Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ops 3111/update system admin role #3117

Merged
merged 12 commits into from
Nov 25, 2024
Merged

Ops 3111/update system admin role #3117

Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
e43d990
refactor: update admin user role to SYSTEM_OWNER role in BE
johndeange Nov 20, 2024
7110304
test: update BE unit tests and test data
johndeange Nov 21, 2024
b954820
test: edit FE e2e to allow system owner login
johndeange Nov 21, 2024
8a7a694
test: add system owner role to initial data set
johndeange Nov 21, 2024
d825fed
refactor: change to is_system_owner
johndeange Nov 21, 2024
d4209a6
test: remove unused function
johndeange Nov 21, 2024
de86689
feat: use labels instead of role names
johndeange Nov 21, 2024
95daf5a
Merge branch 'main' into OPS-3111/update-system-admin-role
johndeange Nov 21, 2024
09eb1f4
test: fix fe unit tests
johndeange Nov 21, 2024
c1755ab
Merge branch 'main' into OPS-3111/update-system-admin-role
johndeange Nov 21, 2024
e22db28
Merge branch 'main' into OPS-3111/update-system-admin-role
johndeange Nov 25, 2024
a44a639
Merge branch 'main' into OPS-3111/update-system-admin-role
johndeange Nov 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 13 additions & 7 deletions backend/data_tools/data/user_data.json5
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,8 @@
}
],
role: [
{ // 1 Admin
name: "admin",
{ // 1 SYSTEM_OWNER
name: "SYSTEM_OWNER",
permissions: [
"GET_AGREEMENT",
"PUT_AGREEMENT",
Expand All @@ -50,7 +50,6 @@
"PUT_BUDGET_LINE_ITEM",
"PATCH_BUDGET_LINE_ITEM",
"POST_BUDGET_LINE_ITEM",
// Delete permissions are only for local, not for prod. Users should not have delete BLI permissions in prod.
"DELETE_BUDGET_LINE_ITEM",

