allucanget/calminer
2
0
Fork 0
Code Pull Requests Actions Packages Releases Activity

feat: Implement random password and token generation for tests

Browse Source
This commit is contained in:
zwitschi
2025-11-12 11:53:44 +01:00
parent 3bdae3c54c
commit e06a6ae068
8 changed files with 83 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
tests/test_auth_routes.py
View File

@@ -14,6 +14,10 @@ from models import Role, User, UserRole
from dependencies import get_auth_session, require_current_user
from services.security import hash_password
from services.session import AuthSession, SessionTokens
from tests.conftest import app
from tests.utils.security import random_password, random_token
COOKIE_SOURCE = "cookie"
@pytest.fixture()
@@ -40,13 +44,14 @@ class TestRegistrationFlow:
client: TestClient,
db_session: Session,
) -> None:
password = random_password()
response = client.post(
"/register",
data={
"username": "newuser",
"email": "newuser@example.com",
"password": "ComplexP@ss1",
"confirm_password": "ComplexP@ss1",
"password": password,
"confirm_password": password,
},
follow_redirects=False,
)
@@ -78,13 +83,14 @@ class TestRegistrationFlow:
self,
client: TestClient,
) -> None:
password = random_password()
first = client.post(
"/register",
data={
"username": "existing",
"email": "existing@example.com",
"password": "ComplexP@ss1",
"confirm_password": "ComplexP@ss1",
"password": password,
"confirm_password": password,
},
follow_redirects=False,
)
@@ -95,8 +101,8 @@ class TestRegistrationFlow:
data={
"username": "existing",
"email": "existing@example.com",
"password": "ComplexP@ss1",
"confirm_password": "ComplexP@ss1",
"password": password,
"confirm_password": password,
},
follow_redirects=False,
)
@@ -111,7 +117,7 @@ class TestLoginFlow:
client: TestClient,
db_session: Session,
) -> None:
password = "MySecur3Pass!"
password = random_password()
user = User(
email="login@example.com",
username="loginuser",
@@ -153,10 +159,11 @@ class TestPasswordResetFlow:
client: TestClient,
db_session: Session,
) -> None:
old_password = random_password()
user = User(
email="reset@example.com",
username="resetuser",
password_hash=hash_password("OldP@ssword1"),
password_hash=hash_password(old_password),
is_active=True,
)
db_session.add(user)
@@ -179,12 +186,13 @@ class TestPasswordResetFlow:
form_response = client.get(reset_location)
assert form_response.status_code == 200
new_password = random_password()
submit_response = client.post(
"/reset-password",
data={
"token": token,
"password": "N3wP@ssword!",
"confirm_password": "N3wP@ssword!",
"password": new_password,
"confirm_password": new_password,
},
follow_redirects=False,
)
@@ -193,7 +201,7 @@ class TestPasswordResetFlow:
assert "reset=1" in (submit_response.headers.get("location") or "")
db_session.refresh(user)
assert user.verify_password("N3wP@ssword!")
assert user.verify_password(new_password)
def test_password_reset_with_unknown_email_shows_generic_message(
self,
@@ -213,10 +221,11 @@ class TestPasswordResetFlow:
client: TestClient,
db_session: Session,
) -> None:
original_password = random_password()
user = User(
email="mismatch@example.com",
username="mismatch",
password_hash=hash_password("OldP@ssword1"),
password_hash=hash_password(original_password),
is_active=True,
)
db_session.add(user)
@@ -234,8 +243,8 @@ class TestPasswordResetFlow:
"/reset-password",
data={
"token": token,
"password": "NewPass123!",
"confirm_password": "Different123!",
"password": random_password(),
"confirm_password": random_password(),
},
follow_redirects=False,
)
@@ -250,10 +259,11 @@ class TestLogoutFlow:
client: TestClient,
db_session: Session,
) -> None:
logout_password = random_password()
user = User(
email="logout@example.com",
username="logoutuser",
password_hash=hash_password("SecureP@ss1"),
password_hash=hash_password(logout_password),
is_active=True,
)
db_session.add(user)
@@ -261,9 +271,9 @@ class TestLogoutFlow:
session = AuthSession(
tokens=SessionTokens(
access_token="access-token",
refresh_token="refresh-token",
access_token_source="cookie",
access_token=random_token(),
refresh_token=random_token(),
access_token_source=COOKIE_SOURCE,
),
user=user,
)
@@ -313,7 +323,7 @@ class TestLoginFlowEndToEnd:
def test_login_success_redirects_to_dashboard_and_sets_session(
self, client: TestClient, db_session: Session
) -> None:
password = "TestP@ss123"
password = random_password()
user = User(
email="e2e@example.com",
username="e2euser",
@@ -369,10 +379,11 @@ class TestLoginFlowEndToEnd:
app.dependency_overrides.pop(get_auth_session, None)
def test_login_inactive_user_shows_error(self, client: TestClient, db_session: Session) -> None:
password = random_password()
user = User(
email="inactive@example.com",
username="inactiveuser",
password_hash=hash_password("TestP@ss123"),
password_hash=hash_password(password),
is_active=False,
)
db_session.add(user)
@@ -384,7 +395,7 @@ class TestLoginFlowEndToEnd:
try:
response = client.post(
"/login",
data={"username": "inactiveuser", "password": "TestP@ss123"},
data={"username": "inactiveuser", "password": password},
follow_redirects=False,
)
assert response.status_code == 400