anti/DECNET
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

test: refactor suite to use AsyncClient, in-memory DBs, and parallel coverage

Browse Source
This commit is contained in:
anti
2026-04-09 16:43:49 -04:00
parent de84cc664f
commit 6fc1a2a3ea
11 changed files with 230 additions and 215 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
tests/api/auth/test_change_pass.py
View File

@@ -1,61 +1,60 @@
import json
from fastapi.testclient import TestClient
from decnet.web.api import app
import pytest
from hypothesis import given, strategies as st, settings
import httpx
from decnet.env import DECNET_ADMIN_USER, DECNET_ADMIN_PASSWORD
from ..conftest import _FUZZ_SETTINGS
def test_change_password() -> None:
with TestClient(app) as client:
# First login to get token
login_resp = client.post("/api/v1/auth/login", json={"username": DECNET_ADMIN_USER, "password": DECNET_ADMIN_PASSWORD})
token = login_resp.json()["access_token"]
@pytest.mark.anyio
async def test_change_password(client: httpx.AsyncClient) -> None:
# First login to get token
login_resp = await client.post("/api/v1/auth/login", json={"username": DECNET_ADMIN_USER, "password": DECNET_ADMIN_PASSWORD})
token = login_resp.json()["access_token"]
# Try changing password with wrong old password
resp1 = client.post(
"/api/v1/auth/change-password",
json={"old_password": "wrong", "new_password": "new_secure_password"},
headers={"Authorization": f"Bearer {token}"}
)
assert resp1.status_code == 401
# Try changing password with wrong old password
resp1 = await client.post(
"/api/v1/auth/change-password",
json={"old_password": "wrong", "new_password": "new_secure_password"},
headers={"Authorization": f"Bearer {token}"}
)
assert resp1.status_code == 401
# Change password successfully
resp2 = client.post(
"/api/v1/auth/change-password",
json={"old_password": DECNET_ADMIN_PASSWORD, "new_password": "new_secure_password"},
headers={"Authorization": f"Bearer {token}"}
)
assert resp2.status_code == 200
# Change password successfully
resp2 = await client.post(
"/api/v1/auth/change-password",
json={"old_password": DECNET_ADMIN_PASSWORD, "new_password": "new_secure_password"},
headers={"Authorization": f"Bearer {token}"}
)
assert resp2.status_code == 200
# Verify old password no longer works
resp3 = client.post("/api/v1/auth/login", json={"username": DECNET_ADMIN_USER, "password": DECNET_ADMIN_PASSWORD})
assert resp3.status_code == 401
# Verify old password no longer works
resp3 = await client.post("/api/v1/auth/login", json={"username": DECNET_ADMIN_USER, "password": DECNET_ADMIN_PASSWORD})
assert resp3.status_code == 401
# Verify new password works and must_change_password is False
resp4 = client.post("/api/v1/auth/login", json={"username": DECNET_ADMIN_USER, "password": "new_secure_password"})
assert resp4.status_code == 200
assert resp4.json()["must_change_password"] is False
# Verify new password works and must_change_password is False
resp4 = await client.post("/api/v1/auth/login", json={"username": DECNET_ADMIN_USER, "password": "new_secure_password"})
assert resp4.status_code == 200
assert resp4.json()["must_change_password"] is False
@pytest.mark.anyio
@settings(**_FUZZ_SETTINGS)
@given(
old_password=st.text(min_size=0, max_size=2048),
new_password=st.text(min_size=0, max_size=2048)
)
def test_fuzz_change_password(old_password: str, new_password: str) -> None:
async def test_fuzz_change_password(client: httpx.AsyncClient, old_password: str, new_password: str) -> None:
"""Fuzz the change-password endpoint with random strings."""
with TestClient(app) as _client:
# Get valid token first
_login_resp: httpx.Response = _client.post("/api/v1/auth/login", json={"username": DECNET_ADMIN_USER, "password": DECNET_ADMIN_PASSWORD})
_token: str = _login_resp.json()["access_token"]
_payload: dict[str, str] = {"old_password": old_password, "new_password": new_password}
try:
_response: httpx.Response = _client.post(
"/api/v1/auth/change-password",
json=_payload,
headers={"Authorization": f"Bearer {_token}"}
)
assert _response.status_code in (200, 401, 422)
except (UnicodeEncodeError, json.JSONDecodeError):
pass
# Get valid token first
_login_resp: httpx.Response = await client.post("/api/v1/auth/login", json={"username": DECNET_ADMIN_USER, "password": DECNET_ADMIN_PASSWORD})
_token: str = _login_resp.json()["access_token"]
_payload: dict[str, str] = {"old_password": old_password, "new_password": new_password}
try:
_response: httpx.Response = await client.post(
"/api/v1/auth/change-password",
json=_payload,
headers={"Authorization": f"Bearer {_token}"}
)
assert _response.status_code in (200, 401, 422)
except (UnicodeEncodeError, json.JSONDecodeError):
pass

