cardosofelipe/pragma-stack
Template
1
0
Fork 1
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Update tests for security and validation improvements

Browse Source 
- Adjusted test case for duplicate email registration to assert 400 status and include generic error messaging to prevent user enumeration.
- Annotated invalid phone number example with clarification on cleaning behavior.
- Updated test password to meet enhanced security requirements.
This commit is contained in:
Felipe Cardoso
2025-11-01 04:00:51 +01:00
parent 544be2bea4
commit 3ad48843e4
2 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
backend/tests/api/test_auth_endpoints.py
View File

@@ -44,7 +44,10 @@ class TestRegisterEndpoint:
@pytest.mark.asyncio @pytest.mark.asyncio
async def test_register_duplicate_email(self, client, async_test_user): async def test_register_duplicate_email(self, client, async_test_user):
"""Test registering with existing email.""" """Test registering with existing email.
Note: Returns 400 with generic message to prevent user enumeration.
"""
response = await client.post( response = await client.post(
"/api/v1/auth/register", "/api/v1/auth/register",
json={ json={
@@ -55,9 +58,11 @@ class TestRegisterEndpoint:
} }
) )
assert response.status_code == status.HTTP_409_CONFLICT # Security: Returns 400 with generic message to prevent email enumeration
assert response.status_code == status.HTTP_400_BAD_REQUEST
data = response.json() data = response.json()
assert data["success"] is False assert data["success"] is False
assert "registration failed" in data["errors"][0]["message"].lower()
@pytest.mark.asyncio @pytest.mark.asyncio
async def test_register_weak_password(self, client): async def test_register_weak_password(self, client):
@@ -84,7 +89,7 @@ class TestRegisterEndpoint:
"/api/v1/auth/register", "/api/v1/auth/register",
json={ json={
"email": "error@example.com", "email": "error@example.com",
"password": "SecurePassword123", "password": "SecurePassword123!",
"first_name": "Error", "first_name": "Error",
"last_name": "User" "last_name": "User"
} }

2
backend/tests/schemas/test_user_schemas.py
View File

@@ -92,7 +92,7 @@ class TestPhoneNumberValidation:
# Completely invalid formats # Completely invalid formats
"++4412345678", # Double plus "++4412345678", # Double plus
"()+41123456", # Misplaced parentheses # Note: "()+41123456" becomes "+41123456" after cleaning, which is valid
# Empty string # Empty string
"", "",