diff --git a/README.md b/README.md index 916fd005..aa378648 100644 --- a/README.md +++ b/README.md @@ -86,3 +86,38 @@ Note: This project integrates with third-party APIs. You will need to obtain the We <3 contributions big and small: - Submit a [feature request](https://github.com/chapter-gtm/chapter/issues/new?assignees=&labels=&projects=&template=feature_request.md&title=) or [bug report](https://github.com/chapter-gtm/chapter/issues/new?assignees=&labels=&projects=&template=bug_report.md&title=) + +## Test +- 1 +- 2 +- 3 +- 4 +- 5 +- 6 +- 7 +- 8 +- 9 +- 10 +- 11 +- 12 +- 13 +- 14 +- 15 +- 16 +- 17 +- 18 +- 20 +- 21 +- 22 +- 23 +- 24 +- 25 +- 26 +- 27 +- 28 +- 29 +- 30 +- 31 +- 32 +- 33 +- 34 diff --git a/chapter_api_tests/0.2.0/validation/test_post_api-access-login.py b/chapter_api_tests/0.2.0/validation/test_post_api-access-login.py new file mode 100644 index 00000000..64629151 --- /dev/null +++ b/chapter_api_tests/0.2.0/validation/test_post_api-access-login.py @@ -0,0 +1,126 @@ +import os +import pytest +import httpx + +API_BASE_URL = os.getenv('API_BASE_URL') + + +@pytest.mark.asyncio +async def test_login_success(): + url = f'{API_BASE_URL}/api/access/login' + payload = {'username': 'testuser', 'password': 'testpass'} + response = await httpx.post(url, json=payload) + + assert response.status_code == 201 + assert response.headers['Content-Type'] == 'application/json' + assert 'access_token' in response.json() + assert 'token_type' in response.json() + + +@pytest.mark.asyncio +async def test_login_missing_username(): + url = f'{API_BASE_URL}/api/access/login' + payload = {'password': 'testpass'} + response = await httpx.post(url, json=payload) + + assert response.status_code == 400 + assert response.json()['status_code'] == 400 + assert response.json()['detail'] == 'Bad Request' + + +@pytest.mark.asyncio +async def test_login_missing_password(): + url = f'{API_BASE_URL}/api/access/login' + payload = {'username': 'testuser'} + response = await httpx.post(url, json=payload) + + assert response.status_code == 400 + assert response.json()['status_code'] == 400 + assert response.json()['detail'] == 'Bad Request' + + +@pytest.mark.asyncio +async def test_login_empty_username(): + url = f'{API_BASE_URL}/api/access/login' + payload = {'username': '', 'password': 'testpass'} + response = await httpx.post(url, json=payload) + + assert response.status_code == 400 + assert response.json()['status_code'] == 400 + assert response.json()['detail'] == 'Bad Request' + + +@pytest.mark.asyncio +async def test_login_empty_password(): + url = f'{API_BASE_URL}/api/access/login' + payload = {'username': 'testuser', 'password': ''} + response = await httpx.post(url, json=payload) + + assert response.status_code == 400 + assert response.json()['status_code'] == 400 + assert response.json()['detail'] == 'Bad Request' + + +@pytest.mark.asyncio +async def test_login_invalid_credentials(): + url = f'{API_BASE_URL}/api/access/login' + payload = {'username': 'invaliduser', 'password': 'wrongpass'} + response = await httpx.post(url, json=payload) + + assert response.status_code == 400 + assert response.json()['status_code'] == 400 + assert response.json()['detail'] == 'Bad Request' + + +@pytest.mark.asyncio +async def test_login_large_payload(): + url = f'{API_BASE_URL}/api/access/login' + payload = {'username': 'testuser', 'password': 'testpass' * 1000} + response = await httpx.post(url, json=payload) + + assert response.status_code == 400 + assert response.json()['status_code'] == 400 + assert response.json()['detail'] == 'Bad Request' + + +@pytest.mark.asyncio +async def test_login_unauthorized(): + url = f'{API_BASE_URL}/api/access/login' + # Assuming the API requires a token for some reason + headers = {'Authorization': 'Bearer invalid_token'} + payload = {'username': 'testuser', 'password': 'testpass'} + response = await httpx.post(url, json=payload, headers=headers) + + assert response.status_code == 401 + + +@pytest.mark.asyncio +async def test_login_forbidden(): + url = f'{API_BASE_URL}/api/access/login' + # Assuming the API has some role-based access + headers = {'Authorization': 'Bearer forbidden_token'} + payload = {'username': 'testuser', 'password': 'testpass'} + response = await httpx.post(url, json=payload, headers=headers) + + assert