fix: add missing __init__.py to tests/api subpackages to fix relative imports

2026-04-09 12:24:09 -04:00
parent a22f996027
commit ec66e01f55
13 changed files with 355 additions and 0 deletions
--- a/tests/api/auth/test_change_pass.py
+++ b/tests/api/auth/test_change_pass.py
@@ -0,0 +1,61 @@
+import json
+from fastapi.testclient import TestClient
+from decnet.web.api import app
+from hypothesis import given, strategies as st, settings
+import httpx
+from decnet.env import DECNET_ADMIN_USER, DECNET_ADMIN_PASSWORD
+from ..conftest import _FUZZ_SETTINGS
+
+def test_change_password() -> None:
+    with TestClient(app) as client:
+        # First login to get token
+        login_resp = client.post("/api/v1/auth/login", json={"username": DECNET_ADMIN_USER, "password": DECNET_ADMIN_PASSWORD})
+        token = login_resp.json()["access_token"]
+
+        # Try changing password with wrong old password
+        resp1 = client.post(
+            "/api/v1/auth/change-password",
+            json={"old_password": "wrong", "new_password": "new_secure_password"},
+            headers={"Authorization": f"Bearer {token}"}
+        )
+        assert resp1.status_code == 401
+
+        # Change password successfully
+        resp2 = client.post(
+            "/api/v1/auth/change-password",
+            json={"old_password": DECNET_ADMIN_PASSWORD, "new_password": "new_secure_password"},
+            headers={"Authorization": f"Bearer {token}"}
+        )
+        assert resp2.status_code == 200
+
+        # Verify old password no longer works
+        resp3 = client.post("/api/v1/auth/login", json={"username": DECNET_ADMIN_USER, "password": DECNET_ADMIN_PASSWORD})
+        assert resp3.status_code == 401
+
+        # Verify new password works and must_change_password is False
+        resp4 = client.post("/api/v1/auth/login", json={"username": DECNET_ADMIN_USER, "password": "new_secure_password"})
+        assert resp4.status_code == 200
+        assert resp4.json()["must_change_password"] is False
+
+@settings(**_FUZZ_SETTINGS)
+@given(
+    old_password=st.text(min_size=0, max_size=2048),
+    new_password=st.text(min_size=0, max_size=2048)
+)
+def test_fuzz_change_password(old_password: str, new_password: str) -> None:
+    """Fuzz the change-password endpoint with random strings."""
+    with TestClient(app) as _client:
+        # Get valid token first
+        _login_resp: httpx.Response = _client.post("/api/v1/auth/login", json={"username": DECNET_ADMIN_USER, "password": DECNET_ADMIN_PASSWORD})
+        _token: str = _login_resp.json()["access_token"]
+        
+        _payload: dict[str, str] = {"old_password": old_password, "new_password": new_password}
+        try:
+            _response: httpx.Response = _client.post(
+                "/api/v1/auth/change-password",
+                json=_payload,
+                headers={"Authorization": f"Bearer {_token}"}
+            )
+            assert _response.status_code in (200, 401, 422)
+        except (UnicodeEncodeError, json.JSONDecodeError):
+            pass