fixed tests
This commit is contained in:
@@ -35,7 +35,11 @@ async def _login(client: AsyncClient, password: str = "Mysecretpass1!") -> str:
|
||||
Note: The token is returned in the HttpOnly cookie, not in the JSON body.
|
||||
For testing Bearer token auth, we extract it from the cookie.
|
||||
"""
|
||||
resp = await client.post("/api/v1/auth/login", json={"password": password})
|
||||
resp = await client.post(
|
||||
"/api/v1/auth/login",
|
||||
json={"password": password},
|
||||
headers={"X-BanGUI-Request": "1"},
|
||||
)
|
||||
assert resp.status_code == 200
|
||||
token = resp.cookies.get(SESSION_COOKIE_NAME)
|
||||
assert token is not None
|
||||
@@ -50,14 +54,10 @@ async def _login(client: AsyncClient, password: str = "Mysecretpass1!") -> str:
|
||||
class TestLogin:
|
||||
"""POST /api/auth/login."""
|
||||
|
||||
async def test_login_succeeds_with_correct_password(
|
||||
self, client: AsyncClient
|
||||
) -> None:
|
||||
async def test_login_succeeds_with_correct_password(self, client: AsyncClient) -> None:
|
||||
"""Login returns 200 and sets a session cookie for the correct password."""
|
||||
await _do_setup(client)
|
||||
response = await client.post(
|
||||
"/api/v1/auth/login", json={"password": "Mysecretpass1!"}
|
||||
)
|
||||
response = await client.post("/api/v1/auth/login", json={"password": "Mysecretpass1!"})
|
||||
assert response.status_code == 200
|
||||
body = response.json()
|
||||
# Token is not returned in the JSON body; it's set as an HttpOnly cookie
|
||||
@@ -67,9 +67,7 @@ class TestLogin:
|
||||
async def test_login_sets_cookie(self, client: AsyncClient) -> None:
|
||||
"""Login sets the bangui_session HttpOnly cookie."""
|
||||
await _do_setup(client)
|
||||
response = await client.post(
|
||||
"/api/v1/auth/login", json={"password": "Mysecretpass1!"}
|
||||
)
|
||||
response = await client.post("/api/v1/auth/login", json={"password": "Mysecretpass1!"})
|
||||
assert response.status_code == 200
|
||||
assert SESSION_COOKIE_NAME in response.cookies
|
||||
assert "." in response.cookies[SESSION_COOKIE_NAME]
|
||||
@@ -77,36 +75,26 @@ class TestLogin:
|
||||
assert "HttpOnly" in set_cookie
|
||||
assert "SameSite=lax" in set_cookie
|
||||
|
||||
async def test_login_sets_secure_cookie_when_enabled(
|
||||
self, client: AsyncClient
|
||||
) -> None:
|
||||
async def test_login_sets_secure_cookie_when_enabled(self, client: AsyncClient) -> None:
|
||||
"""Login sets the Secure flag when session cookies are configured for HTTPS."""
|
||||
client._transport.app.state.settings.session_cookie_secure = True
|
||||
await _do_setup(client)
|
||||
response = await client.post(
|
||||
"/api/v1/auth/login", json={"password": "Mysecretpass1!"}
|
||||
)
|
||||
response = await client.post("/api/v1/auth/login", json={"password": "Mysecretpass1!"})
|
||||
assert response.status_code == 200
|
||||
set_cookie = response.headers.get("set-cookie", "")
|
||||
assert "Secure" in set_cookie
|
||||
|
||||
async def test_login_fails_with_wrong_password(
|
||||
self, client: AsyncClient
|
||||
) -> None:
|
||||
async def test_login_fails_with_wrong_password(self, client: AsyncClient) -> None:
|
||||
"""Login returns 401 for an incorrect password."""
|
||||
await _do_setup(client)
|
||||
response = await client.post(
|
||||
"/api/v1/auth/login", json={"password": "wrongpassword"}
|
||||
)
|
||||
response = await client.post("/api/v1/auth/login", json={"password": "wrongpassword"})
|
||||
assert response.status_code == 401
|
||||
|
||||
async def test_login_rejects_empty_password(self, client: AsyncClient) -> None:
|
||||
"""Login returns 422 when password field is missing."""
|
||||
"""Login returns 400 when password field is missing."""
|
||||
await _do_setup(client)
|
||||
response = await client.post("/api/v1/auth/login", json={})
|
||||
assert response.status_code == 422
|
||||
|
||||
|
||||
assert response.status_code == 400
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
@@ -121,7 +109,10 @@ class TestLogout:
|
||||
"""Logout returns 200 with a confirmation message."""
|
||||
await _do_setup(client)
|
||||
await _login(client)
|
||||
response = await client.post("/api/v1/auth/logout")
|
||||
response = await client.post(
|
||||
"/api/v1/auth/logout",
|
||||
headers={"X-BanGUI-Request": "1"},
|
||||
)
|
||||
assert response.status_code == 200
|
||||
assert "message" in response.json()
|
||||
|
||||
@@ -129,7 +120,10 @@ class TestLogout:
|
||||
"""Logout clears the bangui_session cookie."""
