From 0f7d63f4a2d813de12b0fb46efafb1bb0e2f43b6 Mon Sep 17 00:00:00 2001 From: icecheng Date: Tue, 22 Jul 2025 17:14:30 +0800 Subject: [PATCH] feat(role_management): add test report for role management --- apps/authentication/requirements.txt | 4 +- .../tests/api_tests/permission/README.md | 86 ++++++++++++++++ .../tests/api_tests/role/README.md | 99 +++++++++++++++++++ .../tests/api_tests/siginin/README.md | 37 +++++++ .../tests/api_tests/user/README.md | 45 +++++++++ apps/authentication/tests/base/config.py | 6 +- 6 files changed, 274 insertions(+), 3 deletions(-) create mode 100644 apps/authentication/tests/api_tests/permission/README.md create mode 100644 apps/authentication/tests/api_tests/role/README.md create mode 100644 apps/authentication/tests/api_tests/siginin/README.md create mode 100644 apps/authentication/tests/api_tests/user/README.md diff --git a/apps/authentication/requirements.txt b/apps/authentication/requirements.txt index 83faa17..26ce4b6 100644 --- a/apps/authentication/requirements.txt +++ b/apps/authentication/requirements.txt @@ -13,4 +13,6 @@ httpx pydantic-settings python-jose passlib[bcrypt] -prometheus-fastapi-instrumentator==7.0.2 \ No newline at end of file +prometheus-fastapi-instrumentator==7.0.2 +pytest==8.4.1 +pytest-asyncio==0.21.2 \ No newline at end of file diff --git a/apps/authentication/tests/api_tests/permission/README.md b/apps/authentication/tests/api_tests/permission/README.md new file mode 100644 index 0000000..9d0ad81 --- /dev/null +++ b/apps/authentication/tests/api_tests/permission/README.md @@ -0,0 +1,86 @@ +# Permission API Test Report + +## How to Run the Tests + + **Run all permission API tests with coverage:** + ```bash + pytest --cov=authentication --cov-report=term-missing tests/api_tests/permission/ + ``` + +--- + +## Test Results Summary + +- **Total tests collected:** 26 +- **All tests passed.** +- **Warnings:** + - Deprecation warnings from Pydantic/Beanie (upgrade recommended for future compatibility). + - Coverage warning: `Module authentication was never imported. (module-not-imported)` + +--- + +## Test Case Explanations + +### test_create_permission.py + +- **test_create_permission_success** + Admin user can create a permission with valid data. +- **test_create_permission_fail_duplicate_key/name** + Creating a permission with duplicate key or name fails. +- **test_create_permission_fail_empty_key/name** + Creating a permission with empty key or name fails. +- **test_create_permission_success_empty_description** + Description is optional. +- **test_create_permission_fail_by_non_admin** + Non-admin user cannot create permissions. +- **test_create_permission_success_after_grant_admin** + After admin grants admin role to a temp user and the user re-logs in, the user can create permissions. + +### test_delete_permission.py + +- **test_delete_permission_success** + Admin user can delete a permission. +- **test_delete_permission_fail_not_found** + Deleting a non-existent permission fails. +- **test_delete_default_permission_fail** + Default permissions cannot be deleted. +- **test_delete_permission_fail_by_non_admin** + Non-admin user cannot delete permissions. +- **test_delete_permission_success_after_grant_admin** + After admin grants admin role to a temp user and the user re-logs in, the user can delete permissions. + +### test_update_permission.py + +- **test_update_permission_success** + Admin user can update a permission. +- **test_update_permission_fail_not_found** + Updating a non-existent permission fails. +- **test_update_permission_fail_duplicate_key/name** + Updating to a duplicate key or name fails. +- **test_update_permission_fail_empty_key/name** + Updating with empty key or name fails. +- **test_update_default_permission_fail** + Default permissions cannot be updated. +- **test_update_permission_fail_by_non_admin** + Non-admin user cannot update permissions. +- **test_update_permission_success_after_grant_admin** + After admin grants admin role to a temp user and the user re-logs in, the user can update permissions. + +### test_query_permission.py + +- **test_query_all_permissions** + Query all permissions, expect a list. +- **test_query_permissions_by_key/name** + Query permissions by key or name (fuzzy search). +- **test_query_permissions_pagination** + Query permissions with pagination. + +--- + +## Summary + +- These tests ensure that only admin users can manage permissions, and that permission can be delegated by granting the admin role to other users. +- Each test case is designed to verify both positive and negative scenarios, including permission escalation and proper error handling. +- **Coverage reporting is not working** due to import or execution issues—fix this for a complete report. + +--- diff --git a/apps/authentication/tests/api_tests/role/README.md b/apps/authentication/tests/api_tests/role/README.md new file mode 100644 index 0000000..9e93dd8 --- /dev/null +++ b/apps/authentication/tests/api_tests/role/README.md @@ -0,0 +1,99 @@ +# Role API Test Report + +## How to Run the Tests + +**Run all role API tests:** +```bash +pytest --tb=short tests/api_tests/role/ +``` + +--- + +## Test Results Summary + +- **Total tests collected:** 33 +- **All tests passed.** +- **Warnings:** + - Deprecation warnings from Pydantic/Beanie (upgrade recommended for future compatibility). + +--- + +## Test Case Explanations + +### test_assign_permissions.py +- **test_assign_permissions_success** + Assign multiple permissions to a role successfully. +- **test_assign_permissions_fail_role_not_found** + Assigning permissions to a non-existent role fails. +- **test_assign_permissions_fail_permission_not_found** + Assigning a non-existent permission to a role fails. +- **test_assign_permissions_fail_empty_permission_ids** + Assigning with an empty permission list fails. +- **test_assign_permissions_fail_empty_role_id** + Assigning with an empty role ID fails. +- **test_assign_permissions_remove_duplicates** + Assigning duplicate permission IDs results in de-duplication. +- **test_assign_permissions_to_default_role** + Assigning permissions to a default role (should succeed if not restricted). + +### test_create_role.py +- **test_create_role_success** + Admin user can create a role with valid and unique data. +- **test_create_role_fail_duplicate_role_key/name** + Creating a role with duplicate key or name fails. +- **test_create_role_fail_empty_role_key/name** + Creating a role with empty key or name fails. +- **test_create_role_success_empty_description** + Description is optional. +- **test_create_role_fail_by_non_admin** + Non-admin user cannot create roles. +- **test_create_role_success_after_grant_admin** + After admin grants admin role to a temp user and the user re-logs in, the user can create roles. + +### test_delete_role.py +- **test_delete_role_success** + Admin user can delete a role. +- **test_delete_role_fail_not_found** + Deleting a non-existent role fails. +- **test_delete_default_role_fail** + Default roles cannot be deleted. +- **test_delete_role_fail_by_non_admin** + Non-admin user cannot delete roles. +- **test_delete_role_success_after_grant_admin** + After admin grants admin role to a temp user and the user re-logs in, the user can delete roles. + +### test_query_role.py +- **test_query_all_roles** + Query all roles, expect a list. +- **test_query_roles_by_key/name** + Query roles by key or name (fuzzy search). +- **test_query_roles_pagination** + Query roles with pagination. + +### test_update_role.py +- **test_update_role_success** + Admin user can update a role with valid and unique data. +- **test_update_role_fail_not_found** + Updating a non-existent role fails. +- **test_update_role_fail_duplicate_key/name** + Updating to a duplicate key or name fails. +- **test_update_role_fail_empty_key/name** + Updating with empty key or name fails. +- **test_update_default_role_fail** + Default roles cannot be updated. +- **test_update_role_fail_by_non_admin** + Non-admin user cannot update roles. +- **test_update_role_success_after_grant_admin** + After admin grants admin role to a temp user and the user re-logs in, the user can update roles. + +--- + +## Summary + +- These tests ensure that only admin users can manage roles, and that permission can be delegated by granting the admin role to other users. +- Each test case is designed to verify both positive and negative scenarios, including permission escalation and proper error handling. +- **Coverage reporting is not included in this report.