QC check

2025-09-21 13:00:10 +02:00
parent a26f8086f8
commit c2a1056db7
56 changed files with 339 additions and 104 deletions
--- a/tests/integration/security/init.py
+++ b/tests/integration/security/init.py
@@ -1,3 +1,2 @@
 # tests/integration/security/__init__.py
 """Security integration tests."""
-
--- a/tests/integration/security/test_authentication.py
+++ b/tests/integration/security/test_authentication.py
@@ -48,7 +48,9 @@ class TestAuthentication:
            print(f"Admin endpoint - Raw: {response.content}")

        # Test 2: Try a regular endpoint that uses get_current_user
-        response2 = client.get("/api/v1/product")  # or any endpoint with get_current_user
+        response2 = client.get(
+            "/api/v1/product"
+        )  # or any endpoint with get_current_user
        print(f"Regular endpoint - Status: {response2.status_code}")
        try:
            print(f"Regular endpoint - Response: {response2.json()}")
--- a/tests/integration/security/test_authorization.py
+++ b/tests/integration/security/test_authorization.py
@@ -36,11 +36,15 @@ class TestAuthorization:
            response = client.get(endpoint, headers=auth_headers)
            assert response.status_code == 200  # Regular user should have access

-    def test_shop_owner_access_control(self, client, auth_headers, test_shop, other_user):
+    def test_shop_owner_access_control(
+        self, client, auth_headers, test_shop, other_user
+    ):
        """Test that users can only access their own shops"""
        # Test accessing own shop (should work)
-        response = client.get(f"/api/v1/shop/{test_shop.shop_code}", headers=auth_headers)
+        response = client.get(
+            f"/api/v1/shop/{test_shop.shop_code}", headers=auth_headers
+        )
        # Response depends on your implementation - could be 200 or 404 if shop doesn't belong to user
-        
+
        # The exact assertion depends on your shop access control implementation
        assert response.status_code in [200, 403, 404]
--- a/tests/integration/security/test_input_validation.py
+++ b/tests/integration/security/test_input_validation.py
@@ -50,9 +50,7 @@ class TestInputValidation:
        """Test JSON validation for POST requests"""
        # Test invalid JSON structure
        response = client.post(
-            "/api/v1/product", 
-            headers=auth_headers, 
-            content="invalid json content"
+            "/api/v1/product", headers=auth_headers, content="invalid json content"
        )
        assert response.status_code == 422  # JSON decode error

@@ -60,6 +58,6 @@ class TestInputValidation:
        response = client.post(
            "/api/v1/product",
            headers=auth_headers,
-            json={"title": "Test Product"}  # Missing required product_id
+            json={"title": "Test Product"},  # Missing required product_id
        )
        assert response.status_code == 422  # Validation error