)
+
+    def test_it_updates_accepted_policy(
+        self,
+        app: Flask,
+        user_1: User,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+        accepted_policy_date = datetime.utcnow()
+
+        with patch('fittrackee.users.auth.datetime.datetime') as datetime_mock:
+            datetime_mock.utcnow = Mock(return_value=accepted_policy_date)
+            response = client.post(
+                '/api/auth/account/privacy-policy',
+                content_type='application/json',
+                data=json.dumps(dict(accepted_policy=True)),
+                headers=dict(Authorization=f'Bearer {auth_token}'),
+            )
+
+        assert response.status_code == 200
+        assert user_1.accepted_policy_date == accepted_policy_date
+
+    @pytest.mark.parametrize('input_accepted_policy', [False, '', None, 'foo'])
+    def test_it_return_error_if_user_has_not_accepted_policy(
+        self,
+        app: Flask,
+        user_1: User,
+        input_accepted_policy: Union[str, bool, None],
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.post(
+            '/api/auth/account/privacy-policy',
+            content_type='application/json',
+            data=json.dumps(dict(accepted_policy=input_accepted_policy)),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 400
--- a/fittrackee/users/auth.py
+++ b/fittrackee/users/auth.py
@ -883,6 +883,7 @@ def edit_user_preferences(auth_user: User) -> Union[Dict, HttpResponse]:
    :<json string language: language preferences
    :<json string timezone: user time zone
    :<json boolean weekm: does week start on Monday?
+    :<json boolean weekm: does week start on Monday?

    :reqheader Authorization: OAuth 2.0 Bearer Token

@ -1631,3 +1632,55 @@ def logout_user(auth_user: User) -> Union[Tuple[Dict, int], HttpResponse]:
        'status': 'success',
        'message': 'successfully logged out',
    }, 200
+
+
+@auth_blueprint.route('/auth/account/privacy-policy', methods=['POST'])
+@require_auth()
+def accept_privacy_policy(auth_user: User) -> Union[Dict, HttpResponse]:
+    """
+    The authenticated user accepts the privacy policy.
+
+    **Example request**:
+
+    .. sourcecode:: http
+
+      POST /auth/account/privacy-policy HTTP/1.1
+      Content-Type: application/json
+
+    **Example response**:
+
+    .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Content-Type: application/json
+
+      {
+        "status": "success"
+      }
+
+    :<json boolean accepted_policy: true if user accepted privacy policy
+
+    :reqheader Authorization: OAuth 2.0 Bearer Token
+
+    :statuscode 200: success
+    :statuscode 400:
+        - invalid payload
+    :statuscode 401:
+        - provide a valid auth token
+        - signature expired, please log in again
+        - invalid token, please log in again
+    :statuscode 500: internal server error
+    """
+    post_data = request.get_json()
+    if not post_data or not post_data.get('accepted_policy'):
+        return InvalidPayloadErrorResponse()
+
+    try:
+        if post_data.get('accepted_policy') is True:
+            auth_user.accepted_policy_date = datetime.datetime.utcnow()
+            db.session.commit()
+            return {"status": "success"}
+        else:
+            return InvalidPayloadErrorResponse()
+    except (exc.IntegrityError, exc.OperationalError, ValueError) as e:
+        return handle_error_and_return_response(e, db=db)