diff --git a/api/controllers/console/workspace/account.py b/api/controllers/console/workspace/account.py index 7a41a8a5cc..dd89f9e56c 100644 --- a/api/controllers/console/workspace/account.py +++ b/api/controllers/console/workspace/account.py @@ -287,7 +287,7 @@ class AccountDeleteVerifyApi(Resource): @setup_required @login_required @account_initialization_required - def get(self): + def post(self): if not isinstance(current_user, Account): raise ValueError("Invalid user account") account = current_user diff --git a/api/tests/unit_tests/controllers/console/workspace/test_account_delete_verify.py b/api/tests/unit_tests/controllers/console/workspace/test_account_delete_verify.py new file mode 100644 index 0000000000..54db486347 --- /dev/null +++ b/api/tests/unit_tests/controllers/console/workspace/test_account_delete_verify.py @@ -0,0 +1,63 @@ +import inspect +from unittest.mock import MagicMock + +import pytest +from flask import Flask + +from controllers.console.workspace import account as account_module +from controllers.console.workspace.account import AccountDeleteVerifyApi +from models.account import Account + + +@pytest.fixture +def flask_app(): + app = Flask(__name__) + app.config["TESTING"] = True + return app + + +@pytest.fixture +def account_user(): + user = Account(name="Tester", email="tester@example.com") + user.id = "user-id" + return user + + +class TestAccountDeleteVerifyApi: + def test_post_generates_token_and_sends_email(self, flask_app, account_user, monkeypatch): + generate_mock = MagicMock(return_value=("token", "code")) + send_mock = MagicMock() + + monkeypatch.setattr(account_module, "current_user", account_user, raising=False) + monkeypatch.setattr( + account_module.AccountService, + "generate_account_deletion_verification_code", + generate_mock, + raising=False, + ) + monkeypatch.setattr( + account_module.AccountService, + "send_account_deletion_verification_email", + send_mock, + raising=False, + ) + + controller = AccountDeleteVerifyApi() + handler = inspect.unwrap(AccountDeleteVerifyApi.post) + + with flask_app.test_request_context("/account/delete/verify", method="POST", json={}): + response = handler(controller) + + assert response == {"result": "success", "data": "token"} + generate_mock.assert_called_once_with(account_user) + send_mock.assert_called_once_with(account_user, "code") + + def test_post_requires_account_user(self, flask_app, monkeypatch): + monkeypatch.setattr(account_module, "current_user", object(), raising=False) + + controller = AccountDeleteVerifyApi() + handler = inspect.unwrap(AccountDeleteVerifyApi.post) + + with flask_app.test_request_context("/account/delete/verify", method="POST", json={}): + with pytest.raises(ValueError): + handler(controller) diff --git a/web/service/common.ts b/web/service/common.ts index 7c67805bb7..c4daea5b97 100644 --- a/web/service/common.ts +++ b/web/service/common.ts @@ -375,7 +375,7 @@ export const verifyWebAppResetPasswordCode = (body: { email: string; code: strin post('/forgot-password/validity', { body }, { isPublicAPI: true }) export const sendDeleteAccountCode = () => - get('/account/delete/verify') + post('/account/delete/verify', { body: {} }) export const verifyDeleteAccountCode = (body: { code: string; token: string }) => post('/account/delete', { body })