anti/DECNET
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
44de453bb2bd24bcd893143b049763ed571d35dc
DECNET/tests/conftest.py
anti b6b046c90b fix: harden startup security — require strong secrets, restrict CORS 
- decnet/env.py: DECNET_JWT_SECRET and DECNET_ADMIN_PASSWORD are now
  required env vars; startup raises ValueError if unset or set to a
  known-bad default ("admin", "password", etc.)
- decnet/env.py: add DECNET_CORS_ORIGINS (comma-separated, defaults to
  http://localhost:8080) replacing the previous allow_origins=["*"]
- decnet/web/api.py: use DECNET_CORS_ORIGINS and tighten allow_methods
  and allow_headers to explicit lists
- tests/conftest.py: set required env vars at module level so test
  collection works without real credentials
- tests/test_web_api.py, test_web_api_fuzz.py: use DECNET_ADMIN_PASSWORD
  from env instead of hardcoded "admin"

Closes DEBT-001, DEBT-002, DEBT-004
2026-04-09 12:13:22 -04:00

12 lines
403 B
Python
Raw Blame History

"""
Shared pytest configuration.
Env vars required by decnet.env must be set here, at module level, before
any test file imports decnet.* — pytest loads conftest.py first.
"""
import os
os.environ.setdefault("DECNET_JWT_SECRET", "test-jwt-secret-not-for-production-use")
os.environ.setdefault("DECNET_ADMIN_PASSWORD", "test-admin-password-1234!")
os.environ.setdefault("DECNET_ADMIN_USER", "admin")
Reference in New Issue View Git Blame Copy Permalink