sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d21cd366dc59e07b5daa6e2de15e2ca3960b948b
orion/tests/integration/security/test_authentication.py
Samir Boulahtit 4cb4fec8e2 fix: update tests for current API structure and model changes 
- Fix middleware fixtures: vendor_code instead of code, add owner_user_id to company
- Fix performance tests: MarketplaceProduct uses translations for title/description
- Fix security tests: use correct API endpoints (/api/v1/admin/*, /api/v1/vendor/*)
- Fix workflow tests: use actual admin API endpoints
- Fix background task tests: remove invalid vendor_name field, add language

Note: Many middleware integration tests still fail due to dynamic routes
being caught by the /{slug} catch-all route. These tests need further
refactoring to use /api/* prefixed routes.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-13 16:01:16 +01:00

42 lines
1.5 KiB
Python
Raw Blame History

# tests/integration/security/test_authentication.py
"""
Authentication tests for the API.
API Structure:
- /api/v1/admin/* - Admin endpoints (require admin token)
- /api/v1/vendor/* - Vendor endpoints (require vendor token with vendor_id claim)
"""
import pytest
@pytest.mark.integration
@pytest.mark.security
@pytest.mark.auth
class TestAuthentication:
def test_protected_endpoint_without_auth(self, client):
"""Test that protected endpoints reject unauthenticated requests"""
protected_endpoints = [
"/api/v1/admin/users",
"/api/v1/admin/vendors",
"/api/v1/admin/marketplace-import-jobs",
"/api/v1/admin/products",
"/api/v1/vendor/products",
"/api/v1/vendor/inventory",
]
for endpoint in protected_endpoints:
response = client.get(endpoint)
assert response.status_code == 401, f"Expected 401 for {endpoint}"
def test_protected_endpoint_with_invalid_token(self, client):
"""Test protected endpoints with invalid token"""
headers = {"Authorization": "Bearer invalid_token_here"}
response = client.get("/api/v1/admin/products", headers=headers)
assert response.status_code == 401 # Token is not valid
def test_valid_token_accepted(self, client, admin_headers):
"""Test that valid tokens are accepted"""
response = client.get("/api/v1/admin/vendors", headers=admin_headers)
assert response.status_code == 200
Reference in New Issue View Git Blame Copy Permalink