34 lines
1.2 KiB
Python
34 lines
1.2 KiB
Python
from fastapi import HTTPException
|
|
|
|
from app import auth
|
|
from app.config import Settings
|
|
|
|
|
|
def test_student_cookie_signing_roundtrip():
|
|
settings = Settings(secret_key="secret", public_url="http://testserver")
|
|
token = auth.sign_student(settings, "ABC123", "s1", "Ada", "cookie-id")
|
|
payload = auth.loads_cookie(settings, token)
|
|
assert payload == {"sid": "ABC123", "student_id": "s1", "name": "Ada", "cookie_id": "cookie-id"}
|
|
|
|
|
|
def test_tampered_cookie_rejected():
|
|
settings = Settings(secret_key="secret")
|
|
token = auth.sign_admin(settings)
|
|
assert auth.loads_cookie(settings, token + "tamper") is None
|
|
|
|
|
|
def test_admin_password_success_and_failure():
|
|
settings = Settings(secret_key="secret", admin_password="pw")
|
|
assert auth.verify_admin_password(settings, "pw")
|
|
assert not auth.verify_admin_password(settings, "wrong")
|
|
assert not auth.verify_admin_password(Settings(secret_key="secret"), "pw")
|
|
|
|
|
|
def test_serializer_requires_secret():
|
|
try:
|
|
auth.sign_admin(Settings(secret_key=None))
|
|
except HTTPException as exc:
|
|
assert exc.status_code == 500
|
|
else:
|
|
raise AssertionError("Expected missing secret to fail")
|