69
tests/api/auth/test_login.py
View File

@@ -1,4 +1,5 @@
import json
import pytest
from fastapi.testclient import TestClient
from decnet.web.api import app
from hypothesis import given, strategies as st, settings
@@ -6,44 +7,46 @@ import httpx
from decnet.env import DECNET_ADMIN_USER, DECNET_ADMIN_PASSWORD
from ..conftest import _FUZZ_SETTINGS
def test_login_success() -> None:
with TestClient(app) as client:
response = client.post(
"/api/v1/auth/login",
json={"username": DECNET_ADMIN_USER, "password": DECNET_ADMIN_PASSWORD}
)
assert response.status_code == 200
data = response.json()
assert "access_token" in data
assert data["token_type"] == "bearer"
assert "must_change_password" in data
assert data["must_change_password"] is True
@pytest.mark.anyio
async def test_login_success(client: httpx.AsyncClient) -> None:
response = await client.post(
"/api/v1/auth/login",
json={"username": DECNET_ADMIN_USER, "password": DECNET_ADMIN_PASSWORD}
)
assert response.status_code == 200
data = response.json()
assert "access_token" in data
assert data["token_type"] == "bearer"
assert "must_change_password" in data
assert data["must_change_password"] is True
def test_login_failure() -> None:
with TestClient(app) as client:
response = client.post(
"/api/v1/auth/login",
json={"username": DECNET_ADMIN_USER, "password": "wrongpassword"}
)
assert response.status_code == 401
response = client.post(
"/api/v1/auth/login",
json={"username": "nonexistent", "password": "wrongpassword"}
)
assert response.status_code == 401
@pytest.mark.anyio
async def test_login_failure(client: httpx.AsyncClient) -> None:
response = await client.post(
"/api/v1/auth/login",
json={"username": DECNET_ADMIN_USER, "password": "wrongpassword"}
)
assert response.status_code == 401
response = await client.post(
"/api/v1/auth/login",
json={"username": "nonexistent", "password": "wrongpassword"}
)
assert response.status_code == 401
@pytest.mark.anyio
@settings(**_FUZZ_SETTINGS)
@given(
username=st.text(min_size=0, max_size=2048),
password=st.text(min_size=0, max_size=2048)
)
def test_fuzz_login(username: str, password: str) -> None:
@pytest.mark.anyio
async def test_fuzz_login(client: httpx.AsyncClient, username: str, password: str) -> None:
"""Fuzz the login endpoint with random strings (including non-ASCII)."""
with TestClient(app) as _client:
_payload: dict[str, str] = {"username": username, "password": password}
try:
_response: httpx.Response = _client.post("/api/v1/auth/login", json=_payload)
assert _response.status_code in (200, 401, 422)
except (UnicodeEncodeError, json.JSONDecodeError):
pass
_payload: dict[str, str] = {"username": username, "password": password}
try:
_response: httpx.Response = await client.post("/api/v1/auth/login", json=_payload)
assert _response.status_code in (200, 401, 422)
except (UnicodeEncodeError, json.JSONDecodeError):
pass