Merge pull request #32 from CodeHex16/hotfix-bazzan-sprint15

Hotfix-bazzan-sprint15

Author: bazz333

.env.example

@@ -21,7 +21,7 @@ MAIL_PORT=587 # SMTP server port
 MAIL_USERNAME=""
 MAIL_PASSWORD="" # SMTP server username and password
 MAIL_ADDRESS="" # SMTP server email address
-MAIL_STARTTLS=true # Use TLS for secure connection
-MAIL_SSL_TLS=false # Use SSL for secure connection
-MAIL_USE_CREDENTIALS=true # Use credentials for authentication
-VALIDATE_CERTS=true # Validate SSL certificates
+MAIL_STARTTLS=True # Use TLS for secure connection
+MAIL_SSL_TLS=False # Use SSL for secure connection
+MAIL_USE_CREDENTIALS=True # Use credentials for authentication
+MAIL_VALIDATE_CERTS=True # Validate SSL certificates

.github/workflows/ci.yml

@@ -35,6 +35,11 @@ jobs:
           coverage run -m pytest
           coverage report
           coverage html
+        env:
+            MAIL_SERVER: ${{ secrets.MAIL_SERVER }}
+            MAIL_PASSWORD: ${{ secrets.MAIL_PASSWORD }}
+            MAIL_ADDRESS: ${{ secrets.MAIL_ADDRESS }}
+
 
       # Upload coverage data to Coveralls
       - name: Upload coverage to Coveralls

app/repositories/user_repository.py

@@ -28,7 +28,6 @@ async def add_test_user(self):
         try:
             return await self.collection.insert_one(
                 {
-                    # "_id": get_uuid3("test@test.it"),
                     "_id": "test@test.it",
                     "name": "Test User",
                     "hashed_password": get_password_hash("testtest"),
@@ -46,7 +45,6 @@ async def add_test_admin(self):
         try:
             return await self.collection.insert_one(
                 {
-                    # "_id": get_uuid3("admin@test.it"),
                     "_id": os.getenv("ADMIN_EMAIL") or "admin@test.it",
                     "name": "Test Admin",
                     "hashed_password": get_password_hash(os.getenv("ADMIN_PASSWORD") or "admin"),

app/routes/auth.py

@@ -181,8 +181,8 @@ async def login_for_access_token(
 
     # Crea il token di accesso
     if remember_me:
-        access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
-        expires_in = ACCESS_TOKEN_EXPIRE_MINUTES * 60
+        access_token_expires = timedelta(minutes=int(ACCESS_TOKEN_EXPIRE_MINUTES))
+        expires_in = int(ACCESS_TOKEN_EXPIRE_MINUTES) * 60
     else:
         # se access_token_expires è None, il token dura 24 ore ma il cookie che lo contiene scade alla chiusura del browser
         access_token_expires = None

app/routes/user.py

@@ -72,7 +72,7 @@ async def register_user(
     except DuplicateKeyError:
         raise HTTPException(
             status_code=status.HTTP_400_BAD_REQUEST,
-            detail="User with this email already exists",
+            detail="Esiste già un utente con questa email",
         )
     except Exception as e:
         raise HTTPException(
@@ -86,16 +86,12 @@ async def register_user(
             subject=f"[Suppl-AI] Registrazione utente",
             body=f"Benvenuto in Suppl-AI!\nEcco la tua password temporanea\n\n{password}\n\n Accedi e cambiala subito!",
         )
-    except Exception:
-        # raise HTTPException(
-        #     status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-        #     detail=f"Failed to send email to user: {e}",
-        # )
-        print("  Error: Failed to send to user the password")
-        print(f" To: {user_data.email}")
-        print(f" Subject: [Suppl-AI] Registrazione utente")
-        print(f" Body: Benvenuto in Suppl-AI!\nEcco la tua password temporanea\n\n{password}\n\n Accedi e cambiala subito!")
-        print("  Error: Failed to send email to user")
+    except Exception as e:
+        raise HTTPException(
+        	status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+        	detail=f"Failed to send email to user: {e}",
+        )
+        # print(f"  Error: Failed to send to user the password: {e}")
 
