reaching 100% test coverage for the middleware unit tests

tests/unit/middleware/test_auth.py

@@ -16,6 +16,7 @@ import pytest
 from unittest.mock import Mock, MagicMock, patch
 from datetime import datetime, timedelta, timezone
 from jose import jwt
+from fastapi import HTTPException
 
 from middleware.auth import AuthManager
 from app.exceptions import (
@@ -350,6 +351,26 @@ class TestJWTTokenVerification:
         with pytest.raises(InvalidTokenException):
             auth_manager.verify_token(token)
 
+    def test_verify_token_additional_expiration_check(self):
+        """Test the additional expiration check after jwt.decode."""
+        auth_manager = AuthManager()
+
+        # Create a token with expiration in the past
+        past_time = datetime.now(timezone.utc) - timedelta(minutes=1)
+        payload = {
+            "sub": "1",
+            "username": "testuser",
+            "exp": past_time.timestamp()
+        }
+        token = jwt.encode(payload, auth_manager.secret_key, algorithm=auth_manager.algorithm)
+
+        # Mock jwt.decode to bypass its expiration check and test line 205
+        with patch('middleware.auth.jwt.decode') as mock_decode:
+            mock_decode.return_value = payload
+
+            with pytest.raises(TokenExpiredException):
+                auth_manager.verify_token(token)
+
 
 @pytest.mark.unit
 @pytest.mark.auth
@@ -661,3 +682,62 @@ class TestEdgeCases:
         # Result depends on how the filter is implemented
         # This test documents the expected behavior
         assert result is None or result is mock_user
+
+    def test_verify_token_unexpected_exception(self):
+        """Test generic exception handler in verify_token."""
+        auth_manager = AuthManager()
+
+        # Create a valid token with a mock user
+        mock_user = Mock(spec=User)
+        mock_user.id = 1
+        mock_user.username = "test"
+        mock_user.email = "test@example.com"
+        mock_user.role = "user"
+
+        token_data = auth_manager.create_access_token(mock_user)
+        token = token_data["access_token"]
+
+        # Mock jose.jwt.decode to raise an unexpected exception
+        with patch('middleware.auth.jwt.decode', side_effect=RuntimeError("Unexpected error")):
+            with pytest.raises(InvalidTokenException) as exc_info:
+                auth_manager.verify_token(token)
+
+            # The message should be "Authentication failed" from the generic except handler
+            assert "Authentication failed" in str(exc_info.value.message)
+
+    def test_require_role_decorator_wrapper_functionality(self):
+        """Test the require_role decorator wrapper execution."""
+        auth_manager = AuthManager()
+
+        # Create a test function decorated with require_role
+        @auth_manager.require_role("admin")
+        def test_function(current_user, additional_arg=None):
+            return {"user": current_user.username, "arg": additional_arg}
+
+        # Test successful case - user has required role
+        admin_user = Mock(spec=User)
+        admin_user.role = "admin"
+        admin_user.username = "admin_user"
+
+        result = test_function(admin_user, additional_arg="test_value")
+
+        assert result["user"] == "admin_user"
+        assert result["arg"] == "test_value"
+
+    def test_require_role_decorator_blocks_wrong_role(self):
+        """Test that require_role decorator blocks users with wrong role."""
+        auth_manager = AuthManager()
+
+        @auth_manager.require_role("admin")
+        def admin_only_function(current_user):
+            return {"status": "success"}
+
+        # Test with user that has wrong role
+        regular_user = Mock(spec=User)
+        regular_user.role = "user"
+
+        with pytest.raises(HTTPException) as exc_info:
+            admin_only_function(regular_user)
+
+        assert exc_info.value.status_code == 403
+        assert "Required role 'admin' not found" in exc_info.value.detail