wiregui/tests/test_magic_link.py

"""Tests for magic link authentication — token subject validation."""

from wiregui.auth.jwt import create_access_token, decode_access_token


def test_magic_link_token_wrong_user():
    """Token should only be valid for the intended user."""
    token = create_access_token(user_id="user-A", role="admin")
    payload = decode_access_token(token)
    assert payload["sub"] == "user-A"
    # Caller is responsible for checking sub matches the URL user_id
fix: remove unit tests redundant with e2e, fix test DB isolation Remove 7 test files fully covered by e2e tests (admin, account, models, API routes, integration MFA/OIDC, notifications). Trim 5 more files to keep only edge cases not reachable via e2e. Fix conftest to replace wiregui.db engine/session at import time so all code uses the test database. Use session-scoped tables with per-test savepoint isolation to prevent data leaking between tests. 2026-03-31 21:27:46 -05:00			`"""Tests for magic link authentication — token subject validation."""`
feat: initial WireGUI implementation — full VPN management platform Complete Python/NiceGUI rewrite of the Wirezone (Elixir/Phoenix) VPN management platform. All 10 implementation phases delivered. Core stack: - NiceGUI reactive UI with SQLModel ORM on PostgreSQL (asyncpg) - Alembic migrations, Valkey/Redis cache, pydantic-settings config - WireGuard management via subprocess (wg/ip/nft CLIs) - 164 tests passing, 35% code coverage Features: - User/device/rule CRUD with admin and unprivileged roles - Full device config form with per-device WG overrides - WireGuard client config generation with QR codes - REST API (v0) with Bearer token auth for all resources - TOTP MFA with QR registration and challenge flow - OIDC SSO with authlib (provider registry, auto-create users) - Magic link passwordless sign-in via email - SAML SP-initiated SSO with IdP metadata parsing - WebAuthn/FIDO2 security key registration - nftables firewall with per-user chains and masquerade - Background tasks: WG stats polling, VPN session expiry, OIDC token refresh, WAN connectivity checks - Startup reconciliation (DB ↔ WireGuard state sync) - In-memory notification system with header badge - Admin UI: users, devices, rules, settings (3 tabs), diagnostics - Loguru logging with optional timestamped file output Deployment: - Multi-stage Dockerfile (python:3.13-slim) - Docker Compose prod stack (bridge networking, NET_ADMIN, nftables) - Forgejo CI: tests → semantic versioning → Docker registry push - Health endpoint at /api/health 2026-03-30 16:53:46 -05:00
			`from wiregui.auth.jwt import create_access_token, decode_access_token`


			`def test_magic_link_token_wrong_user():`
			`"""Token should only be valid for the intended user."""`
			`token = create_access_token(user_id="user-A", role="admin")`
			`payload = decode_access_token(token)`
			`assert payload["sub"] == "user-A"`
			`# Caller is responsible for checking sub matches the URL user_id`