diff --git a/apps/authentication/tests/api_tests/permission/__init__.py b/apps/authentication/tests/api_tests/permission/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/apps/authentication/tests/api_tests/permission/conftest.py b/apps/authentication/tests/api_tests/permission/conftest.py new file mode 100644 index 0000000..f2aad5a --- /dev/null +++ b/apps/authentication/tests/api_tests/permission/conftest.py @@ -0,0 +1,10 @@ +import pytest + +from tests.base.authentication_web import AuthenticationWeb + + +@pytest.fixture +def authentication_web()->AuthenticationWeb: + authentication_web = AuthenticationWeb() + authentication_web.login() + return authentication_web diff --git a/apps/authentication/tests/api_tests/permission/test_create_permission.py b/apps/authentication/tests/api_tests/permission/test_create_permission.py new file mode 100644 index 0000000..783a341 --- /dev/null +++ b/apps/authentication/tests/api_tests/permission/test_create_permission.py @@ -0,0 +1,104 @@ +import pytest +import random +from tests.base.authentication_web import AuthenticationWeb + + +class TestCreatePermission: + @pytest.mark.asyncio + async def test_create_permission_success(self, authentication_web: AuthenticationWeb): + """Test creating a permission successfully with valid and unique permission_key and permission_name.""" + suffix = str(random.randint(10000, 99999)) + perm_data = { + "permission_key": f"test_perm_key_success_{suffix}", + "permission_name": f"Test Permission Success {suffix}", + "description": "Permission for testing success" + } + response = await authentication_web.create_permission(perm_data) + assert response.status_code == 200 + json = response.json() + assert json["permission_key"] == perm_data["permission_key"] + assert json["permission_name"] == perm_data["permission_name"] + assert json["description"] == perm_data["description"] + assert json["id"] is not None + assert json["created_at"] is not None + assert json["updated_at"] is not None + + @pytest.mark.asyncio + async def test_create_permission_fail_duplicate_key(self, authentication_web: AuthenticationWeb): + """Test creating a permission fails when permission_key is duplicated.""" + suffix = str(random.randint(10000, 99999)) + perm_data = { + "permission_key": f"test_perm_key_dup_{suffix}", + "permission_name": f"Test Permission DupKey {suffix}", + "description": "desc" + } + await authentication_web.create_permission(perm_data) + perm_data2 = { + "permission_key": f"test_perm_key_dup_{suffix}", + "permission_name": f"Test Permission DupKey2 {suffix}", + "description": "desc2" + } + response = await authentication_web.create_permission(perm_data2) + assert response.status_code == 422 or response.status_code == 400 + + @pytest.mark.asyncio + async def test_create_permission_fail_duplicate_name(self, authentication_web: AuthenticationWeb): + """Test creating a permission fails when permission_name is duplicated.""" + suffix = str(random.randint(10000, 99999)) + perm_data = { + "permission_key": f"test_perm_key_dupname1_{suffix}", + "permission_name": f"Test Permission DupName {suffix}", + "description": "desc" + } + await authentication_web.create_permission(perm_data) + perm_data2 = { + "permission_key": f"test_perm_key_dupname2_{suffix}", + "permission_name": f"Test Permission DupName {suffix}", + "description": "desc2" + } + response = await authentication_web.create_permission(perm_data2) + assert response.status_code == 422 or response.status_code == 400 + + @pytest.mark.asyncio + async def test_create_permission_fail_empty_key(self, authentication_web: AuthenticationWeb): + """Test creating a permission fails when permission_key is empty.""" + suffix = str(random.randint(10000, 99999)) + perm_data = { + "permission_key": "", + "permission_name": f"Test Permission EmptyKey {suffix}", + "description": "desc" + } + response = await authentication_web.create_permission(perm_data) + assert response.status_code == 422 or response.status_code == 400 + + @pytest.mark.asyncio + async def test_create_permission_fail_empty_name(self, authentication_web: