File size: 1,576 Bytes
0e76632 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 | """Tests for first-boot /setup flow."""
import pytest
async def test_status_first_run_when_no_admin(client):
resp = await client.get("/api/v1/setup/status")
assert resp.status_code == 200
data = resp.json()
assert data["is_first_run"] is True
assert "version" in data
async def test_create_admin_then_setup_closed(client):
resp = await client.post(
"/api/v1/setup/create-admin",
json={"name": "Founder", "email": "founder@mbm.edu", "password": "supersecret123"},
)
assert resp.status_code == 200, resp.text
body = resp.json()
assert body["access_token"]
assert body["user"]["role"] == "admin"
assert body["user"]["is_founder"] is True
# Setup is now closed
status = await client.get("/api/v1/setup/status")
assert status.json()["is_first_run"] is False
# Second attempt rejected
again = await client.post(
"/api/v1/setup/create-admin",
json={"name": "Other", "email": "other@mbm.edu", "password": "supersecret123"},
)
assert again.status_code == 409
async def test_create_admin_rejects_short_password(client):
resp = await client.post(
"/api/v1/setup/create-admin",
json={"name": "X", "email": "x@mbm.edu", "password": "short"},
)
assert resp.status_code == 422 # pydantic validation
async def test_recovery_localhost_only(client):
# httpx ASGITransport sets request.client to 127.0.0.1 by default
resp = await client.get("/api/v1/setup/recovery")
assert resp.status_code == 200
assert resp.json()["ok"] is True
|