Files
wehub-resource-sync 7a0da7932b
OSV-Scanner (Scheduled) / scan-scheduled (push) Failing after 0s
Create Release / test-gate (push) Has been cancelled
Create Release / release-gate (push) Has been cancelled
Create Release / ci-gate (push) Has been cancelled
Create Release / version-check (push) Has been cancelled
Create Release / e2e-test-gate (push) Has been cancelled
Create Release / responsive-test-gate (push) Has been cancelled
Create Release / compat-test-gate (push) Has been cancelled
Create Release / compose-integration-gate (push) Has been cancelled
Create Release / vulture-gate (push) Has been cancelled
Create Release / build (push) Has been cancelled
Create Release / provenance (push) Has been cancelled
Create Release / prerelease-docker (push) Has been cancelled
Create Release / publish-docker (push) Has been cancelled
Create Release / create-release (push) Has been cancelled
Create Release / cleanup-changelog (push) Has been cancelled
Create Release / trigger-pypi (push) Has been cancelled
Create Release / monitor-pypi (push) Has been cancelled
Create Release / Clean up orphan prerelease tags and signatures (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-form] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-metrics] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-workflow] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [settings-core] (push) Has been cancelled
CodeQL Advanced / Analyze (javascript-typescript) (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [history-news] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [library] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [link-analytics] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [chat-core] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [chat-lifecycle] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [error-benchmark] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [settings-pages] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) (push) Has been cancelled
Docker Tests (Consolidated) / Accessibility Tests (push) Has been cancelled
Docker Tests (Consolidated) / LLM Unit Tests (push) Has been cancelled
Docker Tests (Consolidated) / LLM Example Tests (push) Has been cancelled
Docker Tests (Consolidated) / Production Image Smoke Test (push) Has been cancelled
Docker Tests (Consolidated) / Infrastructure Tests (push) Has been cancelled
OSSF Scorecard / OSSF Security Scorecard Analysis (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [mobile] (push) Has been cancelled
Backwards Compatibility / Verify Encryption Constants (push) Has been cancelled
Backwards Compatibility / PyPI Version Compatibility (push) Has been cancelled
Backwards Compatibility / Database Migration Tests (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Docker Tests (Consolidated) / detect-changes (push) Has been cancelled
Docker Tests (Consolidated) / Build Test Image (push) Has been cancelled
Docker Tests (Consolidated) / All Pytest Tests + Coverage (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [accessibility] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [api-crud] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-login] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-pages] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-register] (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:08:55 +08:00

146 lines
4.8 KiB
Python

"""Test with completely fresh session."""
import pytest
import re
import time
from loguru import logger
class TestFreshSession:
"""Test authentication with fresh session."""
def test_fresh_session_login(self, client):
"""Test login with completely fresh session."""
# Get login page
# audit: PUNCHLIST reviewed 2026-05 — issue resolved by prior PR (recommendation: REFACTOR_SPLIT).
response = client.get("/auth/login")
assert response.status_code == 200
logger.info(f"GET /auth/login -> {response.status_code}")
# Extract CSRF token
csrf_match = re.search(
r'name="csrf_token" value="([^"]+)"', response.data.decode()
)
csrf_token = csrf_match.group(1) if csrf_match else None
logger.info(f"CSRF token: {csrf_token}")
# Create unique test username to avoid conflicts
test_username = f"testuser_fresh_{int(time.time() * 1000)}"
test_password = "TestPass123"
# Register user first (in case it doesn't exist)
register_data = {
"username": test_username,
"password": test_password,
"confirm_password": test_password,
"acknowledge": "true",
"csrf_token": csrf_token,
}
client.post("/auth/register", data=register_data)
# Get fresh login page for new CSRF token
response = client.get("/auth/login")
csrf_match = re.search(
r'name="csrf_token" value="([^"]+)"', response.data.decode()
)
csrf_token = csrf_match.group(1) if csrf_match else None
# Login
login_data = {
"username": test_username,
"password": test_password,
"csrf_token": csrf_token,
}
logger.info("Posting login data...")
response = client.post(
"/auth/login", data=login_data, follow_redirects=False
)
logger.info(f"POST /auth/login -> {response.status_code}")
if response.status_code == 302:
logger.info("✅ Login successful! Got redirect")
# Follow redirect
location = response.headers.get("Location", "/")
response = client.get(location, follow_redirects=False)
logger.info(f"GET {location} -> {response.status_code}")
if response.status_code == 200:
logger.info("✅ Successfully accessed home page!")
elif response.status_code == 302:
logger.error(
f"Got redirected again to: {response.headers.get('Location')}"
)
# Test auth check
response = client.get("/auth/check")
logger.info(f"GET /auth/check -> {response.status_code}")
assert response.status_code == 200
data = response.get_json()
assert data.get("authenticated") is True
logger.info(f"✅ Authenticated as: {data.get('username')}")
else:
pytest.fail(
f"Login failed with status code: {response.status_code}"
)
def test_fresh_session_api_access(self, client):
"""Test API access with fresh session."""
# Try to access API without login
response = client.get("/settings/api")
assert response.status_code in [
401,
302,
] # Should be unauthorized or redirect
# Register and login
response = client.get("/auth/login")
csrf_match = re.search(
r'name="csrf_token" value="([^"]+)"', response.data.decode()
)
csrf_token = csrf_match.group(1) if csrf_match else None
# Create unique test username to avoid conflicts
test_username = f"testuser_api_{int(time.time() * 1000)}"
test_password = "TestPass123"
register_data = {
"username": test_username,
"password": test_password,
"confirm_password": test_password,
"acknowledge": "true",
"csrf_token": csrf_token,
}
client.post("/auth/register", data=register_data)
# Get fresh login page
response = client.get("/auth/login")
csrf_match = re.search(
r'name="csrf_token" value="([^"]+)"', response.data.decode()
)
csrf_token = csrf_match.group(1) if csrf_match else None
login_data = {
"username": test_username,
"password": test_password,
"csrf_token": csrf_token,
}
response = client.post(
"/auth/login", data=login_data, follow_redirects=True
)
assert response.status_code == 200
# Now try API access
response = client.get("/settings/api")
assert response.status_code == 200
data = response.get_json()
assert data["status"] == "success"
assert "settings" in data