fix: update tests to provide password after OAuth token bypass fix

2026-04-09 16:35:15 +02:00 · 2026-04-09 16:35:15 +02:00 · cf59abe6dd
commit cf59abe6dd
parent 7f523788c2
2 changed files with 12 additions and 5 deletions
--- a/tests/test_api.py
+++ b/tests/test_api.py
@ -24,10 +24,15 @@ def seeded_client(tmp_path, monkeypatch):
    from src.repositories.users import UserRepository
    from app.auth.jwt import create_access_token

+    from argon2 import PasswordHasher
+    ph = PasswordHasher()
+
    conn = get_system_db()
    repo = UserRepository(conn)
-    repo.create(id="admin1", email="admin@acme.com", name="Admin", role="admin")
-    repo.create(id="analyst1", email="analyst@acme.com", name="Analyst", role="analyst")
+    repo.create(id="admin1", email="admin@acme.com", name="Admin", role="admin",
+                password_hash=ph.hash("adminpass"))
+    repo.create(id="analyst1", email="analyst@acme.com", name="Analyst", role="analyst",
+                password_hash=ph.hash("analystpass"))
    conn.close()

    app = create_app()
@ -61,7 +66,7 @@ class TestHealth:
 class TestAuth:
    def test_token_for_existing_user(self, seeded_client):
        client, _, _ = seeded_client
-        resp = client.post("/auth/token", json={"email": "admin@acme.com"})
+        resp = client.post("/auth/token", json={"email": "admin@acme.com", "password": "adminpass"})
        assert resp.status_code == 200
        data = resp.json()
        assert "access_token" in data
--- a/tests/test_cli.py
+++ b/tests/test_cli.py
@ -88,9 +88,11 @@ class TestAuth:
        from src.db import get_system_db
        from src.repositories.users import UserRepository

+        from argon2 import PasswordHasher
        conn = get_system_db()
        repo = UserRepository(conn)
-        repo.create(id="u1", email="test@acme.com", name="Test", role="analyst")
+        repo.create(id="u1", email="test@acme.com", name="Test", role="analyst",
+                    password_hash=PasswordHasher().hash("testpass"))
        conn.close()

        from fastapi.testclient import TestClient
@ -103,7 +105,7 @@ class TestAuth:
            mock_get_client.return_value.__exit__ = MagicMock(return_value=False)

            # Simulate the API call
-            resp = client.post("/auth/token", json={"email": "test@acme.com"})
+            resp = client.post("/auth/token", json={"email": "test@acme.com", "password": "testpass"})
            assert resp.status_code == 200
            token = resp.json()["access_token"]