Lukas
750785680b
Backend (tasks 2.1–2.6, 2.10):
- settings_repo: get/set/delete/get_all CRUD for the key-value settings table
- session_repo: create/get/delete/delete_expired for session rows
- setup_service: bcrypt password hashing, one-time-only enforcement,
run_setup() / is_setup_complete() / get_password_hash()
- auth_service: login() with bcrypt verify + token creation,
validate_session() with expiry check, logout()
- setup router: GET /api/setup (status), POST /api/setup (201 / 409)
- auth router: POST /api/auth/login (token + HttpOnly cookie),
POST /api/auth/logout (clears cookie, idempotent)
- SetupRedirectMiddleware: 307 → /api/setup for all API paths until setup done
- require_auth dependency: cookie or Bearer token → Session or 401
- conftest.py: manually bootstraps app.state.db for router tests
(ASGITransport does not trigger ASGI lifespan)
- 85 tests pass; ruff 0 errors; mypy --strict 0 errors
Frontend (tasks 2.7–2.9):
- types/auth.ts, types/setup.ts, api/auth.ts, api/setup.ts
- AuthProvider: sessionStorage-backed context (isAuthenticated, login, logout)
- RequireAuth: guard component → /login?next=<path> when unauthenticated
- SetupPage: Fluent UI form, client-side validation, inline errors
- LoginPage: single password input, ?next= redirect after success
- DashboardPage: placeholder (full impl Stage 5)
- App.tsx: full route tree (/setup, /login, /, *)
119 lines
4.4 KiB
Python
119 lines
4.4 KiB
Python
"""Tests for settings_repo and session_repo."""
|
|
|
|
from __future__ import annotations
|
|
|
|
from pathlib import Path
|
|
|
|
import aiosqlite
|
|
import pytest
|
|
|
|
from app.db import init_db
|
|
from app.repositories import session_repo, settings_repo
|
|
|
|
|
|
@pytest.fixture
|
|
async def db(tmp_path: Path) -> aiosqlite.Connection: # type: ignore[misc]
|
|
"""Provide an initialised aiosqlite connection."""
|
|
conn: aiosqlite.Connection = await aiosqlite.connect(str(tmp_path / "repo_test.db"))
|
|
conn.row_factory = aiosqlite.Row
|
|
await init_db(conn)
|
|
yield conn
|
|
await conn.close()
|
|
|
|
|
|
class TestSettingsRepo:
|
|
async def test_get_missing_key_returns_none(
|
|
self, db: aiosqlite.Connection
|
|
) -> None:
|
|
"""get_setting returns None for a key that does not exist."""
|
|
result = await settings_repo.get_setting(db, "nonexistent")
|
|
assert result is None
|
|
|
|
async def test_set_and_get_round_trip(self, db: aiosqlite.Connection) -> None:
|
|
"""set_setting persists a value retrievable by get_setting."""
|
|
await settings_repo.set_setting(db, "my_key", "my_value")
|
|
result = await settings_repo.get_setting(db, "my_key")
|
|
assert result == "my_value"
|
|
|
|
async def test_set_overwrites_existing_value(
|
|
self, db: aiosqlite.Connection
|
|
) -> None:
|
|
"""set_setting overwrites an existing key with the new value."""
|
|
await settings_repo.set_setting(db, "key", "first")
|
|
await settings_repo.set_setting(db, "key", "second")
|
|
result = await settings_repo.get_setting(db, "key")
|
|
assert result == "second"
|
|
|
|
async def test_delete_removes_key(self, db: aiosqlite.Connection) -> None:
|
|
"""delete_setting removes an existing key."""
|
|
await settings_repo.set_setting(db, "to_delete", "value")
|
|
await settings_repo.delete_setting(db, "to_delete")
|
|
result = await settings_repo.get_setting(db, "to_delete")
|
|
assert result is None
|
|
|
|
async def test_get_all_settings_returns_dict(
|
|
self, db: aiosqlite.Connection
|
|
) -> None:
|
|
"""get_all_settings returns a dict of all stored key-value pairs."""
|
|
await settings_repo.set_setting(db, "k1", "v1")
|
|
await settings_repo.set_setting(db, "k2", "v2")
|
|
all_s = await settings_repo.get_all_settings(db)
|
|
assert all_s["k1"] == "v1"
|
|
assert all_s["k2"] == "v2"
|
|
|
|
|
|
class TestSessionRepo:
|
|
async def test_create_and_get_session(self, db: aiosqlite.Connection) -> None:
|
|
"""create_session stores a session retrievable by get_session."""
|
|
session = await session_repo.create_session(
|
|
db,
|
|
token="abc123",
|
|
created_at="2025-01-01T00:00:00+00:00",
|
|
expires_at="2025-01-01T01:00:00+00:00",
|
|
)
|
|
assert session.token == "abc123"
|
|
|
|
stored = await session_repo.get_session(db, "abc123")
|
|
assert stored is not None
|
|
assert stored.token == "abc123"
|
|
|
|
async def test_get_missing_session_returns_none(
|
|
self, db: aiosqlite.Connection
|
|
) -> None:
|
|
"""get_session returns None for a token that does not exist."""
|
|
result = await session_repo.get_session(db, "no_such_token")
|
|
assert result is None
|
|
|
|
async def test_delete_session_removes_it(self, db: aiosqlite.Connection) -> None:
|
|
"""delete_session removes the session from the database."""
|
|
await session_repo.create_session(
|
|
db,
|
|
token="xyz",
|
|
created_at="2025-01-01T00:00:00+00:00",
|
|
expires_at="2025-01-01T01:00:00+00:00",
|
|
)
|
|
await session_repo.delete_session(db, "xyz")
|
|
result = await session_repo.get_session(db, "xyz")
|
|
assert result is None
|
|
|
|
async def test_delete_expired_sessions(self, db: aiosqlite.Connection) -> None:
|
|
"""delete_expired_sessions removes sessions past their expiry time."""
|
|
await session_repo.create_session(
|
|
db,
|
|
token="expired",
|
|
created_at="2020-01-01T00:00:00+00:00",
|
|
expires_at="2020-01-01T01:00:00+00:00",
|
|
)
|
|
await session_repo.create_session(
|
|
db,
|
|
token="valid",
|
|
created_at="2099-01-01T00:00:00+00:00",
|
|
expires_at="2099-01-01T01:00:00+00:00",
|
|
)
|
|
deleted = await session_repo.delete_expired_sessions(
|
|
db, "2025-01-01T00:00:00+00:00"
|
|
)
|
|
assert deleted == 1
|
|
assert await session_repo.get_session(db, "expired") is None
|
|
assert await session_repo.get_session(db, "valid") is not None
|