** + +--- + +If you need a more detailed, markdown-formatted report with actual coverage numbers, please enable coverage and re-run the tests. \ No newline at end of file diff --git a/apps/authentication/tests/api_tests/siginin/README.md b/apps/authentication/tests/api_tests/siginin/README.md new file mode 100644 index 0000000..1dcc038 --- /dev/null +++ b/apps/authentication/tests/api_tests/siginin/README.md @@ -0,0 +1,37 @@ +# Signin API Test Report + +## How to Run the Tests + +**Run all signin API tests:** +```bash +pytest --tb=short tests/api_tests/siginin/ +``` + +--- + +## Test Results Summary + +- **Total tests collected:** 1 +- **All tests passed.** +- **Warnings:** + - Deprecation warning from Pydantic (upgrade recommended for future compatibility). + +--- + +## Test Case Explanations + +### test_signin_with_email_and_password.py +- **test_sign_in_with_email_and_password** + This test verifies the email and password sign-in flow: + - Calls the login API with valid credentials. + - Asserts that the response contains a valid access token, refresh token, expiration, identity, role names, and user permissions. + - Decodes the JWT access token and checks that the payload contains the expected subject fields (id, role_names, user_permissions). + +--- + +## Summary + +- This test ensures that the email/password sign-in API returns all required authentication and user information fields, and that the JWT token is correctly structured. +- If you need to add more signin scenarios, add new test cases to this directory and re-run the tests. + +--- \ No newline at end of file diff --git a/apps/authentication/tests/api_tests/user/README.md b/apps/authentication/tests/api_tests/user/README.md new file mode 100644 index 0000000..55f3c93 --- /dev/null +++ b/apps/authentication/tests/api_tests/user/README.md @@ -0,0 +1,45 @@ +# User API Test Report + +## How to Run the Tests + +**Run all user API tests:** +```bash +pytest --tb=short tests/api_tests/user/ +``` + +--- + +## Test Results Summary + +- **Total tests collected:** 6 +- **All tests passed.** +- **Warnings:** + - Deprecation warnings from Pydantic/Beanie (upgrade recommended for future compatibility). + +--- + +## Test Case Explanations + +### test_assign_roles.py +- **test_assign_roles_success_by_admin** + Admin user can assign a role to a user successfully. +- **test_assign_roles_fail_by_non_admin** + Non-admin user cannot assign roles to other users (permission denied). +- **test_assign_roles_fail_role_not_found** + Assigning a non-existent role to a user fails. +- **test_assign_roles_fail_empty_role_ids** + Assigning with an empty role list fails. +- **test_assign_roles_fail_empty_user_id** + Assigning roles with an empty user ID fails. +- **test_assign_roles_remove_duplicates** + Assigning duplicate role IDs results in de-duplication; the user ends up with a single instance of the role. + +--- + +## Summary + +- These tests ensure that only admin users can assign roles to users, and that the system properly handles invalid input and duplicate assignments. +- Each test case is designed to verify both positive and negative scenarios, including permission checks and input validation. +- If you need to add more user management scenarios, add new test cases to this directory and re-run the tests. + +--- \ No newline at end of file diff --git a/apps/authentication/tests/base/config.py b/apps/authentication/tests/base/config.py index 26b5455..023d94b 100644 --- a/apps/authentication/tests/base/config.py +++ b/apps/authentication/tests/base/config.py @@ -1,3 +1,5 @@ -USER_EMAIL = "icecheng@mathmast.com" -USER_PASSWORD = "@Cwb1535145760" +# user with admin role +USER_EMAIL = "XXXXX" +USER_PASSWORD = "XXXXX" +# authentication base url BASE_URL = "http://localhost:8103" \ No newline at end of file