100 lines
3.4 KiB
Python
100 lines
3.4 KiB
Python
import pytest
|
|
from fastapi.testclient import TestClient
|
|
from sqlalchemy import create_engine
|
|
from sqlalchemy.orm import sessionmaker
|
|
from sqlalchemy.pool import StaticPool
|
|
|
|
from app.core.database import Base, get_db
|
|
from app.main import app
|
|
from app.modules.auth.models import User
|
|
from app.modules.auth.service import hash_password
|
|
|
|
|
|
@pytest.fixture(autouse=True)
|
|
def override_db():
|
|
engine = create_engine(
|
|
"sqlite:///:memory:",
|
|
connect_args={"check_same_thread": False},
|
|
poolclass=StaticPool,
|
|
)
|
|
Base.metadata.create_all(bind=engine)
|
|
Session = sessionmaker(bind=engine)
|
|
session = Session()
|
|
app.dependency_overrides[get_db] = lambda: session
|
|
yield session
|
|
app.dependency_overrides.clear()
|
|
session.close()
|
|
Base.metadata.drop_all(bind=engine)
|
|
|
|
|
|
@pytest.fixture
|
|
def client():
|
|
return TestClient(app, follow_redirects=False)
|
|
|
|
|
|
@pytest.fixture
|
|
def alice(override_db):
|
|
user = User(username="alice", full_name="Alice Smith", pw_hash=hash_password("secret123"))
|
|
override_db.add(user)
|
|
override_db.commit()
|
|
return user
|
|
|
|
|
|
def test_get_login_page(client):
|
|
response = client.get("/auth/login")
|
|
assert response.status_code == 200
|
|
assert "text/html" in response.headers["content-type"]
|
|
assert "Anmelden" in response.text
|
|
|
|
|
|
def test_login_correct_credentials_redirects(client, alice):
|
|
response = client.post("/auth/login", data={"username": "alice", "password": "secret123"})
|
|
assert response.status_code in (302, 303, 307)
|
|
assert "access_token" in response.cookies
|
|
|
|
|
|
def test_login_wrong_password_shows_error(client, alice):
|
|
response = client.post("/auth/login", data={"username": "alice", "password": "wrong"})
|
|
assert response.status_code == 200
|
|
assert "Ungültige" in response.text
|
|
|
|
|
|
def test_login_unknown_user_shows_error(client):
|
|
response = client.post("/auth/login", data={"username": "ghost", "password": "any"})
|
|
assert response.status_code == 200
|
|
assert "Ungültige" in response.text
|
|
|
|
|
|
def test_logout_clears_cookie_and_redirects_to_landing(client, alice):
|
|
client.post("/auth/login", data={"username": "alice", "password": "secret123"})
|
|
response = client.get("/auth/logout")
|
|
assert response.status_code in (302, 303, 307)
|
|
assert response.headers["location"] == "/"
|
|
assert response.cookies.get("access_token", "") == ""
|
|
|
|
|
|
from unittest.mock import patch as mock_patch
|
|
|
|
|
|
def test_ldap_login_sets_cookie_and_redirects(client, override_db):
|
|
"""LDAP login via mocked ldap_authenticate: cookie is set, redirects to /."""
|
|
ldap_attrs = {
|
|
"username": "ldapuser",
|
|
"full_name": "LDAP User",
|
|
"department": "EFI",
|
|
"role": "ST",
|
|
"account_expires": None,
|
|
}
|
|
with mock_patch("app.modules.auth.ldap.ldap_authenticate", return_value=ldap_attrs), \
|
|
mock_patch("app.modules.auth.ldap.sync_all_users"), \
|
|
mock_patch("app.modules.auth.router.settings") as mock_settings:
|
|
mock_settings.LDAP_ENABLED = True
|
|
mock_settings.LDAP_SERVER = "test"
|
|
mock_settings.LDAP_DOMAIN = "ADS1"
|
|
mock_settings.LDAP_SEARCH_BASE = "OU=test"
|
|
mock_settings.LDAP_SYNC_MIN_INTERVAL_HOURS = 12
|
|
mock_settings.LDAP_SYNC_LETTER_DELAY_SECONDS = 0.0
|
|
response = client.post("/auth/login", data={"username": "ldapuser", "password": "any"})
|
|
assert response.status_code in (302, 303, 307)
|
|
assert "access_token" in response.cookies
|