Merge dev to main: Security improvements and comprehensive test infrastructure #39
@@ -0,0 +1,97 @@
|
||||
"""
|
||||
Integration tests for Gitea operations.
|
||||
"""
|
||||
import pytest
|
||||
|
||||
|
||||
class TestGiteaRepos:
|
||||
"""Test Gitea repository endpoints."""
|
||||
|
||||
@pytest.mark.skip(reason="Requires external Gitea API - tested manually")
|
||||
def test_list_repos(self, test_app, admin_headers):
|
||||
"""Test listing Gitea repositories."""
|
||||
response = test_app.get("/api/gitea/repos", headers=admin_headers)
|
||||
# This would require a real Gitea instance
|
||||
assert response.status_code in [200, 500, 503]
|
||||
|
||||
def test_list_repos_without_auth(self, test_app):
|
||||
"""Test listing repos without authentication."""
|
||||
response = test_app.get("/api/gitea/repos")
|
||||
|
||||
assert response.status_code == 401
|
||||
|
||||
|
||||
class TestGiteaCommits:
|
||||
"""Test Gitea commits endpoint."""
|
||||
|
||||
@pytest.mark.skip(reason="Requires external Gitea API - tested manually")
|
||||
def test_list_commits(self, test_app, admin_headers):
|
||||
"""Test listing commits for a repository."""
|
||||
response = test_app.get(
|
||||
"/api/gitea/repos/owner/repo/commits",
|
||||
headers=admin_headers
|
||||
)
|
||||
# This would require a real Gitea instance
|
||||
assert response.status_code in [200, 404, 500, 503]
|
||||
|
||||
def test_list_commits_invalid_owner(self, test_app, admin_headers):
|
||||
"""Test listing commits with invalid owner name."""
|
||||
response = test_app.get(
|
||||
"/api/gitea/repos/invalid@owner/repo/commits",
|
||||
headers=admin_headers
|
||||
)
|
||||
|
||||
assert response.status_code == 400
|
||||
data = response.json()
|
||||
assert "detail" in data
|
||||
assert "invalid" in data["detail"].lower()
|
||||
|
||||
def test_list_commits_invalid_repo(self, test_app, admin_headers):
|
||||
"""Test listing commits with invalid repo name."""
|
||||
response = test_app.get(
|
||||
"/api/gitea/repos/owner/invalid@repo/commits",
|
||||
headers=admin_headers
|
||||
)
|
||||
|
||||
assert response.status_code == 400
|
||||
data = response.json()
|
||||
assert "detail" in data
|
||||
assert "invalid" in data["detail"].lower()
|
||||
|
||||
def test_list_commits_special_chars_in_owner(self, test_app, admin_headers):
|
||||
"""Test listing commits with special characters in owner."""
|
||||
response = test_app.get(
|
||||
"/api/gitea/repos/owner$/repo/commits",
|
||||
headers=admin_headers
|
||||
)
|
||||
|
||||
assert response.status_code == 400
|
||||
|
||||
def test_list_commits_special_chars_in_repo(self, test_app, admin_headers):
|
||||
"""Test listing commits with special characters in repo."""
|
||||
response = test_app.get(
|
||||
"/api/gitea/repos/owner/repo!/commits",
|
||||
headers=admin_headers
|
||||
)
|
||||
|
||||
assert response.status_code == 400
|
||||
|
||||
@pytest.mark.skip(reason="Requires external Gitea API - tested manually")
|
||||
def test_list_commits_valid_names(self, test_app, admin_headers):
|
||||
"""Test that valid names with allowed characters pass validation."""
|
||||
# Valid characters: a-zA-Z0-9._-
|
||||
# This will fail at the HTTP call level, but should pass validation
|
||||
response = test_app.get(
|
||||
"/api/gitea/repos/valid-owner_123/repo.name-456/commits",
|
||||
headers=admin_headers
|
||||
)
|
||||
|
||||
# Should not be 400 (validation error), but may be 500/503 (HTTP error)
|
||||
assert response.status_code != 400
|
||||
|
||||
def test_list_commits_without_auth(self, test_app):
|
||||
"""Test listing commits without authentication."""
|
||||
response = test_app.get("/api/gitea/repos/owner/repo/commits")
|
||||
|
||||
assert response.status_code == 401
|
||||
|
||||
Reference in New Issue
Block a user