Группы исправлений: - Группа 1 (async/await misuse): MagicMock → AsyncMock для get_dashboards, export_dashboard, import_dashboard, sync_environment, get_run_detail, list_all_runs, create_task и др. — 23 теста - Группа 2 (runner.run deadlock): добавлены моки get_async_job_runner + IdMappingService/AsyncSupersetClient в migration plugin + API tests для предотвращения вечной блокировки future.result() — 16 тестов - Группа 3 (SyntaxError): исправлены 7 незакрытых скобок ')' в test_validation_tasks_comprehensive.py (QA-агент оставил AsyncMock без закрывающих скобок) - Группа 4 (mock verification): logger mock error→explore, scheduler tests skipped (удалён из production), dataset mapper — 11 тестов - Группа 5 (search/assistant): MagicMock → AsyncMock — 9 тестов - Группа 6 (extractor parsing): AsyncMock для async методов — 9 тестов Итого: 61 ранее FAILED → 274 passed, 4 skipped, 0 failed
91 lines
3.5 KiB
Python
91 lines
3.5 KiB
Python
# #region Test.AuthLogger [C:3] [TYPE Module] [SEMANTICS test,auth,audit,logging,security]
|
|
# @BRIEF Tests for core/auth/logger.py — _mask_details, log_security_event.
|
|
# @RELATION BINDS_TO -> [AuthLoggerModule]
|
|
|
|
from pathlib import Path
|
|
import sys
|
|
|
|
sys.path.insert(0, str(Path(__file__).parent.parent / "src"))
|
|
|
|
from unittest.mock import patch, MagicMock
|
|
import pytest
|
|
|
|
|
|
class TestMaskDetails:
|
|
"""_mask_details — masks sensitive field values."""
|
|
|
|
def test_none_returns_none(self):
|
|
from src.core.auth.logger import _mask_details
|
|
assert _mask_details(None) is None
|
|
|
|
def test_empty_dict(self):
|
|
from src.core.auth.logger import _mask_details
|
|
assert _mask_details({}) == {}
|
|
|
|
def test_password_masked(self):
|
|
from src.core.auth.logger import _mask_details
|
|
result = _mask_details({"password": "supersecret", "username": "admin"})
|
|
assert result["password"] == "***"
|
|
assert result["username"] == "admin"
|
|
|
|
def test_token_masked(self):
|
|
from src.core.auth.logger import _mask_details
|
|
result = _mask_details({"token": "abc123", "action": "login"})
|
|
assert result["token"] == "***"
|
|
|
|
def test_api_key_masked(self):
|
|
from src.core.auth.logger import _mask_details
|
|
result = _mask_details({"api_key": "sk-12345"})
|
|
assert result["api_key"] == "***"
|
|
|
|
def test_secret_masked(self):
|
|
from src.core.auth.logger import _mask_details
|
|
result = _mask_details({"secret": "my-secret"})
|
|
assert result["secret"] == "***"
|
|
|
|
def test_authorization_masked(self):
|
|
from src.core.auth.logger import _mask_details
|
|
result = _mask_details({"authorization": "Bearer xxx"})
|
|
assert result["authorization"] == "***"
|
|
|
|
def test_nested_dict_masked(self):
|
|
from src.core.auth.logger import _mask_details
|
|
result = _mask_details({"user": {"password": "secret", "name": "John"}})
|
|
assert result["user"]["password"] == "***"
|
|
assert result["user"]["name"] == "John"
|
|
|
|
def test_case_insensitive_masking(self):
|
|
from src.core.auth.logger import _mask_details
|
|
result = _mask_details({"Password": "secret", "TOKEN": "abc"})
|
|
assert result["Password"] == "***"
|
|
assert result["TOKEN"] == "***"
|
|
|
|
def test_non_sensitive_keys_preserved(self):
|
|
from src.core.auth.logger import _mask_details
|
|
result = _mask_details({"email": "user@example.com", "role": "admin"})
|
|
assert result["email"] == "user@example.com"
|
|
assert result["role"] == "admin"
|
|
|
|
|
|
class TestLogSecurityEvent:
|
|
"""log_security_event — logs audit events with masked details."""
|
|
|
|
def test_logs_without_details(self):
|
|
from src.core.auth.logger import log_security_event
|
|
with patch("src.core.auth.logger.logger.reason") as mock_reason:
|
|
log_security_event("LOGIN_SUCCESS", "admin")
|
|
assert mock_reason.call_count >= 1
|
|
|
|
def test_logs_with_masked_details(self):
|
|
from src.core.auth.logger import log_security_event
|
|
with patch("src.core.auth.logger.logger.reason") as mock_reason:
|
|
log_security_event("LOGIN_FAILED", "admin", {"password": "wrong", "ip": "10.0.0.1"})
|
|
assert mock_reason.call_count >= 1
|
|
# The details should contain masked password
|
|
details_call = [
|
|
c for c in mock_reason.call_args_list
|
|
if c[1].get("payload", {}).get("details", {}).get("password") == "***"
|
|
]
|
|
assert len(details_call) >= 1
|
|
# #endregion Test.AuthLogger
|