change reponse 400 -> 403 when no profile found

app/dependencies.py

@@ -1,9 +1,12 @@
 from fastapi import Depends, HTTPException, status
 from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
-from firebase_admin import auth
-from firebase_admin.auth import ExpiredIdTokenError, InvalidIdTokenError
-from app import logger
-from . import db
+from firebase_admin.auth import (
+    ExpiredIdTokenError,
+    InvalidIdTokenError,
+    verify_id_token,
+)
+from . import db, logger
+
 security = HTTPBearer()
 
 
@@ -11,10 +14,12 @@ def get_current_user(
     credentials: HTTPAuthorizationCredentials = Depends(security),
 ):
     try:
-        payload = auth.verify_id_token(credentials.credentials)
+        payload = verify_id_token(credentials.credentials)
         user_doc_ref = db.collection("user").document(payload["sub"]).get()
         if not user_doc_ref.exists:
-            raise HTTPException(status_code=400, detail="User profile not found")
+            raise HTTPException(
+                status_code=status.HTTP_403_FORBIDDEN, detail="User profile not exist"
+            )
     except ExpiredIdTokenError as e:
         logger.warning(e)
         raise HTTPException(

tests/test_friend_request.py

@@ -1,6 +1,6 @@
 import os
 import pytest
-import json 
+import json
 import cv2
 import mmcv
 import requests
@@ -11,18 +11,22 @@ from app.constants import deviceId
 from fastapi.routing import APIRoute
 from app import db
 from google.cloud.firestore_v1.base_query import FieldFilter
+
+
 def endpoints():
     endpoints = []
     for route in app.routes:
         if isinstance(route, APIRoute):
             endpoints.append(route.path)
     return endpoints
+
+
 def read_qr_code(filename):
     """Read an image and read the QR code.
-    
+
     Args:
         filename (string): Path to file
-    
+
     Returns:
         qr (string): Value from QR code
     """
@@ -33,87 +37,104 @@ def read_qr_code(filename):
         return value
     except:
         return
+
+
 @pytest.fixture
 def client():
     client = TestClient(app)
     yield client
+
+
 @pytest.fixture
 def inviter():
-    url = "https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=" + os.environ.get("FIREBASE_API_KEY")
-
-    payload = json.dumps({
-    "email": "[email protected]",
-    "password": "testing",
-    "returnSecureToken": True
-    })
-    headers = {
-    'Content-Type': 'application/json'
-    }
+    url = (
+        "https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key="
+        + os.environ.get("FIREBASE_API_KEY")
+    )
+
+    payload = json.dumps(
+        {"email": "[email protected]", "password": "testing", "returnSecureToken": True}
+    )
+    headers = {"Content-Type": "application/json"}
     response = requests.request("POST", url, headers=headers, data=payload)
     data = response.json()
-    inviter = {"id": data['localId'], "token": data["idToken"]}
+    inviter = {"id": data["localId"], "token": data["idToken"]}
     yield inviter
-    
+
+
 @pytest.fixture()
 def invitee():
-    url = "https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=" + os.environ.get("FIREBASE_API_KEY")
-
-    payload = json.dumps({
-    "email": "[email protected]",
-    "password": "testing2",
-    "returnSecureToken": True
-    })
-    headers = {
-    'Content-Type': 'application/json'
-    }
+    url = (
+        "https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key="
+        + os.environ.get("FIREBASE_API_KEY")
+    )
+
+    payload = json.dumps(
+        {"email": "[email protected]", "password": "testing2", "returnSecureToken": True}
+    )
+    headers = {"Content-Type": "application/json"}
     response = requests.request("POST", url, headers=headers, data=payload)
     data = response.json()
-    invitee = {"id": data['localId'], "token": data["idToken"]}
+    invitee = {"id": data["localId"], "token": data["idToken"]}
     yield invitee
-class TestFriendRequest():
-    @pytest.mark.skipif("/friend_request" not in endpoints(),reason="Route not defined")
+
+
+class TestFriendRequest:
+    @pytest.mark.skipif(
+        "/friend_request" not in endpoints(), reason="Route not defined"
+    )
     def test_post_friend(self, client, inviter, invitee):
         # Call the firebase database
-        friend_request_ref = db.collection('friend_request')
+        friend_request_ref = db.collection("friend_request")
         # Remove all the friend_request use for testing in the past
-        query = friend_request_ref.where(filter=FieldFilter("inviter", "==", inviter['id']))
+        query = friend_request_ref.where(
+            filter=FieldFilter("inviter", "==", inviter["id"])
+        )
         docs = query.stream()
         for doc in docs:
             doc.reference.delete()
-        # Delete the user for safety-check 
