autocommit 22-07-2024-15-09

2024-07-22 15:09:27 +10:00 · 2024-07-22 15:09:27 +10:00 · 3880770064
parent 7c41886111
commit 3880770064
5 changed files with 182 additions and 79 deletions
--- a/py-kivy/poetry.lock
+++ b/py-kivy/poetry.lock
@ -79,6 +79,46 @@ tests = ["attrs[tests-no-zope]", "zope-interface"]
 tests-mypy = ["mypy (>=1.6)", "pytest-mypy-plugins"]
 tests-no-zope = ["attrs[tests-mypy]", "cloudpickle", "hypothesis", "pympler", "pytest (>=4.3.0)", "pytest-xdist[psutil]"]

+[[package]]
+name = "bcrypt"
+version = "4.1.3"
+description = "Modern password hashing for your software and your servers"
+optional = false
+python-versions = ">=3.7"
+files = [
+    {file = "bcrypt-4.1.3-cp37-abi3-macosx_10_12_universal2.whl", hash = "sha256:48429c83292b57bf4af6ab75809f8f4daf52aa5d480632e53707805cc1ce9b74"},
+    {file = "bcrypt-4.1.3-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:4a8bea4c152b91fd8319fef4c6a790da5c07840421c2b785084989bf8bbb7455"},
+    {file = "bcrypt-4.1.3-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3d3b317050a9a711a5c7214bf04e28333cf528e0ed0ec9a4e55ba628d0f07c1a"},
+    {file = "bcrypt-4.1.3-cp37-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:094fd31e08c2b102a14880ee5b3d09913ecf334cd604af27e1013c76831f7b05"},
+    {file = "bcrypt-4.1.3-cp37-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:4fb253d65da30d9269e0a6f4b0de32bd657a0208a6f4e43d3e645774fb5457f3"},
+    {file = "bcrypt-4.1.3-cp37-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:193bb49eeeb9c1e2db9ba65d09dc6384edd5608d9d672b4125e9320af9153a15"},
+    {file = "bcrypt-4.1.3-cp37-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:8cbb119267068c2581ae38790e0d1fbae65d0725247a930fc9900c285d95725d"},
+    {file = "bcrypt-4.1.3-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:6cac78a8d42f9d120b3987f82252bdbeb7e6e900a5e1ba37f6be6fe4e3848286"},
+    {file = "bcrypt-4.1.3-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:01746eb2c4299dd0ae1670234bf77704f581dd72cc180f444bfe74eb80495b64"},
+    {file = "bcrypt-4.1.3-cp37-abi3-win32.whl", hash = "sha256:037c5bf7c196a63dcce75545c8874610c600809d5d82c305dd327cd4969995bf"},
+    {file = "bcrypt-4.1.3-cp37-abi3-win_amd64.whl", hash = "sha256:8a893d192dfb7c8e883c4576813bf18bb9d59e2cfd88b68b725990f033f1b978"},
+    {file = "bcrypt-4.1.3-cp39-abi3-macosx_10_12_universal2.whl", hash = "sha256:0d4cf6ef1525f79255ef048b3489602868c47aea61f375377f0d00514fe4a78c"},
+    {file = "bcrypt-4.1.3-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f5698ce5292a4e4b9e5861f7e53b1d89242ad39d54c3da451a93cac17b61921a"},
+    {file = "bcrypt-4.1.3-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ec3c2e1ca3e5c4b9edb94290b356d082b721f3f50758bce7cce11d8a7c89ce84"},
+    {file = "bcrypt-4.1.3-cp39-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:3a5be252fef513363fe281bafc596c31b552cf81d04c5085bc5dac29670faa08"},
+    {file = "bcrypt-4.1.3-cp39-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:5f7cd3399fbc4ec290378b541b0cf3d4398e4737a65d0f938c7c0f9d5e686611"},
+    {file = "bcrypt-4.1.3-cp39-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:c4c8d9b3e97209dd7111bf726e79f638ad9224b4691d1c7cfefa571a09b1b2d6"},
+    {file = "bcrypt-4.1.3-cp39-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:31adb9cbb8737a581a843e13df22ffb7c84638342de3708a98d5c986770f2834"},
+    {file = "bcrypt-4.1.3-cp39-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:551b320396e1d05e49cc18dd77d970accd52b322441628aca04801bbd1d52a73"},
+    {file = "bcrypt-4.1.3-cp39-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:6717543d2c110a155e6821ce5670c1f512f602eabb77dba95717ca76af79867d"},
+    {file = "bcrypt-4.1.3-cp39-abi3-win32.whl", hash = "sha256:6004f5229b50f8493c49232b8e75726b568535fd300e5039e255d919fc3a07f2"},
+    {file = "bcrypt-4.1.3-cp39-abi3-win_amd64.whl", hash = "sha256:2505b54afb074627111b5a8dc9b6ae69d0f01fea65c2fcaea403448c503d3991"},
+    {file = "bcrypt-4.1.3-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:cb9c707c10bddaf9e5ba7cdb769f3e889e60b7d4fea22834b261f51ca2b89fed"},
+    {file = "bcrypt-4.1.3-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:9f8ea645eb94fb6e7bea0cf4ba121c07a3a182ac52876493870033141aa687bc"},
+    {file = "bcrypt-4.1.3-pp39-pypy39_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:f44a97780677e7ac0ca393bd7982b19dbbd8d7228c1afe10b128fd9550eef5f1"},
+    {file = "bcrypt-4.1.3-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:d84702adb8f2798d813b17d8187d27076cca3cd52fe3686bb07a9083930ce650"},
+    {file = "bcrypt-4.1.3.tar.gz", hash = "sha256:2ee15dd749f5952fe3f0430d0ff6b74082e159c50332a1413d51b5689cf06623"},
+]
+
+[package.extras]
+tests = ["pytest (>=3.2.1,!=3.3.0)"]
+typecheck = ["mypy"]
+
 [[package]]
 name = "certifi"
 version = "2024.7.4"
@ -295,6 +335,55 @@ traitlets = ">=4"
 [package.extras]
 test = ["pytest"]