     return {"message": "User registered successfully", "password": password}
 
@@ -178,9 +174,17 @@ async def update_user(
     * **HTTPException.HTTP_500_INTERNAL_SERVER_ERROR**: Se si verifica un errore durante l'aggiornamento dell'utente.
     * **HTTPException.HTTP_304_NOT_MODIFIED**: Se i dati forniti corrispondono a quelli esistenti.
     """
-    # Rimove il campo password (usa /password per cambiarla)
     user_new_data.password = None
-
+    # Verifica che l'admin esista e che la password sia corretta
+    valid_user = await authenticate_user(
+        current_user.get("sub"), user_new_data.admin_password, user_repo
+    )
+    if not valid_user:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid admin password",
+        )
+    
     # Aggiorna i dati dell'utente nel database
     result = await user_repo.update_user(
         user_id=user_new_data.id,
@@ -360,16 +364,13 @@ async def reset_password(
                 subject="[Suppl-AI] Password Reset",
                 body=f"Ciao {user.get('name')},\n\nEcco la tua nuova password temporanea:\n\n{password}\n\nAccedi e cambiala subito!",
             )
-        except Exception:
+        except Exception as e:
             # raise HTTPException(
             #     status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
             #     detail=f"Failed to send email to user: {e}",
             # )
             print("  Error: Failed to send to user the password")
-            print(f" To: {user_data.email}")
-            print(f" Subject: [Suppl-AI] Password Reset")
-            print(f" Body: Ciao {user.get('name')},\n\nEcco la tua nuova password temporanea:\n\n{password}\n\nAccedi e cambiala subito!")
-            print("  Error: Failed to send email to user")
+
     except Exception as e:
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,

app/schemas.py

@@ -63,13 +63,13 @@ def check_password_complexity(cls, value: str):
 
 
 class UserUpdate(BaseModel):
-    id: Optional[EmailStr] = Field(alias="_id")
+    id: EmailStr = Field(alias="_id")
     name: Optional[str] = None
     password: Optional[str] = None
     is_initialized: Optional[bool] = None
     remember_me: Optional[bool] = None
     scopes: Optional[List[str]] = None
-
+    admin_password: Optional[str] = None
 
 class UserDelete(BaseModel):
     id: EmailStr = Field(alias="_id")

app/service/email_service.py

@@ -13,16 +13,16 @@
 class EmailService:
     def __init__(self):
         self.conf = ConnectionConfig(
-            MAIL_USERNAME=os.getenv("MAIL_ADDRESS",""),
-            MAIL_PASSWORD=os.getenv("MAIL_PASSWORD",""),
-            MAIL_FROM=os.getenv("MAIL_ADDRESS","test@test.com"),
+            MAIL_USERNAME=os.getenv("MAIL_ADDRESS","unipd.codehex16@gmail.com"),
+            MAIL_PASSWORD=os.getenv("MAIL_PASSWORD","password"),
+            MAIL_FROM=os.getenv("MAIL_ADDRESS","unipd.codehex16@gmail.com"),
             MAIL_FROM_NAME=os.getenv("MAIL_USERNAME",""),
             MAIL_PORT=os.getenv("MAIL_PORT",587),
-            MAIL_SERVER=os.getenv("MAIL_SERVER",""),
+            MAIL_SERVER=os.getenv("MAIL_SERVER","smtp.gmail.com"),
             MAIL_STARTTLS = os.getenv("MAIL_STARTTLS",True),
-            MAIL_SSL_TLS = os.getenv("MAIL_USE_CREDENTIALS", False),
-            USE_CREDENTIALS=os.getenv("USE_CREDENTIALS",True),
-            VALIDATE_CERTS=os.getenv("VALIDATE_CERTS",True),
+            MAIL_SSL_TLS = os.getenv("MAIL_SSL_TLS", False),
+            USE_CREDENTIALS=os.getenv("MAIL_USE_CREDENTIALS",True),
+            VALIDATE_CERTS=os.getenv("MAIL_VALIDATE_CERTS",True),
         )
         self.mail = FastMail(self.conf)
 
