anti
f2b3393669
Replaces LICENSE (GPLv3 -> AGPLv3) and prepends `SPDX-License-Identifier: AGPL-3.0-or-later` to every source file across decnet/, decnet_web/, tests/, scripts/, and tools/. Rationale: closes the GPLv3 ASP loophole so any party operating a modified DECNET as a network service must offer their modified source. Personal copyright (Samuel Paschuan) + inbound=outbound contributions make a future unilateral relicense infeasible. - LICENSE: full AGPL-3.0 text (gnu.org/licenses/agpl-3.0.txt) - COPYRIGHT: project copyright notice - tools/add_spdx_headers.py: idempotent header injector (shebang- and PEP 263-aware) Touches 1565 source files (.py, .ts, .tsx, .js, .jsx, .css, .sh). No behavior change; comments only.
71 lines
2.2 KiB
Python
71 lines
2.2 KiB
Python
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
import pytest
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_get_config_defaults_admin(client, auth_token):
|
|
"""Admin gets full config with users list and defaults."""
|
|
resp = await client.get(
|
|
"/api/v1/config",
|
|
headers={"Authorization": f"Bearer {auth_token}"},
|
|
)
|
|
assert resp.status_code == 200
|
|
data = resp.json()
|
|
assert data["role"] == "admin"
|
|
assert data["deployment_limit"] == 10
|
|
assert data["global_mutation_interval"] == "30m"
|
|
assert "users" in data
|
|
assert isinstance(data["users"], list)
|
|
assert len(data["users"]) >= 1
|
|
# Ensure no password_hash leaked
|
|
for user in data["users"]:
|
|
assert "password_hash" not in user
|
|
assert "uuid" in user
|
|
assert "username" in user
|
|
assert "role" in user
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_get_config_viewer_no_users(client, auth_token, viewer_token):
|
|
"""Viewer gets config without users list — server-side gating."""
|
|
resp = await client.get(
|
|
"/api/v1/config",
|
|
headers={"Authorization": f"Bearer {viewer_token}"},
|
|
)
|
|
assert resp.status_code == 200
|
|
data = resp.json()
|
|
assert data["role"] == "viewer"
|
|
assert data["deployment_limit"] == 10
|
|
assert data["global_mutation_interval"] == "30m"
|
|
assert "users" not in data
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_get_config_returns_stored_values(client, auth_token):
|
|
"""Config returns stored values after update."""
|
|
await client.put(
|
|
"/api/v1/config/deployment-limit",
|
|
json={"deployment_limit": 42},
|
|
headers={"Authorization": f"Bearer {auth_token}"},
|
|
)
|
|
await client.put(
|
|
"/api/v1/config/global-mutation-interval",
|
|
json={"global_mutation_interval": "7d"},
|
|
headers={"Authorization": f"Bearer {auth_token}"},
|
|
)
|
|
|
|
resp = await client.get(
|
|
"/api/v1/config",
|
|
headers={"Authorization": f"Bearer {auth_token}"},
|
|
)
|
|
assert resp.status_code == 200
|
|
data = resp.json()
|
|
assert data["deployment_limit"] == 42
|
|
assert data["global_mutation_interval"] == "7d"
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_get_config_unauthenticated(client):
|
|
resp = await client.get("/api/v1/config")
|
|
assert resp.status_code == 401
|