push

2026-03-05 15:53:33 +01:00
commit e8f6c4c609
74 changed files with 4482 additions and 0 deletions
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -0,0 +1,19 @@
+import os
+import pytest
+from mikromon import create_app, db
+
+@pytest.fixture()
+def app(tmp_path):
+    os.environ["DATABASE_URL"] = f"sqlite:///{tmp_path/'test.db'}"
+    os.environ["DEV_INPROCESS_POLLER"] = "0"
+    os.environ["SECRET_KEY"] = "test-secret"
+    # Fernet key
+    os.environ["CRED_ENC_KEY"] = "WmQxY2pKQ0FqV0lJdVFSWFBzYlJKUTZkdmJpZGFjY0k="  # dummy base64, will fail if used; tests avoid decrypt
+    app = create_app()
+    with app.app_context():
+        db.create_all()
+    yield app
+
+@pytest.fixture()
+def client(app):
+    return app.test_client()
--- a/tests/test_acl_api.py
+++ b/tests/test_acl_api.py
@@ -0,0 +1,27 @@
+import json
+from mikromon import db
+from mikromon.models import User, Role, RoleName, Dashboard
+from mikromon.security.passwords import hash_password
+
+def _login(client, email, password):
+    return client.post("/auth/login", data={"email":email,"password":password}, follow_redirects=False)
+
+def test_api_me_requires_login(client, app):
+    r = client.get("/api/v1/me")
+    assert r.status_code in (302, 401)
+
+def test_dashboard_acl(client, app):
+    with app.app_context():
+        user_role = Role.query.filter_by(name=RoleName.USER.value).first()
+            if not user_role:
+                user_role = Role(name=RoleName.USER.value)
+                db.session.add(user_role); db.session.commit()
+        u1 = User(email="a@example.com", password_hash=hash_password("Password123!"), role_id=user_role.id)
+        u2 = User(email="b@example.com", password_hash=hash_password("Password123!"), role_id=user_role.id)
+        db.session.add_all([u1,u2]); db.session.commit()
+        d = Dashboard(owner_id=u1.id, name="D1", description="")
+        db.session.add(d); db.session.commit()
+        did = d.id
+    _login(client, "b@example.com", "Password123!")
+    r = client.get(f"/api/v1/dashboards/{did}")
+    assert r.status_code == 403
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@@ -0,0 +1,11 @@
+def test_login_page(client):
+    r = client.get("/auth/login")
+    assert r.status_code == 200
+
+def test_register_and_login(client):
+    # register
+    r = client.post("/auth/register", data={"email":"u1@example.com","password":"Password123!"}, follow_redirects=True)
+    assert r.status_code in (200, 302)
+    # login
+    r = client.post("/auth/login", data={"email":"u1@example.com","password":"Password123!"}, follow_redirects=False)
+    assert r.status_code in (302,)