"GET_SERVICES_COMPONENT",
Expand All @@ -70,18 +69,25 @@
"DELETE_CAN",

"GET_DIVISION",
"PUT_DIVISION",
"PATCH_DIVISION",
"POST_DIVISION",
"DELETE_DIVISION",

"GET_NOTIFICATION",
"PUT_NOTIFICATION",
"PATCH_NOTIFICATION",

"GET_PORTFOLIO",
"PUT_PORTFOLIO",
"PATCH_PORTFOLIO",
"POST_PORTFOLIO",
"DELETE_PORTFOLIO",

"GET_RESEARCH_PROJECT",
"POST_RESEARCH_PROJECT",

"GET_USER",

"PUT_USER",
"PATCH_USER",

Expand Down Expand Up @@ -507,10 +513,10 @@
status: "ACTIVE"
},
{ // 520 User is used in E2E tests
first_name: "Admin",
last_name: "Demo",
first_name: "System",
last_name: "Owner",
division: 3,
email: "admin.demo@email.com",
email: "system.owner@email.com",
oidc_id: "00000000-0000-1111-a111-000000000018",
roles: [{"tablename": "role", "id": 1}],
status: "ACTIVE"
Expand Down
2 changes: 1 addition & 1 deletion backend/data_tools/initial_data/001-division.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
INSERT INTO ops.division (id, name, abbreviation, created_on, updated_on) VALUES (1, 'Child Care', 'CC', current_timestamp, current_timestamp);
INSERT INTO ops.division (id, name, abbreviation, created_on, updated_on) VALUES (2, 'Division of Economic Independence', 'DEI', current_timestamp, current_timestamp);
INSERT INTO ops.division (id, name, abbreviation, created_on, updated_on) VALUES (3, 'Office of the Director', 'OD', current_timestamp, current_timestamp);
INSERT INTO ops.division (id, name, abbreviation, created_on, updated_on) VALUES (4, 'Division of Child and Family Development', 'DFCD', current_timestamp, current_timestamp);
INSERT INTO ops.division (id, name, abbreviation, created_on, updated_on) VALUES (4, 'Division of Child and Family Development', 'DCFD', current_timestamp, current_timestamp);
INSERT INTO ops.division (id, name, abbreviation, created_on, updated_on) VALUES (5, 'Division of Family Strengthening', 'DFS', current_timestamp, current_timestamp);
INSERT INTO ops.division (id, name, abbreviation, created_on, updated_on) VALUES (6, 'Division of Data and Improvement', 'DDI', current_timestamp, current_timestamp);
INSERT INTO ops.division (id, name, abbreviation, created_on, updated_on) VALUES (7, 'Non-OPRE Division', 'OTHER', current_timestamp, current_timestamp);
2 changes: 1 addition & 1 deletion backend/data_tools/initial_data/003-role.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
INSERT INTO ops.role (id, name, permissions, created_on, updated_on) VALUES (1, 'admin', '{GET_AGREEMENT,PUT_AGREEMENT,PATCH_AGREEMENT,DELETE_AGREEMENT,POST_AGREEMENT,GET_BUDGET_LINE_ITEM,PUT_BUDGET_LINE_ITEM,PATCH_BUDGET_LINE_ITEM,POST_BUDGET_LINE_ITEM,GET_SERVICES_COMPONENT,PUT_SERVICES_COMPONENT,PATCH_SERVICES_COMPONENT,POST_SERVICES_COMPONENT,GET_BLI_PACKAGE,PUT_BLI_PACKAGE,PATCH_BLI_PACKAGE,POST_BLI_PACKAGE,GET_CAN,POST_CAN,PATCH_CAN,PUT_CAN,DELETE_CAN,GET_DIVISION,GET_NOTIFICATION,PUT_NOTIFICATION,PATCH_NOTIFICATION,GET_PORTFOLIO,GET_RESEARCH_PROJECT,POST_RESEARCH_PROJECT,GET_USER,PUT_USER,POST_USER,PATCH_USER,GET_USERS,GET_HISTORY,GET_WORKFLOW,PUT_WORKFLOW,PATCH_WORKFLOW,POST_WORKFLOW,GET_CHANGE_REQUEST,PATCH_CHANGE_REQUEST,POST_CHANGE_REQUEST,GET_CHANGE_REQUEST_REVIEW,PATCH_CHANGE_REQUEST_REVIEW,POST_CHANGE_REQUEST_REVIEW}', current_timestamp, current_timestamp);
INSERT INTO ops.role (id, name, permissions, created_by, updated_by, created_on, updated_on) VALUES (1, 'SYSTEM_OWNER', '{GET_AGREEMENT,PUT_AGREEMENT,PATCH_AGREEMENT,DELETE_AGREEMENT,POST_AGREEMENT,GET_BUDGET_LINE_ITEM,PUT_BUDGET_LINE_ITEM,PATCH_BUDGET_LINE_ITEM,POST_BUDGET_LINE_ITEM,DELETE_BUDGET_LINE_ITEM,GET_SERVICES_COMPONENT,PUT_SERVICES_COMPONENT,PATCH_SERVICES_COMPONENT,POST_SERVICES_COMPONENT,GET_BLI_PACKAGE,PUT_BLI_PACKAGE,PATCH_BLI_PACKAGE,POST_BLI_PACKAGE,GET_CAN,POST_CAN,PATCH_CAN,PUT_CAN,DELETE_CAN,GET_DIVISION,PUT_DIVISION,PATCH_DIVISION,POST_DIVISION,DELETE_DIVISION,GET_NOTIFICATION,PUT_NOTIFICATION,PATCH_NOTIFICATION,GET_PORTFOLIO,PUT_PORTFOLIO,PATCH_PORTFOLIO,POST_PORTFOLIO,DELETE_PORTFOLIO,GET_RESEARCH_PROJECT,POST_RESEARCH_PROJECT,GET_USER,PUT_USER,PATCH_USER,GET_HISTORY,GET_WORKFLOW,PUT_WORKFLOW,PATCH_WORKFLOW,POST_WORKFLOW,GET_CHANGE_REQUEST,PATCH_CHANGE_REQUEST,POST_CHANGE_REQUEST,GET_CHANGE_REQUEST_REVIEW,PATCH_CHANGE_REQUEST_REVIEW,POST_CHANGE_REQUEST_REVIEW,GET_UPLOAD_DOCUMENT,POST_UPLOAD_DOCUMENT,PATCH_UPLOAD_DOCUMENT}', current_timestamp, current_timestamp);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All our other roles are lowercase. Should we make the other roles upper case or should we make this one lowercase for consistency.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They are currently a mix of upper and lowercase - I think they should be upper case. This PR updates the first of the roles - the other roles that are currently lowercase would be made uppercase in future PRs.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good! I'll give an approval.