AuthenticationWeb): + """Test creating a permission fails when permission_name is empty.""" + suffix = str(random.randint(10000, 99999)) + perm_data = { + "permission_key": f"test_perm_key_emptyname_{suffix}", + "permission_name": "", + "description": "desc" + } + response = await authentication_web.create_permission(perm_data) + assert response.status_code == 422 or response.status_code == 400 + + @pytest.mark.asyncio + async def test_create_permission_success_empty_description(self, authentication_web: AuthenticationWeb): + """Test creating a permission successfully when description is None (optional field).""" + suffix = str(random.randint(10000, 99999)) + perm_data = { + "permission_key": f"test_perm_key_emptydesc_{suffix}", + "permission_name": f"Test Permission EmptyDesc {suffix}", + "description": None + } + response = await authentication_web.create_permission(perm_data) + assert response.status_code == 200 + json = response.json() + assert json["permission_key"] == perm_data["permission_key"] + assert json["permission_name"] == perm_data["permission_name"] + assert json["description"] is None or json["description"] == "" + + +if __name__ == '__main__': + pytest.main([__file__]) \ No newline at end of file diff --git a/apps/authentication/tests/api_tests/permission/test_delete_permission.py b/apps/authentication/tests/api_tests/permission/test_delete_permission.py new file mode 100644 index 0000000..73ad109 --- /dev/null +++ b/apps/authentication/tests/api_tests/permission/test_delete_permission.py @@ -0,0 +1,41 @@ +import pytest +import random + +from backend.models.permission.constants import DefaultPermissionEnum +from tests.base.authentication_web import AuthenticationWeb + + +class TestDeletePermission: + @pytest.mark.asyncio + async def test_delete_permission_success(self, authentication_web: AuthenticationWeb): + """Test deleting a permission successfully.""" + suffix = str(random.randint(10000, 99999)) + perm = await authentication_web.create_permission({ + "permission_key": f"delperm_{suffix}", + "permission_name": f"delperm_{suffix}", + "description": "desc" + }) + perm_id = perm.json()["id"] + resp = await authentication_web.delete_permission({"permission_id": perm_id}) + assert resp.status_code == 200 + assert resp.json()["success"] is True + + @pytest.mark.asyncio + async def test_delete_permission_fail_not_found(self, authentication_web: AuthenticationWeb): + """Test deleting a permission fails when permission_id does not exist.""" + resp = await authentication_web.delete_permission({"permission_id": "000000000000000000000000"}) + assert resp.status_code == 422 or resp.status_code == 400 + + @pytest.mark.asyncio + async def test_delete_default_permission_fail(self, authentication_web: AuthenticationWeb): + """Test deleting a default permission fails. Default permission cannot be deleted.""" + # Query a default role + resp = await authentication_web.query_permissions( + params={"page": 1, "page_size": 2, "permission_key": DefaultPermissionEnum.CHANGE_PERMISSIONS.value.permission_key}) + json = resp.json() + default_permission_id = json["items"][0]["id"] + resp = await authentication_web.delete_permission(perm_data={"permission_id": default_permission_id}) + assert resp.status_code == 422 or resp.status_code == 400 + +if __name__ == '__main__': + pytest.main([__file__]) \ No newline at end of file diff --git a/apps/authentication/tests/api_tests/permission/test_query_permission.py b/apps/authentication/tests/api_tests/permission/test_query_permission.py new file mode 100644 index 0000000..2f8f4cc --- /dev/null +++ b/apps/authentication/tests/api_tests/permission/test_query_permission.py @@ -0,0 +1,57 @@ +import random +import pytest +from tests.base.authentication_web import AuthenticationWeb + + +class TestQueryPermission: + @pytest.mark.asyncio + async def test_query_all_permissions(self, authentication_web: AuthenticationWeb): + """Test querying all permissions returns a list.""" + resp = await authentication_web.query_permissions({}) + assert