diff --git a/app/services/auth.py b/app/services/auth.py index af8b52e..84e2924 100644 --- a/app/services/auth.py +++ b/app/services/auth.py @@ -15,7 +15,7 @@ import secrets, string, os from dotenv import load_dotenv load_dotenv() -SECRET_KEY = os.getenv("SECRET_KEY") +SECRET_KEY = os.getenv("SECRET_KEY", default="ff"*16) ALGORITHM = "HS256" ACCESS_TOKEN_EXPIRE_MINUTES = 120 diff --git a/test/conftest.py b/test/conftest.py index bf850df..cc1a953 100644 --- a/test/conftest.py +++ b/test/conftest.py @@ -68,7 +68,7 @@ def regular_user(db_session): def auth_headers(client, admin_user): """Get authentication headers for admin user.""" response = client.post( - "/token", + "/api/v1/token", data={"username": admin_user.name, "password": "admin123"} ) token = response.json()["access_token"] @@ -79,7 +79,7 @@ def auth_headers(client, admin_user): def user_auth_headers(client, regular_user): """Get authentication headers for regular user.""" response = client.post( - "/token", + "/api/v1/token", data={"username": regular_user.name, "password": "user123"} ) token = response.json()["access_token"] diff --git a/test/test_services/test_aa_manager.py b/test/test_services/test_aa_manager.py index 25a8f04..3bfdb3c 100644 --- a/test/test_services/test_aa_manager.py +++ b/test/test_services/test_aa_manager.py @@ -13,7 +13,7 @@ def test_create_access_auth(client, auth_headers): ] } - response = client.post("/aa/", json=aa_data, headers=auth_headers) + response = client.post("/api/v1/aa/", json=aa_data, headers=auth_headers) assert response.status_code == 200 data = response.json() @@ -25,7 +25,7 @@ def test_create_access_auth(client, auth_headers): def test_get_all_access_auths(client, auth_headers, test_aa): """Test retrieving all access authorizations.""" - response = client.get("/aa/", headers=auth_headers) + response = client.get("/api/v1/aa/", headers=auth_headers) assert response.status_code == 200 aa_list = response.json() @@ -37,7 +37,7 @@ def test_get_all_access_auths(client, auth_headers, test_aa): def test_get_access_auth_by_id(client, auth_headers, test_aa): """Test retrieving a specific access authorization by ID.""" - response = client.get(f"/aa/{test_aa.id}", headers=auth_headers) + response = client.get(f"/api/v1/aa/{test_aa.id}", headers=auth_headers) assert response.status_code == 200 data = response.json() @@ -47,14 +47,14 @@ def test_get_access_auth_by_id(client, auth_headers, test_aa): def test_get_nonexistent_access_auth(client, auth_headers): """Test retrieving a non-existent access authorization.""" - response = client.get("/aa/99999", headers=auth_headers) + response = client.get("/api/v1/aa/99999", headers=auth_headers) assert response.status_code == 404 def test_assign_access_auth_to_group(client, auth_headers, test_group, test_aa): """Test assigning an access authorization to a group.""" response = client.put( - f"/aa/assign/{test_group.id}/{test_aa.id}", + f"/api/v1/aa/assign/{test_group.id}/{test_aa.id}", headers=auth_headers ) assert response.status_code == 200 @@ -68,11 +68,11 @@ def test_assign_access_auth_to_group(client, auth_headers, test_group, test_aa): def test_assign_already_assigned_access_auth(client, auth_headers, test_group, test_aa): """Test assigning an already assigned access authorization.""" # First assignment - client.put(f"/aa/assign/{test_group.id}/{test_aa.id}", headers=auth_headers) + client.put(f"/api/v1/aa/assign/{test_group.id}/{test_aa.id}", headers=auth_headers) # Second assignment should indicate it's already assigned response = client.put( - f"/aa/assign/{test_group.id}/{test_aa.id}", + f"/api/v1/aa/assign/{test_group.id}/{test_aa.id}", headers=auth_headers ) # According to the code, this returns 409 with "already assigned" message @@ -83,11 +83,11 @@ def test_assign_already_assigned_access_auth(client, auth_headers, test_group, t def test_unassign_access_auth_from_group(client, auth_headers, test_group, test_aa): """Test unassigning an access authorization from a group.""" # First assign - client.put(f"/aa/assign/{test_group.id}/{test_aa.id}", headers=auth_headers) + client.put(f"/api/v1/aa/assign/{test_group.id}/{test_aa.id}", headers=auth_headers) # Then unassign response = client.put( - f"/aa/unassign/{test_group.id}/{test_aa.id}", + f"/api/v1/aa/unassign/{test_group.id}/{test_aa.id}", headers=auth_headers ) assert response.status_code == 200 @@ -96,7 +96,7 @@ def test_unassign_access_auth_from_group(client, auth_headers, test_group, test_ def test_unassign_nonexistent_assignment(client, auth_headers, test_group, test_aa): """Test unassigning a non-existent assignment.""" response = client.put( - f"/aa/unassign/{test_group.id}/{test_aa.id}", + f"/api/v1/aa/unassign/{test_group.id}/{test_aa.id}", headers=auth_headers ) assert response.status_code == 404 @@ -104,13 +104,13 @@ def test_unassign_nonexistent_assignment(client, auth_headers, test_group, test_ def test_assign_to_nonexistent_group(client, auth_headers, test_aa): """Test assigning an AA to a non-existent group.""" - response = client.put(f"/aa/assign/99999/{test_aa.id}", headers=auth_headers) + response = client.put(f"/api/v1/aa/assign/99999/{test_aa.id}", headers=auth_headers) assert response.status_code == 404 def test_assign_nonexistent_aa(client, auth_headers, test_group): """Test assigning a non-existent AA to a group.""" - response = client.put(f"/aa/assign/{test_group.id}/99999", headers=auth_headers) + response = client.put(f"/api/v1/aa/assign/{test_group.id}/99999", headers=auth_headers) assert response.status_code == 404 @@ -122,7 +122,7 @@ def test_update_access_auth(client, auth_headers, test_aa): } response = client.patch( - f"/aa/{test_aa.id}", + f"/api/v1/aa/{test_aa.id}", json=update_data, headers=auth_headers ) @@ -142,7 +142,7 @@ def test_update_access_auth_with_timetables(client, auth_headers, test_aa): } response = client.patch( - f"/aa/{test_aa.id}", + f"/api/v1/aa/{test_aa.id}", json=update_data, headers=auth_headers ) @@ -157,24 +157,24 @@ def test_update_access_auth_with_timetables(client, auth_headers, test_aa): def test_update_nonexistent_access_auth(client, auth_headers): """Test updating a non-existent access authorization.""" update_data = {"name": "Updated"} - response = client.patch("/aa/99999", json=update_data, headers=auth_headers) + response = client.patch("/api/v1/aa/99999", json=update_data, headers=auth_headers) assert response.status_code == 404 def test_delete_access_auth(client, auth_headers, test_aa): """Test deleting an access authorization.""" - response = client.delete(f"/aa/{test_aa.id}", headers=auth_headers) + response = client.delete(f"/api/v1/aa/{test_aa.id}", headers=auth_headers) assert response.status_code == 200 assert "deleted successfully" in response.json()["message"].lower() # Verify AA is deleted - response = client.get(f"/aa/{test_aa.id}", headers=auth_headers) + response = client.get(f"/api/v1/aa/{test_aa.id}", headers=auth_headers) assert response.status_code == 404 def test_delete_nonexistent_access_auth(client, auth_headers): """Test deleting a non-existent access authorization.""" - response = client.delete("/aa/99999", headers=auth_headers) + response = client.delete("/api/v1/aa/99999", headers=auth_headers) assert response.status_code == 404 @@ -182,16 +182,16 @@ def test_aa_operations_by_non_admin(client, test_aa, user_auth_headers): """Test that non-admin users cannot perform AA operations.""" # Try to create an AA response = client.post( - "/aa/", + "/api/v1/aa/", json={"name": "test", "is_active": True, "timetables": []}, headers=user_auth_headers ) assert response.status_code == 403 # Try to get all AAs - response = client.get("/aa/", headers=user_auth_headers) + response = client.get("/api/v1/aa/", headers=user_auth_headers) assert response.status_code == 403 # Try to assign AA - response = client.put(f"/aa/assign/1/{test_aa.id}", headers=user_auth_headers) + response = client.put(f"/api/v1/aa/assign/1/{test_aa.id}", headers=user_auth_headers) assert response.status_code == 403 diff --git a/test/test_services/test_auth.py b/test/test_services/test_auth.py index 07d8200..20fcd70 100644 --- a/test/test_services/test_auth.py +++ b/test/test_services/test_auth.py @@ -158,7 +158,7 @@ def test_token_endpoint(client, admin_user): """Test the token endpoint for login.""" # Test successful login response = client.post( - "/token", + "/api/v1/token", data={"username": admin_user.name, "password": "admin123"} ) assert response.status_code == 200 @@ -168,14 +168,14 @@ def test_token_endpoint(client, admin_user): # Test failed login with wrong password response = client.post( - "/token", + "/api/v1/token", data={"username": admin_user.name, "password": "wrongpassword"} ) assert response.status_code == 401 # Test failed login with non-existent user response = client.post( - "/token", + "/api/v1/token", data={"username": "nonexistent", "password": "password"} ) assert response.status_code == 401 @@ -184,12 +184,12 @@ def test_token_endpoint(client, admin_user): def test_test_login_endpoint(client, admin_user, auth_headers): """Test the test login endpoint.""" # Test with valid token - response = client.get("/test/login", headers=auth_headers) + response = client.get("/api/v1/test/login", headers=auth_headers) assert response.status_code == 200 data = response.json() assert data["name"] == admin_user.name assert data["is_admin"] is True # Test without token - response = client.get("/test/login") + response = client.get("/api/v1/test/login") assert response.status_code == 401 diff --git a/test/test_services/test_card_manager.py b/test/test_services/test_card_manager.py index 84497ed..dc68cbb 100644 --- a/test/test_services/test_card_manager.py +++ b/test/test_services/test_card_manager.py @@ -3,7 +3,7 @@ from fastapi import status def test_get_cards_for_group(client, auth_headers, test_group, test_card): """Test getting all cards for a group.""" - response = client.get(f"/cards/{test_group.id}", headers=auth_headers) + response = client.get(f"/api/v1/cards/{test_group.id}", headers=auth_headers) assert response.status_code == 200 cards = response.json() @@ -13,7 +13,7 @@ def test_get_cards_for_group(client, auth_headers, test_group, test_card): def test_get_cards_for_nonexistent_group(client, auth_headers): """Test getting cards for a non-existent group.""" - response = client.get("/cards/99999", headers=auth_headers) + response = client.get("/api/v1/cards/99999", headers=auth_headers) assert response.status_code == 200 cards = response.json() @@ -23,9 +23,9 @@ def test_get_cards_for_nonexistent_group(client, auth_headers): def test_card_operations_by_non_admin(client, test_group, user_auth_headers): """Test that non-admin users cannot perform card operations.""" # Try to add a card - response = client.post(f"/cards/{test_group.id}", headers=user_auth_headers) + response = client.post(f"/api/v1/cards/{test_group.id}", headers=user_auth_headers) assert response.status_code == 403 # Try to get cards - response = client.get(f"/cards/{test_group.id}", headers=user_auth_headers) + response = client.get(f"/api/v1/cards/{test_group.id}", headers=user_auth_headers) assert response.status_code == 403 diff --git a/test/test_services/test_group_manager.py b/test/test_services/test_group_manager.py index c40e2dd..6eb3dbf 100644 --- a/test/test_services/test_group_manager.py +++ b/test/test_services/test_group_manager.py @@ -6,7 +6,7 @@ def test_create_group(client, auth_headers): """Test creating a new group.""" group_data = {"name": "New Test Group"} - response = client.post("/groups/", json=group_data, headers=auth_headers) + response = client.post("/api/v1/groups/", json=group_data, headers=auth_headers) assert response.status_code == 200 data = response.json() @@ -18,14 +18,14 @@ def test_create_duplicate_group(client, auth_headers, test_group): """Test creating a group with a duplicate name.""" group_data = {"name": test_group.name} - response = client.post("/groups/", json=group_data, headers=auth_headers) + response = client.post("/api/v1/groups/", json=group_data, headers=auth_headers) # This should fail due to unique constraint assert response.status_code == 409 # Validation error def test_get_groups(client, auth_headers, test_group): """Test retrieving all groups.""" - response = client.get("/groups/", headers=auth_headers) + response = client.get("/api/v1/groups/", headers=auth_headers) assert response.status_code == 200 groups = response.json() @@ -37,19 +37,19 @@ def test_get_groups(client, auth_headers, test_group): def test_delete_group(client, auth_headers, test_group): """Test deleting a group.""" - response = client.delete(f"/groups/{test_group.id}", headers=auth_headers) + response = client.delete(f"/api/v1/groups/{test_group.id}", headers=auth_headers) assert response.status_code == 200 assert "deleted successfully" in response.json()["message"].lower() # Verify group is deleted - response = client.get("/groups/", headers=auth_headers) + response = client.get("/api/v1/groups/", headers=auth_headers) groups = response.json() assert not any(group["id"] == test_group.id for group in groups) def test_delete_nonexistent_group(client, auth_headers): """Test deleting a non-existent group.""" - response = client.delete("/groups/99999", headers=auth_headers) + response = client.delete("/api/v1/groups/99999", headers=auth_headers) assert response.status_code == 404 @@ -57,12 +57,12 @@ def test_group_operations_by_non_admin(client, user_auth_headers): """Test that non-admin users cannot perform group operations.""" # Try to create a group response = client.post( - "/groups/", + "/api/v1/groups/", json={"name": "test"}, headers=user_auth_headers ) assert response.status_code == 403 # Try to get groups - response = client.get("/groups/", headers=user_auth_headers) + response = client.get("/api/v1/groups/", headers=user_auth_headers) assert response.status_code == 403 diff --git