INSERT INTO ops.role (id, name, permissions, created_on, updated_on) VALUES (2, 'user', '{GET_AGREEMENT,PUT_AGREEMENT,PATCH_AGREEMENT,POST_AGREEMENT,GET_BUDGET_LINE_ITEM,PUT_BUDGET_LINE_ITEM,PATCH_BUDGET_LINE_ITEM,POST_BUDGET_LINE_ITEM,GET_SERVICES_COMPONENT,PUT_SERVICES_COMPONENT,PATCH_SERVICES_COMPONENT,POST_SERVICES_COMPONENT,GET_BLI_PACKAGE,PUT_BLI_PACKAGE,PATCH_BLI_PACKAGE,POST_BLI_PACKAGE,GET_CAN,GET_DIVISION,GET_NOTIFICATION,PUT_NOTIFICATION,PATCH_NOTIFICATION,GET_PORTFOLIO,GET_RESEARCH_PROJECT,POST_RESEARCH_PROJECT,GET_USER,GET_USERS,GET_HISTORY,GET_WORKFLOW,GET_CHANGE_REQUEST,PATCH_CHANGE_REQUEST,POST_CHANGE_REQUEST,GET_CHANGE_REQUEST_REVIEW}', current_timestamp, current_timestamp);
INSERT INTO ops.role (id, name, permissions, created_on, updated_on) VALUES (3, 'unassigned', '{GET_USER,POST_USER,PUT_USER,PATCH_USER}', current_timestamp, current_timestamp);
INSERT INTO ops.role (id, name, permissions, created_on, updated_on) VALUES (4, 'division-director', '{GET_AGREEMENT,PUT_AGREEMENT,PATCH_AGREEMENT,POST_AGREEMENT,GET_BUDGET_LINE_ITEM,PUT_BUDGET_LINE_ITEM,PATCH_BUDGET_LINE_ITEM,POST_BUDGET_LINE_ITEM,GET_SERVICES_COMPONENT,PUT_SERVICES_COMPONENT,PATCH_SERVICES_COMPONENT,POST_SERVICES_COMPONENT,GET_BLI_PACKAGE,PUT_BLI_PACKAGE,PATCH_BLI_PACKAGE,POST_BLI_PACKAGE,GET_CAN,GET_DIVISION,GET_NOTIFICATION,PUT_NOTIFICATION,PATCH_NOTIFICATION,GET_PORTFOLIO,GET_RESEARCH_PROJECT,POST_RESEARCH_PROJECT,GET_USER,GET_USERS,GET_HISTORY,GET_WORKFLOW,PUT_WORKFLOW,PATCH_WORKFLOW,POST_WORKFLOW,GET_CHANGE_REQUEST,PATCH_CHANGE_REQUEST,POST_CHANGE_REQUEST,GET_CHANGE_REQUEST_REVIEW,PATCH_CHANGE_REQUEST_REVIEW,POST_CHANGE_REQUEST_REVIEW}', current_timestamp, current_timestamp);
Expand Down
2 changes: 1 addition & 1 deletion backend/data_tools/initial_data/004-role_version.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
