feat: Use secure random tokens for authentication and password handling in tests

2025-11-12 11:36:19 +01:00
parent 3988171b46
commit 5d6592d657
3 changed files with 35 additions and 26 deletions
--- a/tests/test_scenario_validation.py
+++ b/tests/test_scenario_validation.py
@@ -1,5 +1,6 @@
 from __future__ import annotations

+import secrets
 from datetime import date
 from collections.abc import Iterator
 from typing import cast
@@ -176,8 +177,11 @@ def api_client(session_factory) -> Iterator[TestClient]:
        user = uow.users.get(user.id, with_roles=True)

    def _override_auth_session(request: Request) -> AuthSession:
-        session = AuthSession(tokens=SessionTokens(
-            access_token="test", refresh_token="test"))
+        tokens = SessionTokens(
+            access_token=secrets.token_urlsafe(16),
+            refresh_token=secrets.token_urlsafe(16),
+        )
+        session = AuthSession(tokens=tokens)
        session.user = user
        request.state.auth_session = session
        return session