Arnike/duty-teller
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 14 Wiki Activity
Files
5dc8c8f255740888dce626986dc18970dfe641e2
duty-teller/api/test_telegram_auth.py
Nikolay Tatarinov 5dc8c8f255 Enhance API and configuration for Telegram miniapp 
- Added support for CORS origins and a new environment variable for miniapp access control.
- Implemented date validation for API requests to ensure correct date formats.
- Updated FastAPI app to allow access without Telegram initData for local development.
- Enhanced error handling and logging for better debugging.
- Added tests for API functionality and Telegram initData validation.
- Updated README with new environment variable details and testing instructions.
- Modified Docker and Git ignore files to include additional directories and files.
2026-02-17 17:21:35 +03:00

85 lines
2.6 KiB
Python
Raw Blame History

"""Tests for api.telegram_auth.validate_init_data."""
import hashlib
import hmac
import json
from urllib.parse import quote, urlencode
import pytest
from api.telegram_auth import validate_init_data
def _make_init_data(user: dict | None, bot_token: str) -> str:
"""Build initData string with valid HMAC for testing."""
params = {}
if user is not None:
params["user"] = quote(json.dumps(user))
pairs = sorted(params.items())
data_string = "\n".join(f"{k}={v}" for k, v in pairs)
secret_key = hmac.new(
b"WebAppData",
msg=bot_token.encode(),
digestmod=hashlib.sha256,
).digest()
computed = hmac.new(
secret_key,
msg=data_string.encode(),
digestmod=hashlib.sha256,
).hexdigest()
params["hash"] = computed
return "&".join(f"{k}={v}" for k, v in sorted(params.items()))
def test_valid_payload_returns_username():
bot_token = "123:ABC"
user = {"id": 123, "username": "testuser", "first_name": "Test"}
init_data = _make_init_data(user, bot_token)
assert validate_init_data(init_data, bot_token) == "testuser"
def test_valid_payload_username_lowercase():
bot_token = "123:ABC"
user = {"id": 123, "username": "TestUser", "first_name": "Test"}
init_data = _make_init_data(user, bot_token)
assert validate_init_data(init_data, bot_token) == "testuser"
def test_invalid_hash_returns_none():
bot_token = "123:ABC"
user = {"id": 123, "username": "testuser"}
init_data = _make_init_data(user, bot_token)
# Tamper with hash
init_data = init_data.replace("hash=", "hash=x")
assert validate_init_data(init_data, bot_token) is None
def test_wrong_bot_token_returns_none():
bot_token = "123:ABC"
user = {"id": 123, "username": "testuser"}
init_data = _make_init_data(user, bot_token)
assert validate_init_data(init_data, "other:token") is None
def test_missing_user_returns_none():
bot_token = "123:ABC"
init_data = _make_init_data(None, bot_token) # no user key
assert validate_init_data(init_data, bot_token) is None
def test_user_without_username_returns_none():
bot_token = "123:ABC"
user = {"id": 123, "first_name": "Test"} # no username
init_data = _make_init_data(user, bot_token)
assert validate_init_data(init_data, bot_token) is None
def test_empty_init_data_returns_none():
assert validate_init_data("", "token") is None
assert validate_init_data(" ", "token") is None
def test_empty_bot_token_returns_none():
user = {"id": 1, "username": "u"}
init_data = _make_init_data(user, "token")
assert validate_init_data(init_data, "") is None
Reference in New Issue View Git Blame Copy Permalink