INSERT INTO ops.role_version (id, name, permissions, created_on, updated_on, transaction_id, end_transaction_id, operation_type) VALUES (1, 'admin', '{GET_AGREEMENT,PUT_AGREEMENT,PATCH_AGREEMENT,DELETE_AGREEMENT,POST_AGREEMENT,GET_BUDGET_LINE_ITEM,PUT_BUDGET_LINE_ITEM,PATCH_BUDGET_LINE_ITEM,POST_BUDGET_LINE_ITEM,GET_SERVICES_COMPONENT,PUT_SERVICES_COMPONENT,PATCH_SERVICES_COMPONENT,POST_SERVICES_COMPONENT,GET_BLI_PACKAGE,PUT_BLI_PACKAGE,PATCH_BLI_PACKAGE,POST_BLI_PACKAGE,GET_CAN,GET_DIVISION,GET_NOTIFICATION,PUT_NOTIFICATION,PATCH_NOTIFICATION,GET_PORTFOLIO,GET_RESEARCH_PROJECT,POST_RESEARCH_PROJECT,GET_USER,PUT_USER,POST_USER,PATCH_USER,GET_USERS,GET_HISTORY,GET_WORKFLOW,PUT_WORKFLOW,PATCH_WORKFLOW,POST_WORKFLOW,GET_CHANGE_REQUEST,PATCH_CHANGE_REQUEST,POST_CHANGE_REQUEST,GET_CHANGE_REQUEST_REVIEW,PATCH_CHANGE_REQUEST_REVIEW,POST_CHANGE_REQUEST_REVIEW}', current_timestamp, current_timestamp, 1, null, 0);
INSERT INTO ops.role_version (id, name, permissions, created_by, updated_by, created_on, updated_on, transaction_id, end_transaction_id, operation_type) VALUES (1, 'SYSTEM_OWNER', '{GET_AGREEMENT,PUT_AGREEMENT,PATCH_AGREEMENT,DELETE_AGREEMENT,POST_AGREEMENT,GET_BUDGET_LINE_ITEM,PUT_BUDGET_LINE_ITEM,PATCH_BUDGET_LINE_ITEM,POST_BUDGET_LINE_ITEM,DELETE_BUDGET_LINE_ITEM,GET_SERVICES_COMPONENT,PUT_SERVICES_COMPONENT,PATCH_SERVICES_COMPONENT,POST_SERVICES_COMPONENT,GET_BLI_PACKAGE,PUT_BLI_PACKAGE,PATCH_BLI_PACKAGE,POST_BLI_PACKAGE,GET_CAN,POST_CAN,PATCH_CAN,PUT_CAN,DELETE_CAN,GET_DIVISION,PUT_DIVISION,PATCH_DIVISION,POST_DIVISION,DELETE_DIVISION,GET_NOTIFICATION,PUT_NOTIFICATION,PATCH_NOTIFICATION,GET_PORTFOLIO,PUT_PORTFOLIO,PATCH_PORTFOLIO,POST_PORTFOLIO,DELETE_PORTFOLIO,GET_RESEARCH_PROJECT,POST_RESEARCH_PROJECT,GET_USER,PUT_USER,PATCH_USER,GET_HISTORY,GET_WORKFLOW,PUT_WORKFLOW,PATCH_WORKFLOW,POST_WORKFLOW,GET_CHANGE_REQUEST,PATCH_CHANGE_REQUEST,POST_CHANGE_REQUEST,GET_CHANGE_REQUEST_REVIEW,PATCH_CHANGE_REQUEST_REVIEW,POST_CHANGE_REQUEST_REVIEW,GET_UPLOAD_DOCUMENT,POST_UPLOAD_DOCUMENT,PATCH_UPLOAD_DOCUMENT}', current_timestamp, current_timestamp, 1, null, 0);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same point as 003-role.sql about uppercase-lowercase inconsistency for role name

