Spaces:
Paused
Paused
File size: 1,038 Bytes
4ae946d | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | from fastapi.testclient import TestClient
from app.factory import create_app
app = create_app()
client = TestClient(app)
def test_analytics_cases_unauthenticated():
"""Verify that accessing /api/v1/analytics/cases without auth returns 401."""
response = client.get("/api/v1/analytics/cases")
# CURRENT VULNERABILITY: If this returns 200/500 instead of 401, it's vulnerable.
# We assert 401 because that's the DESIRED state.
# If the test FAILS with 200/500, we've confirmed the vulnerability.
assert response.status_code == 401
def test_analytics_transactions_unauthenticated():
"""Verify that accessing /api/v1/analytics/transactions without auth returns 401."""
response = client.get("/api/v1/analytics/transactions")
assert response.status_code == 401
def test_analytics_temporal_flow_unauthenticated():
"""Verify that accessing /api/v1/analytics/temporal-flow without auth returns 401."""
response = client.get("/api/v1/analytics/temporal-flow")
assert response.status_code == 401
|