Nikolay Tatarinov
7ba4771501
All checks were successful
CI / lint-and-test (push) Successful in 24s
- Revised the `.env.example` file to clarify the purpose of the `MINI_APP_SKIP_AUTH` variable, emphasizing its insecure nature and restriction to development use only. - Updated the `README.md` to reflect changes in API authentication requirements, specifying that unauthenticated access to `/api/duties` and `/api/calendar-events` is only allowed with `MINI_APP_SKIP_AUTH=1`. - Enhanced `configuration.md` to detail the implications of using `MINI_APP_SKIP_AUTH` for API access without Telegram initData. - Removed the `_is_private_client` function and its associated tests, streamlining the codebase and focusing on the current authentication model. - Added logging in `run.py` to warn when `MINI_APP_SKIP_AUTH` is enabled, highlighting the security risks.
74 lines
2.9 KiB
Python
74 lines
2.9 KiB
Python
"""Tests for duty_teller.api.dependencies (lang, auth error, date validation, private client)."""
|
|
|
|
from unittest.mock import patch
|
|
|
|
import pytest
|
|
from fastapi import HTTPException
|
|
|
|
import duty_teller.api.dependencies as deps
|
|
import duty_teller.config as config
|
|
|
|
|
|
class TestLangFromAcceptLanguage:
|
|
"""Tests for _lang_from_accept_language."""
|
|
|
|
def test_none_returns_default(self):
|
|
assert deps._lang_from_accept_language(None) == config.DEFAULT_LANGUAGE
|
|
|
|
def test_empty_string_returns_default(self):
|
|
assert deps._lang_from_accept_language("") == config.DEFAULT_LANGUAGE
|
|
assert deps._lang_from_accept_language(" ") == config.DEFAULT_LANGUAGE
|
|
|
|
def test_ru_ru_returns_ru(self):
|
|
assert deps._lang_from_accept_language("ru-RU,ru;q=0.9") == "ru"
|
|
|
|
def test_en_us_returns_en(self):
|
|
assert deps._lang_from_accept_language("en-US") == "en"
|
|
|
|
def test_invalid_fallback_to_en(self):
|
|
assert deps._lang_from_accept_language("zz") == "en"
|
|
assert deps._lang_from_accept_language("x") == "en"
|
|
|
|
|
|
class TestAuthErrorDetail:
|
|
"""Tests for _auth_error_detail."""
|
|
|
|
def test_hash_mismatch_uses_bad_signature_key(self):
|
|
with patch("duty_teller.api.dependencies.t") as mock_t:
|
|
mock_t.return_value = "Bad signature"
|
|
result = deps._auth_error_detail("hash_mismatch", "en")
|
|
assert result == "Bad signature"
|
|
mock_t.assert_called_once_with("en", "api.auth_bad_signature")
|
|
|
|
def test_other_reason_uses_auth_invalid_key(self):
|
|
with patch("duty_teller.api.dependencies.t") as mock_t:
|
|
mock_t.return_value = "Invalid auth"
|
|
result = deps._auth_error_detail("expired", "ru")
|
|
assert result == "Invalid auth"
|
|
mock_t.assert_called_once_with("ru", "api.auth_invalid")
|
|
|
|
|
|
class TestValidateDutyDates:
|
|
"""Tests for _validate_duty_dates."""
|
|
|
|
def test_valid_range_no_exception(self):
|
|
deps._validate_duty_dates("2025-01-01", "2025-01-31", "en")
|
|
|
|
def test_bad_format_raises_400_with_i18n(self):
|
|
with patch("duty_teller.api.dependencies.t") as mock_t:
|
|
mock_t.return_value = "Bad format message"
|
|
with pytest.raises(HTTPException) as exc_info:
|
|
deps._validate_duty_dates("01-01-2025", "2025-01-31", "en")
|
|
assert exc_info.value.status_code == 400
|
|
assert exc_info.value.detail == "Bad format message"
|
|
mock_t.assert_called_with("en", "dates.bad_format")
|
|
|
|
def test_from_after_to_raises_400_with_i18n(self):
|
|
with patch("duty_teller.api.dependencies.t") as mock_t:
|
|
mock_t.return_value = "From after to message"
|
|
with pytest.raises(HTTPException) as exc_info:
|
|
deps._validate_duty_dates("2025-02-01", "2025-01-01", "ru")
|
|
assert exc_info.value.status_code == 400
|
|
assert exc_info.value.detail == "From after to message"
|
|
mock_t.assert_called_with("ru", "dates.from_after_to")
|