anti/DECNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f2b339366976e03845b170ca77f4f1650b1068ea
DECNET/tests/api/ttp/test_get_endpoints.py
anti f2b3393669 chore: relicense to AGPL-3.0-or-later and add SPDX headers 
Replaces LICENSE (GPLv3 -> AGPLv3) and prepends
`SPDX-License-Identifier: AGPL-3.0-or-later` to every source file
across decnet/, decnet_web/, tests/, scripts/, and tools/.

Rationale: closes the GPLv3 ASP loophole so any party operating a
modified DECNET as a network service must offer their modified
source. Personal copyright (Samuel Paschuan) + inbound=outbound
contributions make a future unilateral relicense infeasible.

- LICENSE: full AGPL-3.0 text (gnu.org/licenses/agpl-3.0.txt)
- COPYRIGHT: project copyright notice
- tools/add_spdx_headers.py: idempotent header injector
  (shebang- and PEP 263-aware)

Touches 1565 source files (.py, .ts, .tsx, .js, .jsx, .css, .sh).
No behavior change; comments only.
2026-05-22 21:04:16 -04:00

96 lines
3.1 KiB
Python
Raw Blame History

# SPDX-License-Identifier: AGPL-3.0-or-later
"""E.2.8 — GET endpoint shape + auth contract for /api/v1/ttp/*.
The TTP router landed at E.1.9 (contract phase) returning typed
empty values. Every documented GET endpoint is now exercised: 200
with a JWT, 401 without. Repo-backed data lands at E.3 implementation
phase; this suite stays green across that transition because the
shape contract is stable from E.1.9 forward.
"""
from __future__ import annotations
from typing import Any
import httpx
import pytest
from tests.api.ttp.conftest import (
BY_ATTACKER,
BY_CAMPAIGN,
BY_IDENTITY,
BY_SESSION,
NAVIGATOR,
NAVIGATOR_IDENTITY,
RULES,
TECHNIQUES,
hdr,
)
def _resolve(path: str) -> str:
"""Substitute synthetic UUIDs / IDs into path templates."""
return path.format(
identity_uuid="00000000-0000-5000-8000-000000000000",
attacker_uuid="00000000-0000-5000-8000-000000000001",
campaign_uuid="00000000-0000-5000-8000-000000000002",
session_id="sess-deadbeef",
uuid="00000000-0000-5000-8000-000000000000",
)
# Documented GET endpoints — each must respond 200 with a JWT and 401
# without. Today they 404 because the router doesn't exist; the
# strict-xfail trip-wire flips when E.3.8 ships.
_GET_ENDPOINTS: list[str] = [
TECHNIQUES,
BY_IDENTITY,
BY_ATTACKER,
BY_CAMPAIGN,
BY_SESSION,
RULES,
NAVIGATOR,
NAVIGATOR_IDENTITY,
]
@pytest.mark.parametrize("path", _GET_ENDPOINTS)
@pytest.mark.asyncio
async def test_get_returns_200_with_jwt(
client: httpx.AsyncClient, auth_token: str, path: str,
) -> None:
res = await client.get(_resolve(path), headers=hdr(auth_token))
assert res.status_code == 200, res.text
body: Any = res.json()
# Documented response shapes vary per endpoint; every one is
# at least a JSON object or list. The schema-stability fixtures
# under tests/api/ttp/schemas/ pin the per-endpoint shape once
# impl lands.
assert isinstance(body, (dict, list))
@pytest.mark.parametrize("path", _GET_ENDPOINTS)
@pytest.mark.asyncio
async def test_get_returns_401_without_jwt(
client: httpx.AsyncClient, path: str,
) -> None:
res = await client.get(_resolve(path))
# Per project rule: every API GET is auth-gated → 401 without a JWT
# (NOT 403, NOT 404). Pinned exactly so a future "let unauth read
# the rules catalogue" change is visible.
assert res.status_code == 401, (path, res.status_code, res.text)
# ─── Router-presence sanity ──────────────────────────────────────────────────
@pytest.mark.asyncio
async def test_ttp_router_is_mounted(
client: httpx.AsyncClient, auth_token: str,
) -> None:
"""At least one documented TTP endpoint returns something other
than 404 — i.e. the router is mounted. The strict-xfail flips
the day E.3.8 wires the router, regardless of which endpoint
landed first."""
res = await client.get(TECHNIQUES, headers=hdr(auth_token))
assert res.status_code != 404, res.text
Reference in New Issue View Git Blame Copy Permalink