# tests/test_middleware.py import pytest from unittest.mock import Mock, patch from middleware.rate_limiter import RateLimiter from middleware.auth import AuthManager class TestRateLimiter: def test_rate_limiter_allows_requests(self): """Test rate limiter allows requests within limit""" limiter = RateLimiter() client_id = "test_client" # Should allow first request assert limiter.allow_request(client_id, max_requests=10, window_seconds=3600) == True # Should allow subsequent requests within limit for _ in range(5): assert limiter.allow_request(client_id, max_requests=10, window_seconds=3600) == True def test_rate_limiter_blocks_excess_requests(self): """Test rate limiter blocks requests exceeding limit""" limiter = RateLimiter() client_id = "test_client_blocked" max_requests = 3 # Use up the allowed requests for _ in range(max_requests): assert limiter.allow_request(client_id, max_requests, 3600) == True # Next request should be blocked assert limiter.allow_request(client_id, max_requests, 3600) == False class TestAuthManager: def test_password_hashing_and_verification(self): """Test password hashing and verification""" auth_manager = AuthManager() password = "test_password_123" # Hash password hashed = auth_manager.hash_password(password) # Verify correct password assert auth_manager.verify_password(password, hashed) == True # Verify incorrect password assert auth_manager.verify_password("wrong_password", hashed) == False def test_jwt_token_creation_and_validation(self, test_user): """Test JWT token creation and validation""" auth_manager = AuthManager() # Create token token_data = auth_manager.create_access_token(test_user) assert "access_token" in token_data assert token_data["token_type"] == "bearer" assert isinstance(token_data["expires_in"], int) # Token should be a string assert isinstance(token_data["access_token"], str) assert len(token_data["access_token"]) > 50 # JWT tokens are long