Merge dev to main: Security improvements and comprehensive test infrastructure #39
@@ -72,7 +72,7 @@ def temp_rbac_file(temp_volume_root):
|
|||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
def valid_access_token(mock_config):
|
def valid_access_token(mock_config):
|
||||||
"""Generate a valid access token for testing."""
|
"""Generate a valid access token for testing."""
|
||||||
from auth import create_access_token
|
from auth_service import create_access_token
|
||||||
return create_access_token(
|
return create_access_token(
|
||||||
data={"sub": "testuser", "role": "admin"},
|
data={"sub": "testuser", "role": "admin"},
|
||||||
expires_delta=timedelta(minutes=30)
|
expires_delta=timedelta(minutes=30)
|
||||||
@@ -82,14 +82,14 @@ def valid_access_token(mock_config):
|
|||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
def valid_refresh_token(mock_config, temp_auth_file):
|
def valid_refresh_token(mock_config, temp_auth_file):
|
||||||
"""Generate a valid refresh token for testing."""
|
"""Generate a valid refresh token for testing."""
|
||||||
from auth import create_refresh_token
|
from auth_service import create_refresh_token
|
||||||
return create_refresh_token(data={"sub": "testuser", "role": "admin"})
|
return create_refresh_token(data={"sub": "testuser", "role": "admin"})
|
||||||
|
|
||||||
|
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
def expired_access_token(mock_config):
|
def expired_access_token(mock_config):
|
||||||
"""Generate an expired access token for testing."""
|
"""Generate an expired access token for testing."""
|
||||||
from auth import create_access_token
|
from auth_service import create_access_token
|
||||||
return create_access_token(
|
return create_access_token(
|
||||||
data={"sub": "testuser", "role": "admin"},
|
data={"sub": "testuser", "role": "admin"},
|
||||||
expires_delta=timedelta(seconds=-1)
|
expires_delta=timedelta(seconds=-1)
|
||||||
|
|||||||
@@ -4,7 +4,7 @@ Integration tests for authentication flow.
|
|||||||
import pytest
|
import pytest
|
||||||
import pyotp
|
import pyotp
|
||||||
from fastapi import status
|
from fastapi import status
|
||||||
from auth import get_password_hash, save_totp_secret, save_password_hash
|
from auth_service import get_password_hash, save_totp_secret, save_password_hash
|
||||||
|
|
||||||
|
|
||||||
class TestLoginFlow:
|
class TestLoginFlow:
|
||||||
|
|||||||
@@ -135,7 +135,7 @@ class TestDockerPermissions:
|
|||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
def member_token(self, mock_config, temp_auth_file, temp_rbac_file):
|
def member_token(self, mock_config, temp_auth_file, temp_rbac_file):
|
||||||
"""Create token for member role."""
|
"""Create token for member role."""
|
||||||
from auth import create_access_token
|
from auth_service import create_access_token
|
||||||
from datetime import timedelta
|
from datetime import timedelta
|
||||||
return create_access_token(
|
return create_access_token(
|
||||||
data={"sub": "memberuser", "role": "member"},
|
data={"sub": "memberuser", "role": "member"},
|
||||||
@@ -166,7 +166,7 @@ class TestDockerPermissions:
|
|||||||
|
|
||||||
def test_viewer_can_list_containers(self, test_app, mock_config, temp_auth_file, temp_rbac_file):
|
def test_viewer_can_list_containers(self, test_app, mock_config, temp_auth_file, temp_rbac_file):
|
||||||
"""Test that viewer can list containers if they have docker page access."""
|
"""Test that viewer can list containers if they have docker page access."""
|
||||||
from auth import create_access_token
|
from auth_service import create_access_token
|
||||||
from datetime import timedelta
|
from datetime import timedelta
|
||||||
|
|
||||||
viewer_token = create_access_token(
|
viewer_token = create_access_token(
|
||||||
|
|||||||
@@ -80,7 +80,7 @@ class TestFileUpload:
|
|||||||
|
|
||||||
def test_upload_as_member_forbidden(self, test_app, mock_config, temp_auth_file, temp_rbac_file):
|
def test_upload_as_member_forbidden(self, test_app, mock_config, temp_auth_file, temp_rbac_file):
|
||||||
"""Test that non-admin cannot upload."""
|
"""Test that non-admin cannot upload."""
|
||||||
from auth import create_access_token
|
from auth_service import create_access_token
|
||||||
from datetime import timedelta
|
from datetime import timedelta
|
||||||
|
|
||||||
member_token = create_access_token(
|
member_token = create_access_token(
|
||||||
@@ -130,7 +130,7 @@ class TestFileDelete:
|
|||||||
|
|
||||||
def test_delete_as_member_forbidden(self, test_app, mock_config, temp_auth_file, temp_rbac_file):
|
def test_delete_as_member_forbidden(self, test_app, mock_config, temp_auth_file, temp_rbac_file):
|
||||||
"""Test that non-admin cannot delete."""
|
"""Test that non-admin cannot delete."""
|
||||||
from auth import create_access_token
|
from auth_service import create_access_token
|
||||||
from datetime import timedelta
|
from datetime import timedelta
|
||||||
|
|
||||||
member_token = create_access_token(
|
member_token = create_access_token(
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ import pytest
|
|||||||
import jwt
|
import jwt
|
||||||
import pyotp
|
import pyotp
|
||||||
from datetime import datetime, timedelta, timezone
|
from datetime import datetime, timedelta, timezone
|
||||||
from auth import (
|
from auth_service import (
|
||||||
verify_password,
|
verify_password,
|
||||||
get_password_hash,
|
get_password_hash,
|
||||||
create_access_token,
|
create_access_token,
|
||||||
|
|||||||
Reference in New Issue
Block a user