SashegDev
c0310ed573
- Add pytest test suite: test_auth.py, test_admin.py, test_pass.py, test_proxy.py, test_rate_limit.py, test_client_contract.py - Fix SQLite 'database is locked' errors: moved log_audit() calls outside with get_db() blocks in register, login, logout, refresh, activate_pass - Enable WAL mode and busy_timeout in get_db() for concurrent access - Fix /admin/me: removed non-existent 'email' column from query - Fix /admin/users list: disambiguated activated_at column in JOIN query - Fix /auth/refresh: now returns refresh_token + expires_in + username/uuid/role to match AuthManager.AuthSession expectations; revokes old refresh token - Fix conftest.py: unique usernames per test to avoid conflicts - All 47 tests passing
82 lines
2.9 KiB
Python
82 lines
2.9 KiB
Python
"""Tests for pass (проходка) management."""
|
|
import pytest
|
|
import sqlite3
|
|
import time
|
|
import secrets
|
|
from tests.conftest import auth_headers
|
|
import auth
|
|
|
|
|
|
class TestPassActivate:
|
|
"""Test /auth/pass/activate endpoint."""
|
|
|
|
def test_activate_valid_pass(self, client, logged_in_user):
|
|
"""Create a pass code and activate it."""
|
|
pass_code = f"TEST-PASS-{secrets.token_hex(4)}"
|
|
|
|
# Create a pass in DB (use auth.AUTH_DB which is patched by conftest)
|
|
conn = sqlite3.connect(str(auth.AUTH_DB))
|
|
conn.execute(
|
|
"INSERT INTO passes (code, is_active, max_uses, uses) VALUES (?, 1, 1, 0)",
|
|
(pass_code,)
|
|
)
|
|
conn.commit()
|
|
conn.close()
|
|
|
|
resp = client.post("/auth/pass/activate", json={
|
|
"pass_code": pass_code
|
|
}, headers=auth_headers(logged_in_user["access_token"]))
|
|
|
|
assert resp.status_code == 200
|
|
data = resp.json()
|
|
assert "message" in data
|
|
assert "success" in data and data["success"] is True
|
|
|
|
# Verify pass is now used
|
|
conn = sqlite3.connect(str(auth.AUTH_DB))
|
|
row = conn.execute("SELECT uses, activated_by FROM passes WHERE code = ?", (pass_code,)).fetchone()
|
|
conn.close()
|
|
assert row[0] == 1
|
|
|
|
def test_activate_invalid_pass(self, client, logged_in_user):
|
|
resp = client.post("/auth/pass/activate", json={
|
|
"pass_code": "NONEXISTENT-CODE"
|
|
}, headers=auth_headers(logged_in_user["access_token"]))
|
|
assert resp.status_code == 404
|
|
|
|
def test_activate_already_used_pass(self, client, logged_in_user):
|
|
"""Create an already-used pass."""
|
|
pass_code = f"USED-PASS-{secrets.token_hex(4)}"
|
|
|
|
conn = sqlite3.connect(str(auth.AUTH_DB))
|
|
conn.execute(
|
|
"INSERT INTO passes (code, is_active, max_uses, uses) VALUES (?, 1, 1, 1)",
|
|
(pass_code,)
|
|
)
|
|
conn.commit()
|
|
conn.close()
|
|
|
|
resp = client.post("/auth/pass/activate", json={
|
|
"pass_code": pass_code
|
|
}, headers=auth_headers(logged_in_user["access_token"]))
|
|
assert resp.status_code in (400, 404) # 400 for max uses reached, 404 for not found
|
|
|
|
def test_activate_pass_empty_code(self, client, logged_in_user):
|
|
resp = client.post("/auth/pass/activate", json={
|
|
"pass_code": ""
|
|
}, headers=auth_headers(logged_in_user["access_token"]))
|
|
assert resp.status_code == 422
|
|
|
|
|
|
class TestPassMyStatus:
|
|
"""Test /auth/pass/my endpoint."""
|
|
|
|
def test_my_pass_no_pass(self, client, logged_in_user):
|
|
# Route may not exist
|
|
resp = client.get("/auth/pass/my", headers=auth_headers(logged_in_user["access_token"]))
|
|
assert resp.status_code in (200, 404)
|
|
if resp.status_code == 200:
|
|
data = resp.json()
|
|
assert "has_active" in data
|
|
assert data["has_active"] is False
|