resp.status_code == 200 + json = resp.json() + assert "items" in json + assert "total" in json + + @pytest.mark.asyncio + async def test_query_permissions_by_key(self, authentication_web: AuthenticationWeb): + """Test querying permissions by permission_key with fuzzy search.""" + suffix = str(random.randint(10000, 99999)) + await authentication_web.create_permission({ + "permission_key": f"querykey_{suffix}", + "permission_name": f"querykey_{suffix}", + "description": "desc" + }) + resp = await authentication_web.query_permissions({"permission_key": f"querykey_{suffix}"}) + assert resp.status_code == 200 + json = resp.json() + assert any(f"querykey_{suffix}" in item["permission_key"] for item in json["items"]) + + @pytest.mark.asyncio + async def test_query_permissions_by_name(self, authentication_web: AuthenticationWeb): + """Test querying permissions by permission_name with fuzzy search.""" + suffix = str(random.randint(10000, 99999)) + await authentication_web.create_permission({ + "permission_key": f"queryname_{suffix}", + "permission_name": f"queryname_{suffix}", + "description": "desc" + }) + resp = await authentication_web.query_permissions({"permission_name": f"queryname_{suffix}"}) + assert resp.status_code == 200 + json = resp.json() + assert any(f"queryname_{suffix}" in item["permission_name"] for item in json["items"]) + + @pytest.mark.asyncio + async def test_query_permissions_pagination(self, authentication_web: AuthenticationWeb): + """Test querying permissions with pagination.""" + resp = await authentication_web.query_permissions({"page": 1, "page_size": 2}) + assert resp.status_code == 200 + json = resp.json() + assert "items" in json + assert "total" in json + assert "page" in json + assert "page_size" in json + + +if __name__ == '__main__': + pytest.main([__file__]) \ No newline at end of file diff --git a/apps/authentication/tests/api_tests/permission/test_update_permission.py b/apps/authentication/tests/api_tests/permission/test_update_permission.py new file mode 100644 index 0000000..9027afd --- /dev/null +++ b/apps/authentication/tests/api_tests/permission/test_update_permission.py @@ -0,0 +1,150 @@ +import pytest +import random + +from backend.models.permission.constants import DefaultPermissionEnum +from tests.base.authentication_web import AuthenticationWeb + + +class TestUpdatePermission: + @pytest.mark.asyncio + async def test_update_permission_success(self, authentication_web: AuthenticationWeb): + """Test updating a permission successfully with valid and unique fields.""" + suffix = str(random.randint(10000, 99999)) + perm_data = { + "permission_key": f"update_perm_key_{suffix}", + "permission_name": f"Update Permission {suffix}", + "description": "desc" + } + create_resp = await authentication_web.create_permission(perm_data) + perm_id = create_resp.json()["id"] + update_data = { + "permission_id": perm_id, + "permission_key": f"update_perm_key_{suffix}_new", + "permission_name": f"Update Permission {suffix} New", + "description": "desc new" + } + resp = await authentication_web.update_permission(update_data) + assert resp.status_code == 200 + json = resp.json() + assert json["permission_key"] == update_data["permission_key"] + assert json["permission_name"] == update_data["permission_name"] + assert json["description"] == update_data["description"] + + @pytest.mark.asyncio + async def test_update_permission_fail_not_found(self, authentication_web: AuthenticationWeb): + """Test updating a permission fails when permission_id does not exist.""" + suffix = str(random.randint(10000, 99999)) + update_data = { + "permission_id": "000000000000000000000000", + "permission_key": f"notfound_key_{suffix}", + "permission_name": f"NotFound Permission {suffix}", + "description": "desc" + } + resp = await authentication_web.update_permission(update_data) + assert resp.status_code == 422 or resp.status_code == 400 + + @pytest.mark.asyncio + async def test_update_permission_fail_duplicate_key(self, authentication_web: AuthenticationWeb): + """Test updating a permission