16ee4e0cb3
- Added models for `OAuthClient`, `OAuthState`, and `OAuthAccount`. - Created Pydantic schemas to support OAuth flows, client management, and linked accounts. - Implemented skeleton endpoints for OAuth Provider mode: authorization, token, and revocation. - Updated router imports to include new `/oauth` and `/oauth/provider` routes. - Added Alembic migration script to create OAuth-related database tables. - Enhanced `users` table to allow OAuth-only accounts by making `password_hash` nullable.
193 lines
7.7 KiB
Python
Executable File
193 lines
7.7 KiB
Python
Executable File
# tests/core/test_config.py
|
|
import pytest
|
|
from pydantic import ValidationError
|
|
|
|
from app.core.config import Settings
|
|
|
|
|
|
class TestSecretKeyValidation:
|
|
"""Tests for SECRET_KEY validation"""
|
|
|
|
def test_secret_key_too_short_raises_error(self):
|
|
"""Test that SECRET_KEY shorter than 32 characters raises error"""
|
|
with pytest.raises(ValidationError) as exc_info:
|
|
Settings(SECRET_KEY="short_key", ENVIRONMENT="development")
|
|
|
|
# Pydantic Field's min_length validation triggers first
|
|
assert "at least 32 characters" in str(exc_info.value)
|
|
|
|
def test_default_secret_key_in_production_raises_error(self):
|
|
"""Test that default SECRET_KEY in production raises error"""
|
|
# Use the exact default value (padded to 32 chars to pass length check)
|
|
default_key = "your_secret_key_here" + "_" * 12 # Exactly 32 chars
|
|
with pytest.raises(ValidationError) as exc_info:
|
|
Settings(SECRET_KEY=default_key, ENVIRONMENT="production")
|
|
|
|
assert "must be set to a secure random value in production" in str(
|
|
exc_info.value
|
|
)
|
|
|
|
def test_default_secret_key_in_development_allows_with_warning(self, caplog):
|
|
"""Test that default SECRET_KEY in development is allowed but warns"""
|
|
settings = Settings(
|
|
SECRET_KEY="your_secret_key_here" + "x" * 14, ENVIRONMENT="development"
|
|
)
|
|
|
|
assert settings.SECRET_KEY == "your_secret_key_here" + "x" * 14
|
|
# Note: The warning happens during validation, which we've seen works
|
|
|
|
def test_valid_secret_key_accepted(self):
|
|
"""Test that valid SECRET_KEY is accepted"""
|
|
valid_key = "a" * 32
|
|
settings = Settings(SECRET_KEY=valid_key, ENVIRONMENT="production")
|
|
|
|
assert settings.SECRET_KEY == valid_key
|
|
|
|
|
|
class TestSuperuserPasswordValidation:
|
|
"""Tests for FIRST_SUPERUSER_PASSWORD validation"""
|
|
|
|
def test_none_password_accepted(self):
|
|
"""Test that None password is accepted (optional field)"""
|
|
settings = Settings(SECRET_KEY="a" * 32, FIRST_SUPERUSER_PASSWORD=None)
|
|
assert settings.FIRST_SUPERUSER_PASSWORD is None
|
|
|
|
def test_password_too_short_raises_error(self):
|
|
"""Test that password shorter than 12 characters raises error"""
|
|
with pytest.raises(ValidationError) as exc_info:
|
|
Settings(SECRET_KEY="a" * 32, FIRST_SUPERUSER_PASSWORD="Short1")
|
|
|
|
assert "must be at least 12 characters" in str(exc_info.value)
|
|
|
|
def test_weak_password_rejected(self):
|
|
"""Test that common weak passwords are rejected"""
|
|
# Test with the exact weak passwords from the validator
|
|
# These are in the weak_passwords set and should be rejected
|
|
weak_passwords = ["123456789012"] # Exactly 12 chars, in the weak set
|
|
|
|
for weak_pwd in weak_passwords:
|
|
with pytest.raises(ValidationError) as exc_info:
|
|
Settings(SECRET_KEY="a" * 32, FIRST_SUPERUSER_PASSWORD=weak_pwd)
|
|
# Should get "too weak" message
|
|
error_str = str(exc_info.value)
|
|
assert "too weak" in error_str
|
|
|
|
def test_password_without_lowercase_rejected(self):
|
|
"""Test that password without lowercase is rejected"""
|
|
with pytest.raises(ValidationError) as exc_info:
|
|
Settings(SECRET_KEY="a" * 32, FIRST_SUPERUSER_PASSWORD="ALLUPPERCASE123")
|
|
|
|
assert "must contain lowercase, uppercase, and digits" in str(exc_info.value)
|
|
|
|
def test_password_without_uppercase_rejected(self):
|
|
"""Test that password without uppercase is rejected"""
|
|
with pytest.raises(ValidationError) as exc_info:
|
|
Settings(SECRET_KEY="a" * 32, FIRST_SUPERUSER_PASSWORD="alllowercase123")
|
|
|
|
assert "must contain lowercase, uppercase, and digits" in str(exc_info.value)
|
|
|
|
def test_password_without_digit_rejected(self):
|
|
"""Test that password without digit is rejected"""
|
|
with pytest.raises(ValidationError) as exc_info:
|
|
Settings(SECRET_KEY="a" * 32, FIRST_SUPERUSER_PASSWORD="NoDigitsHere")
|
|
|
|
assert "must contain lowercase, uppercase, and digits" in str(exc_info.value)
|
|
|
|
def test_strong_password_accepted(self):
|
|
"""Test that strong password is accepted"""
|
|
strong_password = "StrongPassword123!"
