HHS · mikehgrantsgov · Jan 8, 2025 · Jan 9, 2025 · Jan 9, 2025 · Jan 9, 2025
@@ -15,13 +15,19 @@
     UserSavedOpportunitiesResponseSchema,
     UserSaveOpportunityRequestSchema,
     UserSaveOpportunityResponseSchema,
+    UserSaveSearchRequestSchema,
+    UserSaveSearchResponseSchema,
     UserTokenLogoutResponseSchema,
     UserTokenRefreshResponseSchema,
 )
 from src.auth.api_jwt_auth import api_jwt_auth, refresh_token_expiration
 from src.auth.auth_utils import with_login_redirect_error_handler
 from src.auth.login_gov_jwt_auth import get_final_redirect_uri, get_login_gov_redirect_uri
-from src.db.models.user_models import UserSavedOpportunity, UserTokenSession
+from src.db.models.user_models import (
+    UserSavedOpportunity,
+    UserTokenSession,
+    UserSavedSearch,
+)
 from src.services.users.delete_saved_opportunity import delete_saved_opportunity
 from src.services.users.get_saved_opportunities import get_saved_opportunities
 from src.services.users.get_user import get_user
@@ -231,3 +237,40 @@ def user_get_saved_opportunities(db_session: db.Session, user_id: UUID) -> respo
     saved_opportunities = get_saved_opportunities(db_session, user_id)
 
     return response.ApiResponse(message="Success", data=saved_opportunities)
+
+
+@user_blueprint.post("/<uuid:user_id>/saved-searches")
+@user_blueprint.input(UserSaveSearchRequestSchema, location="json")
+@user_blueprint.output(UserSaveSearchResponseSchema)
+@user_blueprint.doc(responses=[200, 401])
+@user_blueprint.auth_required(api_jwt_auth)
+@flask_db.with_db_session()
+def user_save_search(
+    db_session: db.Session, user_id: UUID, json_data: dict
+) -> response.ApiResponse:
+    logger.info("POST /v1/users/:user_id/saved-searches")
+
+    user_token_session: UserTokenSession = api_jwt_auth.current_user  # type: ignore
+
+    # Verify the authenticated user matches the requested user_id
+    print(user_token_session.user_id, user_id)
+    if user_token_session.user_id != user_id:
+        raise_flask_error(401, "Unauthorized user")
+
+    # Create the saved search record
+    saved_search = UserSavedSearch(
+        user_id=user_id, name=json_data["name"], search_query=json_data["search_query"]
+    )
+
+    with db_session.begin():
+        db_session.add(saved_search)
+
+    logger.info(
+        "Saved search for user",
+        extra={
+            "user.id": str(user_id),
+            "saved_search.id": str(saved_search.saved_search_id),
+        },
+    )
+
+    return response.ApiResponse(message="Success")
@@ -87,3 +87,21 @@ class UserSavedOpportunitiesResponseSchema(AbstractResponseSchema):
         fields.Nested(SavedOpportunityResponseV1Schema),
         metadata={"description": "List of saved opportunities"},
     )
+
+
+class UserSaveSearchRequestSchema(Schema):
+    name = fields.String(
+        required=True,
+        metadata={"description": "Name of the saved search", "example": "Example search"},
+    )
+    search_query = fields.Dict(
+        required=True,
+        metadata={
+            "description": "The search query parameters to save",
+            "example": {"keywords": "search", "location": "Foo, Bar"},
+        },
+    )
+
+
+class UserSaveSearchResponseSchema(AbstractResponseSchema):
+    data = fields.MixinField(metadata={"example": None})
@@ -0,0 +1,97 @@
+import uuid
+
+import pytest
+
+from src.auth.api_jwt_auth import create_jwt_for_user
+from src.db.models.user_models import UserSavedSearch
+from tests.src.db.models.factories import UserFactory
+
+
+@pytest.fixture
+def user(enable_factory_create, db_session):
+    user = UserFactory.create()
+    db_session.commit()
+    return user
+
+
+@pytest.fixture
+def user_auth_token(user, db_session):
+    token, _ = create_jwt_for_user(user, db_session)
+    return token
+
+
+@pytest.fixture(autouse=True)
+def clear_saved_searches(db_session):
+    db_session.query(UserSavedSearch).delete()
+    db_session.commit()
+    yield
+
+
+def test_user_save_search_post_unauthorized_user(client, db_session, user, user_auth_token):
+    # Try to save a search for a different user ID
+    different_user = UserFactory.create()
+
+    response = client.post(
+        f"/v1/users/{different_user.user_id}/saved-searches",
+        headers={"X-SGG-Token": user_auth_token},
+        json={"name": "Test Search", "search_query": {"keywords": "python"}},
+    )
+
+    assert response.status_code == 401
+    assert response.json["message"] == "Unauthorized user"
+
+    # Verify no search was saved
+    saved_searches = db_session.query(UserSavedSearch).all()
+    assert len(saved_searches) == 0
+
+
+def test_user_save_search_post_no_auth(client, db_session, user):
+    # Try to save a search without authentication
+    response = client.post(
+        f"/v1/users/{user.user_id}/saved-searches",
+        json={"name": "Test Search", "search_query": {"keywords": "python"}},
+    )
+
+    assert response.status_code == 401
+    assert response.json["message"] == "Unable to process token"
+
+    # Verify no search was saved
+    saved_searches = db_session.query(UserSavedSearch).all()
+    assert len(saved_searches) == 0
+
+
+def test_user_save_search_post_invalid_request(client, user, user_auth_token, db_session):
+    # Make request with missing required fields
+    response = client.post(
+        f"/v1/users/{user.user_id}/saved-searches",
+        headers={"X-SGG-Token": user_auth_token},
+        json={},
+    )
+
+    assert response.status_code == 422  # Validation error
+
+    # Verify no search was saved
+    saved_searches = db_session.query(UserSavedSearch).all()
+    assert len(saved_searches) == 0
+
+
+def test_user_save_search_post(client, user, user_auth_token, enable_factory_create, db_session):
+    # Test data
+    search_name = "Test Search"
+    search_query = {"keywords": "python"}
+
+    # Make the request to save a search
+    response = client.post(
+        f"/v1/users/{user.user_id}/saved-searches",
+        headers={"X-SGG-Token": user_auth_token},
+        json={"name": search_name, "search_query": search_query},
+    )
+
+    assert response.status_code == 200
+    assert response.json["message"] == "Success"
+
+    # Verify the search was saved in the database
+    saved_search = db_session.query(UserSavedSearch).one()
+    assert saved_search.user_id == user.user_id
+    assert saved_search.name == search_name
+    assert saved_search.search_query == search_query