cloud-api/test/test_user.py

"""
[GET]/user/self/claims is not tested because it requires OIDC authentication.
[DELETE]/user/ is not tested because the testing client cannot attach a body to a delete request.
"""

from typing import Any

import pytest
from httpx import AsyncClient

from .conftest import generate_query_and_status, standard_test

pytestmark = [
    pytest.mark.user_module,
]


@pytest.mark.anyio
@pytest.mark.parametrize("query, expected_status", generate_query_and_status(["user_id"]))
async def test_get_user_status_checks(
    default_client: AsyncClient, query: str, expected_status: int
):
    resp = await default_client.get(f"/user?{query}")

    assert resp.status_code == expected_status


@pytest.mark.parametrize(
    "body, expected_status",
    [
        ({"organisation_id": 42, "user_email": "admin@test.com"}, 404),
        ({"organisation_id": "Test Org", "user_email": "admin@test.com"}, 422),
        ({"organisation_id": "", "user_email": "admin@test.com"}, 422),
        ({}, 422),
        ({"user_email": 42}, 422),
        ({"organisation_id": 1, "user_email": "Test User"}, 422),
    ],
)
@pytest.mark.anyio
async def test_post_user_invitation_status_checks(
    default_client: AsyncClient, body, expected_status
):
    resp = await default_client.post("/user/invitation", json=body)

    assert resp.status_code == expected_status


@pytest.mark.parametrize(
    "body, expected_status",
    [
        ({"jwt": "invalid"}, 401),
        ({"jwt": ""}, 401),
        ({"jwt": None}, 422),
        ({"jwt": 42}, 422),
    ],
)
@pytest.mark.anyio
async def test_post_user_invitation_accept_status_checks(
    default_client: AsyncClient, body, expected_status
):
    resp = await default_client.post("/user/invitation/accept", json=body)

    assert resp.status_code == expected_status

    if resp.status_code == 401:
        assert resp.json()["detail"] == "Invalid JWS"


@pytest.mark.anyio
async def test_get_self_orgs_standard(
    default_client: AsyncClient, route_data: dict[str, dict[str, Any]]
):
    method = "GET"
    path = "/user/self/orgs"
    auth_level = "User"
    query = ""
    body = {}
    expected_data = {
        "organisations": [
            {
                "organisation_id": 1,
                "name": "Org One",
                "status": "approved",
                "root_user_email": "admin@test.com",
                "owner_contact": {"email": "owner@orgone.com", "id": 2},
                "security_contact": {"email": "security@orgone.com", "id": 3},
                "billing_contact": {"email": "billing@orgone.com", "id": 1},
                "intake_questionnaire": {
                    "questions": {
                        "question_one": None,
                        "question_three": None,
                        "question_two": "answer two",
                    },
                    "metadata": {"version": 0, "submission_date": None},
                },
            }
        ]
    }

    await standard_test(
        default_client, method, path, auth_level, query, body, expected_data, route_data
    )


@pytest.mark.anyio
async def test_get_self_db_standard(
    default_client: AsyncClient, route_data: dict[str, dict[str, Any]]
):
    method = "GET"
    path = "/user/self/db"
    auth_level = "User"
    query = ""
    body = {}
    expected_data = {
        "id": 1,
        "first_name": "Admin",
        "last_name": "Test",
        "email": "admin@test.com",
        "organisations": [{"name": "Org One", "id": 1}],
        "groups": {"Org One": [{"name": "Org One Group", "id": 1}]},
    }

    await standard_test(
        default_client, method, path, auth_level, query, body, expected_data, route_data
    )


@pytest.mark.anyio
async def test_get_user_standard(
    default_client: AsyncClient, route_data: dict[str, dict[str, Any]]
):
    method = "GET"
    path = "/user"
    auth_level = "Super Admin"
    query = "?user_id=1"
    body = {}
    expected_data = {
        "id": 1,
        "first_name": "Admin",
        "last_name": "Test",
        "email": "admin@test.com",
        "organisations": [{"name": "Org One", "id": 1}],
        "groups": {"Org One": [{"name": "Org One Group", "id": 1}]},
    }

    await standard_test(
        default_client, method, path, auth_level, query, body, expected_data, route_data
    )