|
||||
await _do_setup(client)
|
||||
await _login(client) # sets cookie on client
|
||||
response = await client.post("/api/v1/auth/logout")
|
||||
response = await client.post(
|
||||
"/api/v1/auth/logout",
|
||||
headers={"X-BanGUI-Request": "1"},
|
||||
)
|
||||
assert response.status_code == 200
|
||||
# Cookie should be set to empty / deleted in the Set-Cookie header.
|
||||
set_cookie = response.headers.get("set-cookie", "")
|
||||
@@ -141,9 +135,7 @@ class TestLogout:
|
||||
response = await client.post("/api/v1/auth/logout")
|
||||
assert response.status_code == 200
|
||||
|
||||
async def test_session_invalid_after_logout(
|
||||
self, client: AsyncClient
|
||||
) -> None:
|
||||
async def test_session_invalid_after_logout(self, client: AsyncClient) -> None:
|
||||
"""A session token is rejected after logout."""
|
||||
await _do_setup(client)
|
||||
token = await _login(client)
|
||||
@@ -170,16 +162,12 @@ class TestLogout:
|
||||
class TestRequireAuth:
|
||||
"""Verify the require_auth dependency rejects unauthenticated requests."""
|
||||
|
||||
async def test_health_endpoint_requires_no_auth(
|
||||
self, client: AsyncClient
|
||||
) -> None:
|
||||
async def test_health_endpoint_requires_no_auth(self, client: AsyncClient) -> None:
|
||||
"""Health endpoint is accessible without authentication."""
|
||||
response = await client.get("/api/v1/health")
|
||||
assert response.status_code == 200
|
||||
|
||||
async def test_session_cache_is_disabled_by_default(
|
||||
self, client: AsyncClient
|
||||
) -> None:
|
||||
async def test_session_cache_is_disabled_by_default(self, client: AsyncClient) -> None:
|
||||
"""Session validation does not use the in-memory cache unless enabled."""
|
||||
from app.repositories import session_repo
|
||||
|
||||
@@ -217,9 +205,7 @@ class TestRequireAuth:
|
||||
class TestValidateSession:
|
||||
"""GET /api/auth/session."""
|
||||
|
||||
async def test_validate_session_returns_200_with_valid_token(
|
||||
self, client: AsyncClient
|
||||
) -> None:
|
||||
async def test_validate_session_returns_200_with_valid_token(self, client: AsyncClient) -> None:
|
||||
"""Validate session returns 200 for a valid authenticated request."""
|
||||
await _do_setup(client)
|
||||
token = await _login(client)
|
||||
@@ -231,17 +217,13 @@ class TestValidateSession:
|
||||
assert response.status_code == 200
|
||||
assert response.json() == {"valid": True}
|
||||
|
||||
async def test_validate_session_returns_401_without_token(
|
||||
self, client: AsyncClient
|
||||
) -> None:
|
||||
async def test_validate_session_returns_401_without_token(self, client: AsyncClient) -> None:
|
||||
"""Validate session returns 401 when no token is present."""
|
||||
await _do_setup(client)
|
||||
response = await client.get("/api/v1/auth/session")
|
||||
assert response.status_code == 401
|
||||
|
||||
async def test_validate_session_returns_401_with_invalid_token(
|
||||
self, client: AsyncClient
|
||||
) -> None:
|
||||
async def test_validate_session_returns_401_with_invalid_token(self, client: AsyncClient) -> None:
|
||||
"""Validate session returns 401 for an invalid or expired token."""
|
||||
await _do_setup(client)
|
||||
response = await client.get(
|
||||
@@ -250,9 +232,7 @@ class TestValidateSession:
|
||||
)
|
||||
assert response.status_code == 401
|
||||
|
||||
async def test_validate_session_with_cookie(
|
||||
self, client: AsyncClient
|
||||
) -> None:
|
||||
async def test_validate_session_with_cookie(self, client: AsyncClient) -> None:
|
||||
"""Validate session works with cookie-based authentication."""
|
||||
await _do_setup(client)
|
||||
token = await _login(client)
|
||||
@@ -264,9 +244,7 @@ class TestValidateSession:
|
||||
assert response.status_code == 200
|
||||
assert response.json() == {"valid": True}
|
||||
|
||||
async def test_validate_session_after_logout(
|
||||
self, client: AsyncClient
|
||||
) -> None:
|
||||
async def test_validate_session_after_logout(self, client: AsyncClient) -> None:
|
||||
"""Validate session returns 401 after logout."""
|
||||
await _do_setup(client)
|
||||
token = await _login(client)
|
||||
@@ -342,9 +320,7 @@ class TestRequireAuthSessionCache:
|
||||
# the second request is served entirely from memory.
|
||||
assert call_count == 1
|
||||
|
||||
async def test_token_enters_cache_after_first_auth(
|
||||
self, client: AsyncClient
|
||||
) -> None:
|
||||
async def test_token_enters_cache_after_first_auth(self, client: AsyncClient) -> None:
|
||||
"""A successful auth request places the token in the session cache."""
|
||||
|
||||
await _do_setup(client)
|
||||
@@ -360,9 +336,7 @@ class TestRequireAuthSessionCache:
|
||||
|
||||
assert client._transport.app.state.session_cache.get(token) is not None
|
||||
|
||||
async def test_logout_evicts_token_from_cache(
|
||||
self, client: AsyncClient
|
||||
) -> None:
|
||||
async def test_logout_evicts_token_from_cache(self, client: AsyncClient) -> None:
|
||||
"""Logout removes the session token from the session cache immediately."""
|
||||
|
||||
await _do_setup(client)
|
||||
|
||||
Reference in New Issue
Block a user