API - init endpoint to update password for authenticated user

2022-03-13 08:43:20 +01:00 · 2022-03-13 08:43:20 +01:00 · a4d7dc24da
commit a4d7dc24da
parent 5831a70d4b
2 changed files with 183 additions and 47 deletions
--- a/fittrackee/tests/users/test_auth_api.py
+++ b/fittrackee/tests/users/test_auth_api.py
@ -12,6 +12,7 @@ from fittrackee.users.utils.token import get_user_token
 from fittrackee.workouts.models import Sport, Workout

 from ..api_test_case import ApiTestCaseMixin
+from ..utils import random_string


 class TestUserRegistration(ApiTestCaseMixin):
@ -505,53 +506,6 @@ class TestUserProfileUpdate(ApiTestCaseMixin):
            app, user_1.email
        )

-        response = client.post(
-            '/api/auth/profile/edit',
-            content_type='application/json',
-            data=json.dumps(
-                dict(
-                    first_name='John',
-                    last_name='Doe',
-                    location='Somewhere',
-                    bio='Nothing to tell',
-                    birth_date='1980-01-01',
-                    password='87654321',
-                )
-            ),
-            headers=dict(Authorization=f'Bearer {auth_token}'),
-        )
-
-        data = json.loads(response.data.decode())
-        assert data['status'] == 'success'
-        assert data['message'] == 'user profile updated'
-        assert response.status_code == 200
-        assert data['data']['username'] == 'test'
-        assert data['data']['email'] == 'test@test.com'
-        assert not data['data']['admin']
-        assert data['data']['created_at']
-        assert data['data']['first_name'] == 'John'
-        assert data['data']['last_name'] == 'Doe'
-        assert data['data']['birth_date']
-        assert data['data']['bio'] == 'Nothing to tell'
-        assert data['data']['imperial_units'] is False
-        assert data['data']['location'] == 'Somewhere'
-        assert data['data']['timezone'] is None
-        assert data['data']['weekm'] is False
-        assert data['data']['language'] is None
-        assert data['data']['nb_sports'] == 0
-        assert data['data']['nb_workouts'] == 0
-        assert data['data']['records'] == []
-        assert data['data']['sports_list'] == []
-        assert data['data']['total_distance'] == 0
-        assert data['data']['total_duration'] == '0:00:00'
-
-    def test_it_updates_user_profile_without_password(
-        self, app: Flask, user_1: User
-    ) -> None:
-        client, auth_token = self.get_test_client_and_auth_token(
-            app, user_1.email
-        )
-
        response = client.post(
            '/api/auth/profile/edit',
            content_type='application/json',
@ -624,6 +578,58 @@ class TestUserProfileUpdate(ApiTestCaseMixin):
        self.assert_400(response)


+class TestUserAccountUpdate(ApiTestCaseMixin):
+    def test_it_returns_error_if_payload_is_empty(
+        self, app: Flask, user_1: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.patch(
+            '/api/auth/profile/edit/account',
+            content_type='application/json',
+            data=json.dumps(dict()),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_400(response)
+
+    def test_it_updates_user_profile(self, app: Flask, user_1: User) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.patch(
+            '/api/auth/profile/edit/account',
+            content_type='application/json',
+            data=json.dumps(dict(password=random_string())),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+        assert response.status_code == 200
+        data = json.loads(response.data.decode())
+        assert data['status'] == 'success'
+        assert data['message'] == 'user account updated'
+
+    def test_it_returns_error_if_controls_fail(
+        self, app: Flask, user_1: User
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app, user_1.email
+        )
+
+        response = client.patch(
+            '/api/auth/profile/edit/account',
+            content_type='application/json',
+            data=json.dumps(dict(password=random_string(length=5))),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_400(
+            response, error_message='password: 8 characters required'
+        )
+
+
 class TestUserPreferencesUpdate(ApiTestCaseMixin):
    def test_it_updates_user_preferences(
        self, app: Flask, user_1: User
--- a/fittrackee/users/auth.py
+++ b/fittrackee/users/auth.py
@ -542,6 +542,136 @@ def edit_user(auth_user: User) -> Union[Dict, HttpResponse]:
        return handle_error_and_return_response(e, db=db)


