Forces auth on delete. (#15)

conor-f · Sep 3, 2023 · 50c25c4 · 50c25c4
1 parent 9494155
commit 50c25c4
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 12 deletions.
diff --git a/fia_api/tests/test_user.py b/fia_api/tests/test_user.py
@@ -8,14 +8,18 @@
 
 
 @pytest.mark.anyio
-async def test_create_delete_user(fastapi_app: FastAPI, client: AsyncClient) -> None:
+async def test_create_login_delete_user(
+    fastapi_app: FastAPI,
+    client: AsyncClient,
+) -> None:
     """
     Tests that create and delete user routes works.
 
     :param fastapi_app: current application.
     :param client: client for the app.
     """
     create_url = fastapi_app.url_path_for("create_user")
+    login_url = fastapi_app.url_path_for("login")
     delete_url = fastapi_app.url_path_for("delete_user")
 
     username = str(uuid.uuid4())
@@ -44,7 +48,27 @@ async def test_create_delete_user(fastapi_app: FastAPI, client: AsyncClient) ->
             "username": username,
         },
     )
+    assert response.status_code == 401
 
+    response = await client.post(
+        login_url,
+        data={
+            "username": username,
+            "password": password,
+        },
+        headers={
+            "content-type": "application/x-www-form-urlencoded",
+        },
+    )
+    assert response.status_code == 200
+    access_token = response.json()["access_token"]
+
+    response = await client.post(
+        delete_url,
+        headers={
+            "Authorization": f"Bearer {access_token}",
+        },
+    )
     assert response.status_code == 200
     matched_users = await UserModel.filter(username=username)
     assert not matched_users
diff --git a/fia_api/web/api/user/schema.py b/fia_api/web/api/user/schema.py
@@ -9,12 +9,6 @@ class CreateUserRequest(BaseModel):
     is_fully_registered: bool | None = None
 
 
-class DeleteUserRequest(BaseModel):
-    """Request object for calls to the delete user endpoint."""
-
-    username: str
-
-
 class TokenSchema(BaseModel):
     """Token returned from login."""
 

diff --git a/fia_api/web/api/user/views.py b/fia_api/web/api/user/views.py
@@ -6,7 +6,6 @@
 from fia_api.web.api.user.schema import (
     AuthenticatedUser,
     CreateUserRequest,
-    DeleteUserRequest,
     TokenSchema,
     UserDetails,
 )
@@ -45,14 +44,14 @@ async def create_user(new_user_request: CreateUserRequest) -> None:
 
 
 @router.post("/delete", status_code=200)  # noqa: WPS432
-async def delete_user(delete_user_request: DeleteUserRequest) -> None:
+async def delete_user(user: AuthenticatedUser = Depends(get_current_user)) -> None:
     """
     Delete user model in the database.
 
-    :param delete_user_request: The user to delete.
+    :param user: The authenticated user to delete.
     """
-    user = await UserModel.get(username=delete_user_request.username)
-    await user.delete()
+    user_model = await UserModel.get(username=user.username)
+    await user_model.delete()
 
 
 @router.post("/login", response_model=TokenSchema)