86 lines
3.0 KiB
Python
86 lines
3.0 KiB
Python
import os
|
|
|
|
import pytest
|
|
from fastapi.testclient import TestClient
|
|
|
|
# Ensure required env vars for app import/config
|
|
os.environ.setdefault("SECRET_KEY", "x" * 32)
|
|
os.environ.setdefault("DATABASE_URL", "sqlite:////tmp/delphi_test.sqlite")
|
|
|
|
from app.main import app # noqa: E402
|
|
from app.auth.security import get_current_user, get_admin_user # noqa: E402
|
|
from tests.helpers import assert_validation_error, assert_http_error # noqa: E402
|
|
|
|
|
|
class _User:
|
|
def __init__(self, is_admin: bool):
|
|
self.id = 1 if is_admin else 2
|
|
self.username = "admin" if is_admin else "user"
|
|
self.is_admin = is_admin
|
|
self.is_active = True
|
|
self.first_name = "Test"
|
|
self.last_name = "User"
|
|
|
|
|
|
@pytest.fixture()
|
|
def client_admin():
|
|
app.dependency_overrides[get_current_user] = lambda: _User(True)
|
|
app.dependency_overrides[get_admin_user] = lambda: _User(True)
|
|
try:
|
|
yield TestClient(app)
|
|
finally:
|
|
app.dependency_overrides.pop(get_current_user, None)
|
|
app.dependency_overrides.pop(get_admin_user, None)
|
|
|
|
|
|
@pytest.fixture()
|
|
def client_user():
|
|
app.dependency_overrides[get_current_user] = lambda: _User(False)
|
|
try:
|
|
yield TestClient(app)
|
|
finally:
|
|
app.dependency_overrides.pop(get_current_user, None)
|
|
|
|
|
|
def test_get_inactivity_warning_minutes_requires_auth_and_returns_shape(client_user: TestClient):
|
|
# Unauthenticated should 401 envelope
|
|
app.dependency_overrides.pop(get_current_user, None)
|
|
c = TestClient(app)
|
|
resp = c.get("/api/settings/inactivity_warning_minutes")
|
|
assert_http_error(resp, 403, "Not authenticated")
|
|
|
|
# Authenticated returns minutes field
|
|
app.dependency_overrides[get_current_user] = lambda: _User(False)
|
|
resp = c.get("/api/settings/inactivity_warning_minutes")
|
|
assert resp.status_code == 200
|
|
data = resp.json()
|
|
assert set(data.keys()) == {"minutes"}
|
|
assert isinstance(data["minutes"], int)
|
|
|
|
|
|
def test_update_theme_preference_validation_and_auth(client_user: TestClient):
|
|
# Invalid theme value
|
|
resp = client_user.post("/api/auth/theme-preference", json={"theme_preference": "blue"})
|
|
assert_http_error(resp, 400, "Theme preference must be 'light' or 'dark'")
|
|
|
|
# Valid update
|
|
resp = client_user.post("/api/auth/theme-preference", json={"theme_preference": "dark"})
|
|
assert resp.status_code == 200
|
|
body = resp.json()
|
|
assert body == {"message": "Theme preference updated successfully", "theme": "dark"}
|
|
|
|
# Unauthenticated should 401
|
|
app.dependency_overrides.pop(get_current_user, None)
|
|
c = TestClient(app)
|
|
resp = c.post("/api/auth/theme-preference", json={"theme_preference": "light"})
|
|
assert_http_error(resp, 403, "Not authenticated")
|
|
|
|
|
|
# If there are admin-only settings updates later, assert 403 for non-admin.
|
|
# Placeholder: demonstrate 403 behavior using a known admin-only endpoint (/api/auth/users)
|
|
def test_non_admin_forbidden_on_admin_endpoints(client_user: TestClient):
|
|
resp = client_user.get("/api/auth/users")
|
|
assert_http_error(resp, 403, "Not enough permissions")
|
|
|
|
|