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same comment as above

INSERT INTO ops.role_version (id, name, permissions, created_on, updated_on, transaction_id, end_transaction_id, operation_type) VALUES (2, 'user', '{GET_AGREEMENT,PUT_AGREEMENT,PATCH_AGREEMENT,POST_AGREEMENT,GET_BUDGET_LINE_ITEM,PUT_BUDGET_LINE_ITEM,PATCH_BUDGET_LINE_ITEM,POST_BUDGET_LINE_ITEM,GET_SERVICES_COMPONENT,PUT_SERVICES_COMPONENT,PATCH_SERVICES_COMPONENT,POST_SERVICES_COMPONENT,GET_BLI_PACKAGE,PUT_BLI_PACKAGE,PATCH_BLI_PACKAGE,POST_BLI_PACKAGE,GET_CAN,GET_DIVISION,GET_NOTIFICATION,PUT_NOTIFICATION,PATCH_NOTIFICATION,GET_PORTFOLIO,GET_RESEARCH_PROJECT,POST_RESEARCH_PROJECT,GET_USER,GET_USERS,GET_HISTORY,GET_WORKFLOW,GET_CHANGE_REQUEST,PATCH_CHANGE_REQUEST,POST_CHANGE_REQUEST,GET_CHANGE_REQUEST_REVIEW}', current_timestamp, current_timestamp, 1, null, 0);
INSERT INTO ops.role_version (id, name, permissions, created_on, updated_on, transaction_id, end_transaction_id, operation_type) VALUES (3, 'unassigned', '{GET_USER,POST_USER,PUT_USER,PATCH_USER}', current_timestamp, current_timestamp, 1, null, 0);
INSERT INTO ops.role_version (id, name, permissions, created_on, updated_on, transaction_id, end_transaction_id, operation_type) VALUES (4, 'division-director', '{GET_AGREEMENT,PUT_AGREEMENT,PATCH_AGREEMENT,POST_AGREEMENT,GET_BUDGET_LINE_ITEM,PUT_BUDGET_LINE_ITEM,PATCH_BUDGET_LINE_ITEM,POST_BUDGET_LINE_ITEM,GET_SERVICES_COMPONENT,PUT_SERVICES_COMPONENT,PATCH_SERVICES_COMPONENT,POST_SERVICES_COMPONENT,GET_BLI_PACKAGE,PUT_BLI_PACKAGE,PATCH_BLI_PACKAGE,POST_BLI_PACKAGE,GET_CAN,GET_DIVISION,GET_NOTIFICATION,PUT_NOTIFICATION,PATCH_NOTIFICATION,GET_PORTFOLIO,GET_RESEARCH_PROJECT,POST_RESEARCH_PROJECT,GET_USER,GET_USERS,GET_HISTORY,GET_WORKFLOW,PUT_WORKFLOW,PATCH_WORKFLOW,POST_WORKFLOW,GET_CHANGE_REQUEST,PATCH_CHANGE_REQUEST,POST_CHANGE_REQUEST,GET_CHANGE_REQUEST_REVIEW,PATCH_CHANGE_REQUEST_REVIEW,POST_CHANGE_REQUEST_REVIEW}', current_timestamp, current_timestamp, 1, null, 0);
Expand Down
8 changes: 4 additions & 4 deletions backend/ops_api/ops/auth/authentication_provider/fake_auth_provider.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,10 @@ def __init__(
self.config = config

self.fakeUsers = {
"admin_user": {
"given_name": "Admin",
"family_name": "Demo",
"email": "admin.demo@email.com",
"system_owner": {
"given_name": "System",
"family_name": "Owner",
"email": "system.owner@email.com",
"sub": "00000000-0000-1111-a111-000000000018",
},
"budget_team": {
Expand Down
6 changes: 3 additions & 3 deletions backend/ops_api/ops/document/service.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,18 +8,18 @@


