Skip to content

Commit ceacb4c

Browse files
nishika26nishika26
authored
Auth : Only autheticated superusers allowed to register user (#257)
* authenticate endpoint and is superuser * removed superuser part * small changes
1 parent fefc02f commit ceacb4c

File tree

2 files changed

+16
-3
lines changed

2 files changed

+16
-3
lines changed

backend/app/api/routes/users.py

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -121,8 +121,15 @@ def delete_user_me(session: SessionDep, current_user: CurrentUser) -> Any:
121121
return Message(message="User deleted successfully")
122122

123123

124-
@router.post("/signup", response_model=UserPublic)
124+
@router.post(
125+
"/signup",
126+
dependencies=[Depends(get_current_active_superuser)],
127+
response_model=UserPublic,
128+
)
125129
def register_user(session: SessionDep, user_in: UserRegister) -> Any:
130+
"""
131+
This endpoint allows the registration of a new user and is accessible only by a superuser.
132+
"""
126133
if get_user_by_email(session=session, email=user_in.email):
127134
raise HTTPException(
128135
status_code=400,

backend/app/tests/api/routes/test_users.py

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -259,13 +259,16 @@ def test_update_password_me_same_password_error(
259259
assert updated_user["error"] == "New password cannot be the same as the current one"
260260

261261

262-
def test_register_user(client: TestClient, db: Session) -> None:
262+
def test_register_user(
263+
client: TestClient, superuser_token_headers: dict[str, str], db: Session
264+
) -> None:
263265
username = random_email()
264266
password = random_lower_string()
265267
full_name = random_lower_string()
266268
data = {"email": username, "password": password, "full_name": full_name}
267269
r = client.post(
268270
f"{settings.API_V1_STR}/users/signup",
271+
headers=superuser_token_headers,
269272
json=data,
270273
)
271274
assert r.status_code == 200
@@ -281,7 +284,9 @@ def test_register_user(client: TestClient, db: Session) -> None:
281284
assert verify_password(password, user_db.hashed_password)
282285

283286

284-
def test_register_user_already_exists_error(client: TestClient) -> None:
287+
def test_register_user_already_exists_error(
288+
client: TestClient, superuser_token_headers: dict[str, str]
289+
) -> None:
285290
password = random_lower_string()
286291
full_name = random_lower_string()
287292
data = {
@@ -291,6 +296,7 @@ def test_register_user_already_exists_error(client: TestClient) -> None:
291296
}
292297
r = client.post(
293298
f"{settings.API_V1_STR}/users/signup",
299+
headers=superuser_token_headers,
294300
json=data,
295301
)
296302
assert r.status_code == 400

0 commit comments

Comments
 (0)