maciejpi/nordabiz
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
a57187e05f
nordabiz/tests/integration/test_auth_flow.py
Maciej Pienczyn a57187e05f
Some checks are pending
NordaBiz Tests / Unit & Integration Tests (push) Waiting to run
Details
NordaBiz Tests / E2E Tests (Playwright) (push) Blocked by required conditions
Details
NordaBiz Tests / Smoke Tests (Production) (push) Blocked by required conditions
Details
NordaBiz Tests / Send Failure Notification (push) Blocked by required conditions
Details
test: Add comprehensive testing infrastructure 
- pytest framework with fixtures for auth (auth_client, admin_client)
- Unit tests for SearchService
- Integration tests for auth flow
- Security tests (OWASP Top 10: SQL injection, XSS, CSRF)
- Smoke tests for production health and backup monitoring
- E2E tests with Playwright (basic structure)
- DR tests for backup/restore procedures
- GitHub Actions CI/CD workflow (.github/workflows/test.yml)
- Coverage configuration (.coveragerc) with 80% minimum
- DR documentation and restore script

Staging environment: VM 248, staging.nordabiznes.pl

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-02 07:52:34 +01:00

102 lines
3.3 KiB
Python
Raw Blame History

"""
Integration tests for authentication flow
==========================================
Tests login, logout, and session management.
"""
import pytest
pytestmark = pytest.mark.integration
class TestLogin:
"""Tests for login functionality."""
def test_login_page_accessible(self, client):
"""Login page should be accessible."""
response = client.get('/login')
assert response.status_code == 200
text = response.data.decode('utf-8').lower()
assert 'login' in text or 'zaloguj' in text
def test_login_with_valid_credentials(self, client):
"""Login should succeed with valid credentials."""
from tests.conftest import TEST_USER_EMAIL, TEST_USER_PASSWORD
response = client.post('/login', data={
'email': TEST_USER_EMAIL,
'password': TEST_USER_PASSWORD,
}, follow_redirects=True)
assert response.status_code == 200
text = response.data.decode('utf-8').lower()
# Should redirect to dashboard or home
assert 'dashboard' in text or 'witaj' in text
def test_login_with_invalid_credentials(self, client):
"""Login should fail with invalid credentials."""
response = client.post('/login', data={
'email': 'invalid@test.pl',
'password': 'wrongpassword',
}, follow_redirects=True)
assert response.status_code == 200
text = response.data.decode('utf-8').lower()
# Should show error message or stay on login page
assert 'error' in text or 'login' in text or 'email' in text
def test_login_with_empty_fields(self, client):
"""Login should fail with empty fields."""
response = client.post('/login', data={
'email': '',
'password': '',
}, follow_redirects=True)
assert response.status_code == 200
class TestLogout:
"""Tests for logout functionality."""
def test_logout(self, auth_client):
"""Logout should clear session."""
response = auth_client.get('/logout', follow_redirects=True)
assert response.status_code == 200
# After logout, accessing protected page should redirect to login
response = auth_client.get('/dashboard')
assert response.status_code in [302, 401, 403]
class TestProtectedRoutes:
"""Tests for protected route access."""
def test_dashboard_requires_login(self, client):
"""Dashboard should require login."""
response = client.get('/dashboard')
# Should redirect to login
assert response.status_code == 302
assert '/login' in response.location or 'login' in response.location.lower()
def test_dashboard_accessible_when_logged_in(self, auth_client):
"""Dashboard should be accessible when logged in."""
response = auth_client.get('/dashboard')
assert response.status_code == 200
def test_admin_requires_admin_role(self, auth_client):
"""Admin routes should require admin role."""
response = auth_client.get('/admin/companies')
# Regular user should get 403 Forbidden
assert response.status_code in [403, 302]
def test_admin_accessible_for_admin(self, admin_client):
"""Admin routes should be accessible for admin."""
response = admin_client.get('/admin/companies')
assert response.status_code == 200
Reference in New Issue View Git Blame Copy Permalink