Feat: add test and remove security suggestion

aeecleclair · Jan 2, 2025 · 8f78a25 · 8f78a25
1 parent cefe0a9
commit 8f78a25
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 3 deletions.
diff --git a/app/core/schools/endpoints_schools.py b/app/core/schools/endpoints_schools.py
@@ -148,7 +148,6 @@ async def update_school(
                 status_code=400,
                 detail=f"A school with the name {school.name} already exist",
             )
-
     await cruds_schools.update_school(
         db=db,
         school_id=school_id,
@@ -159,11 +158,10 @@ async def update_school(
         school_update.email_regex is not None
         and school_update.email_regex != school.email_regex
     ):
-        safe_email_regex = re.escape(school_update.email_regex)
         await cruds_users.remove_users_from_school(db, school_id=school_id)
         users = await cruds_users.get_users(db, schools_ids=[SchoolType.no_school])
         for db_user in users:
-            if re.match(safe_email_regex, db_user.email):
+            if re.match(school_update.email_regex, db_user.email):
                 await cruds_users.update_user(
                     db,
                     db_user.id,

diff --git a/tests/test_schools.py b/tests/test_schools.py
@@ -70,6 +70,20 @@ def test_read_school(client: TestClient) -> None:
     assert data["name"] == "ENS"
 
 
+def test_create_school_with_used_name(client: TestClient) -> None:
+    token = create_api_access_token(admin_user)
+
+    response = client.post(
+        "/schools/",
+        json={
+            "name": "ENS",
+            "email_regex": r"^.*@ens.fr$",
+        },
+        headers={"Authorization": f"Bearer {token}"},
+    )
+    assert response.status_code == 400
+
+
 def test_create_school(client: TestClient) -> None:
     token = create_api_access_token(admin_user)
 
@@ -91,6 +105,17 @@ def test_create_school(client: TestClient) -> None:
     assert data["school_id"] == school.json()["id"]
 
 
+def test_update_school_with_used_name(client: TestClient) -> None:
+    token = create_api_access_token(admin_user)
+
+    response = client.patch(
+        f"/schools/{id_test_ens}",
+        json={"name": "centrale_lyon"},
+        headers={"Authorization": f"Bearer {token}"},
+    )
+    assert response.status_code == 400
+
+
 def test_update_school(client: TestClient) -> None:
     token = create_api_access_token(admin_user)
 
@@ -169,6 +194,16 @@ def test_create_user_corresponding_to_school(
     assert user_detail.json()["school_id"] == school_id
 
 
+def test_delete_base_school(client: TestClient) -> None:
+    token = create_api_access_token(admin_user)
+
+    response = client.delete(
+        f"/schools/{SchoolType.centrale_lyon.value}",
+        headers={"Authorization": f"Bearer {token}"},
+    )
+    assert response.status_code == 400
+
+
 def test_delete_school(client: TestClient) -> None:
     token = create_api_access_token(admin_user)