class DocumentService:
def __init__(self, document_gateway: DocumentGateway, current_user_id=None, is_admin=False) -> None:
def __init__(self, document_gateway: DocumentGateway, current_user_id=None, is_system_owner=False) -> None:
self.gateway = document_gateway
self.repository = self.gateway.create_repository()
self.current_user_id = current_user_id if current_user_id else current_user.id
self.is_admin_user = is_admin or ("admin" in current_user.roles if current_user else False)
self.is_system_owner = is_system_owner or ("SYSTEM_OWNER" in current_user.roles if current_user else False)

def can_access_docs(self, agreement_id):
"""
Check if the current user can access documents for a specific agreement.
"""
is_agreement_user = is_user_linked_to_agreement(self.current_user_id, agreement_id)
return is_agreement_user or self.is_admin_user
return is_agreement_user or self.is_system_owner

def get_documents_by_agreement_id(self, agreement_id):
"""
Expand Down
8 changes: 4 additions & 4 deletions backend/ops_api/ops/resources/users.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,8 @@ def get(self, id: int) -> Response:
:return: The user

Business Rules:
- If the user is an admin, they can get the full details of any user
- If the user is not an admin, they can get the full details of their own user or a safe version of another user
- If the user is a SYSTEM_OWNER, they can get the full details of any user
- If the user is not a SYSTEM_OWNER, they can get the full details of their own user or a safe version of another user
"""
with OpsEventHandler(OpsEventType.GET_USER_DETAILS) as meta:
user: User = users_service.get_user(current_app.db_session, id=id)
Expand Down Expand Up @@ -113,8 +113,8 @@ def get(self) -> Response:
:return: All users

Business Rules:
- If the user is an admin, they can get the full details of all users
- If the user is not an admin, they can get the safe version of other users
- If the user is a SYSTEM_OWNER, they can get the full details of all users
- If the user is not a SYSTEM_OWNER, they can get the safe version of other users
"""
with OpsEventHandler(OpsEventType.GET_USER_DETAILS) as meta:
schema = QueryParameters()
Expand Down
8 changes: 0 additions & 8 deletions backend/ops_api/ops/utils/users.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,6 @@
from models import Role, User


def is_admin(user: User, session: Session = None) -> bool:
if not session:
session = current_app.db_session

admin_role = session.execute(select(Role).where(Role.name == "admin")).scalar_one()
return admin_role in user.roles


def is_user_admin(user: User, session: Session = None) -> bool:
if not session:
session = current_app.db_session
Expand Down
16 changes: 8 additions & 8 deletions backend/ops_api/tests/auth/test_login.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@

@pytest.fixture()
def db_with_active_user_session(loaded_db, test_user):
user = loaded_db.execute(select(User).where(User.email == "admin[email protected]")).scalars().one_or_none()
user = loaded_db.execute(select(User).where(User.email == "user[email protected]")).scalars().one_or_none()
active_user_session_1 = UserSession(
user_id=user.id,
is_active=True,
Expand Down Expand Up @@ -63,7 +63,7 @@ def db_with_active_user_session(loaded_db, test_user):

@pytest.fixture()
def db_with_inactive_user_session(loaded_db, test_user):
user = loaded_db.execute(select(User).where(User.email == "admin[email protected]")).scalars().one_or_none()
user = loaded_db.execute(select(User).where(User.email == "user[email protected]")).scalars().one_or_none()
active_user_session_1 = UserSession(
user_id=user.id,
is_active=False,
Expand Down Expand Up @@ -118,10 +118,10 @@ def db_with_inactive_user_session(loaded_db, test_user):
def test_login_with_no_active_session(client, loaded_db, mocker):
# setup mocks
m2 = mocker.patch("ops_api.ops.auth.service._get_token_and_user_data_from_internal_auth")
user = loaded_db.execute(select(User).where(User.email == "admin[email protected]")).scalars().one_or_none()
user = loaded_db.execute(select(User).where(User.email == "user[email protected]")).scalars().one_or_none()
m2.return_value = ("blah", "blah", user)