@@ -39,11 +39,4 @@ def is_configuration_valid(self):
         return all([
             self.conf.MAIL_USERNAME,
             self.conf.MAIL_PASSWORD,
-            self.conf.MAIL_FROM,
-            self.conf.MAIL_PORT,
-            self.conf.MAIL_SERVER,
-            self.conf.MAIL_STARTTLS,
-            self.conf.MAIL_SSL_TLS,
-            self.conf.USE_CREDENTIALS,
-            self.conf.VALIDATE_CERTS
-        ])
+		])

requirements.txt

@@ -1,6 +1,6 @@
 fastapi==0.115.12
 passlib==1.7.4
-pydantic[email]==2.11.4
+pydantic[email]
 pydantic_core==2.33.2
 bcrypt==4.3.0
 motor==3.7.0
@@ -13,9 +13,9 @@ jwt==1.3.1
 python-multipart==0.0.20
 fastapi-mail==1.4.2
 pytz==2025.2
-pytest-mock
-pytest-asyncio
-pytest-cov
-httpx
-coverage
-coveralls
+pytest-mock==3.14.0
+pytest-asyncio==0.26.0
+pytest-cov==6.1.1
+httpx==0.28.1
+coverage==7.8.0
+coveralls==4.0.1

tests/repositories/test_user_repository.py

@@ -173,7 +173,8 @@ async def test__unit_test__update_user_success(user_repository, mock_database):
         password="newpass",
         is_initialized=True,
         remember_me=True,
-        scopes=["admin"]
+        scopes=["admin"],
+        admin_password="adminadmin",
     )
 
     result = await user_repository.update_user("user@test.com", update_data)
@@ -197,7 +198,8 @@ async def test__unit_test__update_user_success_with_no_password(user_repository,
          _id = "user@test.com",
         is_initialized=True,
         remember_me=True,
-        scopes=["admin"]
+        scopes=["admin"],
+        admin_password="adminadmin"
     )
 
     result = await user_repository.update_user("user@test.com", update_data)
@@ -223,7 +225,8 @@ async def test__unit_test__update_user_error(user_repository, mock_database):
         password="newpass",
         is_initialized=True,
         remember_me=True,
-        scopes=["admin"]
+        scopes=["admin"],
+        admin_password="adminadmin",
     )
     with pytest.raises(HTTPException) as exc_info:
         result = await user_repository.update_user("user@test.com", update_data)
@@ -232,10 +235,10 @@ async def test__unit_test__update_user_error(user_repository, mock_database):
 
 @pytest.mark.asyncio
 async def test__unit_test__update_user_no_changes_provide(user_repository, mock_database):
-    update_data = UserUpdate(_id=None)
+    update_data = UserUpdate(_id="user@test.com", password=None, is_initialized=None, remember_me=None, scopes=None, admin_password=None)
     with pytest.raises(HTTPException) as exc_info:
         await user_repository.update_user("user@test.com", update_data)
-    assert exc_info.value.status_code == 400
+    assert exc_info.value.status_code == 304
 
 @pytest.mark.asyncio
 async def test__unit_test__update_user_no_modified(user_repository, mock_database):
@@ -254,7 +257,8 @@ async def test__unit_test__update_user_no_modified(user_repository, mock_databas
         password="test_password",
         is_initialized=False,
         remember_me=False,
-        scopes=["admin"]
+        scopes=["admin"],
+        admin_password="adminadmin"
     )
 
     with pytest.raises(HTTPException) as exc_info:
@@ -268,7 +272,7 @@ async def test__unit_test__update_user_not_found(user_repository, mock_database)
     mock_collection = mock_database.get_collection.return_value
     mock_collection.find_one.return_value = None
 
-    update_data = UserUpdate(_id="test@test.com",password="anypass")
+    update_data = UserUpdate(_id="test@test.com",password="anypass", admin_password="adminadmin")
 
     with pytest.raises(HTTPException) as exc_info:
         await user_repository.update_user("missing@test.com", update_data)