From 076dc758df289f3c359ca586297970bf52573738 Mon Sep 17 00:00:00 2001
From: dogeystamp <dogeystamp@disroot.org>
Date: Sun, 21 May 2023 17:28:51 -0400
Subject: [PATCH] /users: fix wrong URL returned when POSTing

---
 sachet/server/models.py |  2 +-
 tests/conftest.py       | 10 ++++++++++
 tests/test_user.py      | 34 ++++++++++++++++++++++++++++++++++
 3 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 tests/test_user.py

diff --git a/sachet/server/models.py b/sachet/server/models.py
index 1ea0f3e..d6d6b8c 100644
--- a/sachet/server/models.py
+++ b/sachet/server/models.py
@@ -91,7 +91,7 @@ class User(db.Model):
             password, current_app.config.get("BCRYPT_LOG_ROUNDS")
         ).decode()
         self.username = username
-        self.url = url_for("users_blueprint.user_list_api", username=self.username)
+        self.url = url_for("users_blueprint.user_api", username=self.username)
         self.register_date = datetime.datetime.now()
 
     def encode_token(self, jti=None):
diff --git a/tests/conftest.py b/tests/conftest.py
index a0e33c2..47aa98b 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -125,6 +125,16 @@ def users(client):
                 Permissions.READ,
             ),
         ),
+        no_admin_user=dict(
+            password="password",
+            permissions=Bitmask(
+                Permissions.CREATE,
+                Permissions.MODIFY,
+                Permissions.DELETE,
+                Permissions.LOCK,
+                Permissions.READ,
+            ),
+        ),
         administrator=dict(password="4321", permissions=Bitmask(Permissions.ADMIN)),
     )
 
diff --git a/tests/test_user.py b/tests/test_user.py
new file mode 100644
index 0000000..c532756
--- /dev/null
+++ b/tests/test_user.py
@@ -0,0 +1,34 @@
+import pytest
+
+
+def test_post(client, users, auth):
+    """Test registering a user, then logging in to it."""
+    # register without adequate permissions
+    resp = client.post(
+        "/users",
+        headers=auth("no_admin_user"),
+        json={"username": "claire", "permissions": [], "password": "claire123"},
+    )
+    assert resp.status_code == 403
+    # properly register
+    resp = client.post(
+        "/users",
+        headers=auth("administrator"),
+        json={"username": "claire", "permissions": [], "password": "claire123"},
+    )
+    assert resp.status_code == 201
+    data = resp.get_json()
+    url = data.get("url")
+    assert url is not None
+    assert url == "/users/claire"
+
+    # try logging in now
+    resp = client.post(
+        "/users/login", json={"username": "claire", "password": "claire123"}
+    )
+    assert resp.status_code == 200
+    data = resp.get_json()
+    assert data.get("status") == "success"
+    assert data.get("username") == "claire"
+    token = data.get("auth_token")
+    assert token is not None and token != ""