test: add test suite with 65 tests, 73% coverage

- Unit tests: password hashing, notification providers, webhook field parsing - Integration tests: auth routes (register/login/confirm-email/logout), invite flow, Evotor webhooks (/user/create, /user/verify, /user/token), admin panel (access control, activate/suspend/delete/reset-password) - conftest: SQLite in-memory engine, transactional sessions, factory-boy factories (UserFactory with UserRoleEnum variants) - Fix bcrypt: replace passlib (broken on Python 3.14 + bcrypt 5.x) with direct bcrypt calls; drop passlib from requirements.txt - Fix datetime.utcnow() deprecation across routes and tests - Fix Jinja2 TemplateResponse signature (request as first positional arg) - Add coverage config to pyproject.toml Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-28 12:27:42 +03:00
parent 5ead89e0cf
commit fc65e591b3
18 changed files with 882 additions and 31 deletions
--- a/tests/test_auth_password.py
+++ b/tests/test_auth_password.py
@@ -0,0 +1,26 @@
+from web.auth.password import hash_password, verify_password
+
+
+def test_hash_is_not_plaintext():
+    h = hash_password("secret123")
+    assert h != "secret123"
+    assert len(h) > 20
+
+
+def test_verify_correct_password():
+    h = hash_password("mysecret")
+    assert verify_password("mysecret", h) is True
+
+
+def test_verify_wrong_password():
+    h = hash_password("mysecret")
+    assert verify_password("wrongpassword", h) is False
+
+
+def test_two_hashes_differ():
+    # bcrypt uses random salt — same plaintext produces different hashes
+    h1 = hash_password("same")
+    h2 = hash_password("same")
+    assert h1 != h2
+    assert verify_password("same", h1)
+    assert verify_password("same", h2)