+[[package]]
+name = "cryptography"
+version = "43.0.0"
+description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers."
+optional = false
+python-versions = ">=3.7"
+files = [
+    {file = "cryptography-43.0.0-cp37-abi3-macosx_10_9_universal2.whl", hash = "sha256:64c3f16e2a4fc51c0d06af28441881f98c5d91009b8caaff40cf3548089e9c74"},
+    {file = "cryptography-43.0.0-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3dcdedae5c7710b9f97ac6bba7e1052b95c7083c9d0e9df96e02a1932e777895"},
+    {file = "cryptography-43.0.0-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3d9a1eca329405219b605fac09ecfc09ac09e595d6def650a437523fcd08dd22"},
+    {file = "cryptography-43.0.0-cp37-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:ea9e57f8ea880eeea38ab5abf9fbe39f923544d7884228ec67d666abd60f5a47"},
+    {file = "cryptography-43.0.0-cp37-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:9a8d6802e0825767476f62aafed40532bd435e8a5f7d23bd8b4f5fd04cc80ecf"},
+    {file = "cryptography-43.0.0-cp37-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:cc70b4b581f28d0a254d006f26949245e3657d40d8857066c2ae22a61222ef55"},
+    {file = "cryptography-43.0.0-cp37-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:4a997df8c1c2aae1e1e5ac49c2e4f610ad037fc5a3aadc7b64e39dea42249431"},
+    {file = "cryptography-43.0.0-cp37-abi3-win32.whl", hash = "sha256:6e2b11c55d260d03a8cf29ac9b5e0608d35f08077d8c087be96287f43af3ccdc"},
+    {file = "cryptography-43.0.0-cp37-abi3-win_amd64.whl", hash = "sha256:31e44a986ceccec3d0498e16f3d27b2ee5fdf69ce2ab89b52eaad1d2f33d8778"},
+    {file = "cryptography-43.0.0-cp39-abi3-macosx_10_9_universal2.whl", hash = "sha256:7b3f5fe74a5ca32d4d0f302ffe6680fcc5c28f8ef0dc0ae8f40c0f3a1b4fca66"},
+    {file = "cryptography-43.0.0-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ac1955ce000cb29ab40def14fd1bbfa7af2017cca696ee696925615cafd0dce5"},
+    {file = "cryptography-43.0.0-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:299d3da8e00b7e2b54bb02ef58d73cd5f55fb31f33ebbf33bd00d9aa6807df7e"},
+    {file = "cryptography-43.0.0-cp39-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:ee0c405832ade84d4de74b9029bedb7b31200600fa524d218fc29bfa371e97f5"},
+    {file = "cryptography-43.0.0-cp39-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:cb013933d4c127349b3948aa8aaf2f12c0353ad0eccd715ca789c8a0f671646f"},
+    {file = "cryptography-43.0.0-cp39-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:fdcb265de28585de5b859ae13e3846a8e805268a823a12a4da2597f1f5afc9f0"},
+    {file = "cryptography-43.0.0-cp39-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:2905ccf93a8a2a416f3ec01b1a7911c3fe4073ef35640e7ee5296754e30b762b"},
+    {file = "cryptography-43.0.0-cp39-abi3-win32.whl", hash = "sha256:47ca71115e545954e6c1d207dd13461ab81f4eccfcb1345eac874828b5e3eaaf"},