res = client.post("/auth/login/", json={"provider": "fakeauth", "code": "admin_user"})
res = client.post("/auth/login/", json={"provider": "fakeauth", "code": "basic_user"})
assert res.status_code == 200

stmt = select(UserSession).where(UserSession.user_id == user.id)
Expand All @@ -145,13 +145,13 @@ def test_login_with_active_session(client, db_with_active_user_session, mocker):
m1.return_value = False
m2 = mocker.patch("ops_api.ops.auth.service._get_token_and_user_data_from_internal_auth")
user = (
db_with_active_user_session.execute(select(User).where(User.email == "admin[email protected]"))
db_with_active_user_session.execute(select(User).where(User.email == "user[email protected]"))
.scalars()
.one_or_none()
) # noqa
m2.return_value = ("blah", "blah", user)

res = client.post("/auth/login/", json={"provider": "fakeauth", "code": "admin_user"})
res = client.post("/auth/login/", json={"provider": "fakeauth", "code": "basic_user"})
assert res.status_code == 200

stmt = select(UserSession).where(UserSession.user_id == user.id).order_by(UserSession.created_on.desc())
Expand All @@ -172,13 +172,13 @@ def test_login_with_inactive_session(client, db_with_inactive_user_session, mock
# setup mocks
m2 = mocker.patch("ops_api.ops.auth.service._get_token_and_user_data_from_internal_auth")
user = (
db_with_inactive_user_session.execute(select(User).where(User.email == "admin[email protected]"))
db_with_inactive_user_session.execute(select(User).where(User.email == "user[email protected]"))
.scalars()
.one_or_none()
) # noqa
m2.return_value = ("blah", "blah", user)

res = client.post("/auth/login/", json={"provider": "fakeauth", "code": "admin_user"})
res = client.post("/auth/login/", json={"provider": "fakeauth", "code": "basic_user"})
assert res.status_code == 200

stmt = select(UserSession).where(UserSession.user_id == user.id).order_by(UserSession.created_on.desc())
Expand Down
10 changes: 5 additions & 5 deletions backend/ops_api/tests/auth/test_logout.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@

@pytest.fixture()
def db_with_active_user_session(loaded_db, test_user):
user = loaded_db.execute(select(User).where(User.email == "admin[email protected]")).scalars().one_or_none()
user = loaded_db.execute(select(User).where(User.email == "user[email protected]")).scalars().one_or_none()
active_user_session_1 = UserSession(
user_id=user.id,
is_active=True,
Expand Down Expand Up @@ -63,12 +63,12 @@ def db_with_active_user_session(loaded_db, test_user):


@pytest.mark.usefixtures("app_ctx")
def test_logout(app, client, db_with_active_user_session, mocker):
def test_logout(app, client, db_with_active_user_session):
jwt = create_oauth_jwt(
"fakeauth",
app.config,
payload={
"sub": "00000000-0000-1111-a111-000000000018",
"sub": "00000000-0000-1111-a111-000000000019",
"iat": datetime.datetime.utcnow(),
"exp": datetime.datetime.utcnow() + datetime.timedelta(days=1),
"iss": app.config["AUTHLIB_OAUTH_CLIENTS"]["fakeauth"]["client_id"],
Expand All @@ -80,10 +80,10 @@ def test_logout(app, client, db_with_active_user_session, mocker):

res = client.post("/auth/logout/", headers={"Authorization": f"Bearer {jwt.decode('utf-8')}"})
assert res.status_code == 200
assert res.json["message"] == "User: admin[email protected] Logged out"
assert res.json["message"] == "User: user[email protected] Logged out"

user = (
db_with_active_user_session.execute(select(User).where(User.email == "admin[email protected]"))
db_with_active_user_session.execute(select(User).where(User.email == "user[email protected]"))
.scalars()
.one_or_none()
)
Expand Down
Loading