31 lines
951 B
Python
31 lines
951 B
Python
import pytest
|
|
from conftest import TEST_BOT_TOKEN, make_init_data
|
|
|
|
from app.core.config import Settings
|
|
from app.services.telegram_auth import verify_webapp_init_data
|
|
|
|
|
|
def test_telegram_init_data_auth() -> None:
|
|
values = verify_webapp_init_data(make_init_data(42), TEST_BOT_TOKEN)
|
|
|
|
assert values["id"] == 42
|
|
|
|
|
|
def test_cors_config_reads_csv() -> None:
|
|
settings = Settings(
|
|
bot_token="token",
|
|
cors_origins="https://drivers.smartsoltech.kr,https://t.me",
|
|
)
|
|
|
|
assert settings.cors_origin_list == ["https://drivers.smartsoltech.kr", "https://t.me"]
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_user_cannot_get_foreign_car(client, auth_headers, other_auth_headers) -> None:
|
|
created = await client.post("/api/cars", headers=auth_headers, json={"name": "Owner car"})
|
|
car_id = created.json()["id"]
|
|
|
|
response = await client.get(f"/api/cars/{car_id}", headers=other_auth_headers)
|
|
|
|
assert response.status_code == 403
|