30 lines
980 B
Python
30 lines
980 B
Python
import pytest
|
|
|
|
from l4d2web.app import create_app
|
|
from l4d2web.auth import hash_password
|
|
from l4d2web.db import init_db, session_scope
|
|
from l4d2web.models import User
|
|
|
|
|
|
@pytest.fixture
|
|
def client(tmp_path, monkeypatch):
|
|
db_url = f"sqlite:///{tmp_path/'security.db'}"
|
|
monkeypatch.setenv("DATABASE_URL", db_url)
|
|
app = create_app({"TESTING": True, "DATABASE_URL": db_url, "SECRET_KEY": "test"})
|
|
init_db()
|
|
with session_scope() as session:
|
|
session.add(User(username="alice", password_digest=hash_password("secret"), admin=False))
|
|
return app.test_client()
|
|
|
|
|
|
def test_csrf_required(client) -> None:
|
|
response = client.post("/servers", data={"name": "x"})
|
|
assert response.status_code == 400
|
|
|
|
|
|
def test_login_rate_limit(client) -> None:
|
|
for _ in range(20):
|
|
client.post("/login", data={"username": "x", "password": "y"})
|
|
|
|
response = client.post("/login", data={"username": "x", "password": "y"})
|
|
assert response.status_code == 429
|