a/test/test_services/test_user_manager.py b/test/test_services/test_user_manager.py index e66e832..58d443b 100644 --- a/test/test_services/test_user_manager.py +++ b/test/test_services/test_user_manager.py @@ -11,7 +11,7 @@ def test_create_user(client, auth_headers): "password": "newpassword123" } - response = client.post("/users/", json=user_data, headers=auth_headers) + response = client.post("/api/v1/users/", json=user_data, headers=auth_headers) assert response.status_code == 200 data = response.json() @@ -30,13 +30,13 @@ def test_create_user_unauthorized(client): "password": "password123" } - response = client.post("/users/", json=user_data) + response = client.post("/api/v1/users/", json=user_data) assert response.status_code == 401 def test_get_users(client, auth_headers, admin_user, regular_user): """Test retrieving all users.""" - response = client.get("/users/", headers=auth_headers) + response = client.get("/api/v1/users/", headers=auth_headers) assert response.status_code == 200 users = response.json() @@ -49,7 +49,7 @@ def test_get_users(client, auth_headers, admin_user, regular_user): def test_get_user_by_id(client, auth_headers, regular_user): """Test retrieving a specific user by ID.""" - response = client.get(f"/users/{regular_user.id}", headers=auth_headers) + response = client.get(f"/api/v1/users/{regular_user.id}", headers=auth_headers) assert response.status_code == 200 data = response.json() @@ -59,7 +59,7 @@ def test_get_user_by_id(client, auth_headers, regular_user): def test_get_nonexistent_user(client, auth_headers): """Test retrieving a non-existent user.""" - response = client.get("/users/99999", headers=auth_headers) + response = client.get("/api/v1/users/99999", headers=auth_headers) assert response.status_code == 404 assert "not found" in response.json()["detail"].lower() @@ -72,7 +72,7 @@ def test_update_user(client, auth_headers, regular_user): } response = client.patch( - f"/users/{regular_user.id}", + f"/api/v1/users/{regular_user.id}", json=update_data, headers=auth_headers ) @@ -92,7 +92,7 @@ def test_update_user_password(client, auth_headers, regular_user): } response = client.patch( - f"/users/{regular_user.id}", + f"/api/v1/users/{regular_user.id}", json=update_data, headers=auth_headers ) @@ -100,7 +100,7 @@ def test_update_user_password(client, auth_headers, regular_user): # Verify password can be used for login login_response = client.post( - "/token", + "/api/v1/token", data={"username": regular_user.name, "password": "new_password_456"} ) assert login_response.status_code == 200 @@ -109,24 +109,24 @@ def test_update_user_password(client, auth_headers, regular_user): def test_update_nonexistent_user(client, auth_headers): """Test updating a non-existent user.""" update_data = {"name": "updated"} - response = client.patch("/users/99999", json=update_data, headers=auth_headers) + response = client.patch("/api/v1/users/99999", json=update_data, headers=auth_headers) assert response.status_code == 404 def test_delete_user(client, auth_headers, regular_user): """Test deleting a user.""" - response = client.delete(f"/users/{regular_user.id}", headers=auth_headers) + response = client.delete(f"/api/v1/users/{regular_user.id}", headers=auth_headers) assert response.status_code == 200 assert "deleted successfully" in response.json()["message"].lower() # Verify user is deleted - response = client.get(f"/users/{regular_user.id}", headers=auth_headers) + response = client.get(f"/api/v1/users/{regular_user.id}", headers=auth_headers) assert response.status_code == 404 def test_delete_nonexistent_user(client, auth_headers): """Test deleting a non-existent user.""" - response = client.delete("/users/99999", headers=auth_headers) + response = client.delete("/api/v1/users/99999", headers=auth_headers) assert response.status_code == 404 @@ -134,17 +134,17 @@ def test_user_operations_by_non_admin(client, user_auth_headers): """Test that non-admin users cannot perform admin operations.""" # Try to create a user response = client.post( - "/users/", + "/api/v1/users/", json={"name": "test", "password": "pass"}, headers=user_auth_headers ) assert response.status_code == 403 # Try to get users - response = client.get("/users/", headers=user_auth_headers) + response = client.get("/api/v1/users/", headers=user_auth_headers) assert response.status_code == 403 # Try to delete the admin user (if ID is known) # This would require knowing the admin user ID - # response = client.delete(f"/users/{admin_id}", headers=user_auth_headers) + # response = client.delete(f"/api/v1/users/{admin_id}", headers=user_auth_headers) # assert response.status_code == 403