response.status_code == 403 + + +@pytest.mark.asyncio +async def test_login_malformed_request(): + url = f'{API_BASE_URL}/api/access/login' + response = await httpx.post(url, data='malformed_data') + + assert response.status_code == 400 + assert response.json()['status_code'] == 400 + assert response.json()['detail'] == 'Bad Request' + + +@pytest.mark.asyncio +async def test_login_server_error(): + url = f'{API_BASE_URL}/api/access/login' + # Simulate a server error by sending a request that triggers it + payload = {'username': 'testuser', 'password': 'testpass'} + response = await httpx.post(url, json=payload) + + # Assuming the server is down or there's an internal error + assert response.status_code == 500 diff --git a/chapter_api_tests/0.2.0/validation/test_post_api-access-logout.py b/chapter_api_tests/0.2.0/validation/test_post_api-access-logout.py new file mode 100644 index 00000000..61a01389 --- /dev/null +++ b/chapter_api_tests/0.2.0/validation/test_post_api-access-logout.py @@ -0,0 +1,93 @@ +import os +import pytest +import httpx + + +@pytest.fixture +async def client(): + base_url = os.getenv('API_BASE_URL') + async with httpx.AsyncClient(base_url=base_url) as client: + yield client + + +@pytest.mark.asyncio +async def test_logout_success(client): + response = await client.post('/api/access/logout') + assert response.status_code == 201 + assert response.headers['Content-Type'] == 'application/json' + assert response.json() == {} + + +@pytest.mark.asyncio +async def test_logout_unauthorized(client): + response = await client.post('/api/access/logout', headers={'Authorization': 'Bearer invalid_token'}) + assert response.status_code == 401 + assert response.headers['Content-Type'] == 'application/json' + assert 'error' in response.json() + + +@pytest.mark.asyncio +async def test_logout_forbidden(client): + response = await client.post('/api/access/logout', headers={'Authorization': 'Bearer forbidden_token'}) + assert response.status_code == 403 + assert response.headers['Content-Type'] == 'application/json' + assert 'error' in response.json() + + +@pytest.mark.asyncio +async def test_logout_empty_response(client): + response = await client.post('/api/access/logout') + assert response.status_code == 201 + assert response.json() == {} + + +@pytest.mark.asyncio +async def test_logout_invalid_request(client): + # Simulating a malformed request by sending an invalid method + response = await client.get('/api/access/logout') + assert response.status_code == 405 # Method Not Allowed + + +@pytest.mark.asyncio +async def test_logout_rate_limiting(client): + # Assuming the API has rate limiting, we can simulate multiple requests + for _ in range(10): + await client.post('/api/access/logout') + response = await client.post('/api/access/logout') + assert response.status_code == 429 # Too Many Requests + + +@pytest.mark.asyncio +async def test_logout_server_error(client): + # Simulating a server error by mocking the client (this would require a mocking library) + async with httpx.AsyncClient(base_url=os.getenv('API_BASE_URL')) as mock_client: + mock_client.post = lambda *args, **kwargs: httpx.Response(500) + response = await mock_client.post('/api/access/logout') + assert response.status_code == 500 + + +@pytest.mark.asyncio +async def test_logout_edge_cases(client): + # Test with large payloads or empty responses if applicable + response = await client.post('/api/access/logout') + assert response.status_code == 201 + assert response.headers['Content-Type'] == 'application/json' + assert response.json() == {} + + +@pytest.mark.asyncio +async def test_logout_with_valid_token(client): + # Assuming we have a valid token for testing + valid_token = 'valid_token' + response = await client.post('/api/access/logout', headers={'Authorization': f'Bearer {valid_token}'}) + assert response.status_code == 201 + assert response.headers['Content-Type'] == 'application/json' + assert response.json() == {} + + +@pytest.mark.asyncio +async def test_logout_with_invalid_token(client): + response = await client.post('/api/access/logout', headers={'Authorization': 'Bearer invalid_token'}) + assert response.status_code == 401 + assert response.headers['Content-Type'] == 'application/json' + assert 'error' in response.json()