PlainSQL / backend /tests /test_auth.py
LalitChaudhari3's picture
feat: synchronize text-to-sql-bot codebase with Hugging Face Space repository, including Docker build configurations
6086e71
Raw
History Blame Contribute Delete
2.39 kB
"""
Tests for the RBAC and Auth system.
"""
import sys
import os
sys.path.insert(0, os.path.join(os.path.dirname(__file__), ".."))
from app.auth.jwt_auth import AuthService
from app.auth.rbac import Permission, check_permission
class TestAuthService:
"""Test JWT token creation and verification."""
def setup_method(self):
self.auth = AuthService(secret_key="test-secret-key-for-tests", expiry_hours=1)
def test_create_and_verify_token(self):
token = self.auth.create_access_token(
user_id="user_1", username="testuser", role="analyst", tenant_id="default"
)
payload = self.auth.verify_token(token)
assert payload["sub"] == "user_1"
assert payload["username"] == "testuser"
assert payload["role"] == "analyst"
assert payload["tenant_id"] == "default"
def test_password_hashing(self):
password = "SecurePassword123!"
hashed = self.auth.hash_password(password)
assert self.auth.verify_password(password, hashed) is True
assert self.auth.verify_password("WrongPassword", hashed) is False
def test_api_key_creation(self):
api_key = self.auth.create_api_key_token(
key_name="test-key", tenant_id="default", role="analyst"
)
payload = self.auth.verify_token(api_key)
assert payload["type"] == "api_key"
assert payload["role"] == "analyst"
class TestRBAC:
"""Test Role-Based Access Control."""
def test_admin_has_all_permissions(self):
for perm in Permission:
assert check_permission("admin", perm) is True
def test_analyst_permissions(self):
assert check_permission("analyst", Permission.READ) is True
assert check_permission("analyst", Permission.EXECUTE) is True
assert check_permission("analyst", Permission.VIEW_ANALYTICS) is True
assert check_permission("analyst", Permission.MANAGE_USERS) is False
assert check_permission("analyst", Permission.MANAGE_API_KEYS) is False
def test_viewer_permissions(self):
assert check_permission("viewer", Permission.READ) is True
assert check_permission("viewer", Permission.EXECUTE) is False
assert check_permission("viewer", Permission.MANAGE_USERS) is False
def test_invalid_role(self):
assert check_permission("hacker", Permission.READ) is False