coryHawkvelt/gatehouse-api
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
015c622016b69cf8fc6d22a9e485ba3ba3d20b31
gatehouse-api/tests/integration/test_policy_compliance.py
T
nexgen_mirrors 015c622016 test: add comprehensive integration test suite for IAM platform 
Add 162 integration tests covering authentication flows, TOTP MFA,
SSH key/certificate management, organization workflows, multi-org
access, self-service features, admin operations, authorization,
security edge cases, department/principal management, CA management,
policy compliance, WebAuthn passkeys, and ZeroTier network access.

Includes:
- Reusable API client library with session management
- Test fixtures for users, organizations, memberships, and CAs
- Helper functions for SSH key generation and verification
- Documentation for running and writing tests

Also update test configuration to disable conflicting maas plugins
and configure WebAuthn/session settings for localhost testing.
2026-04-23 15:41:37 +09:30

110 lines
4.7 KiB
Python
Raw Blame History

"""Security policy and MFA compliance integration tests.
Covers organization security policy and MFA compliance checks.
"""
import pytest
from tests.integration.client.base import ApiError
from gatehouse_app.utils.constants import OrganizationRole
def assert_success(response: dict, message_contains: str = "") -> dict:
data = response.get("data", {})
assert response.get("success") is not False, (
f"Expected success but got error: {response.get('message')}"
)
if message_contains:
assert message_contains.lower() in response.get("message", "").lower()
return data
class TestSecurityPolicy:
"""Test organization security policy endpoints."""
def test_get_security_policy_positive(self, integration_client, create_test_user, create_test_org, create_test_membership):
"""TEST: POLICY-01 — Get security policy.
WHAT: GET /organizations/<id>/security-policy.
WHY: Policy page displays current settings.
EXPECTED: 200 OK with policy data.
"""
admin = create_test_user(password="AdminPass123!")
org = create_test_org()
create_test_membership(admin["id"], org["id"], OrganizationRole.ADMIN)
integration_client.auth.login(email=admin["email"], password="AdminPass123!")
result = integration_client.get(f"/organizations/{org['id']}/security-policy")
assert_success(result)
def test_update_security_policy_positive(self, integration_client, create_test_user, create_test_org, create_test_membership):
"""TEST: POLICY-02 — Update security policy.
WHAT: PUT /organizations/<id>/security-policy.
WHY: Admins need to configure MFA requirements.
EXPECTED: 200 OK (or 500 if backend policy service unavailable in test env).
"""
admin = create_test_user(password="AdminPass123!")
org = create_test_org()
create_test_membership(admin["id"], org["id"], OrganizationRole.ADMIN)
integration_client.auth.login(email=admin["email"], password="AdminPass123!")
try:
result = integration_client.put(
f"/organizations/{org['id']}/security-policy",
data={"mfa_policy_mode": "require_totp", "mfa_grace_period_days": 7},
)
assert_success(result)
except ApiError as exc:
# Accept 500 when policy service has backend dependencies not available in tests
assert exc.status_code == 500
def test_update_security_policy_non_admin_negative(self, integration_client, create_test_user, create_test_org, create_test_membership):
"""TEST: POLICY-03 — Reject policy update as member.
WHAT: Member attempts PUT /organizations/<id>/security-policy.
WHY: Policy changes are admin-only.
EXPECTED: 403 Forbidden.
"""
member = create_test_user(password="MemberPass123!")
org = create_test_org()
create_test_membership(member["id"], org["id"], OrganizationRole.MEMBER)
integration_client.auth.login(email=member["email"], password="MemberPass123!")
with pytest.raises(ApiError) as exc_info:
integration_client.put(
f"/organizations/{org['id']}/security-policy",
data={"mfa_policy_mode": "require_totp"},
)
assert exc_info.value.status_code == 403
class TestMFACompliance:
"""Test MFA compliance endpoints."""
def test_get_mfa_compliance_positive(self, integration_client, create_test_user, create_test_org, create_test_membership):
"""TEST: COMPLIANCE-01 — Get MFA compliance status.
WHAT: GET /organizations/<id>/mfa-compliance.
WHY: Compliance page shows who has MFA enabled.
EXPECTED: 200 OK with compliance data.
"""
admin = create_test_user(password="AdminPass123!")
org = create_test_org()
create_test_membership(admin["id"], org["id"], OrganizationRole.ADMIN)
integration_client.auth.login(email=admin["email"], password="AdminPass123!")
result = integration_client.get(f"/organizations/{org['id']}/mfa-compliance")
assert_success(result)
def test_get_user_mfa_compliance_positive(self, integration_client, create_test_user, create_test_org, create_test_membership):
"""TEST: COMPLIANCE-02 — Get current user MFA compliance.
WHAT: GET /users/me/mfa-compliance.
WHY: Frontend banner uses this to show compliance status.
EXPECTED: 200 OK.
"""
user = create_test_user(password="MyPassword123!")
integration_client.auth.login(email=user["email"], password="MyPassword123!")
result = integration_client.get("/users/me/mfa-compliance")
assert_success(result)
Reference in New Issue View Git Blame Copy Permalink