sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f47c680cb86de1980f8094367ea63fb313149491
orion/tests/unit/api/test_storefront_auth.py
Samir Boulahtit f47c680cb8
Some checks failed
CI / ruff (push) Successful in 9s
Details
CI / pytest (push) Failing after 46m52s
Details
CI / validate (push) Successful in 23s
Details
CI / dependency-scanning (push) Successful in 30s
Details
CI / docs (push) Has been skipped
Details
CI / deploy (push) Has been skipped
Details
fix: storefront login 403, cookie path, double-storefront URLs, and auth redirects 
- Extract store/platform context from Referer header for storefront API requests
  (StoreContextMiddleware and PlatformContextMiddleware) so login POST works in
  dev mode where API paths lack /platforms/{code}/ prefix
- Set customer token cookie path to "/" for cross-route compatibility
- Fix double storefront in URLs: replace {{ base_url }}storefront/ with {{ base_url }}
  across all 24 storefront templates
- Fix auth error redirect to include platform prefix and use store_code
- Update seed script to output correct storefront login URLs
- Add 20 new unit tests covering all fixes; fix 9 pre-existing test failures

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-24 12:29:52 +01:00

45 lines
1.7 KiB
Python
Raw Blame History

# tests/unit/api/test_storefront_auth.py
"""
Unit tests for storefront auth cookie handling.
Tests that customer_token cookie is set with path='/' so it works
across all URL patterns (dev mode with /platforms/ prefix, prod mode with subdomains).
"""
import pytest
@pytest.mark.unit
class TestCustomerTokenCookiePath:
"""Verify cookie path is set correctly for cross-routing compatibility."""
def test_login_sets_cookie_with_root_path(self):
"""
The customer_token cookie must use path='/' to work with all URL patterns.
Previously the cookie path was calculated as '/storefront/{subdomain}/storefront'
which didn't match the actual page URLs (/platforms/{code}/storefront/{store_code}/...).
"""
import inspect
from app.modules.customers.routes.api.storefront import customer_login
source = inspect.getsource(customer_login)
# Verify the cookie is set with path="/"
assert 'path="/"' in source or "path='/'" in source, (
"customer_login must set cookie with path='/'. "
"Other paths like '/storefront' or '/storefront/{subdomain}/storefront' "
"don't match dev mode URLs (/platforms/{code}/storefront/{store_code}/...)"
)
def test_logout_deletes_cookie_with_root_path(self):
"""The customer_token cookie must be deleted with path='/' to match the set path."""
import inspect
from app.modules.customers.routes.api.storefront import customer_logout
source = inspect.getsource(customer_logout)
assert 'path="/"' in source or "path='/'" in source, (
"customer_logout must delete cookie with path='/' to match how it was set"
)
Reference in New Issue View Git Blame Copy Permalink