mirror of
https://github.com/mgeeky/decode-spam-headers.git
synced 2026-02-22 05:23:31 +01:00
MAESTRO: add security ops red tests
This commit is contained in:
61
backend/tests/api/test_captcha.py
Normal file
61
backend/tests/api/test_captcha.py
Normal file
@@ -0,0 +1,61 @@
|
||||
from __future__ import annotations
|
||||
|
||||
import base64
|
||||
|
||||
import pytest
|
||||
from httpx import ASGITransport, AsyncClient
|
||||
|
||||
from app.main import app
|
||||
from app.security.captcha import create_captcha_challenge
|
||||
|
||||
|
||||
def _assert_png_base64(image_base64: str) -> None:
|
||||
decoded = base64.b64decode(image_base64)
|
||||
assert decoded.startswith(b"\x89PNG\r\n\x1a\n")
|
||||
|
||||
|
||||
@pytest.mark.anyio
|
||||
async def test_captcha_challenge_generation_produces_image() -> None:
|
||||
challenge = create_captcha_challenge()
|
||||
|
||||
assert challenge.challenge_token
|
||||
assert challenge.image_base64
|
||||
assert challenge.answer
|
||||
_assert_png_base64(challenge.image_base64)
|
||||
|
||||
|
||||
@pytest.mark.anyio
|
||||
async def test_captcha_verify_rejects_invalid_answer() -> None:
|
||||
challenge = create_captcha_challenge()
|
||||
|
||||
async with AsyncClient(
|
||||
transport=ASGITransport(app=app),
|
||||
base_url="http://test",
|
||||
) as client:
|
||||
response = await client.post(
|
||||
"/api/captcha/verify",
|
||||
json={"challengeToken": challenge.challenge_token, "answer": "incorrect"},
|
||||
)
|
||||
|
||||
assert response.status_code == 400
|
||||
payload = response.json()
|
||||
assert payload.get("error") or payload.get("detail")
|
||||
|
||||
|
||||
@pytest.mark.anyio
|
||||
async def test_captcha_verify_returns_bypass_token() -> None:
|
||||
challenge = create_captcha_challenge()
|
||||
|
||||
async with AsyncClient(
|
||||
transport=ASGITransport(app=app),
|
||||
base_url="http://test",
|
||||
) as client:
|
||||
response = await client.post(
|
||||
"/api/captcha/verify",
|
||||
json={"challengeToken": challenge.challenge_token, "answer": challenge.answer},
|
||||
)
|
||||
|
||||
assert response.status_code == 200
|
||||
payload = response.json()
|
||||
assert payload["success"] is True
|
||||
assert payload["bypassToken"]
|
||||
Reference in New Issue
Block a user