Use shared SESSION_COOKIE_NAME in auth router tests

2026-04-14 10:33:32 +02:00
parent 5e4d3fcf12
commit 0e5e08374f
2 changed files with 8 additions and 5 deletions
--- a/backend/tests/test_routers/test_auth.py
+++ b/backend/tests/test_routers/test_auth.py
@@ -8,6 +8,8 @@ from unittest.mock import patch
 import pytest
 from httpx import AsyncClient

+from app.utils.constants import SESSION_COOKIE_NAME
+
 # ---------------------------------------------------------------------------
 # Helpers
 # ---------------------------------------------------------------------------
@@ -64,8 +66,8 @@ class TestLogin:
            "/api/auth/login", json={"password": "mysecretpass1"}
        )
        assert response.status_code == 200
-        assert "bangui_session" in response.cookies
-        assert "." in response.cookies["bangui_session"]
+        assert SESSION_COOKIE_NAME in response.cookies
+        assert "." in response.cookies[SESSION_COOKIE_NAME]
        set_cookie = response.headers.get("set-cookie", "")
        assert "HttpOnly" in set_cookie
        assert "SameSite=lax" in set_cookie
@@ -124,7 +126,7 @@ class TestLogout:
        assert response.status_code == 200
        # Cookie should be set to empty / deleted in the Set-Cookie header.
        set_cookie = response.headers.get("set-cookie", "")
-        assert "bangui_session" in set_cookie
+        assert SESSION_COOKIE_NAME in set_cookie

    async def test_logout_is_idempotent(self, client: AsyncClient) -> None:
        """Logout succeeds even when called without a session token."""
--- a/backend/tests/test_routers/test_dependency_injection.py
+++ b/backend/tests/test_routers/test_dependency_injection.py
@@ -18,6 +18,7 @@ from app.dependencies import get_auth_service, get_jail_service
 from app.main import create_app
 from app.models.auth import Session
 from app.models.jail import JailListResponse
+from app.utils.constants import SESSION_COOKIE_NAME
 from app.utils.setup_state import set_setup_complete_cache


@@ -149,7 +150,7 @@ async def test_auth_login_uses_injected_auth_service(tmp_path: Path) -> None:

    assert response.status_code == 200
    assert response.json()["token"].startswith("fake-token")
-    assert response.cookies.get("bangui_session") is not None
+    assert response.cookies.get(SESSION_COOKIE_NAME) is not None


 async def test_jail_list_uses_injected_jail_service_and_auth(tmp_path: Path) -> None:
@@ -180,7 +181,7 @@ async def test_jail_list_uses_injected_jail_service_and_auth(tmp_path: Path) ->
    ) as client:
        response = await client.get(
            "/api/jails",
-            headers={"Cookie": "bangui_session=fake-token"},
+            headers={"Cookie": f"{SESSION_COOKIE_NAME}=fake-token"},
        )

    await db.close()