brut/bincio-auth
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test: add pytest suite covering auth, invites, admin and OIDC flows (59 tests)

Browse Source
This commit is contained in:
Davide Scaini
2026-06-03 22:10:40 +02:00
parent b61aa39b3b
commit 1d3c25f855
6 changed files with 934 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/test_invites.py
+67
View File
@@ -0,0 +1,67 @@
"""Tests for invite management endpoints."""
from __future__ import annotations
from bincio.auth.db import create_invite
from .conftest import auth_cookies
def test_list_invites_empty(client, user):
cookies = auth_cookies("alice", "alicepass1", client)
r = client.get("/api/invites", cookies=cookies)
assert r.status_code == 200
assert r.json() == []
def test_create_and_list_invite(client, user):
cookies = auth_cookies("alice", "alicepass1", client)
r = client.post("/api/invites", json={}, cookies=cookies)
assert r.status_code == 200
code = r.json()["code"]
assert len(code) > 0
r2 = client.get("/api/invites", cookies=cookies)
codes = [i["code"] for i in r2.json()]
assert code in codes
def test_invite_limit_regular_user(client, user):
cookies = auth_cookies("alice", "alicepass1", client)
# Regular users capped at 3
for _ in range(3):
r = client.post("/api/invites", json={}, cookies=cookies)
assert r.status_code == 200
r = client.post("/api/invites", json={}, cookies=cookies)
assert r.status_code == 400
def test_admin_has_no_invite_limit(client, admin):
cookies = auth_cookies("admin", "adminpass1", client)
for _ in range(5):
r = client.post("/api/invites", json={}, cookies=cookies)
assert r.status_code == 200
def test_create_invite_unauthenticated(client):
r = client.post("/api/invites", json={})
assert r.status_code == 401
def test_list_invites_unauthenticated(client):
r = client.get("/api/invites")
assert r.status_code == 401
def test_invite_grants_activity_flag(client, admin):
cookies = auth_cookies("admin", "adminpass1", client)
r = client.post("/api/invites", json={"grants_activity": True}, cookies=cookies)
assert r.status_code == 200
assert r.json()["grants_activity"] is True
def test_regular_user_cannot_grant_activity_they_dont_have(client, user):
# alice has no activity_access
cookies = auth_cookies("alice", "alicepass1", client)
r = client.post("/api/invites", json={"grants_activity": True}, cookies=cookies)
assert r.status_code == 400