Files
wehub-resource-sync 7a0da7932b
OSV-Scanner (Scheduled) / scan-scheduled (push) Failing after 0s
Create Release / test-gate (push) Has been cancelled
Create Release / release-gate (push) Has been cancelled
Create Release / ci-gate (push) Has been cancelled
Create Release / version-check (push) Has been cancelled
Create Release / e2e-test-gate (push) Has been cancelled
Create Release / responsive-test-gate (push) Has been cancelled
Create Release / compat-test-gate (push) Has been cancelled
Create Release / compose-integration-gate (push) Has been cancelled
Create Release / vulture-gate (push) Has been cancelled
Create Release / build (push) Has been cancelled
Create Release / provenance (push) Has been cancelled
Create Release / prerelease-docker (push) Has been cancelled
Create Release / publish-docker (push) Has been cancelled
Create Release / create-release (push) Has been cancelled
Create Release / cleanup-changelog (push) Has been cancelled
Create Release / trigger-pypi (push) Has been cancelled
Create Release / monitor-pypi (push) Has been cancelled
Create Release / Clean up orphan prerelease tags and signatures (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-form] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-metrics] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-workflow] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [settings-core] (push) Has been cancelled
CodeQL Advanced / Analyze (javascript-typescript) (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [history-news] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [library] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [link-analytics] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [chat-core] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [chat-lifecycle] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [error-benchmark] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [settings-pages] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) (push) Has been cancelled
Docker Tests (Consolidated) / Accessibility Tests (push) Has been cancelled
Docker Tests (Consolidated) / LLM Unit Tests (push) Has been cancelled
Docker Tests (Consolidated) / LLM Example Tests (push) Has been cancelled
Docker Tests (Consolidated) / Production Image Smoke Test (push) Has been cancelled
Docker Tests (Consolidated) / Infrastructure Tests (push) Has been cancelled
OSSF Scorecard / OSSF Security Scorecard Analysis (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [mobile] (push) Has been cancelled
Backwards Compatibility / Verify Encryption Constants (push) Has been cancelled
Backwards Compatibility / PyPI Version Compatibility (push) Has been cancelled
Backwards Compatibility / Database Migration Tests (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Docker Tests (Consolidated) / detect-changes (push) Has been cancelled
Docker Tests (Consolidated) / Build Test Image (push) Has been cancelled
Docker Tests (Consolidated) / All Pytest Tests + Coverage (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [accessibility] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [api-crud] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-login] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-pages] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-register] (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:08:55 +08:00

285 lines
11 KiB
Python

# allow: no-sut-import — black-box HTTP test; drives real routes through the Flask test client
"""Unit tests for Chat route input validation.
Tests verify request validation in chat API routes:
- Title length validation
- Status value validation
- Message content validation
- Pagination parameter validation
"""
import json
class TestSessionRouteValidation:
"""Tests for session route input validation."""
def test_create_session_accepts_valid_request(self, authenticated_client):
"""Test that valid session creation request succeeds."""
response = authenticated_client.post(
"/api/chat/sessions",
json={"initial_query": "Test query", "title": "Test Title"},
content_type="application/json",
)
assert response.status_code == 200
data = json.loads(response.data)
assert data["success"] is True
def test_create_session_without_body(self, authenticated_client):
"""Test that session can be created with empty body."""
response = authenticated_client.post(
"/api/chat/sessions",
json={}, # Empty body
content_type="application/json",
)
# Should succeed - body fields are optional
assert response.status_code == 200
data = json.loads(response.data)
assert data["success"] is True
def test_update_session_invalid_title_length(self, authenticated_client):
"""Test that titles over 500 chars are rejected."""
# First create a session
create_response = authenticated_client.post(
"/api/chat/sessions",
json={"initial_query": "Test"},
content_type="application/json",
)
session_id = json.loads(create_response.data)["session_id"]
# Try to update with a too-long title
long_title = "A" * 501
response = authenticated_client.patch(
f"/api/chat/sessions/{session_id}",
json={"title": long_title},
content_type="application/json",
)
assert response.status_code == 400
data = json.loads(response.data)
assert data["success"] is False
assert "too long" in data["error"].lower()
def test_update_session_invalid_status_value(self, authenticated_client):
"""Test that invalid status values are rejected."""
# First create a session
create_response = authenticated_client.post(
"/api/chat/sessions",
json={"initial_query": "Test"},
content_type="application/json",
)
session_id = json.loads(create_response.data)["session_id"]
# Try to update with an invalid status
response = authenticated_client.patch(
f"/api/chat/sessions/{session_id}",
json={"status": "invalid_status"},
content_type="application/json",
)
assert response.status_code == 400
data = json.loads(response.data)
assert data["success"] is False
assert "invalid" in data["error"].lower()
def test_get_session_nonexistent_uuid(self, authenticated_client):
"""Test that nonexistent session returns 404."""
response = authenticated_client.get(
"/api/chat/sessions/00000000-0000-0000-0000-000000000000"
)
assert response.status_code == 404
data = json.loads(response.data)
assert data["success"] is False
class TestMessageRouteValidation:
"""Tests for message route input validation."""
def test_send_message_empty_content_rejected(self, authenticated_client):
"""Test that empty message content is rejected."""
