Skip to content

Commit

Permalink
fix(users): fix /users/me behavior when having more than 1 users in t…
Browse files Browse the repository at this point in the history 
…he same tenant (#6284)
  • Loading branch information
@vicferpoy
vicferpoy authored Dec 20, 2024
1 parent a377a9f commit ea13241
Show file tree
Hide file tree
Showing 2 changed files with 86 additions and 5 deletions.
85 changes: 83 additions & 2 deletions api/src/backend/api/tests/integration/test_authentication.py
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
import pytest
from conftest import TEST_PASSWORD, get_api_tokens, get_authorization_header
from django.urls import reverse
from rest_framework.test import APIClient

from conftest import TEST_PASSWORD, get_api_tokens, get_authorization_header


@pytest.mark.django_db
def test_basic_authentication():
Expand Down Expand Up @@ -96,3 +95,85 @@ def test_refresh_token(create_test_user, tenants_fixture):
format="vnd.api+json",
)
assert new_refresh_response.status_code == 200


@pytest.mark.django_db
def test_user_me_when_inviting_users(create_test_user, tenants_fixture, roles_fixture):
client = APIClient()

role = roles_fixture[0]

user1_email = "[email protected]"
user2_email = "[email protected]"

password = "thisisapassword123"

user1_response = client.post(
reverse("user-list"),
data={
"data": {
"type": "users",
"attributes": {
"name": "user1",
"email": user1_email,
"password": password,
},
}
},
format="vnd.api+json",
)
assert user1_response.status_code == 201

user1_access_token, _ = get_api_tokens(client, user1_email, password)
user1_headers = get_authorization_header(user1_access_token)

user2_invitation = client.post(
reverse("invitation-list"),
data={
"data": {
"type": "invitations",
"attributes": {"email": user2_email},
"relationships": {
"roles": {
"data": [
{
"type": "roles",
"id": str(role.id),
}
]
}
},
}
},
format="vnd.api+json",
headers=user1_headers,
)
assert user2_invitation.status_code == 201
invitation_token = user2_invitation.json()["data"]["attributes"]["token"]

user2_response = client.post(
reverse("user-list") + f"?invitation_token={invitation_token}",
data={
"data": {
"type": "users",
"attributes": {
"name": "user2",
"email": user2_email,
"password": password,
},
}
},
format="vnd.api+json",
)
assert user2_response.status_code == 201

user2_access_token, _ = get_api_tokens(client, user2_email, password)
user2_headers = get_authorization_header(user2_access_token)

user1_me = client.get(reverse("user-me"), headers=user1_headers)
assert user1_me.status_code == 200
assert user1_me.json()["data"]["attributes"]["email"] == user1_email

user2_me = client.get(reverse("user-me"), headers=user2_headers)
assert user2_me.status_code == 200
assert user2_me.json()["data"]["attributes"]["email"] == user2_email
6 changes: 3 additions & 3 deletions api/src/backend/api/v1/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,9 +98,9 @@
OverviewServiceSerializer,
OverviewSeveritySerializer,
ProviderCreateSerializer,
ProviderGroupCreateSerializer,
ProviderGroupMembershipSerializer,
ProviderGroupSerializer,
ProviderGroupCreateSerializer,
ProviderGroupUpdateSerializer,
ProviderSecretCreateSerializer,
ProviderSecretSerializer,
Expand Down Expand Up @@ -192,7 +192,7 @@ class SchemaView(SpectacularAPIView):

def get(self, request, *args, **kwargs):
spectacular_settings.TITLE = "Prowler API"
spectacular_settings.VERSION = "1.1.0"
spectacular_settings.VERSION = "1.1.1"
spectacular_settings.DESCRIPTION = (
"Prowler API specification.\n\nThis file is auto-generated."
)
Expand Down Expand Up @@ -328,7 +328,7 @@ def get_serializer_class(self):

@action(detail=False, methods=["get"], url_name="me")
def me(self, request):
user = self.get_queryset().first()
user = self.request.user
serializer = UserSerializer(user, context=self.get_serializer_context())
return Response(
data=serializer.data,
Expand Down

0 comments on commit ea13241

Please sign in to comment.