curo1305
c8a0443ad2
- test_documents.py: append 4 stubs (content_stream 200, 206, admin_403, no_presigned_url)
- test_audit.py: create new file with 4 stubs (viewer, no_doc_content, user_403, export_csv)
- test_security.py: create new file with 2 stubs (credentials_enc_not_in_response, delete_user_cleans_files)
- All stubs: xfail(strict=False), body is pytest.xfail("not implemented yet")
37 lines
1.3 KiB
Python
37 lines
1.3 KiB
Python
"""
|
|
Security invariant tests — Wave 0 xfail stubs for Phase 4.
|
|
|
|
All tests in this file are xfail stubs. They will be implemented in Plans
|
|
04-06 and 04-08 (security hardening). The stubs ensure pytest collects them
|
|
and keeps CI green before implementation code exists.
|
|
|
|
Requirements: SEC-08 (credentials_enc exclusion), SEC-09 (delete-user-cleans-files).
|
|
"""
|
|
from __future__ import annotations
|
|
|
|
import os
|
|
|
|
import pytest
|
|
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# SEC-08: credentials_enc never in API response
|
|
# ---------------------------------------------------------------------------
|
|
|
|
|
|
@pytest.mark.xfail(strict=False)
|
|
async def test_credentials_enc_not_in_response(async_client, auth_user):
|
|
"""No API response for current user includes credentials_enc field."""
|
|
pytest.xfail("not implemented yet")
|
|
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# SEC-09: Delete user cleans up MinIO objects
|
|
# ---------------------------------------------------------------------------
|
|
|
|
|
|
@pytest.mark.xfail(strict=False)
|
|
async def test_delete_user_cleans_files(async_client, admin_user):
|
|
"""Admin DELETE /api/admin/users/{id} triggers MinIO object deletion before DB removal."""
|
|
pytest.xfail("not implemented yet")
|