AI-Cognitive-Leap/agnes-the-ai-analyst
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
agnes-the-ai-analyst/tests/test_setup_banner_api.py
ZdenekSrotyr 39146288e1 feat: admin-editable setup_banner on /setup page (schema v22) 
Adds an optional Jinja2/HTML banner displayed above the bootstrap
commands on /setup. Empty by default; admin authors it at
/admin/setup-banner. autoescape=True — safe for HTML context.
Render failures return "" so a broken banner never breaks /setup.

Schema v22: setup_banner singleton table, auto-migration v21→v22.
2026-05-03 16:12:13 +02:00

104 lines
3.1 KiB
Python
Raw Blame History

"""End-to-end tests for /api/admin/setup-banner endpoints."""
def _auth(token: str) -> dict[str, str]:
return {"Authorization": f"Bearer {token}"}
def test_admin_can_set_and_clear_banner(seeded_app):
c = seeded_app["client"]
admin = _auth(seeded_app["admin_token"])
# GET initial state
r = c.get("/api/admin/setup-banner", headers=admin)
assert r.status_code == 200
body = r.json()
assert body["content"] is None
# PUT banner
r = c.put(
"/api/admin/setup-banner",
json={"content": "<p>VPN required before install.</p>"},
headers=admin,
)
assert r.status_code == 200
# GET shows new content
r = c.get("/api/admin/setup-banner", headers=admin)
assert r.json()["content"] == "<p>VPN required before install.</p>"
assert r.json()["updated_by"] is not None
# DELETE = clear
r = c.delete("/api/admin/setup-banner", headers=admin)
assert r.status_code == 204
r = c.get("/api/admin/setup-banner", headers=admin)
assert r.json()["content"] is None
def test_non_admin_cannot_edit_banner(seeded_app):
c = seeded_app["client"]
analyst = _auth(seeded_app["analyst_token"])
r = c.put("/api/admin/setup-banner", json={"content": "<p>x</p>"}, headers=analyst)
assert r.status_code == 403
def test_put_rejects_invalid_jinja2(seeded_app):
c = seeded_app["client"]
admin = _auth(seeded_app["admin_token"])
r = c.put(
"/api/admin/setup-banner",
json={"content": "{% for x in y %}"}, # unclosed loop
headers=admin,
)
assert r.status_code == 400
assert "invalid" in r.json()["detail"].lower()
def test_put_rejects_undefined_placeholder(seeded_app):
"""Templates that reference unknown placeholders must be rejected at PUT
time so the admin sees the error immediately."""
c = seeded_app["client"]
admin = _auth(seeded_app["admin_token"])
r = c.put(
"/api/admin/setup-banner",
json={"content": "Hello {{ user.emial }}"}, # typo
headers=admin,
)
assert r.status_code == 400
assert "emial" in r.json()["detail"] or "undefined" in r.json()["detail"].lower()
def test_preview_renders_arbitrary_content(seeded_app):
c = seeded_app["client"]
admin = _auth(seeded_app["admin_token"])
r = c.post(
"/api/admin/setup-banner/preview",
json={"content": "<b>Hello {{ user.email }}</b>"},
headers=admin,
)
assert r.status_code == 200
# autoescape=True: rendered content must contain the escaped or literal email
assert "admin@test.com" in r.json()["content"]
def test_preview_requires_admin(seeded_app):
c = seeded_app["client"]
analyst = _auth(seeded_app["analyst_token"])
r = c.post(
"/api/admin/setup-banner/preview",
json={"content": "<p>x</p>"},
headers=analyst,
)
assert r.status_code == 403
def test_preview_rejects_invalid_template(seeded_app):
c = seeded_app["client"]
admin = _auth(seeded_app["admin_token"])
r = c.post(
"/api/admin/setup-banner/preview",
json={"content": "{% for x in y %}"},
headers=admin,
)
assert r.status_code == 400
Reference in a new issue View git blame Copy permalink