code quality run
This commit is contained in:
@@ -1,7 +1,8 @@
|
||||
# tests/test_security.py
|
||||
from unittest.mock import patch
|
||||
|
||||
import pytest
|
||||
from fastapi import HTTPException
|
||||
from unittest.mock import patch
|
||||
|
||||
|
||||
class TestSecurity:
|
||||
@@ -10,7 +11,9 @@ class TestSecurity:
|
||||
|
||||
response = client.get("/api/v1/debug-bearer")
|
||||
print(f"Direct Bearer - Status: {response.status_code}")
|
||||
print(f"Direct Bearer - Response: {response.json() if response.content else 'No content'}")
|
||||
print(
|
||||
f"Direct Bearer - Response: {response.json() if response.content else 'No content'}"
|
||||
)
|
||||
|
||||
def test_debug_dependencies(self, client):
|
||||
"""Debug the dependency chain step by step"""
|
||||
@@ -24,7 +27,9 @@ class TestSecurity:
|
||||
print(f"Admin endpoint - Raw: {response.content}")
|
||||
|
||||
# Test 2: Try a regular endpoint that uses get_current_user
|
||||
response2 = client.get("/api/v1/product") # or any endpoint with get_current_user
|
||||
response2 = client.get(
|
||||
"/api/v1/product"
|
||||
) # or any endpoint with get_current_user
|
||||
print(f"Regular endpoint - Status: {response2.status_code}")
|
||||
try:
|
||||
print(f"Regular endpoint - Response: {response2.json()}")
|
||||
@@ -35,7 +40,7 @@ class TestSecurity:
|
||||
"""Debug test to see all available routes"""
|
||||
print("\n=== All Available Routes ===")
|
||||
for route in client.app.routes:
|
||||
if hasattr(route, 'path') and hasattr(route, 'methods'):
|
||||
if hasattr(route, "path") and hasattr(route, "methods"):
|
||||
print(f"{list(route.methods)} {route.path}")
|
||||
|
||||
print("\n=== Testing Product Endpoint Variations ===")
|
||||
@@ -59,7 +64,7 @@ class TestSecurity:
|
||||
"/api/v1/product",
|
||||
"/api/v1/shop",
|
||||
"/api/v1/stats",
|
||||
"/api/v1/stock"
|
||||
"/api/v1/stock",
|
||||
]
|
||||
|
||||
for endpoint in protected_endpoints:
|
||||
@@ -76,7 +81,9 @@ class TestSecurity:
|
||||
def test_admin_endpoint_requires_admin_role(self, client, auth_headers):
|
||||
"""Test that admin endpoints require admin role"""
|
||||
response = client.get("/api/v1/admin/users", headers=auth_headers)
|
||||
assert response.status_code == 403 # Token is valid but user does not have access.
|
||||
assert (
|
||||
response.status_code == 403
|
||||
) # Token is valid but user does not have access.
|
||||
# Regular user should be denied
|
||||
|
||||
def test_sql_injection_prevention(self, client, auth_headers):
|
||||
@@ -84,7 +91,9 @@ class TestSecurity:
|
||||
# Try SQL injection in search parameter
|
||||
malicious_search = "'; DROP TABLE products; --"
|
||||
|
||||
response = client.get(f"/api/v1/product?search={malicious_search}", headers=auth_headers)
|
||||
response = client.get(
|
||||
f"/api/v1/product?search={malicious_search}", headers=auth_headers
|
||||
)
|
||||
|
||||
# Should not crash and should return normal response
|
||||
assert response.status_code == 200
|
||||
|
||||
Reference in New Issue
Block a user