+        # Delete the user for safety-check
         user_ref = db.collection("user")
-        user_ref.document(inviter['id']).delete()
+        user_ref.document(inviter["id"]).delete()
         # Send request with no token
-        payload = ''
+        payload = ""
         headers = {
-        'Content-Type': 'application/json',
+            "Content-Type": "application/json",
         }
-        response = client.request("POST", 'friend_request', headers=headers, data=payload)
+        response = client.request(
+            "POST", "friend_request", headers=headers, data=payload
+        )
         assert response.status_code == 403
         # Send request with false token
-        payload = ''
+        payload = ""
         headers = {
-        'Content-Type': 'application/json',
-        'Authorization': 'Bearer amksckmasckmafvqnwfniqoniofv' 
+            "Content-Type": "application/json",
+            "Authorization": "Bearer amksckmasckmafvqnwfniqoniofv",
         }
-        response = client.request("POST", 'friend_request', headers=headers, data=payload)
+        response = client.request(
+            "POST", "friend_request", headers=headers, data=payload
+        )
         assert response.status_code == 401
         # Send request with unknown user
-        payload = ''
+        payload = ""
         headers = {
-        'Content-Type': 'application/json',
-        'Authorization': 'Bearer ' + inviter['token']
+            "Content-Type": "application/json",
+            "Authorization": "Bearer " + inviter["token"],
         }
-        response = client.request("POST", 'friend_request', headers=headers, data=payload)
-        assert response.status_code == 400
-        # Create request and re-send 
-        user_ref.document(inviter['id']).set({"deviceId": deviceId})
-        payload = ''
+        response = client.request(
+            "POST", "friend_request", headers=headers, data=payload
+        )
+        assert response.status_code == 403
+        # Create request and re-send
+        user_ref.document(inviter["id"]).set({"deviceId": deviceId})
+        payload = ""
         headers = {
-        'Content-Type': 'application/json',
-        'Authorization': 'Bearer ' + inviter['token']
+            "Content-Type": "application/json",
+            "Authorization": "Bearer " + inviter["token"],
         }
-        response = client.request("POST", 'friend_request', headers=headers, data=payload)
+        response = client.request(
+            "POST", "friend_request", headers=headers, data=payload
+        )
         assert response.status_code == 200
         result = mmcv.imfrombytes(response.read())
         # Check returned QR image
@@ -122,29 +143,32 @@ class TestFriendRequest():
         mmcv.imwrite(result, "qrcode.jpg")
         # Now test for the invitee aka the one that scan QR code
         # Delete invitee user (if existed)
-        user_ref.document(invitee['id']).delete()
+        user_ref.document(invitee["id"]).delete()
         # Test when the invitee is unknow user (no user entity in database)
         request_id = read_qr_code("qrcode.jpg")
-        payload = ''
+        payload = ""
         headers = {
-        'Content-Type': 'application/json',
-        'Authorization': 'Bearer ' + invitee['token']
+            "Content-Type": "application/json",
+            "Authorization": "Bearer " + invitee["token"],
         }
-        response = client.request("PATCH", 'friend_request/' + request_id, headers=headers, data=payload)
-        assert response.status_code == 400
+        response = client.request(
+            "PATCH", "friend_request/" + request_id, headers=headers, data=payload
+        )
+        assert response.status_code == 403
 
         # Create invitee user
-        user_ref.document(invitee['id']).set({"deviceId": deviceId})
+        user_ref.document(invitee["id"]).set({"deviceId": deviceId})
         # Send request
         request_id = read_qr_code("qrcode.jpg")
-        payload = ''
+        payload = ""
         headers = {
-        'Content-Type': 'application/json',
-        'Authorization': 'Bearer ' + invitee['token']
+            "Content-Type": "application/json",
+            "Authorization": "Bearer " + invitee["token"],
         }
-        response = client.request("PATCH", 'friend_request/' + request_id, headers=headers, data=payload)
+        response = client.request(
+            "PATCH", "friend_request/" + request_id, headers=headers, data=payload
+        )
         assert response.status_code == 200
         # Delete entity for next time test
-        user_ref.document(inviter['id']).delete()
-        user_ref.document(invitee['id']).delete()
-        
+        user_ref.document(inviter["id"]).delete()
+        user_ref.document(invitee["id"]).delete()