@pytest.mark.anyio
async def test_delete_user_standard(
    default_client: AsyncClient, route_data: dict[str, dict[str, Any]]
):
    method = "DELETE"
    path = "/user"
    auth_level = "Super Admin"
    query = "?user_id=1"
    body = {}
    expected_data = {}

    await standard_test(
        default_client, method, path, auth_level, query, body, expected_data, route_data
    )


@pytest.mark.anyio
async def test_post_user_invitation_standard(
    default_client: AsyncClient, route_data: dict[str, dict[str, Any]]
):
    method = "POST"
    path = "/user/invitation"
    auth_level = "Root User"
    query = ""
    body = {"user_email": "admin@test.com", "organisation_id": 1}
    expected_data = {
        "invited_email": "admin@test.com",
        "organisation": {"name": "Org One", "id": 1},
    }

    await standard_test(
        default_client, method, path, auth_level, query, body, expected_data, route_data
    )
tests: user router 2026-05-29 15:18:19 +01:00			`"""`
			`[GET]/user/self/claims is not tested because it requires OIDC authentication.`
tests: dynamic test using new fixture 2026-06-24 10:10:29 +01:00			`[DELETE]/user/ is not tested because the testing client cannot attach a body to a delete request.`
tests: user router 2026-05-29 15:18:19 +01:00			`"""`

tests: dynamic test using new fixture 2026-06-24 10:10:29 +01:00			`from typing import Any`

tests: user router 2026-05-29 15:18:19 +01:00			`import pytest`
			`from httpx import AsyncClient`

tests: dynamic test standardised The dynamic test structure should now be able applicable to all endpoints and the bulk of its logic has been split into a new function. 2026-06-24 10:26:28 +01:00			`from .conftest import generate_query_and_status, standard_test`
minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00
tests: pytest module markers 2026-06-09 13:58:08 +01:00			`pytestmark = [`
minor: ruff format Tabs -> spaces 2026-06-22 15:04:11 +01:00			`pytest.mark.user_module,`
tests: pytest module markers 2026-06-09 13:58:08 +01:00			`]`


tests: user router 2026-05-29 15:18:19 +01:00			`@pytest.mark.anyio`
fix: ty compliant & issues from change to mapped columns 2026-06-22 11:23:24 +01:00			`@pytest.mark.parametrize("query, expected_status", generate_query_and_status(["user_id"]))`
minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00			`async def test_get_user_status_checks(`
minor: ruff format Tabs -> spaces 2026-06-22 15:04:11 +01:00			`default_client: AsyncClient, query: str, expected_status: int`
minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00			`):`
minor: ruff format Tabs -> spaces 2026-06-22 15:04:11 +01:00			`resp = await default_client.get(f"/user?{query}")`
tests: user router 2026-05-29 15:18:19 +01:00
minor: ruff format Tabs -> spaces 2026-06-22 15:04:11 +01:00			`assert resp.status_code == expected_status`
feat: delete endpoint queries Delete endpoints do not fully support bodies. Queries used instead. Tests added. Resolves #20 2026-06-09 09:09:41 +01:00

