From 4cab9e972f5e3e32c518ec2c6e09e18455fe469a Mon Sep 17 00:00:00 2001
From: Saltie <saltie@protonmail.com>
Date: Thu, 22 Jan 2026 13:37:57 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Handle=20non-existing=20user=20I?=
 =?UTF-8?q?Ds=20in=20`read=5Fuser=5Fby=5Fid`=20(#1396)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Motov Yurii <109919500+YuriiMotov@users.noreply.github.com>
---
 backend/app/api/routes/users.py        |  2 ++
 backend/tests/api/routes/test_users.py | 36 +++++++++++++++++++++++---
 2 files changed, 35 insertions(+), 3 deletions(-)

diff --git a/backend/app/api/routes/users.py b/backend/app/api/routes/users.py
index 6429818..d14525e 100644
--- a/backend/app/api/routes/users.py
+++ b/backend/app/api/routes/users.py
@@ -170,6 +170,8 @@ def read_user_by_id(
             status_code=403,
             detail="The user doesn't have enough privileges",
         )
+    if user is None:
+        raise HTTPException(status_code=404, detail="User not found")
     return user
 
 
diff --git a/backend/tests/api/routes/test_users.py b/backend/tests/api/routes/test_users.py
index 39e053e..04ec4b1 100644
--- a/backend/tests/api/routes/test_users.py
+++ b/backend/tests/api/routes/test_users.py
@@ -8,6 +8,7 @@ from app import crud
 from app.core.config import settings
 from app.core.security import verify_password
 from app.models import User, UserCreate
+from tests.utils.user import create_random_user
 from tests.utils.utils import random_email, random_lower_string
 
 
@@ -56,7 +57,7 @@ def test_create_user_new_email(
         assert user.email == created_user["email"]
 
 
-def test_get_existing_user(
+def test_get_existing_user_as_superuser(
     client: TestClient, superuser_token_headers: dict[str, str], db: Session
 ) -> None:
     username = random_email()
@@ -75,6 +76,17 @@ def test_get_existing_user(
     assert existing_user.email == api_user["email"]
 
 
+def test_get_non_existing_user_as_superuser(
+    client: TestClient, superuser_token_headers: dict[str, str]
+) -> None:
+    r = client.get(
+        f"{settings.API_V1_STR}/users/{uuid.uuid4()}",
+        headers=superuser_token_headers,
+    )
+    assert r.status_code == 404
+    assert r.json() == {"detail": "User not found"}
+
+
 def test_get_existing_user_current_user(client: TestClient, db: Session) -> None:
     username = random_email()
     password = random_lower_string()
@@ -103,10 +115,28 @@ def test_get_existing_user_current_user(client: TestClient, db: Session) -> None
 
 
 def test_get_existing_user_permissions_error(
-    client: TestClient, normal_user_token_headers: dict[str, str]
+    db: Session,
+    client: TestClient,
+    normal_user_token_headers: dict[str, str],
 ) -> None:
+    user = create_random_user(db)
+
     r = client.get(
-        f"{settings.API_V1_STR}/users/{uuid.uuid4()}",
+        f"{settings.API_V1_STR}/users/{user.id}",
+        headers=normal_user_token_headers,
+    )
+    assert r.status_code == 403
+    assert r.json() == {"detail": "The user doesn't have enough privileges"}
+
+
+def test_get_non_existing_user_permissions_error(
+    client: TestClient,
+    normal_user_token_headers: dict[str, str],
+) -> None:
+    user_id = uuid.uuid4()
+
+    r = client.get(
+        f"{settings.API_V1_STR}/users/{user_id}",
         headers=normal_user_token_headers,
     )
     assert r.status_code == 403