Nikolay Tatarinov
1948618394
- Improved formatting and readability in config.py and other files by adding line breaks. - Introduced INIT_DATA_MAX_AGE_SECONDS to enforce replay protection for Telegram initData. - Updated validate_init_data function to include max_age_seconds parameter for validation. - Enhanced API to reject old initData based on the new max_age_seconds setting. - Added tests for auth_date expiry and validation of initData in test_telegram_auth.py. - Updated README with details on the new INIT_DATA_MAX_AGE_SECONDS configuration.
37 lines
1.3 KiB
Python
37 lines
1.3 KiB
Python
"""Tests for config.is_admin and config.can_access_miniapp."""
|
|
|
|
import config
|
|
|
|
|
|
def test_is_admin_true_when_in_admin_list(monkeypatch):
|
|
monkeypatch.setattr(config, "ADMIN_USERNAMES", {"admin1", "admin2"})
|
|
assert config.is_admin("admin1") is True
|
|
assert config.is_admin("ADMIN1") is True
|
|
assert config.is_admin("admin2") is True
|
|
|
|
|
|
def test_is_admin_false_when_not_in_list(monkeypatch):
|
|
monkeypatch.setattr(config, "ADMIN_USERNAMES", {"admin1"})
|
|
assert config.is_admin("other") is False
|
|
assert config.is_admin("") is False
|
|
|
|
|
|
def test_can_access_miniapp_allowed_username(monkeypatch):
|
|
monkeypatch.setattr(config, "ALLOWED_USERNAMES", {"user1"})
|
|
monkeypatch.setattr(config, "ADMIN_USERNAMES", set())
|
|
assert config.can_access_miniapp("user1") is True
|
|
assert config.can_access_miniapp("USER1") is True
|
|
|
|
|
|
def test_can_access_miniapp_admin_has_access(monkeypatch):
|
|
monkeypatch.setattr(config, "ALLOWED_USERNAMES", set())
|
|
monkeypatch.setattr(config, "ADMIN_USERNAMES", {"admin1"})
|
|
assert config.can_access_miniapp("admin1") is True
|
|
|
|
|
|
def test_can_access_miniapp_denied(monkeypatch):
|
|
monkeypatch.setattr(config, "ALLOWED_USERNAMES", {"user1"})
|
|
monkeypatch.setattr(config, "ADMIN_USERNAMES", set())
|
|
assert config.can_access_miniapp("other") is False
|
|
assert config.can_access_miniapp("") is False
|