+    {file = "cryptography-43.0.0-cp39-abi3-win_amd64.whl", hash = "sha256:0663585d02f76929792470451a5ba64424acc3cd5227b03921dab0e2f27b1709"},
+    {file = "cryptography-43.0.0-pp310-pypy310_pp73-macosx_10_9_x86_64.whl", hash = "sha256:2c6d112bf61c5ef44042c253e4859b3cbbb50df2f78fa8fae6747a7814484a70"},
+    {file = "cryptography-43.0.0-pp310-pypy310_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:844b6d608374e7d08f4f6e6f9f7b951f9256db41421917dfb2d003dde4cd6b66"},
+    {file = "cryptography-43.0.0-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:51956cf8730665e2bdf8ddb8da0056f699c1a5715648c1b0144670c1ba00b48f"},
+    {file = "cryptography-43.0.0-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:aae4d918f6b180a8ab8bf6511a419473d107df4dbb4225c7b48c5c9602c38c7f"},
+    {file = "cryptography-43.0.0-pp39-pypy39_pp73-macosx_10_9_x86_64.whl", hash = "sha256:232ce02943a579095a339ac4b390fbbe97f5b5d5d107f8a08260ea2768be8cc2"},
+    {file = "cryptography-43.0.0-pp39-pypy39_pp73-manylinux_2_28_aarch64.whl", hash = "sha256:5bcb8a5620008a8034d39bce21dc3e23735dfdb6a33a06974739bfa04f853947"},
+    {file = "cryptography-43.0.0-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:08a24a7070b2b6804c1940ff0f910ff728932a9d0e80e7814234269f9d46d069"},
+    {file = "cryptography-43.0.0-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:e9c5266c432a1e23738d178e51c2c7a5e2ddf790f248be939448c0ba2021f9d1"},
+    {file = "cryptography-43.0.0.tar.gz", hash = "sha256:b88075ada2d51aa9f18283532c9f60e72170041bba88d7f37e49cbb10275299e"},
+]
+
+[package.dependencies]
+cffi = {version = ">=1.12", markers = "platform_python_implementation != \"PyPy\""}
+
+[package.extras]
+docs = ["sphinx (>=5.3.0)", "sphinx-rtd-theme (>=1.1.1)"]
+docstest = ["pyenchant (>=1.6.11)", "readme-renderer", "sphinxcontrib-spelling (>=4.0.1)"]
+nox = ["nox"]
+pep8test = ["check-sdist", "click", "mypy", "ruff"]
+sdist = ["build"]
+ssh = ["bcrypt (>=3.1.5)"]
+test = ["certifi", "cryptography-vectors (==43.0.0)", "pretend", "pytest (>=6.2.0)", "pytest-benchmark", "pytest-cov", "pytest-xdist"]
+test-randomorder = ["pytest-randomly"]
+
 [[package]]
 name = "debugpy"
 version = "1.8.2"
@ -2342,4 +2431,4 @@ files = [
 [metadata]
 lock-version = "2.0"
 python-versions = "^3.12"
-content-hash = "0d6489d261e19e3bffaafb61a05fdc436dae4801beefcaf640e9abc4b7bad8fd"
+content-hash = "f55c38562e6c2289c61f522e174db9c3e531fb9a2a4f8c7317fd976b339c5e5a"
--- a/py-kivy/pos_system/models.py
+++ b/py-kivy/pos_system/models.py
@ -34,7 +34,7 @@ class OrderItem(BaseModel):
  item_id: str
  quantity: int
  price_at_order: float
-  
+
  @field_validator("item_id")
  def validate_id(cls, v):
    if isinstance(v, ObjectId):
@ -54,27 +54,6 @@ class Order(MongoBaseModel):
  discount_applied: Optional[float] = None
  notes: Optional[str] = None

-  # @field_validator("user_id")
-  # def validate_user_id(cls, v):
-  #   return validate_object_id(v)
-
-  # @validator("order_status")
-  # def valid_order_status(cls, v):
-  #   allowed_statuses = ["created", "processing",
-  #                       "shipped", "delivered", "cancelled"]
-  #   if v not in allowed_statuses:
-  #     raise ValueError(f"Invalid order status. Must be one of: {
-  #                      ', '.join(allowed_statuses)}")
-  #   return v
-
-  # @validator("payment_status")
-  # def valid_payment_status(cls, v):
-  #   allowed_statuses = ["pending", "paid", "refunded", "failed"]
-  #   if v not in allowed_statuses:
-  #     raise ValueError(f"Invalid payment status. Must be one of: {
-  #                      ', '.join(allowed_statuses)}")
-  #   return v
-

 class UserBase(BaseModel):
  username: str
--- a/py-kivy/pos_system/routers/users.py
+++ b/py-kivy/pos_system/routers/users.py
@ -1,8 +1,8 @@
 from fastapi import APIRouter, HTTPException, Depends, status
 from fastapi.security import OAuth2PasswordRequestForm
-from ..models import User, UserInDB
+from ..models import User, UserCreate, UserInDB
 from ..database import get_db
-from ..auth import get_password_hash, verify_password, create_access_token, oauth2_scheme
+from ..auth import get_password_hash, verify_password, create_access_token, oauth2_scheme, create_user
 from bson import ObjectId
 from typing import List

@ -12,6 +12,19 @@ router = APIRouter(
 )


+@router.post("/register", response_model=User)
+async def register_user(user: UserCreate):
+  db = get_db()
+  existing_user = db.users.find_one({"username": user.username})
+  if existing_user:
+    raise HTTPException(status_code=400, detail="Username already registered")
+  hashed_password = get_password_hash(user.password)
+  user_in_db = UserInDB(
+      **user.model_dump(exclude={"password"}), hashed_password=hashed_password)
+  created_user = create_user(db, user_in_db)
+  return User(**created_user.model_dump(exclude={"hashed_password"}))
+
+
 def get_user(username: str):
  db = get_db()
  user_dict = db.users.find_one({"username": username})
@ -34,21 +47,6 @@ async def get_current_user(token: str = Depends(oauth2_scheme)):
  return user


-@router.post("/register", response_model=User)
-async def create_user(user: UserInDB):
-  db = get_db()
-  existing_user = db.users.find_one({"username": user.username})
-  if existing_user:
-    raise HTTPException(status_code=400, detail="Username already registered")
-  hashed_password = get_password_hash(user.password)
-  user_dict = user.dict()
-  user_dict["hashed_password"] = hashed_password
-  del user_dict["password"]
-  result = db.users.insert_one(user_dict)
-  created_user = db.users.find_one({"_id": result.inserted_id})
-  return User(**created_user)
-
-
@router.post("/token")
 async def login(form_data: OAuth2PasswordRequestForm = Depends()):
  user = get_user(form_data.username)
--- a/py-kivy/pyproject.toml
+++ b/py-kivy/pyproject.toml
@ -18,6 +18,8 @@ passlib = "^1.7.4"

 pydantic = "^2.8.2"
 pytest-xdist = "^3.6.1"
+cryptography = "^43.0.0"
+bcrypt = "^4.1.3"
 [tool.poetry.group.dev.dependencies]
 ipykernel = "^6.29.5"

--- a/py-kivy/tests/test_orders.py
+++ b/py-kivy/tests/test_orders.py
@ -15,6 +15,7 @@ def clear_db():
  db = get_db()
  db.orders.delete_many({})
  db.items.delete_many({})
+  db.users.delete_many({})


@pytest.fixture(autouse=True)
@ -24,41 +25,73 @@ def run_around_tests():
  clear_db()