+@auth_blueprint.route('/auth/profile/edit/account', methods=['PATCH'])
+@authenticate
+def update_user_account(auth_user: User) -> Union[Dict, HttpResponse]:
+    """
+    update authenticated user password
+
+    **Example request**:
+
+    .. sourcecode:: http
+
+      PATCH /api/auth/profile/edit/account HTTP/1.1
+      Content-Type: application/json
+
+    **Example response**:
+
+    .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Content-Type: application/json
+
+      {
+        "data": {
+          "admin": false,
+          "bio": null,
+          "birth_date": null,
+          "created_at": "Sun, 14 Jul 2019 14:09:58 GMT",
+          "email": "sam@example.com",
+          "first_name": null,
+          "imperial_units": false,
+          "language": "en",
+          "last_name": null,
+          "location": null,
+          "nb_sports": 3,
+          "nb_workouts": 6,
+          "picture": false,
+          "records": [
+            {
+              "id": 9,
+              "record_type": "AS",
+              "sport_id": 1,
+              "user": "sam",
+              "value": 18,
+              "workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
+              "workout_id": "hvYBqYBRa7wwXpaStWR4V2"
+            },
+            {
+              "id": 10,
+              "record_type": "FD",
+              "sport_id": 1,
+              "user": "sam",
+              "value": 18,
+              "workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
+              "workout_id": "hvYBqYBRa7wwXpaStWR4V2"
+            },
+            {
+              "id": 11,
+              "record_type": "LD",
+              "sport_id": 1,
+              "user": "sam",
+              "value": "1:01:00",
+              "workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
+              "workout_id": "hvYBqYBRa7wwXpaStWR4V2"
+            },
+            {
+              "id": 12,
+              "record_type": "MS",
+              "sport_id": 1,
+              "user": "sam",
+              "value": 18,
+              "workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
+              "workout_id": "hvYBqYBRa7wwXpaStWR4V2"
+            }
+          ],
+          "sports_list": [
+              1,
+              4,
+              6
+          ],
+          "timezone": "Europe/Paris",
+          "total_distance": 67.895,
+          "total_duration": "6:50:27",
+          "username": "sam"
+          "weekm": true,
+        },
+        "message": "user profile updated",
+        "status": "success"
+      }
+
+    :<json string password: user password
+
+    :reqheader Authorization: OAuth 2.0 Bearer Token
+
+    :statuscode 200: user account updated
+    :statuscode 400:
+        - invalid payload
+        - password: 8 characters required
+    :statuscode 401:
+        - provide a valid auth token
+        - signature expired, please log in again
+        - invalid token, please log in again
+    :statuscode 500: error, please try again or contact the administrator
+
+    """
+    data = request.get_json()
+    if not data:
+        return InvalidPayloadErrorResponse()
+
+    password_data = data.get('password')
+    message = check_password(password_data)
+    if message != '':
+        return InvalidPayloadErrorResponse(message)
+    password = bcrypt.generate_password_hash(
+        password_data, current_app.config.get('BCRYPT_LOG_ROUNDS')
+    ).decode()
+
+    try:
+        auth_user.password = password
+        db.session.commit()
+
+        return {
+            'status': 'success',
+            'message': 'user account updated',
+            'data': auth_user.serialize(),
+        }
+
+    # handler errors
+    except (exc.IntegrityError, exc.OperationalError, ValueError) as e:
+        return handle_error_and_return_response(e, db=db)
+
+
@auth_blueprint.route('/auth/profile/edit/preferences', methods=['POST'])
@authenticate
 def edit_user_preferences(auth_user: User) -> Union[Dict, HttpResponse]: