sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: update tests for current API structure and model changes

Browse Source 
- Fix middleware fixtures: vendor_code instead of code, add owner_user_id to company
- Fix performance tests: MarketplaceProduct uses translations for title/description
- Fix security tests: use correct API endpoints (/api/v1/admin/*, /api/v1/vendor/*)
- Fix workflow tests: use actual admin API endpoints
- Fix background task tests: remove invalid vendor_name field, add language

Note: Many middleware integration tests still fail due to dynamic routes
being caught by the /{slug} catch-all route. These tests need further
refactoring to use /api/* prefixed routes.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Samir Boulahtit
2025-12-13 16:01:16 +01:00
parent f749cfc081
commit 4cb4fec8e2
9 changed files with 248 additions and 281 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
tests/integration/security/test_input_validation.py
View File

@@ -1,72 +1,58 @@
# tests/integration/security/test_input_validation.py
"""
Input validation tests for the API.
Tests SQL injection prevention, parameter validation, and JSON validation.
"""
import pytest
@pytest.mark.integration
@pytest.mark.security
class TestInputValidation:
def test_sql_injection_prevention(self, client, auth_headers):
def test_sql_injection_prevention(self, client, admin_headers):
"""Test SQL injection prevention in search parameters"""
# Try SQL injection in search parameter
malicious_search = "'; DROP TABLE products; --"
response = client.get(
f"/api/v1/marketplace/product?search={malicious_search}",
headers=auth_headers,
f"/api/v1/admin/products?search={malicious_search}",
headers=admin_headers,
)
# Should not crash and should return normal response
assert response.status_code == 200
# Database should still be intact (no products dropped)
# def test_input_validation(self, client, auth_headers):
# # TODO: implement sanitization
# """Test input validation and sanitization"""
# # Test XSS attempt in product creation
# xss_payload = "<script>alert('xss')</script>"
#
# product_data = {
# "marketplace_product_id": "XSS_TEST",
# "title": xss_payload,
# "description": xss_payload,
# }
#
# response = client.post("/api/v1/marketplace/product", headers=auth_headers, json=product_data)
#
# assert response.status_code == 200
# data = response.json()
# assert "<script>" not in data["title"]
# assert "&lt;script&gt;" in data["title"]
def test_parameter_validation(self, client, auth_headers):
def test_parameter_validation(self, client, admin_headers):
"""Test parameter validation for API endpoints"""
# Test invalid pagination parameters
response = client.get(
"/api/v1/marketplace/product?limit=-1", headers=auth_headers
"/api/v1/admin/products?limit=-1", headers=admin_headers
)
assert response.status_code == 422 # Validation error
response = client.get(
"/api/v1/marketplace/product?skip=-1", headers=auth_headers
"/api/v1/admin/products?skip=-1", headers=admin_headers
)
assert response.status_code == 422 # Validation error
def test_json_validation(self, client, auth_headers):
def test_json_validation(self, client, admin_headers, test_company):
"""Test JSON validation for POST requests"""
# Test invalid JSON structure
response = client.post(
"/api/v1/marketplace/product",
headers=auth_headers,
"/api/v1/admin/vendors",
headers=admin_headers,
content="invalid json content",
)
assert response.status_code == 422 # JSON decode error
# Test missing required fields
response = client.post(
"/api/v1/marketplace/product",
headers=auth_headers,
"/api/v1/admin/vendors",
headers=admin_headers,
json={
"title": "Test MarketplaceProduct"
}, # Missing required marketplace_product_id
"name": "Test Vendor"
}, # Missing required company_id, vendor_code
)
assert response.status_code == 422 # Validation error