Files
ss-tools/backend/tests/core/test_auth_logger.py
busya 4dce669844 fix(tests): 61 failed backend unit tests — async/await mocks, deadlock fix, SyntaxError repairs
Группы исправлений:
- Группа 1 (async/await misuse): MagicMock → AsyncMock для get_dashboards,
  export_dashboard, import_dashboard, sync_environment, get_run_detail,
  list_all_runs, create_task и др. — 23 теста
- Группа 2 (runner.run deadlock): добавлены моки get_async_job_runner +
  IdMappingService/AsyncSupersetClient в migration plugin + API tests
  для предотвращения вечной блокировки future.result() — 16 тестов
- Группа 3 (SyntaxError): исправлены 7 незакрытых скобок ')' в
  test_validation_tasks_comprehensive.py (QA-агент оставил AsyncMock
  без закрывающих скобок)
- Группа 4 (mock verification): logger mock error→explore, scheduler tests
  skipped (удалён из production), dataset mapper — 11 тестов
- Группа 5 (search/assistant): MagicMock → AsyncMock — 9 тестов
- Группа 6 (extractor parsing): AsyncMock для async методов — 9 тестов

Итого: 61 ранее FAILED → 274 passed, 4 skipped, 0 failed
2026-06-18 14:41:13 +03:00

91 lines
3.5 KiB
Python

# #region Test.AuthLogger [C:3] [TYPE Module] [SEMANTICS test,auth,audit,logging,security]
# @BRIEF Tests for core/auth/logger.py — _mask_details, log_security_event.
# @RELATION BINDS_TO -> [AuthLoggerModule]
from pathlib import Path
import sys
sys.path.insert(0, str(Path(__file__).parent.parent / "src"))
from unittest.mock import patch, MagicMock
import pytest
class TestMaskDetails:
"""_mask_details — masks sensitive field values."""
def test_none_returns_none(self):
from src.core.auth.logger import _mask_details
assert _mask_details(None) is None
def test_empty_dict(self):
from src.core.auth.logger import _mask_details
assert _mask_details({}) == {}
def test_password_masked(self):
from src.core.auth.logger import _mask_details
result = _mask_details({"password": "supersecret", "username": "admin"})
assert result["password"] == "***"
assert result["username"] == "admin"
def test_token_masked(self):
from src.core.auth.logger import _mask_details
result = _mask_details({"token": "abc123", "action": "login"})
assert result["token"] == "***"
def test_api_key_masked(self):
from src.core.auth.logger import _mask_details
result = _mask_details({"api_key": "sk-12345"})
assert result["api_key"] == "***"
def test_secret_masked(self):
from src.core.auth.logger import _mask_details
result = _mask_details({"secret": "my-secret"})
assert result["secret"] == "***"
def test_authorization_masked(self):
from src.core.auth.logger import _mask_details
result = _mask_details({"authorization": "Bearer xxx"})
assert result["authorization"] == "***"
def test_nested_dict_masked(self):
from src.core.auth.logger import _mask_details
result = _mask_details({"user": {"password": "secret", "name": "John"}})
assert result["user"]["password"] == "***"
assert result["user"]["name"] == "John"
def test_case_insensitive_masking(self):
from src.core.auth.logger import _mask_details
result = _mask_details({"Password": "secret", "TOKEN": "abc"})
assert result["Password"] == "***"
assert result["TOKEN"] == "***"
def test_non_sensitive_keys_preserved(self):
from src.core.auth.logger import _mask_details
result = _mask_details({"email": "user@example.com", "role": "admin"})
assert result["email"] == "user@example.com"
assert result["role"] == "admin"
class TestLogSecurityEvent:
"""log_security_event — logs audit events with masked details."""
def test_logs_without_details(self):
from src.core.auth.logger import log_security_event
with patch("src.core.auth.logger.logger.reason") as mock_reason:
log_security_event("LOGIN_SUCCESS", "admin")
assert mock_reason.call_count >= 1
def test_logs_with_masked_details(self):
from src.core.auth.logger import log_security_event
with patch("src.core.auth.logger.logger.reason") as mock_reason:
log_security_event("LOGIN_FAILED", "admin", {"password": "wrong", "ip": "10.0.0.1"})
assert mock_reason.call_count >= 1
# The details should contain masked password
details_call = [
c for c in mock_reason.call_args_list
if c[1].get("payload", {}).get("details", {}).get("password") == "***"
]
assert len(details_call) >= 1
# #endregion Test.AuthLogger