|
|
settings = Settings(
|
|
SECRET_KEY="a" * 32, FIRST_SUPERUSER_PASSWORD=strong_password
|
|
)
|
|
|
|
assert settings.FIRST_SUPERUSER_PASSWORD == strong_password
|
|
|
|
|
|
class TestEnvironmentConfiguration:
|
|
"""Tests for environment-specific configuration"""
|
|
|
|
def test_default_environment_is_development(self):
|
|
"""Test that default environment is development"""
|
|
settings = Settings(SECRET_KEY="a" * 32)
|
|
assert settings.ENVIRONMENT == "development"
|
|
|
|
def test_environment_can_be_set(self):
|
|
"""Test that environment can be set to different values"""
|
|
for env in ["development", "staging", "production"]:
|
|
settings = Settings(SECRET_KEY="a" * 32, ENVIRONMENT=env)
|
|
assert settings.ENVIRONMENT == env
|
|
|
|
|
|
class TestDatabaseConfiguration:
|
|
"""Tests for database URL construction"""
|
|
|
|
def test_database_url_construction_from_components(self, monkeypatch):
|
|
"""Test that database URL is constructed correctly from components"""
|
|
# Clear .env file influence for this test
|
|
monkeypatch.delenv("POSTGRES_USER", raising=False)
|
|
monkeypatch.delenv("POSTGRES_PASSWORD", raising=False)
|
|
monkeypatch.delenv("POSTGRES_HOST", raising=False)
|
|
monkeypatch.delenv("POSTGRES_DB", raising=False)
|
|
|
|
settings = Settings(
|
|
SECRET_KEY="a" * 32,
|
|
POSTGRES_USER="testuser",
|
|
POSTGRES_PASSWORD="testpass",
|
|
POSTGRES_HOST="testhost",
|
|
POSTGRES_PORT="5432",
|
|
POSTGRES_DB="testdb",
|
|
DATABASE_URL=None, # Don't use explicit URL
|
|
)
|
|
|
|
expected_url = "postgresql://testuser:testpass@testhost:5432/testdb"
|
|
assert settings.database_url == expected_url
|
|
|
|
def test_explicit_database_url_used_when_set(self):
|
|
"""Test that explicit DATABASE_URL is used when provided"""
|
|
explicit_url = "postgresql://explicit:pass@host:5432/db"
|
|
settings = Settings(SECRET_KEY="a" * 32, DATABASE_URL=explicit_url)
|
|
|
|
assert settings.database_url == explicit_url
|
|
|
|
|
|
class TestJWTConfiguration:
|
|
"""Tests for JWT configuration"""
|
|
|
|
def test_token_expiration_defaults(self):
|
|
"""Test that token expiration defaults are set correctly"""
|
|
settings = Settings(SECRET_KEY="a" * 32)
|
|
|
|
assert settings.ACCESS_TOKEN_EXPIRE_MINUTES == 15 # 15 minutes
|
|
assert settings.REFRESH_TOKEN_EXPIRE_DAYS == 7 # 7 days
|
|
|
|
def test_algorithm_default(self):
|
|
"""Test that default algorithm is HS256"""
|
|
settings = Settings(SECRET_KEY="a" * 32)
|
|
assert settings.ALGORITHM == "HS256"
|
|
|
|
|
|
class TestProjectConfiguration:
|
|
"""Tests for project-level configuration"""
|
|
|
|
def test_project_name_can_be_set(self):
|
|
"""Test that project name can be explicitly set"""
|
|
settings = Settings(SECRET_KEY="a" * 32, PROJECT_NAME="TestApp")
|
|
assert settings.PROJECT_NAME == "TestApp"
|
|
|
|
def test_project_name_is_set(self):
|
|
"""Test that project name has a value (from default or environment)"""
|
|
settings = Settings(SECRET_KEY="a" * 32)
|
|
# PROJECT_NAME should be a non-empty string
|
|
assert isinstance(settings.PROJECT_NAME, str)
|
|
assert len(settings.PROJECT_NAME) > 0
|
|
|
|
def test_api_version_string(self):
|
|
"""Test that API version string is correct"""
|
|
settings = Settings(SECRET_KEY="a" * 32)
|
|
assert settings.API_V1_STR == "/api/v1"
|
|
|
|
def test_version_default(self):
|
|
"""Test that version is set"""
|
|
settings = Settings(SECRET_KEY="a" * 32)
|
|
assert settings.VERSION == "1.0.0"
|