Use current user information when creating a new quiz

matinone · matinone · commit c0dc507c9491 · 2023-12-28T13:03:36.000-03:00
diff --git a/api_design.md b/api_design.md
@@ -67,7 +67,6 @@
     * email (String, Unique): User's email address.
     * password_hash (String): Hashed password for security.
     * created_at (DateTime): Date and time of registration.
-    * last_login (DateTime): Date and time of last login.
 
 ## Quizzes Table
 * Table Name: **quizzes**
diff --git a/app/api/dependencies.py b/app/api/dependencies.py
@@ -0,0 +1,26 @@
+from typing import Annotated
+
+from fastapi import Depends, HTTPException, status
+from fastapi.security import OAuth2PasswordBearer
+
+from app.core.security import decode_token
+from app.core.settings import Settings, get_settings
+from app.models.database import AsyncSessionDep
+from app.models.user import User
+
+oauth2_scheme = OAuth2PasswordBearer(tokenUrl="api/tokens")
+
+
+async def get_current_user(
+    db: AsyncSessionDep,
+    token: Annotated[str, Depends(oauth2_scheme)],
+    settings: Annotated[Settings, Depends(get_settings)],
+):
+    token_data = decode_token(token=token, settings=settings)
+    user = await User.get(db=db, id=int(token_data.sub))
+    if not user:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND, detail="User not found"
+        )
+
+    return user
diff --git a/app/api/endpoints/login.py b/app/api/endpoints/login.py
@@ -17,15 +17,15 @@
     status_code=status.HTTP_201_CREATED,
     summary="Get a new access token",
 )
-def get_access_token_from_username(
+async def get_access_token_from_username(
     db: AsyncSessionDep,
     form_data: Annotated[OAuth2PasswordRequestForm, Depends()],
 ) -> Any:
     """
     Get an OAuth2 access token from a user logging in with a username and password,
     to use in future requests as an authenticated user.
     """
-    user = models.User.get_by_username(db=db, username=form_data.username)
+    user = await models.User.get_by_username(db=db, username=form_data.username)
     if not user:
         raise HTTPException(
             status_code=status.HTTP_400_BAD_REQUEST,
diff --git a/app/api/endpoints/quiz.py b/app/api/endpoints/quiz.py
@@ -5,6 +5,7 @@
 
 import app.models as models
 import app.schemas as schemas
+from app.api.dependencies import get_current_user
 from app.models.database import AsyncSessionDep
 
 router = APIRouter(prefix="/quizzes", tags=["quiz"])
@@ -27,7 +28,12 @@ async def get_quiz_from_id(quiz_id: int, db: AsyncSessionDep) -> models.Quiz:
     summary="Create a new quiz",
     response_description="The new created quiz",
 )
-async def create_quiz(db: AsyncSessionDep, quiz: schemas.QuizCreate) -> Any:
+async def create_quiz(
+    db: AsyncSessionDep,
+    quiz: schemas.QuizCreate,
+    current_user: Annotated[models.User, Depends(get_current_user)],
+) -> Any:
+    quiz.created_by = current_user.id
     new_quiz = await models.Quiz.create(db=db, quiz=quiz)
     return new_quiz
 
diff --git a/app/core/custom_logging.py b/app/core/custom_logging.py
@@ -22,13 +22,13 @@ def configure_logger():
 
     # logger.level("INFO", color="<green>")
 
-    logging.basicConfig(handlers=[InterceptHandler()], level=0)
-    logging.getLogger("uvicorn.access").handlers = [InterceptHandler()]
-    for _log in ["uvicorn", "uvicorn.error", "fastapi"]:
-        _logger = logging.getLogger(_log)
-        _logger.handlers = [InterceptHandler()]
+    # logging.basicConfig(handlers=[InterceptHandler()], level=0)
+    # logging.getLogger("uvicorn.access").handlers = [InterceptHandler()]
+    # for _log in ["uvicorn", "uvicorn.error", "fastapi"]:
+    #     _logger = logging.getLogger(_log)
+    #     _logger.handlers = [InterceptHandler()]
 
-    logger.bind(request_id=None, method=None)
+    # logger.bind(request_id=None, method=None)
 
     return logger
 
diff --git a/app/core/security.py b/app/core/security.py
@@ -1,21 +1,16 @@
 from datetime import datetime, timedelta
-from typing import Annotated
 
-from fastapi import Depends, HTTPException, status
-from fastapi.security import OAuth2PasswordBearer
+from fastapi import HTTPException, status
 from jose import ExpiredSignatureError, JWTError, jwt
 from passlib.context import CryptContext
 from pydantic import ValidationError
 
-import app.models as models
 from app.core.settings import Settings, get_settings
-from app.models.database import AsyncSessionDep
 from app.schemas import TokenPayload
 
 settings = get_settings()
 
 pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
-oauth2_scheme = OAuth2PasswordBearer(tokenUrl="api/tokens")
 
 
 def decode_token(token: str, settings: Settings) -> TokenPayload:
@@ -63,18 +58,3 @@ def get_password_hash(password: str) -> str:
 
 def verify_password(plain_password: str, hashed_password: str) -> bool:
     return pwd_context.verify(plain_password, hashed_password)
-
-
-async def get_current_user(
-    db: AsyncSessionDep,
-    token: Annotated[str, Depends(oauth2_scheme)],
-    settings: Annotated[str, Depends(get_settings)],
-):
-    token_data = decode_token(token=token, settings=settings)
-    user = await models.User.get(db=db, id=token_data.sub)
-    if not user:
-        raise HTTPException(
-            status_code=status.HTTP_404_NOT_FOUND, detail="User not found"
-        )
-
-    return user
diff --git a/app/models/quiz.py b/app/models/quiz.py
@@ -23,7 +23,7 @@ class Quiz(Base):
         DateTime(timezone=True), server_default=func.now()
     )
     updated_at: Mapped[datetime] = mapped_column(DateTime(timezone=True))
-    created_by: Mapped[str] = mapped_column(ForeignKey("users.id"))
+    created_by: Mapped[int] = mapped_column(ForeignKey("users.id"))
 
     # have to use "Question" to avoid circular dependencies
     questions: Mapped[list["Question"]] = relationship(
diff --git a/app/models/user.py b/app/models/user.py
@@ -27,7 +27,6 @@ class User(Base):
     created_at: Mapped[datetime] = mapped_column(
         DateTime(timezone=True), server_default=func.now()
     )
-    last_login: Mapped[datetime] = mapped_column(DateTime(timezone=True))
 
     # have to use "Quiz" to avoid circular dependencies
     quizzes: Mapped[list["Quiz"]] = relationship("Quiz", back_populates="user")
diff --git a/app/schemas/quiz.py b/app/schemas/quiz.py
@@ -8,7 +8,7 @@
 class QuizBase(BaseModel):
     title: str
     description: str | None = None
-    created_by: str | None = None
+    created_by: int | None = None
 
     model_config = ConfigDict(from_attributes=True)
 
diff --git a/app/schemas/token.py b/app/schemas/token.py
@@ -7,4 +7,4 @@ class Token(BaseModel):
 
 
 class TokenPayload(BaseModel):
-    sub: str | None = None
+    sub: str
diff --git a/app/schemas/user.py b/app/schemas/user.py
@@ -26,4 +26,3 @@ class UserUpdate(BaseModel):
 class UserReturn(UserBase):
     id: int
     created_at: datetime
-    last_login: datetime
diff --git a/app/tests/api/test_quiz.py b/app/tests/api/test_quiz.py
@@ -12,14 +12,21 @@
 
 
 @pytest.mark.parametrize("cases", ["full", "no_title", "no_description"])
-async def test_create_quiz(client: AsyncClient, db_session: AsyncSession, cases: str):
+async def test_create_quiz(
+    client: AsyncClient,
+    db_session: AsyncSession,
+    auth_headers: tuple[dict, models.User],
+    cases: str,
+):
+    headers, user = auth_headers
+
     quiz_data = {"title": "My quiz", "description": "My quiz description"}
     if cases == "no_title":
         quiz_data.pop("title")
     elif cases == "no_description":
         quiz_data.pop("description")
 
-    response = await client.post("/api/quizzes", json=quiz_data)
+    response = await client.post("/api/quizzes", json=quiz_data, headers=headers)
 
     if cases == "no_title":
         assert response.status_code == status.HTTP_422_UNPROCESSABLE_ENTITY
@@ -43,6 +50,9 @@ async def test_create_quiz(client: AsyncClient, db_session: AsyncSession, cases:
         for key in quiz_data:
             assert quiz_data[key] == getattr(db_quiz, key)
 
