anti
7dbc71d664
- test_profiler_behavioral.py: attacker behavior pattern matching tests - api/test_rbac.py: comprehensive RBAC role separation tests - api/config/: configuration API endpoint tests (CRUD, reinit, user management)
77 lines
2.5 KiB
Python
77 lines
2.5 KiB
Python
import pytest
|
|
|
|
from decnet.web.dependencies import repo
|
|
|
|
|
|
@pytest.fixture(autouse=True)
|
|
def enable_developer_mode(monkeypatch):
|
|
monkeypatch.setattr("decnet.web.router.config.api_reinit.DECNET_DEVELOPER", True)
|
|
monkeypatch.setattr("decnet.web.router.config.api_get_config.DECNET_DEVELOPER", True)
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_reinit_purges_data(client, auth_token):
|
|
"""Admin can purge all logs, bounties, and attackers in developer mode."""
|
|
# Seed some data
|
|
await repo.add_log({
|
|
"decky": "d1", "service": "ssh", "event_type": "connect",
|
|
"attacker_ip": "1.2.3.4", "raw_line": "test", "fields": "{}",
|
|
})
|
|
await repo.add_bounty({
|
|
"decky": "d1", "service": "ssh", "attacker_ip": "1.2.3.4",
|
|
"bounty_type": "credential", "payload": '{"user":"root"}',
|
|
})
|
|
|
|
resp = await client.delete(
|
|
"/api/v1/config/reinit",
|
|
headers={"Authorization": f"Bearer {auth_token}"},
|
|
)
|
|
assert resp.status_code == 200
|
|
data = resp.json()
|
|
assert data["deleted"]["logs"] >= 1
|
|
assert data["deleted"]["bounties"] >= 1
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_reinit_viewer_forbidden(client, auth_token, viewer_token):
|
|
resp = await client.delete(
|
|
"/api/v1/config/reinit",
|
|
headers={"Authorization": f"Bearer {viewer_token}"},
|
|
)
|
|
assert resp.status_code == 403
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_reinit_forbidden_without_developer_mode(client, auth_token, monkeypatch):
|
|
monkeypatch.setattr("decnet.web.router.config.api_reinit.DECNET_DEVELOPER", False)
|
|
|
|
resp = await client.delete(
|
|
"/api/v1/config/reinit",
|
|
headers={"Authorization": f"Bearer {auth_token}"},
|
|
)
|
|
assert resp.status_code == 403
|
|
assert "developer mode" in resp.json()["detail"].lower()
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_config_includes_developer_mode(client, auth_token):
|
|
"""Admin config response includes developer_mode when enabled."""
|
|
resp = await client.get(
|
|
"/api/v1/config",
|
|
headers={"Authorization": f"Bearer {auth_token}"},
|
|
)
|
|
assert resp.status_code == 200
|
|
assert resp.json()["developer_mode"] is True
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_config_excludes_developer_mode_when_disabled(client, auth_token, monkeypatch):
|
|
monkeypatch.setattr("decnet.web.router.config.api_get_config.DECNET_DEVELOPER", False)
|
|
|
|
resp = await client.get(
|
|
"/api/v1/config",
|
|
headers={"Authorization": f"Bearer {auth_token}"},
|
|
)
|
|
assert resp.status_code == 200
|
|
assert "developer_mode" not in resp.json()
|