68da26588a
- Add INTERNAL_SECRET shared-secret auth to /internal/nc-upload endpoint
- Add JWT token validation to WebSocket /ws/versions/{version_id}
- Fix NameError: band_slug → band.slug in internal.py
- Move inline imports to top of internal.py; add missing Member/NextcloudClient imports
- Remove ~15 debug print() statements from auth.py
- Replace Content-Type-only avatar check with extension whitelist + Pillow Image.verify()
- Sanitize exception details in versions.py (no more str(e) in 4xx/5xx responses)
- Restrict CORS allow_methods/allow_headers from "*" to explicit lists
- Add security headers middleware: X-Frame-Options, X-Content-Type-Options, Referrer-Policy
- Reduce JWT expiry from 7 days to 1 hour
- Add Pillow>=10.0 dependency; document INTERNAL_SECRET in .env.example
- Implement missing RedisJobQueue.dequeue() method (required by protocol)
- Fix 5 pre-existing unit test failures: settings env vars conftest, deferred Redis push,
dequeue method, AsyncMock→MagicMock for sync scalar_one_or_none
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
80 lines
2.3 KiB
Python
80 lines
2.3 KiB
Python
"""Unit tests for repositories using mocked sessions."""
|
|
|
|
import uuid
|
|
from unittest.mock import AsyncMock, MagicMock
|
|
|
|
import pytest
|
|
|
|
from rehearsalhub.repositories.band import BandRepository
|
|
from rehearsalhub.repositories.member import MemberRepository
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_get_by_id_returns_none_when_missing(mock_session):
|
|
mock_session.get.return_value = None
|
|
repo = MemberRepository(mock_session)
|
|
result = await repo.get_by_id(uuid.uuid4())
|
|
assert result is None
|
|
mock_session.get.assert_called_once()
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_get_by_id_returns_object(mock_session):
|
|
from rehearsalhub.db.models import Member
|
|
|
|
fake = MagicMock(spec=Member)
|
|
fake.id = uuid.uuid4()
|
|
mock_session.get.return_value = fake
|
|
|
|
repo = MemberRepository(mock_session)
|
|
result = await repo.get_by_id(fake.id)
|
|
assert result is fake
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_create_calls_add_flush_refresh(mock_session):
|
|
from rehearsalhub.db.models import Band
|
|
|
|
created_band = MagicMock(spec=Band)
|
|
created_band.id = uuid.uuid4()
|
|
created_band.slug = "my-band"
|
|
mock_session.refresh = AsyncMock(side_effect=lambda obj: None)
|
|
|
|
async def fake_flush():
|
|
mock_session.add.call_args[0][0].__dict__.update({"id": created_band.id})
|
|
|
|
mock_session.flush = AsyncMock(side_effect=fake_flush)
|
|
|
|
repo = BandRepository(mock_session)
|
|
# Can't test full create without a real ORM instance, but we can assert add() is called
|
|
mock_session.add = MagicMock()
|
|
assert mock_session.flush.call_count == 0
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_band_is_member_calls_get_member_role(mock_session):
|
|
band_id = uuid.uuid4()
|
|
member_id = uuid.uuid4()
|
|
|
|
result_mock = MagicMock()
|
|
result_mock.scalar_one_or_none.return_value = "admin"
|
|
mock_session.execute.return_value = result_mock
|
|
|
|
repo = BandRepository(mock_session)
|
|
is_member = await repo.is_member(band_id, member_id)
|
|
assert is_member is True
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_band_is_member_false_when_no_role(mock_session):
|
|
band_id = uuid.uuid4()
|
|
member_id = uuid.uuid4()
|
|
|
|
result_mock = MagicMock()
|
|
result_mock.scalar_one_or_none.return_value = None
|
|
mock_session.execute.return_value = result_mock
|
|
|
|
repo = BandRepository(mock_session)
|
|
is_member = await repo.is_member(band_id, member_id)
|
|
assert is_member is False
|