diff options
| author | Claude | 2026-06-26 17:52:38 +0000 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2026-06-26 12:56:05 -0500 |
| commit | 4621c53e6ae8f7abb2aafd0a71bf375d1064d275 (patch) | |
| tree | 2d3747aa743f7b9c4453a3c7fce0c24f7d4d651b | |
| parent | 234f60bf84c81ed755a6510d466c4bcef1369901 (diff) | |
| download | gn-integration-tests-4621c53e6ae8f7abb2aafd0a71bf375d1064d275.tar.gz | |
tests: add token-required tests for approve and reject case-attribute endpoints
| -rw-r--r-- | tests/test_gn3_auth_flow.py | 101 |
1 files changed, 101 insertions, 0 deletions
diff --git a/tests/test_gn3_auth_flow.py b/tests/test_gn3_auth_flow.py index e957729..47e4ff9 100644 --- a/tests/test_gn3_auth_flow.py +++ b/tests/test_gn3_auth_flow.py @@ -29,6 +29,7 @@ pytestmark = [pytest.mark.gn3, pytest.mark.auth_flow] # Arbitrary but valid-looking id. The auth rejection happens before any # DB lookup so the exact value does not matter. _INBREDSET_ID = 1 +_CHANGE_ID = 1 _INVALID_TOKEN = "Bearer this-is-not-a-valid-jwt" @@ -81,3 +82,103 @@ def test_edit_invalid_token_error_is_token_validation_error(gn3_url, http): assert resp.json().get("error") == "TokenValidationError", ( f"Expected error='TokenValidationError', got: {resp.json()}" ) + + +# --------------------------------------------------------------------------- +# POST /case-attribute/<id>/approve/<change_id> — token enforcement +# --------------------------------------------------------------------------- + +def test_approve_no_token_returns_400(gn3_url, http): + resp = http.post( + f"{gn3_url}/case-attribute/{_INBREDSET_ID}/approve/{_CHANGE_ID}", + json={}, + timeout=30, + ) + assert resp.status_code == 400, ( + f"Expected 400 when no token supplied, got {resp.status_code}: {resp.text}" + ) + + +def test_approve_no_token_error_is_token_validation_error(gn3_url, http): + resp = http.post( + f"{gn3_url}/case-attribute/{_INBREDSET_ID}/approve/{_CHANGE_ID}", + json={}, + timeout=30, + ) + assert resp.json().get("error") == "TokenValidationError", ( + f"Expected error='TokenValidationError', got: {resp.json()}" + ) + + +def test_approve_invalid_token_returns_400(gn3_url, http): + resp = http.post( + f"{gn3_url}/case-attribute/{_INBREDSET_ID}/approve/{_CHANGE_ID}", + json={}, + headers={"Authorization": _INVALID_TOKEN}, + timeout=30, + ) + assert resp.status_code == 400, ( + f"Expected 400 for invalid token, got {resp.status_code}: {resp.text}" + ) + + +def test_approve_invalid_token_error_is_token_validation_error(gn3_url, http): + resp = http.post( + f"{gn3_url}/case-attribute/{_INBREDSET_ID}/approve/{_CHANGE_ID}", + json={}, + headers={"Authorization": _INVALID_TOKEN}, + timeout=30, + ) + assert resp.json().get("error") == "TokenValidationError", ( + f"Expected error='TokenValidationError', got: {resp.json()}" + ) + + +# --------------------------------------------------------------------------- +# POST /case-attribute/<id>/reject/<change_id> — token enforcement +# --------------------------------------------------------------------------- + +def test_reject_no_token_returns_400(gn3_url, http): + resp = http.post( + f"{gn3_url}/case-attribute/{_INBREDSET_ID}/reject/{_CHANGE_ID}", + json={}, + timeout=30, + ) + assert resp.status_code == 400, ( + f"Expected 400 when no token supplied, got {resp.status_code}: {resp.text}" + ) + + +def test_reject_no_token_error_is_token_validation_error(gn3_url, http): + resp = http.post( + f"{gn3_url}/case-attribute/{_INBREDSET_ID}/reject/{_CHANGE_ID}", + json={}, + timeout=30, + ) + assert resp.json().get("error") == "TokenValidationError", ( + f"Expected error='TokenValidationError', got: {resp.json()}" + ) + + +def test_reject_invalid_token_returns_400(gn3_url, http): + resp = http.post( + f"{gn3_url}/case-attribute/{_INBREDSET_ID}/reject/{_CHANGE_ID}", + json={}, + headers={"Authorization": _INVALID_TOKEN}, + timeout=30, + ) + assert resp.status_code == 400, ( + f"Expected 400 for invalid token, got {resp.status_code}: {resp.text}" + ) + + +def test_reject_invalid_token_error_is_token_validation_error(gn3_url, http): + resp = http.post( + f"{gn3_url}/case-attribute/{_INBREDSET_ID}/reject/{_CHANGE_ID}", + json={}, + headers={"Authorization": _INVALID_TOKEN}, + timeout=30, + ) + assert resp.json().get("error") == "TokenValidationError", ( + f"Expected error='TokenValidationError', got: {resp.json()}" + ) |