fails when permission_key is duplicated.""" + suffix = str(random.randint(10000, 99999)) + perm1 = await authentication_web.create_permission({ + "permission_key": f"dupkey1_{suffix}", + "permission_name": f"dupkey1_{suffix}", + "description": "desc" + }) + perm2 = await authentication_web.create_permission({ + "permission_key": f"dupkey2_{suffix}", + "permission_name": f"dupkey2_{suffix}", + "description": "desc" + }) + perm2_id = perm2.json()["id"] + update_data = { + "permission_id": perm2_id, + "permission_key": f"dupkey1_{suffix}", + "permission_name": f"dupkey2_{suffix}_new", + "description": "desc" + } + resp = await authentication_web.update_permission(update_data) + assert resp.status_code == 422 or resp.status_code == 400 + + @pytest.mark.asyncio + async def test_update_permission_fail_duplicate_name(self, authentication_web: AuthenticationWeb): + """Test updating a permission fails when permission_name is duplicated.""" + suffix = str(random.randint(10000, 99999)) + perm1 = await authentication_web.create_permission({ + "permission_key": f"dupname1_{suffix}", + "permission_name": f"dupname1_{suffix}", + "description": "desc" + }) + perm2 = await authentication_web.create_permission({ + "permission_key": f"dupname2_{suffix}", + "permission_name": f"dupname2_{suffix}", + "description": "desc" + }) + perm2_id = perm2.json()["id"] + update_data = { + "permission_id": perm2_id, + "permission_key": f"dupname2_{suffix}_new", + "permission_name": f"dupname1_{suffix}", + "description": "desc" + } + resp = await authentication_web.update_permission(update_data) + assert resp.status_code == 422 or resp.status_code == 400 + + @pytest.mark.asyncio + async def test_update_permission_fail_empty_key(self, authentication_web: AuthenticationWeb): + """Test updating a permission fails when permission_key is empty.""" + suffix = str(random.randint(10000, 99999)) + perm = await authentication_web.create_permission({ + "permission_key": f"emptykey_{suffix}", + "permission_name": f"emptykey_{suffix}", + "description": "desc" + }) + perm_id = perm.json()["id"] + update_data = { + "permission_id": perm_id, + "permission_key": "", + "permission_name": f"emptykey_{suffix}_new", + "description": "desc" + } + resp = await authentication_web.update_permission(update_data) + assert resp.status_code == 422 or resp.status_code == 400 + + @pytest.mark.asyncio + async def test_update_permission_fail_empty_name(self, authentication_web: AuthenticationWeb): + """Test updating a permission fails when permission_name is empty.""" + suffix = str(random.randint(10000, 99999)) + perm = await authentication_web.create_permission({ + "permission_key": f"emptyname_{suffix}", + "permission_name": f"emptyname_{suffix}", + "description": "desc" + }) + perm_id = perm.json()["id"] + update_data = { + "permission_id": perm_id, + "permission_key": f"emptyname_{suffix}_new", + "permission_name": "", + "description": "desc" + } + resp = await authentication_web.update_permission(update_data) + assert resp.status_code == 422 or resp.status_code == 400 + + @pytest.mark.asyncio + async def test_update_default_permission_fail(self, authentication_web: AuthenticationWeb): + """Test updating a default permission fails. Default permission cannot be updated.""" + suffix = str(random.randint(10000, 99999)) + # Query a default role + resp = await authentication_web.query_permissions( + params={"page": 1, "page_size": 2, "permission_key": DefaultPermissionEnum.CHANGE_PERMISSIONS.value.permission_key}) + json = resp.json() + default_permission = json["items"][0] + resp = await authentication_web.update_permission(perm_data={ + "permission_id": default_permission["id"], + "permission_key": f"{default_permission['permission_key']}_{suffix}_update", + "permission_name": f"{default_permission['permission_name']}_{suffix}_update", + "description": "desc", + }) + assert resp.status_code == 422 or resp.status_code == 400 + +if __name__ == '__main__': + pytest.main([__file__]) \ No newline at end of file diff --git a/apps/authentication/tests/api_tests/role/test_assign_permissions.py