test(auth): add test_existing_endpoints_require_auth + per-test AUTH_DISABLED flips
- New test_existing_endpoints_require_auth.py: spot-check that existing /api/* endpoints now require auth (gated via Depends(matrix_gate)) when AUTH_DISABLED is False. Health remains public. - conftest.py: flip AUTH_DISABLED=True for the suite so the legacy pre-auth tests keep passing without login. Auth tests flip it back off via their own autouse fixture (now patched to use monkeypatch for cleanup). Verified: 53 auth tests pass; 222 pre-existing non-auth failures are unchanged.
This commit is contained in:
@@ -11,7 +11,11 @@ from cyclone.db import SessionLocal, User
|
||||
|
||||
|
||||
@pytest.fixture(autouse=True)
|
||||
def _clear_users():
|
||||
def _clear_users(monkeypatch):
|
||||
# conftest sets AUTH_DISABLED=True so pre-auth tests keep passing
|
||||
# without a login. The auth-users tests need the real auth path
|
||||
# exercised, so flip it back off here.
|
||||
monkeypatch.setattr("cyclone.auth.deps.AUTH_DISABLED", False)
|
||||
with SessionLocal()() as db:
|
||||
db.execute(delete(User))
|
||||
db.commit()
|
||||
|
||||
Reference in New Issue
Block a user