mirror of https://github.com/tiangolo/fastapi.git
88 lines
3.1 KiB
Python
88 lines
3.1 KiB
Python
from fastapi.testclient import TestClient
|
|
|
|
from docs_src.security.tutorial_api_key_header import app
|
|
|
|
client = TestClient(app)
|
|
|
|
|
|
def test_public_endpoint():
|
|
"""Test que l'endpoint public fonctionne sans authentification."""
|
|
response = client.get("/")
|
|
assert response.status_code == 200
|
|
assert response.json() == {"message": "Ceci est un endpoint public"}
|
|
|
|
|
|
def test_protected_endpoint_with_valid_api_key():
|
|
"""Test de l'endpoint protégé avec une API key valide."""
|
|
response = client.get("/protected", headers={"X-API-Key": "your-secret-api-key"})
|
|
assert response.status_code == 200
|
|
data = response.json()
|
|
assert "message" in data
|
|
assert "john_doe" in data["message"]
|
|
assert data["user_role"] == "admin"
|
|
assert "protected_data" in data
|
|
|
|
|
|
def test_protected_endpoint_without_api_key():
|
|
"""Test de l'endpoint protégé sans API key."""
|
|
response = client.get("/protected")
|
|
assert response.status_code == 401
|
|
assert response.json() == {"detail": "API Key manquante"}
|
|
|
|
|
|
def test_protected_endpoint_with_invalid_api_key():
|
|
"""Test de l'endpoint protégé avec une API key invalide."""
|
|
response = client.get("/protected", headers={"X-API-Key": "wrong-key"})
|
|
assert response.status_code == 401
|
|
assert response.json() == {"detail": "API Key invalide"}
|
|
|
|
|
|
def test_users_me_endpoint_with_valid_api_key():
|
|
"""Test de l'endpoint /users/me avec une API key valide."""
|
|
response = client.get("/users/me", headers={"X-API-Key": "your-secret-api-key"})
|
|
assert response.status_code == 200
|
|
data = response.json()
|
|
assert data["username"] == "john_doe"
|
|
assert data["role"] == "admin"
|
|
|
|
|
|
def test_users_me_endpoint_without_api_key():
|
|
"""Test de l'endpoint /users/me sans API key."""
|
|
response = client.get("/users/me")
|
|
assert response.status_code == 401
|
|
|
|
|
|
def test_openapi_schema():
|
|
"""Test que le schéma OpenAPI inclut bien la sécurité API Key."""
|
|
response = client.get("/openapi.json")
|
|
assert response.status_code == 200
|
|
|
|
openapi_schema = response.json()
|
|
|
|
# Vérifier que le composant de sécurité API Key est présent
|
|
assert "components" in openapi_schema
|
|
assert "securitySchemes" in openapi_schema["components"]
|
|
|
|
security_schemes = openapi_schema["components"]["securitySchemes"]
|
|
|
|
# Rechercher le scheme APIKeyHeader
|
|
api_key_scheme = None
|
|
for _scheme_name, scheme_data in security_schemes.items():
|
|
if scheme_data.get("type") == "apiKey" and scheme_data.get("in") == "header":
|
|
api_key_scheme = scheme_data
|
|
break
|
|
|
|
assert api_key_scheme is not None
|
|
assert api_key_scheme["name"] == "X-API-Key"
|
|
|
|
# Vérifier que les endpoints protégés ont bien la sécurité définie
|
|
paths = openapi_schema["paths"]
|
|
|
|
# L'endpoint /protected devrait avoir de la sécurité
|
|
protected_endpoint = paths["/protected"]["get"]
|
|
assert "security" in protected_endpoint
|
|
|
|
# L'endpoint public ne devrait pas avoir de sécurité
|
|
public_endpoint = paths["/"]["get"]
|
|
assert "security" not in public_endpoint or public_endpoint.get("security") == []
|