✨ Update CRUD utils for users handling password hashing (#106)

* Add some information how to run backand test for local backand development * Bug fixes in backend app * 🎨 Update format * ✅ Use random_email for test_update_user Co-authored-by: Mocsar Kalman <mocsar.kalman@gravityrd.com> Co-authored-by: Sebastián Ramírez <tiangolo@gmail.com>
5 years ago · fb874fea35
5 changed files with 51 additions and 14 deletions
--- a/{{cookiecutter.project_slug}}/README.md
+++ b/{{cookiecutter.project_slug}}/README.md
@ -134,6 +134,20 @@ If you need to install any additional package for the tests, add it to the file

 If you use GitLab CI the tests will run automatically.

+#### Local tests
+
+Start the stack with this command:
+
+```Bash
+DOMAIN=backend sh ./scripts/test-local.sh
+```
+The `./backend/app` directory is mounted as a "host volume" inside the docker container (set in the file `docker-compose.dev.volumes.yml`).
+You can rerun the test on live code:
+
+```Bash
+docker-compose exec backend-tests /tests-start.sh
+```
+
 #### Test running stack

 If your stack is already up and you just want to run the tests, you can use:
--- a/{{cookiecutter.project_slug}}/backend/app/app/crud/crud_user.py
+++ b/{{cookiecutter.project_slug}}/backend/app/app/crud/crud_user.py
@ -3,7 +3,7 @@ from typing import Optional
 from sqlalchemy.orm import Session

 from app.models.user import User
-from app.schemas.user import UserCreate, UserUpdate
+from app.schemas.user import UserCreate, UserUpdate, UserInDB
 from app.core.security import verify_password, get_password_hash
 from app.crud.base import CRUDBase

@ -24,6 +24,15 @@ class CRUDUser(CRUDBase[User, UserCreate, UserUpdate]):
        db_session.refresh(db_obj)
        return db_obj

+    def update(self, db_session: Session, *, db_obj: User, obj_in: UserUpdate) -> User:
+        if obj_in.password:
+            update_data = obj_in.dict(exclude_unset=True)
+            hashed_password = get_password_hash(obj_in.password)
+            del update_data["password"]
+            update_data["hashed_password"] = hashed_password
+            use_obj_in = UserInDB.parse_obj(update_data)
+        return super().update(db_session, db_obj=db_obj, obj_in=use_obj_in)
+
    def authenticate(
        self, db_session: Session, *, email: str, password: str
    ) -> Optional[User]:
--- a/{{cookiecutter.project_slug}}/backend/app/app/schemas/user.py
+++ b/{{cookiecutter.project_slug}}/backend/app/app/schemas/user.py
@ -11,29 +11,29 @@ class UserBase(BaseModel):
    full_name: Optional[str] = None


-class UserBaseInDB(UserBase):
-    id: int = None
-
-    class Config:
-        orm_mode = True
-
-
 # Properties to receive via API on creation
-class UserCreate(UserBaseInDB):
+class UserCreate(UserBase):
    email: EmailStr
    password: str


 # Properties to receive via API on update
-class UserUpdate(UserBaseInDB):
+class UserUpdate(UserBase):
    password: Optional[str] = None


+class UserInDBBase(UserBase):
+    id: int = None
+
+    class Config:
+        orm_mode = True
+
+
 # Additional properties to return via API
-class User(UserBaseInDB):
+class User(UserInDBBase):
    pass


 # Additional properties stored in DB
-class UserInDB(UserBaseInDB):
+class UserInDB(UserInDBBase):
    hashed_password: str
--- a/{{cookiecutter.project_slug}}/backend/app/app/tests/crud/test_user.py
+++ b/{{cookiecutter.project_slug}}/backend/app/app/tests/crud/test_user.py
@ -1,8 +1,9 @@
 from fastapi.encoders import jsonable_encoder

 from app import crud
+from app.core.security import get_password_hash, verify_password
 from app.db.session import db_session
-from app.schemas.user import UserCreate
+from app.schemas.user import UserCreate, UserUpdate
 from app.tests.utils.utils import random_lower_string, random_email


@ -78,3 +79,16 @@ def test_get_user():
    user_2 = crud.user.get(db_session, id=user.id)
    assert user.email == user_2.email
    assert jsonable_encoder(user) == jsonable_encoder(user_2)
+
+
+def test_update_user():
+    password = random_lower_string()
+    email = random_email()
+    user_in = UserCreate(email=email, password=password, is_superuser=True)
+    user = crud.user.create(db_session, obj_in=user_in)
+    new_password = random_lower_string()
+    user_in = UserUpdate(password=new_password, is_superuser=True)
+    crud.user.update(db_session, db_obj=user, obj_in=user_in)
+    user_2 = crud.user.get(db_session, id=user.id)
+    assert user.email == user_2.email
+    assert verify_password(new_password, user_2.hashed_password)
--- a/{{cookiecutter.project_slug}}/backend/app/app/tests/utils/user.py
+++ b/{{cookiecutter.project_slug}}/backend/app/app/tests/utils/user.py
@ -38,6 +38,6 @@ def authentication_token_from_email(email):
        user = crud.user.create(db_session=db_session, obj_in=user_in)
    else:
        user_in = UserUpdate(password=password)
-        user = crud.user.update(db_session, obj_in=user, db_obj=user_in)
+        user = crud.user.update(db_session, db_obj=user, obj_in=user_in)

    return user_authentication_headers(get_server_api(), email, password)