b/apps/authentication/tests/api_tests/role/test_assign_permissions.py new file mode 100644 index 0000000..3deec5e --- /dev/null +++ b/apps/authentication/tests/api_tests/role/test_assign_permissions.py @@ -0,0 +1,163 @@ +import pytest +import random +from typing import List +from backend.models.permission.constants import DefaultRoleEnum, DefaultPermissionEnum +from tests.base.authentication_web import AuthenticationWeb + + +class TestAssignPermissionsToRole: + @pytest.mark.asyncio + async def test_assign_permissions_success(self, authentication_web: AuthenticationWeb): + """Test assigning permissions to a role successfully.""" + # Create a role + suffix = str(random.randint(10000, 99999)) + role_resp = await authentication_web.create_role({ + "role_key": f"assignperm_role_{suffix}", + "role_name": f"AssignPerm Role {suffix}", + "role_description": "desc", + "role_level": 1 + }) + role_id = role_resp.json()["id"] + # Create two permissions + perm1 = await authentication_web.create_permission({ + "permission_key": f"assignperm_key1_{suffix}", + "permission_name": f"AssignPerm Permission1 {suffix}", + "description": "desc" + }) + perm2 = await authentication_web.create_permission({ + "permission_key": f"assignperm_key2_{suffix}", + "permission_name": f"AssignPerm Permission2 {suffix}", + "description": "desc" + }) + perm_ids = [perm1.json()["id"], perm2.json()["id"]] + # Assign permissions + resp = await authentication_web.assign_permissions_to_role({ + "role_id": role_id, + "permission_ids": perm_ids + }) + assert resp.status_code == 200 + json = resp.json() + assert set(json["permission_ids"]) == set(perm_ids) + + @pytest.mark.asyncio + async def test_assign_permissions_fail_role_not_found(self, authentication_web: AuthenticationWeb): + """Test assigning permissions fails when role_id does not exist.""" + # Create a permission + suffix = str(random.randint(10000, 99999)) + perm = await authentication_web.create_permission({ + "permission_key": f"assignperm_key_nf_{suffix}", + "permission_name": f"AssignPerm PermissionNF {suffix}", + "description": "desc" + }) + perm_id = perm.json()["id"] + resp = await authentication_web.assign_permissions_to_role({ + "role_id": "000000000000000000000000", + "permission_ids": [perm_id] + }) + assert resp.status_code == 422 or resp.status_code == 400 + + @pytest.mark.asyncio + async def test_assign_permissions_fail_permission_not_found(self, authentication_web: AuthenticationWeb): + """Test assigning permissions fails when a permission_id does not exist.""" + # Create a role + suffix = str(random.randint(10000, 99999)) + role_resp = await authentication_web.create_role({ + "role_key": f"assignperm_role_nf_{suffix}", + "role_name": f"AssignPerm RoleNF {suffix}", + "role_description": "desc", + "role_level": 1 + }) + role_id = role_resp.json()["id"] + resp = await authentication_web.assign_permissions_to_role({ + "role_id": role_id, + "permission_ids": ["000000000000000000000000"] + }) + assert resp.status_code == 422 or resp.status_code == 400 + + @pytest.mark.asyncio + async def test_assign_permissions_fail_empty_permission_ids(self, authentication_web: AuthenticationWeb): + """Test assigning permissions fails when permission_ids is empty.""" + # Create a role + suffix = str(random.randint(10000, 99999)) + role_resp = await authentication_web.create_role({ + "role_key": f"assignperm_role_empty_{suffix}", + "role_name": f"AssignPerm RoleEmpty {suffix}", + "role_description": "desc", + "role_level": 1 + }) + role_id = role_resp.json()["id"] + resp = await authentication_web.assign_permissions_to_role({ + "role_id": role_id, + "permission_ids": [] + }) + assert resp.status_code == 422 or resp.status_code == 400 + + @pytest.mark.asyncio + async def test_assign_permissions_fail_empty_role_id(self, authentication_web: AuthenticationWeb): + """Test assigning permissions fails when role_id is empty.""" + # Create a permission + suffix = str(random.randint(10000, 99999)) + perm = await authentication_web.create_permission({ + "permission_key": f"assignperm_key_emptyrole_{suffix}", + "permission_name": f"AssignPerm PermissionEmptyRole {suffix}", + "description": "desc" + }) + perm_id = perm.json()["id"] + resp = await authentication_web.assign_permissions_to_role({ + "role_id": "", + "permission_ids": [perm_id] + }) + assert resp.status_code == 422 or resp.status_code == 400 or resp.status_code == 500 + + @pytest.mark.asyncio + async def test_assign_permissions_remove_duplicates(self, authentication_web: AuthenticationWeb): + """Test assigning permissions with duplicate permission_ids removes duplicates.""" + # Create a role + suffix = str(random.randint(10000, 99999)) + role_resp = await authentication_web.create_role({ + "role_key": f"assignperm_role_dup_{suffix}", + "role_name": f"AssignPerm RoleDup {suffix}", + "role_description": "desc", + "role_level": 1 + }) + role_id = role_resp.json()["id"] + # Create a permission + perm = await authentication_web.create_permission({ + "permission_key": f"assignperm_key_dup_{suffix}", + "permission_name": f"AssignPerm PermissionDup {suffix}", + "description": "desc" + }) + perm_id = perm.json()["id"] + # Assign duplicate permission_ids + resp = await authentication_web.assign_permissions_to_role({ + "role_id": role_id, + "permission_ids": [perm_id, perm_id, perm_id] + }) + assert resp.status_code == 200 + json = resp.json() + assert json["permission_ids"] == [perm_id] + + @pytest.mark.asyncio + async def test_assign_permissions_to_default_role(self, authentication_web: AuthenticationWeb): + """Test assigning permissions to a default role (should succeed if not restricted).""" + # Query default admin role + resp = await authentication_web.query_roles({"role_key": DefaultRoleEnum.ADMIN.value.role_key}) + json = resp.json() + default_role_id = json["items"][0]["id"] + # Create a permission + suffix = str(random.randint(10000, 99999)) + perm = await authentication_web.create_permission({ + "permission_key": f"assignperm_key_default_{suffix}", + "permission_name": f"AssignPerm PermissionDefault {suffix}", + "description": "desc" + }) + perm_id = perm.json()["id"] + # Try to assign permission to default role + resp = await authentication_web.assign_permissions_to_role({ + "role_id": default_role_id, + "permission_ids": [perm_id, *json["items"][0]["permission_ids"]] + }) + assert resp.status_code in [200] + +if __name__ == '__main__': + pytest.main([__file__]) \ No newline at end of file diff --git a/apps/authentication/tests/api_tests/role/test_delete_role.py b/apps/authentication/tests/api_tests/role/test_delete_role.py index b6f6918..8d0b43e 100644 --- a/apps/authentication/tests/api_tests/role/test_delete_role.py +++ b/apps/authentication/tests/api_tests/role/test_delete_role.py @@ -1,5 +1,7 @@ import pytest import random + +from backend.models.permission.constants import DefaultRole, DefaultRoleEnum from tests.base.authentication_web import AuthenticationWeb @@ -26,6 +28,16 @@ class TestDeleteRole: resp = await authentication_web.delete_role(role_data={"role_id": "000000000000000000000000"}) assert resp.status_code == 422 or resp.status_code == 400 + @pytest.mark.asyncio + async def test_delete_default_role_fail(self, authentication_web: AuthenticationWeb): + """Test deleting a default role fails. Default role cannot be deleted.""" + # Query a default role + resp = await authentication_web.query_roles( + params={"page": 1, "page_size": 2, "role_key": DefaultRoleEnum.ADMIN.value.role_key}) + json = resp.json() + default_role_id = json["items"][0]["id"] + resp = await authentication_web.delete_role(role_data={"role_id": default_role_id}) + assert resp.status_code == 422 or resp.status_code == 400 if __name__ == '__main__': pytest.main([__file__]) diff --git a/apps/authentication/tests/api_tests/role/test_update_role.py b/apps/authentication/tests/api_tests/role/test_update_role.py index 848d7e0..f483ed3 100644 --- a/apps/authentication/tests/api_tests/role/test_update_role.py +++ b/apps/authentication/tests/api_tests/role/test_update_role.py @@ -1,5 +1,7 @@ import pytest import random + +from backend.models.permission.constants import DefaultRoleEnum from tests.base.authentication_web import AuthenticationWeb @@ -148,6 +150,24 @@ class TestUpdateRole: resp = await authentication_web.update_role(role_data=update_data) assert resp.status_code == 422 or resp.status_code == 400 + @pytest.mark.asyncio + async def test_update_default_role_fail(self, authentication_web: AuthenticationWeb): + """Test updating a default role fails. Default role cannot be updated.""" + suffix = str(random.randint(10000, 99999)) + # Query a default role + resp = await authentication_web.query_roles( + params={"page": 1, "page_size": 2, "role_key": DefaultRoleEnum.ADMIN.value.role_key}) + json = resp.json() + default_role = json["items"][0] + resp = await authentication_web.update_role(role_data={ + "role_id": default_role["id"], + "role_key": f"{default_role['role_key']}_{suffix}_update", + "role_name": f"{default_role['role_name']}_{suffix}_update", + "role_description": "desc", + "role_level": 2 + }) + assert resp.status_code == 422 or resp.status_code == 400 + if __name__ == '__main__': pytest.main([__file__]) diff --git a/apps/authentication/tests/api_tests/siginin/config.py b/apps/authentication/tests/api_tests/siginin/config.py new file mode 100644 index 0000000..806c60c --- /dev/null +++ b/apps/authentication/tests/api_tests/siginin/config.py @@ -0,0 +1,2 @@ +JWT_SECRET_KEY = "ea84edf152976b2fcec12b78aa8e45bc26a5cf0ef61bf16f5c317ae33b3fd8b0" +JWT_ALGORITHM = "HS256" diff --git a/apps/authentication/tests/api_tests/siginin/test_signin_with_email_and_password.py b/apps/authentication/tests/api_tests/siginin/test_signin_with_email_and_password.py index 29454d1..34a5322 100644 --- a/apps/authentication/tests/api_tests/siginin/test_signin_with_email_and_password.py +++ b/apps/authentication/tests/api_tests/siginin/test_signin_with_email_and_password.py @@ -1,5 +1,8 @@ +import jwt import pytest +from common.config.app_settings import app_settings +from tests.api_tests.siginin import config from tests.base.authentication_web import AuthenticationWeb @@ -17,6 +20,12 @@ class TestSignInWithEmailAndPassword: assert json["role_names"] is not None, "role_names should not be None" assert json["user_permissions"] is not None, "user_permissions should not be None" + payload = jwt.decode(json["access_token"], config.JWT_SECRET_KEY, algorithms=[config.JWT_ALGORITHM]) + assert payload["subject"] is not None, "subject should not be None" + assert payload["subject"]["id"] is not None, "subject.id should not be None" + assert payload["subject"]["role_names"] is not None, "subject.role_names should not be None" + assert payload["subject"]["user_permissions"] is not None, "subject.user_permissions should not be None" + print(payload) if __name__ == '__main__': pytest.main([__file__]) diff --git a/apps/authentication/tests/base/authentication_web.py b/apps/authentication/tests/base/authentication_web.py index 4ce5d01..e0da081 100644 --- a/apps/authentication/tests/base/authentication_web.py +++ b/apps/authentication/tests/base/authentication_web.py @@ -57,8 +57,22 @@ class AuthenticationWeb: """Create a new permission via API""" return await self.request("POST", "/api/auth/permission/create", json=perm_data) + async def delete_permission(self, perm_data: dict): + """Delete a permission via API""" + return await self.request("POST", "/api/auth/permission/delete", json=perm_data) + + async def update_permission(self, perm_data: dict): + """Update a permission via API""" + return await self.request("POST", "/api/auth/permission/update", json=perm_data) + async def query_permissions(self, params: dict = None): """Query permissions via API""" - return await self.request("GET", "/api/auth/permission/query", params=params) + if params is None: + params = {} + return await self.request("POST", "/api/auth/permission/query", json=params) + + async def assign_permissions_to_role(self, data: dict): + """Assign permissions to a role via API""" + return await self.request("POST", "/api/auth/role/assign-permissions", json=data)