Git/mgeeky-decode-spam-headers
1
0
Fork 0
mirror of https://github.com/mgeeky/decode-spam-headers.git synced 2026-02-22 05:23:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
0f5f300c69979dff69a0caae2bc61881eaf2ad9f
mgeeky-decode-spam-headers/backend/tests/api/test_captcha.py
Mariusz Banach 0f5f300c69 MAESTRO: add security ops red tests
2026-02-18 04:03:23 +01:00

62 lines
1.7 KiB
Python
Raw Blame History

from __future__ import annotations
import base64
import pytest
from httpx import ASGITransport, AsyncClient
from app.main import app
from app.security.captcha import create_captcha_challenge
def _assert_png_base64(image_base64: str) -> None:
decoded = base64.b64decode(image_base64)
assert decoded.startswith(b"\x89PNG\r\n\x1a\n")
@pytest.mark.anyio
async def test_captcha_challenge_generation_produces_image() -> None:
challenge = create_captcha_challenge()
assert challenge.challenge_token
assert challenge.image_base64
assert challenge.answer
_assert_png_base64(challenge.image_base64)
@pytest.mark.anyio
async def test_captcha_verify_rejects_invalid_answer() -> None:
challenge = create_captcha_challenge()
async with AsyncClient(
transport=ASGITransport(app=app),
base_url="http://test",
) as client:
response = await client.post(
"/api/captcha/verify",
json={"challengeToken": challenge.challenge_token, "answer": "incorrect"},
)
assert response.status_code == 400
payload = response.json()
assert payload.get("error") or payload.get("detail")
@pytest.mark.anyio
async def test_captcha_verify_returns_bypass_token() -> None:
challenge = create_captcha_challenge()
async with AsyncClient(
transport=ASGITransport(app=app),
base_url="http://test",
) as client:
response = await client.post(
"/api/captcha/verify",
json={"challengeToken": challenge.challenge_token, "answer": challenge.answer},
)
assert response.status_code == 200
payload = response.json()
assert payload["success"] is True
assert payload["bypassToken"]
Reference in New Issue View Git Blame Copy Permalink