ensure admin requests for missing users 404

2025-10-17 15:03:02 +00:00 · 2021-08-03 20:23:12 +02:00
parent 71e9767307
commit e98890b9ca
2 changed files with 33 additions and 2 deletions
--- a/jupyterhub/tests/test_api.py
+++ b/jupyterhub/tests/test_api.py
@@ -361,17 +361,46 @@ async def test_add_user(app):
@mark.role
 async def test_get_user(app):
    name = 'user'
-    _ = await api_request(app, 'users', name, headers=auth_header(app.db, name))
+    # get own model
+    r = await api_request(app, 'users', name, headers=auth_header(app.db, name))
+    r.raise_for_status()
+    # admin request
    r = await api_request(
        app,
        'users',
        name,
    )
-    assert r.status_code == 200
+    r.raise_for_status()

    user = normalize_user(r.json())
    assert user == fill_user({'name': name, 'roles': ['user'], 'auth_state': None})

+    # admin request, no such user
+    r = await api_request(
+        app,
+        'users',
+        'nosuchuser',
+    )
+    assert r.status_code == 404
+
+    # unauthorized request, no such user
+    r = await api_request(
+        app,
+        'users',
+        'nosuchuser',
+        headers=auth_header(app.db, name),
+    )
+    assert r.status_code == 404
+
+    # unauthorized request for existing user
+    r = await api_request(
+        app,
+        'users',
+        'admin',
+        headers=auth_header(app.db, name),
+    )
+    assert r.status_code == 404
+

@mark.user
 async def test_add_multi_user_bad(app):