fix: remove unit tests redundant with e2e, fix test DB isolation
Remove 7 test files fully covered by e2e tests (admin, account, models, API routes, integration MFA/OIDC, notifications). Trim 5 more files to keep only edge cases not reachable via e2e. Fix conftest to replace wiregui.db engine/session at import time so all code uses the test database. Use session-scoped tables with per-test savepoint isolation to prevent data leaking between tests.
This commit is contained in:
Stefano Bertelli
parent
a9f62d5caf
commit
a012635dff
15 changed files with 153 additions and 2006 deletions
|
|
@ -1,34 +1,6 @@
|
|||
"""Tests for magic link authentication flow."""
|
||||
|
||||
from datetime import timedelta
|
||||
"""Tests for magic link authentication — token subject validation."""
|
||||
|
||||
from wiregui.auth.jwt import create_access_token, decode_access_token
|
||||
from wiregui.auth.passwords import hash_password
|
||||
from wiregui.models.user import User
|
||||
|
||||
|
||||
def test_magic_link_token_creation():
|
||||
"""Magic link token should be a valid JWT with short expiry."""
|
||||
token = create_access_token(
|
||||
user_id="user-123",
|
||||
role="unprivileged",
|
||||
expires_delta=timedelta(minutes=15),
|
||||
)
|
||||
payload = decode_access_token(token)
|
||||
assert payload is not None
|
||||
assert payload["sub"] == "user-123"
|
||||
assert payload["role"] == "unprivileged"
|
||||
|
||||
|
||||
def test_magic_link_token_expired():
|
||||
"""Expired magic link token should be rejected."""
|
||||
token = create_access_token(
|
||||
user_id="user-123",
|
||||
role="admin",
|
||||
expires_delta=timedelta(minutes=-1), # Already expired
|
||||
)
|
||||
payload = decode_access_token(token)
|
||||
assert payload is None
|
||||
|
||||
|
||||
def test_magic_link_token_wrong_user():
|
||||
|
|
@ -37,22 +9,3 @@ def test_magic_link_token_wrong_user():
|
|||
payload = decode_access_token(token)
|
||||
assert payload["sub"] == "user-A"
|
||||
# Caller is responsible for checking sub matches the URL user_id
|
||||
|
||||
|
||||
async def test_magic_link_disabled_user_rejected(session):
|
||||
"""Disabled users should not be able to use magic links."""
|
||||
from wiregui.utils.time import utcnow
|
||||
|
||||
user = User(
|
||||
email="disabled-magic@example.com",
|
||||
password_hash=hash_password("pw"),
|
||||
disabled_at=utcnow(),
|
||||
)
|
||||
session.add(user)
|
||||
await session.flush()
|
||||
|
||||
# The token would be valid but the page handler checks disabled_at
|
||||
token = create_access_token(user_id=str(user.id), role="unprivileged")
|
||||
payload = decode_access_token(token)
|
||||
assert payload is not None # Token itself is valid
|
||||
assert user.disabled_at is not None # But user is disabled — handler would reject
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue