Merge dev to main: Security improvements and comprehensive test infrastructure #39
@@ -0,0 +1,97 @@
|
|||||||
|
"""
|
||||||
|
Integration tests for Gitea operations.
|
||||||
|
"""
|
||||||
|
import pytest
|
||||||
|
|
||||||
|
|
||||||
|
class TestGiteaRepos:
|
||||||
|
"""Test Gitea repository endpoints."""
|
||||||
|
|
||||||
|
@pytest.mark.skip(reason="Requires external Gitea API - tested manually")
|
||||||
|
def test_list_repos(self, test_app, admin_headers):
|
||||||
|
"""Test listing Gitea repositories."""
|
||||||
|
response = test_app.get("/api/gitea/repos", headers=admin_headers)
|
||||||
|
# This would require a real Gitea instance
|
||||||
|
assert response.status_code in [200, 500, 503]
|
||||||
|
|
||||||
|
def test_list_repos_without_auth(self, test_app):
|
||||||
|
"""Test listing repos without authentication."""
|
||||||
|
response = test_app.get("/api/gitea/repos")
|
||||||
|
|
||||||
|
assert response.status_code == 401
|
||||||
|
|
||||||
|
|
||||||
|
class TestGiteaCommits:
|
||||||
|
"""Test Gitea commits endpoint."""
|
||||||
|
|
||||||
|
@pytest.mark.skip(reason="Requires external Gitea API - tested manually")
|
||||||
|
def test_list_commits(self, test_app, admin_headers):
|
||||||
|
"""Test listing commits for a repository."""
|
||||||
|
response = test_app.get(
|
||||||
|
"/api/gitea/repos/owner/repo/commits",
|
||||||
|
headers=admin_headers
|
||||||
|
)
|
||||||
|
# This would require a real Gitea instance
|
||||||
|
assert response.status_code in [200, 404, 500, 503]
|
||||||
|
|
||||||
|
def test_list_commits_invalid_owner(self, test_app, admin_headers):
|
||||||
|
"""Test listing commits with invalid owner name."""
|
||||||
|
response = test_app.get(
|
||||||
|
"/api/gitea/repos/invalid@owner/repo/commits",
|
||||||
|
headers=admin_headers
|
||||||
|
)
|
||||||
|
|
||||||
|
assert response.status_code == 400
|
||||||
|
data = response.json()
|
||||||
|
assert "detail" in data
|
||||||
|
assert "invalid" in data["detail"].lower()
|
||||||
|
|
||||||
|
def test_list_commits_invalid_repo(self, test_app, admin_headers):
|
||||||
|
"""Test listing commits with invalid repo name."""
|
||||||
|
response = test_app.get(
|
||||||
|
"/api/gitea/repos/owner/invalid@repo/commits",
|
||||||
|
headers=admin_headers
|
||||||
|
)
|
||||||
|
|
||||||
|
assert response.status_code == 400
|
||||||
|
data = response.json()
|
||||||
|
assert "detail" in data
|
||||||
|
assert "invalid" in data["detail"].lower()
|
||||||
|
|
||||||
|
def test_list_commits_special_chars_in_owner(self, test_app, admin_headers):
|
||||||
|
"""Test listing commits with special characters in owner."""
|
||||||
|
response = test_app.get(
|
||||||
|
"/api/gitea/repos/owner$/repo/commits",
|
||||||
|
headers=admin_headers
|
||||||
|
)
|
||||||
|
|
||||||
|
assert response.status_code == 400
|
||||||
|
|
||||||
|
def test_list_commits_special_chars_in_repo(self, test_app, admin_headers):
|
||||||
|
"""Test listing commits with special characters in repo."""
|
||||||
|
response = test_app.get(
|
||||||
|
"/api/gitea/repos/owner/repo!/commits",
|
||||||
|
headers=admin_headers
|
||||||
|
)
|
||||||
|
|
||||||
|
assert response.status_code == 400
|
||||||
|
|
||||||
|
@pytest.mark.skip(reason="Requires external Gitea API - tested manually")
|
||||||
|
def test_list_commits_valid_names(self, test_app, admin_headers):
|
||||||
|
"""Test that valid names with allowed characters pass validation."""
|
||||||
|
# Valid characters: a-zA-Z0-9._-
|
||||||
|
# This will fail at the HTTP call level, but should pass validation
|
||||||
|
response = test_app.get(
|
||||||
|
"/api/gitea/repos/valid-owner_123/repo.name-456/commits",
|
||||||
|
headers=admin_headers
|
||||||
|
)
|
||||||
|
|
||||||
|
# Should not be 400 (validation error), but may be 500/503 (HTTP error)
|
||||||
|
assert response.status_code != 400
|
||||||
|
|
||||||
|
def test_list_commits_without_auth(self, test_app):
|
||||||
|
"""Test listing commits without authentication."""
|
||||||
|
response = test_app.get("/api/gitea/repos/owner/repo/commits")
|
||||||
|
|
||||||
|
assert response.status_code == 401
|
||||||
|
|
||||||
Reference in New Issue
Block a user