Fix admin cannot modify verified status in Edit User (#777)

* Grant admin write access to verified field in UserSchema. * Add test admin can view and modify verified status * Add test for creating users with settings * Add codecov threshold for test failures
2018-12-04 12:35:51 +07:00 · 2018-12-04 12:35:51 +07:00 · 64b96d9c1a
parent 809e4df471
commit 64b96d9c1a
3 changed files with 42 additions and 3 deletions
--- a/.codecov.yml
+++ b/.codecov.yml
@ -0,0 +1,9 @@
+coverage:
+  status:
+    project:
+      default:
+        # Fail the status if coverage drops by >= 1%
+        threshold: 1
+    patch:
+      default:
+        threshold: 1
--- a/CTFd/schemas/users.py
+++ b/CTFd/schemas/users.py
@ -152,7 +152,8 @@ class UserSchema(ma.ModelSchema):
            'id',
            'oauth_id',
            'password',
-            'type'
+            'type',
+            'verified'
        ]
    }

--- a/tests/api/v1/test_users.py
+++ b/tests/api/v1/test_users.py
@ -92,6 +92,32 @@ def test_api_users_post_admin():
    destroy_ctfd(app)


+def test_api_users_post_admin_with_attributes():
+    """Can a user post /api/v1/users with user settings"""
+    app = create_ctfd()
+    with app.app_context():
+        with login_as_user(app, 'admin') as client:
+            # Create user
+            r = client.post('/api/v1/users', json={
+                "name": "user",
+                "email": "user@user.com",
+                "password": "password",
+                "banned": True,
+                "hidden": True,
+                "verified": True
+            })
+            assert r.status_code == 200
+
+            # Make sure password was hashed properly
+            user = Users.query.filter_by(email='user@user.com').first()
+            assert user
+            assert verify_password('password', user.password)
+            assert user.banned
+            assert user.hidden
+            assert user.verified
+    destroy_ctfd(app)
+
+
 def test_api_team_get_public():
    """Can a user get /api/v1/team/<user_id> if users are public"""
    app = create_ctfd()
@ -168,10 +194,13 @@ def test_api_user_patch_admin():
                "name": "user",
                "email": "user@ctfd.io",
                "password": "password",
-                "country": "US"
+                "country": "US",
+                "verified": True
            })
            assert r.status_code == 200
-            assert r.get_json()['data'][0]['country'] == 'US'
+            user_data = r.get_json()['data'][0]
+            assert user_data['country'] == 'US'
+            assert user_data['verified'] is True
    destroy_ctfd(app)