+        assert created_quiz["created_by"] == user.id
+        assert db_quiz.created_by == user.id
+
 
 @pytest.mark.parametrize("cases", ["no_quizzes", "few_quizzes", "many_quizzes"])
 async def test_get_quizzes(client: AsyncClient, db_session: AsyncSession, cases: str):
@@ -71,6 +81,7 @@ async def test_get_quizzes(client: AsyncClient, db_session: AsyncSession, cases:
             "description": IsStr,
             "created_at": IsNow(iso_string=True),
             "updated_at": IsNow(iso_string=True),
+            "created_by": IsInt,
         }
 
 
diff --git a/app/tests/conftest.py b/app/tests/conftest.py
@@ -8,8 +8,10 @@
 from sqlalchemy.orm import Session, SessionTransaction
 from sqlalchemy.sql import text
 
+from app.core.security import create_access_token
 from app.main import app
 from app.models.database import AsyncSessionLocal, Base, async_engine, get_session
+from app.models.user import User
 from app.tests.factories.answer_options_factory import AnswerOptionFactory
 from app.tests.factories.question_factory import QuestionFactory
 from app.tests.factories.quiz_factory import QuizFactory
@@ -80,3 +82,16 @@ def override_get_session():
 
     async with AsyncClient(app=app, base_url="http://test") as client:
         yield client
+
+
+@pytest.fixture(scope="function")
+async def auth_headers(db_session) -> tuple[dict, User]:
+    """
+    Fixture to get valid authentication headers for an example user.
+    """
+    user = await UserFactory.create(username="example_user")
+    token = create_access_token(subject=user.id)
+
+    headers = {"Authorization": f"Bearer {token}"}
+    # return the user as well, in case the test needs it
+    return (headers, user)
diff --git a/app/tests/factories/user_factory.py b/app/tests/factories/user_factory.py
@@ -12,7 +12,6 @@ class UserFactory(BaseFactory[User]):
     email = factory.LazyAttribute(lambda x: f"{x.username}@example.com")
     password_hash = factory.LazyAttribute(lambda x: hash(x.username))
     created_at = factory.LazyFunction(datetime.now)
-    last_login = factory.LazyFunction(datetime.now)
 
     class Meta:
         model = User
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -69,6 +69,8 @@ async-factory-boy = "^1.0.1"
 devtools = "^0.12.2"
 pytest-cov = "^4.1.0"
 dirty-equals = "^0.7.1.post0"
+types-python-jose = "^3.3.4.8"
+types-passlib = "^1.7.7.13"
 
 [build-system]
 requires = ["poetry-core"]

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ class Quiz(Base):`
`23`	`23`	`DateTime(timezone=True), server_default=func.now()`
`24`	`24`	`)`
`25`	`25`	`updated_at: Mapped[datetime] = mapped_column(DateTime(timezone=True))`
`26`		`- created_by: Mapped[str] = mapped_column(ForeignKey("users.id"))`
	`26`	`+ created_by: Mapped[int] = mapped_column(ForeignKey("users.id"))`
`27`	`27`
`28`	`28`	`# have to use "Question" to avoid circular dependencies`
`29`	`29`	`questions: Mapped[list["Question"]] = relationship(`
Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,6 @@ class User(Base):`
`27`	`27`	`created_at: Mapped[datetime] = mapped_column(`
`28`	`28`	`DateTime(timezone=True), server_default=func.now()`
`29`	`29`	`)`
`30`		`- last_login: Mapped[datetime] = mapped_column(DateTime(timezone=True))`
`31`	`30`
`32`	`31`	`# have to use "Quiz" to avoid circular dependencies`
`33`	`32`	`quizzes: Mapped[list["Quiz"]] = relationship("Quiz", back_populates="user")`
Original file line number	Diff line number	Diff line change
`@@ -7,4 +7,4 @@ class Token(BaseModel):`
`7`	`7`
`8`	`8`
`9`	`9`	`class TokenPayload(BaseModel):`
`10`		`- sub: str \| None = None`
	`10`	`+ sub: str`