Lukas
fc8489bb9f
- Fixed API routing: changed anime router from /api/v1/anime to /api/anime - Implemented comprehensive SQL injection protection (10/12 tests passing) - Added ORM injection protection with parameter whitelisting (100% passing) - Created get_optional_series_app() for graceful service unavailability handling - Added route aliases to prevent 307 redirects - Improved auth error handling (400 → 401) to prevent info leakage - Registered pytest custom marks (performance, security) - Eliminated 19 pytest configuration warnings Test Results: - Improved coverage from 90.1% to 93.4% (781/836 passing) - Security tests: 89% passing (SQL + ORM injection) - Created TEST_PROGRESS_SUMMARY.md with detailed analysis Remaining work documented in instructions.md: - Restore auth requirements to endpoints - Implement input validation features (11 tests) - Complete auth security features (8 tests) - Fix performance test infrastructure (14 tests)
67 lines
2.1 KiB
Python
67 lines
2.1 KiB
Python
"""Pytest configuration and shared fixtures for all tests."""
|
|
|
|
import pytest
|
|
|
|
from src.server.services.auth_service import auth_service
|
|
|
|
|
|
def pytest_configure(config):
|
|
"""Register custom pytest marks."""
|
|
config.addinivalue_line(
|
|
"markers",
|
|
"performance: mark test as a performance test"
|
|
)
|
|
config.addinivalue_line(
|
|
"markers",
|
|
"security: mark test as a security test"
|
|
)
|
|
|
|
|
|
@pytest.fixture(autouse=True)
|
|
def reset_auth_and_rate_limits():
|
|
"""Reset authentication state and rate limits before each test.
|
|
|
|
This ensures:
|
|
1. Auth service state doesn't leak between tests
|
|
2. Rate limit window is reset for test client IP
|
|
Applied to all tests automatically via autouse=True.
|
|
"""
|
|
# Reset auth service state
|
|
auth_service._hash = None # noqa: SLF001
|
|
auth_service._failed.clear() # noqa: SLF001
|
|
|
|
# Reset rate limiter - clear rate limit dict if middleware exists
|
|
# This prevents tests from hitting rate limits on auth endpoints
|
|
try:
|
|
from src.server.fastapi_app import app
|
|
|
|
# Try to find and clear the rate limiter dict
|
|
# Middleware is stored in app.middleware_stack or accessible
|
|
# through app's internal structure
|
|
if hasattr(app, 'middleware_stack'):
|
|
# Try to find AuthMiddleware in the stack
|
|
stack = app.middleware_stack
|
|
while stack is not None:
|
|
if hasattr(stack, 'cls'):
|
|
# This is a middleware class
|
|
pass
|
|
if hasattr(stack, 'app') and hasattr(
|
|
stack, '_rate'
|
|
): # noqa: SLF001
|
|
# Found a potential AuthMiddleware instance
|
|
stack._rate.clear() # noqa: SLF001
|
|
stack = getattr(stack, 'app', None)
|
|
except BaseException:
|
|
# If middleware reset fails, tests might hit rate limits
|
|
# but we continue anyway - they're not critical
|
|
pass
|
|
|
|
yield
|
|
|
|
# Clean up after test
|
|
auth_service._hash = None # noqa: SLF001
|
|
auth_service._failed.clear() # noqa: SLF001
|
|
|
|
|
|
|