curo/kite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test(05-10): add failing tests for OAuth initiate JSON URL return

Browse Source
This commit is contained in:
curo1305
2026-05-30 11:23:38 +02:00
parent dc475aaaa2
commit 9b6d3f91d4
1 changed files with 60 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/tests/test_cloud.py
+60
View File
@@ -711,3 +711,63 @@ async def test_reanalyze_cloud_document_routes_to_cloud_backend():
# Result must reflect successful classification, not a MinIO error # Result must reflect successful classification, not a MinIO error
assert result.get("status") in ("classified", "classification_failed"), \ assert result.get("status") in ("classified", "classification_failed"), \
f"Expected classified/classification_failed, got: {result}" f"Expected classified/classification_failed, got: {result}"
# ── Plan 10 tests: OAuth initiate returns JSON URL ────────────────────────────
async def test_oauth_initiate_returns_json_url(async_client, db_session):
"""GET /api/cloud/oauth/initiate/google_drive returns 200 JSON {url} (not 302).
Verifies the fix for CLOUD-01 / T-05-10-01: authenticated users receive
the OAuth authorization URL as JSON so the frontend can inject the Bearer
header before navigating (plan 05-10).
"""
from main import app
auth = await _create_user_and_token(db_session, role="user")
# Set up fake Redis so state token storage works
fake_redis = FakeRedis()
app.state.redis = fake_redis
# Mock google_auth_oauthlib.flow.Flow so no real Google credentials are needed
mock_flow = MagicMock()
mock_flow.authorization_url.return_value = (
"https://accounts.google.com/test?scope=drive&state=abc",
"abc",
)
with patch("google_auth_oauthlib.flow.Flow.from_client_config", return_value=mock_flow):
resp = await async_client.get(
"/api/cloud/oauth/initiate/google_drive",
headers=auth["headers"],
follow_redirects=False,
)
assert resp.status_code == 200, f"Expected 200, got {resp.status_code}: {resp.text}"
data = resp.json()
assert "url" in data, f"Response JSON missing 'url' key: {data}"
assert data["url"].startswith("https://accounts.google.com/"), \
f"OAuth URL does not start with Google domain: {data['url']}"
# Verify that OAuth state was stored in Redis
stored_keys = list(fake_redis._store.keys())
assert any(k.startswith("oauth_state:") for k in stored_keys), \
f"No oauth_state key found in Redis store: {stored_keys}"
app.state.redis = None
async def test_oauth_initiate_requires_auth(async_client, db_session):
"""GET /api/cloud/oauth/initiate/google_drive without token returns 401 or 403.
Security invariant: get_regular_user dependency blocks unauthenticated requests
(T-05-10-01 — authentication enforced on oauth_initiate endpoint).
"""
resp = await async_client.get(
"/api/cloud/oauth/initiate/google_drive",
follow_redirects=False,
)
assert resp.status_code in (401, 403), \
f"Expected 401 or 403 for unauthenticated request, got {resp.status_code}"