-def create_test_item():
+def create_test_user():
+  user_data = {
+      "username": "testuser",
+      "email": "testuser@example.com",
+      "password": "testpassword",
+      "full_name": "Test User",
+      "is_active": True,
+      "is_superuser": False
+  }
+  response = client.post("/users/register", json=user_data)
+  assert response.status_code == 200, f"Failed to create user: {response.text}"
+  return response.json()
+
+
+def login_test_user():
+  login_data = {
+      "username": "testuser",
+      "password": "testpassword"
+  }
+  response = client.post("/token", data=login_data)
+  assert response.status_code == 200
+  return response.json()["access_token"]
+
+
+def create_test_item(token):
+  headers = {"Authorization": f"Bearer {token}"}
  response = client.post(
      "/items/",
+      headers=headers,
      json={"name": "Test Item", "price": 10.99,
            "quantity": 100, "unit": "piece"}
  )
+  assert response.status_code == 200
  return response.json()["_id"]


-def test_create_order():
+@pytest.fixture
+def auth_headers():
+  create_test_user()
+  token = login_test_user()
+  return {"Authorization": f"Bearer {token}"}
+
+
+def test_create_order(auth_headers):
  logger.info("Testing create order")
-  item_id = create_test_item()
+  item_id = create_test_item(auth_headers["Authorization"].split()[1])
  order_data = {
-      "user_id": str(ObjectId()),
      "items": [{"item_id": item_id, "quantity": 2}],
      "total_amount": 21.98,
      "payment_method": "credit_card"
  }
-  response = client.post("/orders/", json=order_data)
+  response = client.post("/orders/", json=order_data, headers=auth_headers)
  assert response.status_code == 200
  assert "_id" in response.json()
  logger.info(f"Created order with ID: {response.json()['_id']}")


-def test_read_orders():
+def test_read_orders(auth_headers):
  logger.info("Testing read orders")
-  item_id = create_test_item()
+  item_id = create_test_item(auth_headers["Authorization"].split()[1])
  order_data = {
-      "user_id": str(ObjectId()),
      "items": [{"item_id": item_id, "quantity": 2}],
      "total_amount": 21.98,
      "payment_method": "credit_card"
  }
-  client.post("/orders/", json=order_data)
-  response = client.get("/orders/")
+  client.post("/orders/", json=order_data, headers=auth_headers)
+  response = client.get("/orders/", headers=auth_headers)
  assert response.status_code == 200
  orders = response.json()
  assert len(orders) == 1
@ -66,61 +99,62 @@ def test_read_orders():
  logger.info(f"Retrieved {len(orders)} orders")


-def test_read_order():
+def test_read_order(auth_headers):
  logger.info("Testing read single order")
-  item_id = create_test_item()
+  item_id = create_test_item(auth_headers["Authorization"].split()[1])
  order_data = {
-      "user_id": str(ObjectId()),
      "items": [{"item_id": item_id, "quantity": 2}],
      "total_amount": 21.98,
      "payment_method": "credit_card"
  }
-  create_response = client.post("/orders/", json=order_data)
+  create_response = client.post(
+      "/orders/", json=order_data, headers=auth_headers)
  order_id = create_response.json()["_id"]
-  response = client.get(f"/orders/{order_id}")
+  response = client.get(f"/orders/{order_id}", headers=auth_headers)
  assert response.status_code == 200
  assert response.json()["total_amount"] == 21.98
  logger.info(f"Retrieved order with ID: {order_id}")


-def test_update_order():
+def test_update_order(auth_headers):
  logger.info("Testing update order")
-  item_id = create_test_item()
+  item_id = create_test_item(auth_headers["Authorization"].split()[1])
  order_data = {
-      "user_id": str(ObjectId()),
      "items": [{"item_id": item_id, "quantity": 2}],
      "total_amount": 21.98,
      "payment_method": "credit_card"
  }
-  create_response = client.post("/orders/", json=order_data)
+  create_response = client.post(
+      "/orders/", json=order_data, headers=auth_headers)
  order_id = create_response.json()["_id"]
  update_data = {
      "items": [{"item_id": item_id, "quantity": 3}],
      "total_amount": 32.97,
      "payment_method": "cash"
  }
-  response = client.put(f"/orders/{order_id}", json=update_data)
+  response = client.put(f"/orders/{order_id}",
+                        json=update_data, headers=auth_headers)
  assert response.status_code == 200
  assert response.json()["total_amount"] == 32.97
  assert response.json()["payment_method"] == "cash"
  logger.info(f"Updated order with ID: {order_id}")