feat: sensical user invitation Users can now be invited to an org by email. "Email" for now is "print to stdout" Resolves #12 2026-06-09 12:22:36 +01:00			`@pytest.mark.parametrize(`
minor: ruff format Tabs -> spaces 2026-06-22 15:04:11 +01:00			`"body, expected_status",`
			`[`
			`({"organisation_id": 42, "user_email": "admin@test.com"}, 404),`
			`({"organisation_id": "Test Org", "user_email": "admin@test.com"}, 422),`
			`({"organisation_id": "", "user_email": "admin@test.com"}, 422),`
			`({}, 422),`
			`({"user_email": 42}, 422),`
			`({"organisation_id": 1, "user_email": "Test User"}, 422),`
			`],`
feat: sensical user invitation Users can now be invited to an org by email. "Email" for now is "print to stdout" Resolves #12 2026-06-09 12:22:36 +01:00			`)`
			`@pytest.mark.anyio`
			`async def test_post_user_invitation_status_checks(`
minor: ruff format Tabs -> spaces 2026-06-22 15:04:11 +01:00			`default_client: AsyncClient, body, expected_status`
feat: sensical user invitation Users can now be invited to an org by email. "Email" for now is "print to stdout" Resolves #12 2026-06-09 12:22:36 +01:00			`):`
minor: ruff format Tabs -> spaces 2026-06-22 15:04:11 +01:00			`resp = await default_client.post("/user/invitation", json=body)`
feat: sensical user invitation Users can now be invited to an org by email. "Email" for now is "print to stdout" Resolves #12 2026-06-09 12:22:36 +01:00
minor: ruff format Tabs -> spaces 2026-06-22 15:04:11 +01:00			`assert resp.status_code == expected_status`
feat: sensical user invitation Users can now be invited to an org by email. "Email" for now is "print to stdout" Resolves #12 2026-06-09 12:22:36 +01:00

			`@pytest.mark.parametrize(`
minor: ruff format Tabs -> spaces 2026-06-22 15:04:11 +01:00			`"body, expected_status",`
			`[`
			`({"jwt": "invalid"}, 401),`
			`({"jwt": ""}, 401),`
			`({"jwt": None}, 422),`
			`({"jwt": 42}, 422),`
			`],`
feat: sensical user invitation Users can now be invited to an org by email. "Email" for now is "print to stdout" Resolves #12 2026-06-09 12:22:36 +01:00			`)`
			`@pytest.mark.anyio`
			`async def test_post_user_invitation_accept_status_checks(`
minor: ruff format Tabs -> spaces 2026-06-22 15:04:11 +01:00			`default_client: AsyncClient, body, expected_status`
feat: sensical user invitation Users can now be invited to an org by email. "Email" for now is "print to stdout" Resolves #12 2026-06-09 12:22:36 +01:00			`):`
minor: ruff format Tabs -> spaces 2026-06-22 15:04:11 +01:00			`resp = await default_client.post("/user/invitation/accept", json=body)`
feat: sensical user invitation Users can now be invited to an org by email. "Email" for now is "print to stdout" Resolves #12 2026-06-09 12:22:36 +01:00
minor: ruff format Tabs -> spaces 2026-06-22 15:04:11 +01:00			`assert resp.status_code == expected_status`
feat: sensical user invitation Users can now be invited to an org by email. "Email" for now is "print to stdout" Resolves #12 2026-06-09 12:22:36 +01:00
minor: ruff format Tabs -> spaces 2026-06-22 15:04:11 +01:00			`if resp.status_code == 401:`
			`assert resp.json()["detail"] == "Invalid JWS"`
tests: get self orgs 2026-06-09 16:06:53 +01:00

