Add Authentication Tests for Unauthorized Access to Protected Resources #14
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add test_protected_endpoints_without_token() to verify missing token rejection - Add test_protected_endpoints_with_invalid_token() to verify invalid token rejection - Modify setUp() to use create_app() and create Flask test client - Tests verify 401 responses with correct error messages for auth, invoices, and reports endpoints Co-Authored-By: jia.wu@codeium.com <jia_wu@hotmail.ca>
Author
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
⚙️ Control Options:
|
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add Authentication Tests for Unauthorized Access to Protected Resources
Summary
This PR adds authentication tests to verify that protected endpoints properly reject unauthenticated requests with 401 responses. Previously, the JWT test suite only tested token creation and decoding functions, but didn't test the actual HTTP authentication flow.
Changes:
setUp()to usecreate_app()and create a Flask test client for HTTP request testingtest_protected_endpoints_without_token()- verifies requests without Authorization header are rejected with 401 and error message "Authorization token is required"test_protected_endpoints_with_invalid_token()- verifies requests with malformed tokens are rejected with 401 and error message containing "Invalid token"All tests pass locally using all three execution methods (
run_tests.py, direct execution,unittest discover).Review & Testing Checklist for Human
python3 tests/run_tests.pypython3 tests/test_jwt.pypython3 -m unittest discover tests -vapp.pyJWT error handlers. Confirm these are the correct messages users should see.Test Plan
Notes
setUp()method now creates the full Flask application usingcreate_app()instead of a minimal Flask app. This provides more realistic testing but means all tests now run with complete app initialization (database, blueprints, error handlers). All existing tests continue to pass with this change.