-def test_delete_order():
+def test_delete_order(auth_headers):
  logger.info("Testing delete order")
-  item_id = create_test_item()
+  item_id = create_test_item(auth_headers["Authorization"].split()[1])
  order_data = {
-      "user_id": str(ObjectId()),
      "items": [{"item_id": item_id, "quantity": 2}],
      "total_amount": 21.98,
      "payment_method": "credit_card"
  }
-  create_response = client.post("/orders/", json=order_data)
+  create_response = client.post(
+      "/orders/", json=order_data, headers=auth_headers)
  order_id = create_response.json()["_id"]
-  response = client.delete(f"/orders/{order_id}")
+  response = client.delete(f"/orders/{order_id}", headers=auth_headers)
  assert response.status_code == 200
  assert response.json()["message"] == "Order deleted successfully"
-  get_response = client.get(f"/orders/{order_id}")
+  get_response = client.get(f"/orders/{order_id}", headers=auth_headers)
  assert get_response.status_code == 404
  logger.info(f"Deleted order with ID: {order_id}")

@ -128,7 +162,6 @@ def test_delete_order():
@given(
    st.lists(
        st.fixed_dictionaries({
-            "item_id": st.text(min_size=24, max_size=24),
            "quantity": st.integers(min_value=1, max_value=10)
        }),
        min_size=1,
@ -139,22 +172,24 @@ def test_delete_order():
    st.sampled_from(["credit_card", "cash", "paypal"])
 )
@settings(max_examples=50)
-def test_create_order_property(items, total_amount, payment_method):
+def test_create_order_property(auth_headers, items, total_amount, payment_method):
  clear_db()
-  item_id = create_test_item()
+  create_test_user()
+  token = login_test_user()
+  auth_headers = {"Authorization": f"Bearer {token}"}
+  item_id = create_test_item(token)
  for item in items:
    item["item_id"] = item_id  # Use the same item_id for all items
  order_data = {
-      "user_id": str(ObjectId()),
      "items": items,
      "total_amount": total_amount,
      "payment_method": payment_method
  }
-  response = client.post("/orders/", json=order_data)
+  response = client.post("/orders/", json=order_data, headers=auth_headers)
  assert response.status_code == 200
  assert "_id" in response.json()
  order_id = response.json()["_id"]
-  get_response = client.get(f"/orders/{order_id}")
+  get_response = client.get(f"/orders/{order_id}", headers=auth_headers)
  assert get_response.status_code == 200
  retrieved_order = get_response.json()
  assert retrieved_order["total_amount"] == total_amount
@ -165,7 +200,6 @@ def test_create_order_property(items, total_amount, payment_method):
@given(
    st.lists(
        st.fixed_dictionaries({
-            "user_id": st.text(min_size=24, max_size=24),
            "total_amount": st.floats(min_value=0.01, max_value=1000, allow_nan=False, allow_infinity=False),
            "payment_method": st.sampled_from(["credit_card", "cash", "paypal"])
        }),
@ -174,23 +208,24 @@ def test_create_order_property(items, total_amount, payment_method):
    )
 )
@settings(max_examples=20)
-def test_read_orders_property(orders):
+def test_read_orders_property(auth_headers, orders):
  clear_db()
-  item_id = create_test_item()
+  create_test_user()
+  token = login_test_user()
+  auth_headers = {"Authorization": f"Bearer {token}"}
+  item_id = create_test_item(token)
  for order in orders:
    order_data = {
-        "user_id": order["user_id"],
        "items": [{"item_id": item_id, "quantity": 1}],
        "total_amount": order["total_amount"],
        "payment_method": order["payment_method"]
    }
-    client.post("/orders/", json=order_data)
-  response = client.get("/orders/")
+    client.post("/orders/", json=order_data, headers=auth_headers)
+  response = client.get("/orders/", headers=auth_headers)
  assert response.status_code == 200
  retrieved_orders = response.json()
  assert len(retrieved_orders) == len(orders)
  for retrieved_order in retrieved_orders:
-    assert "user_id" in retrieved_order
    assert "total_amount" in retrieved_order
    assert "payment_method" in retrieved_order