# Create a session first
create_response = authenticated_client.post(
"/api/chat/sessions",
json={"initial_query": "Test"},
content_type="application/json",
)
session_id = json.loads(create_response.data)["session_id"]
# Try to send empty message
response = authenticated_client.post(
f"/api/chat/sessions/{session_id}/messages",
json={"content": ""},
content_type="application/json",
)
assert response.status_code == 400
data = json.loads(response.data)
assert data["success"] is False
assert "required" in data["error"].lower()
def test_send_message_missing_content_rejected(self, authenticated_client):
"""Test that missing content field is rejected."""
# Create a session first
create_response = authenticated_client.post(
"/api/chat/sessions",
json={"initial_query": "Test"},
content_type="application/json",
)
session_id = json.loads(create_response.data)["session_id"]
# Try to send message without content
response = authenticated_client.post(
f"/api/chat/sessions/{session_id}/messages",
json={},
content_type="application/json",
)
assert response.status_code == 400
data = json.loads(response.data)
assert data["success"] is False
def test_send_message_content_length_limit(self, authenticated_client):
"""Test that message content is limited to 10,000 characters."""
# Create a session first
create_response = authenticated_client.post(
"/api/chat/sessions",
json={"initial_query": "Test"},
content_type="application/json",
)
session_id = json.loads(create_response.data)["session_id"]
# Try to send message with content > 10000 chars
long_content = "A" * 10001
response = authenticated_client.post(
f"/api/chat/sessions/{session_id}/messages",
json={"content": long_content, "trigger_research": False},
content_type="application/json",
)
assert response.status_code == 400
data = json.loads(response.data)
assert data["success"] is False
assert "too long" in data["error"].lower() or "10000" in data["error"]
def test_send_message_to_nonexistent_session(self, authenticated_client):
"""Test that sending to nonexistent session returns 404."""
response = authenticated_client.post(
"/api/chat/sessions/00000000-0000-0000-0000-000000000000/messages",
json={"content": "Test message", "trigger_research": False},
content_type="application/json",
)
assert response.status_code == 404
data = json.loads(response.data)
assert data["success"] is False
class TestPaginationValidation:
"""Tests for pagination parameter validation."""
def test_get_messages_pagination_limits(self, authenticated_client):
"""Test that pagination parameters are bounded correctly."""
# Create a session
create_response = authenticated_client.post(
"/api/chat/sessions",
json={"initial_query": "Test"},
content_type="application/json",
)
session_id = json.loads(create_response.data)["session_id"]
# Test with limit > 100 (should be capped)
response = authenticated_client.get(
f"/api/chat/sessions/{session_id}/messages?limit=200&offset=0"
)
assert response.status_code == 200
# Response should succeed (limit is capped internally)
data = json.loads(response.data)
assert data["success"] is True
def test_get_messages_invalid_offset(self, authenticated_client):
"""Test that invalid offset falls back to default."""
# Create a session
create_response = authenticated_client.post(
"/api/chat/sessions",
json={"initial_query": "Test"},
content_type="application/json",
)
session_id = json.loads(create_response.data)["session_id"]
# Test with invalid offset (should fall back to 0)
response = authenticated_client.get(
f"/api/chat/sessions/{session_id}/messages?offset=invalid"
)
assert response.status_code == 200
data = json.loads(response.data)
assert data["success"] is True
def test_list_sessions_invalid_status_falls_back(
self, authenticated_client
):
"""Test that invalid status falls back to 'active'."""
response = authenticated_client.get(
"/api/chat/sessions?status=invalid_status"
)
# Should succeed and return active sessions
assert response.status_code == 200
data = json.loads(response.data)
assert data["success"] is True
def test_list_sessions_valid_status_values(self, authenticated_client):
"""Test that all valid status values are accepted."""
valid_statuses = ["active", "archived", "deleted", "all"]
for status in valid_statuses:
response = authenticated_client.get(
f"/api/chat/sessions?status={status}"
)
assert response.status_code == 200, (
f"Status '{status}' should be valid"
)
data = json.loads(response.data)
assert data["success"] is True
class TestStatusTransitionValidation:
"""Tests for session status transition validation."""
def test_session_can_be_archived(self, authenticated_client):
"""Test that active session can be archived."""
# Create session
create_response = authenticated_client.post(
"/api/chat/sessions",
json={"initial_query": "Test"},
content_type="application/json",
)
session_id = json.loads(create_response.data)["session_id"]
# Archive it
response = authenticated_client.patch(
f"/api/chat/sessions/{session_id}",
json={"status": "archived"},
content_type="application/json",
)
assert response.status_code == 200
data = json.loads(response.data)
assert data["success"] is True
assert data["session"]["status"] == "archived"
def test_session_can_be_deleted(self, authenticated_client):
"""Test that session can be permanently deleted."""
# Create session
create_response = authenticated_client.post(
"/api/chat/sessions",
json={"initial_query": "Test"},
content_type="application/json",
)
session_id = json.loads(create_response.data)["session_id"]
# Delete it (hard delete)
response = authenticated_client.delete(
f"/api/chat/sessions/{session_id}"
)
assert response.status_code == 200
data = json.loads(response.data)
assert data["success"] is True
# Verify it's gone
get_response = authenticated_client.get(
f"/api/chat/sessions/{session_id}"
)
assert get_response.status_code == 404