tests: dynamic test structure Issue: #23 2026-06-10 12:28:25 +01:00			`@pytest.mark.anyio`
tests: dynamic test standardised The dynamic test structure should now be able applicable to all endpoints and the bulk of its logic has been split into a new function. 2026-06-24 10:26:28 +01:00			`async def test_get_self_orgs_standard(`
tests: dynamic test using new fixture 2026-06-24 10:10:29 +01:00			`default_client: AsyncClient, route_data: dict[str, dict[str, Any]]`
			`):`
minor: ruff format Tabs -> spaces 2026-06-22 15:04:11 +01:00			`method = "GET"`
			`path = "/user/self/orgs"`
tests: dynamic test using new fixture 2026-06-24 10:10:29 +01:00			`auth_level = "User"`
			`query = ""`
tests: dynamic test standardised The dynamic test structure should now be able applicable to all endpoints and the bulk of its logic has been split into a new function. 2026-06-24 10:26:28 +01:00			`body = {}`
minor: ruff format Tabs -> spaces 2026-06-22 15:04:11 +01:00			`expected_data = {`
			`"organisations": [`
			`{`
			`"organisation_id": 1,`
			`"name": "Org One",`
			`"status": "approved",`
			`"root_user_email": "admin@test.com",`
			`"owner_contact": {"email": "owner@orgone.com", "id": 2},`
			`"security_contact": {"email": "security@orgone.com", "id": 3},`
			`"billing_contact": {"email": "billing@orgone.com", "id": 1},`
			`"intake_questionnaire": {`
			`"questions": {`
			`"question_one": None,`
			`"question_three": None,`
			`"question_two": "answer two",`
			`},`
			`"metadata": {"version": 0, "submission_date": None},`
			`},`
			`}`
			`]`
			`}`

tests: dynamic test standardised The dynamic test structure should now be able applicable to all endpoints and the bulk of its logic has been split into a new function. 2026-06-24 10:26:28 +01:00			`await standard_test(`
			`default_client, method, path, auth_level, query, body, expected_data, route_data`
			`)`
tests: user tests use standard model All happy-path tests for the user module have been replaced with the standard test model. 2026-06-24 10:45:17 +01:00

			`@pytest.mark.anyio`
			`async def test_get_self_db_standard(`
			`default_client: AsyncClient, route_data: dict[str, dict[str, Any]]`
			`):`
			`method = "GET"`
			`path = "/user/self/db"`
			`auth_level = "User"`
			`query = ""`
			`body = {}`
			`expected_data = {`
			`"id": 1,`
			`"first_name": "Admin",`
			`"last_name": "Test",`
			`"email": "admin@test.com",`
			`"organisations": [{"name": "Org One", "id": 1}],`
			`"groups": {"Org One": [{"name": "Org One Group", "id": 1}]},`
			`}`

			`await standard_test(`
			`default_client, method, path, auth_level, query, body, expected_data, route_data`
			`)`


			`@pytest.mark.anyio`
			`async def test_get_user_standard(`
			`default_client: AsyncClient, route_data: dict[str, dict[str, Any]]`
			`):`
			`method = "GET"`
			`path = "/user"`
			`auth_level = "Super Admin"`
			`query = "?user_id=1"`
			`body = {}`
			`expected_data = {`
			`"id": 1,`
			`"first_name": "Admin",`
			`"last_name": "Test",`
			`"email": "admin@test.com",`
			`"organisations": [{"name": "Org One", "id": 1}],`
			`"groups": {"Org One": [{"name": "Org One Group", "id": 1}]},`
			`}`

			`await standard_test(`
			`default_client, method, path, auth_level, query, body, expected_data, route_data`
			`)`


			`@pytest.mark.anyio`
			`async def test_delete_user_standard(`
			`default_client: AsyncClient, route_data: dict[str, dict[str, Any]]`
			`):`
			`method = "DELETE"`
			`path = "/user"`
			`auth_level = "Super Admin"`
			`query = "?user_id=1"`
			`body = {}`
			`expected_data = {}`

			`await standard_test(`
			`default_client, method, path, auth_level, query, body, expected_data, route_data`
			`)`


			`@pytest.mark.anyio`
			`async def test_post_user_invitation_standard(`
			`default_client: AsyncClient, route_data: dict[str, dict[str, Any]]`
			`):`
			`method = "POST"`
			`path = "/user/invitation"`
			`auth_level = "Root User"`
			`query = ""`
			`body = {"user_email": "admin@test.com", "organisation_id": 1}`
			`expected_data = {`
			`"invited_email": "admin@test.com",`
			`"organisation": {"name": "Org One", "id": 1},`
			`}`

			`await standard_test(`
			`default_client, method, path, auth_level, query, body, expected_data, route_data`
			`)`