chihlasm/resolutionflow
1
0
Fork 0
Code Issues 23 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
036431aef8d4ee258c7a548d45bb0d1e37b9e7ad
resolutionflow/backend/tests/conftest.py
Michael Chihlas b14a16a1ab chore(tests): gate RLS tests behind RUN_RLS_TESTS flag 
Continues the test-isolation work from dab740d. RLS migration tests run
against a policy-installed database and fail in the default create_all
suite, so they need to be opt-in:

- pytest.ini: register `rls` marker.
- conftest.py: auto-deselect test_rls_isolation.py unless
  RUN_RLS_TESTS=1. Drops the deprecated session-scoped event_loop
  fixture (not needed since pytest-asyncio 0.23+).
- test_rls_isolation.py: tag module with `rls` marker. Replace
  hardcoded `patherly_test` DB reference with parsed DATABASE_TEST_URL
  (matches conftest.py default `resolutionflow_test`). Updated docstring
  command to show RUN_RLS_TESTS=1.
- requirements-dev.txt: bump pytest-asyncio 0.23.0 → 0.24.0 (loop-scope
  marker behavior required by the RLS module fixture).

Run the RLS suite with:
  RUN_RLS_TESTS=1 DB_APP_ROLE_PASSWORD=... pytest tests/test_rls_isolation.py

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-24 16:09:13 -04:00

317 lines
9.9 KiB
Python
Raw Blame History

"""
Pytest configuration and fixtures for integration tests.
Provides test database setup, client fixtures, and authentication helpers.
"""
import os
from typing import AsyncGenerator
import pytest
import sqlalchemy as sa
from httpx import AsyncClient, ASGITransport
from sqlalchemy.ext.asyncio import AsyncSession, create_async_engine, async_sessionmaker
from sqlalchemy.pool import NullPool
from app.main import app
from app.core.database import Base, get_db
from app.core.admin_database import get_admin_db
from app.core.config import settings
# Disable invite code requirement for tests
settings.REQUIRE_INVITE_CODE = False
# Test database URL — NEVER reuse DATABASE_URL. The test_db fixture does
# `DROP SCHEMA public CASCADE` on every test; if DATABASE_URL (which normally
# points at the dev/prod DB) leaked into this value, running `pytest tests/`
# would silently nuke the dev database. Only DATABASE_TEST_URL is honored,
# and the safety assertion below refuses to run against a DB whose name
# doesn't contain "test".
TEST_DATABASE_URL = os.environ.get(
"DATABASE_TEST_URL",
"postgresql+asyncpg://postgres:postgres@localhost:5432/resolutionflow_test",
)
# Belt-and-suspenders: refuse to run tests against a DB whose name doesn't
# contain "test". Parses the last path segment of the URL (everything after
# the final '/', with query string stripped) so credentials / hosts that
# happen to contain "test" can't bypass the check.
_test_db_name = TEST_DATABASE_URL.rsplit("/", 1)[-1].split("?", 1)[0].lower()
assert "test" in _test_db_name, (
f"Refusing to run tests against database {_test_db_name!r}"
f"the DB name must contain 'test'. Set DATABASE_TEST_URL to a dedicated "
f"test database (e.g. resolutionflow_test)."
)
_RUN_RLS_TESTS = os.environ.get("RUN_RLS_TESTS") == "1"
_RLS_ISOLATION_FILE = "test_rls_isolation.py"
def pytest_collection_modifyitems(config, items):
"""Keep migration-managed RLS checks out of the default create_all suite."""
if _RUN_RLS_TESTS:
return
selected = []
deselected = []
for item in items:
item_path = getattr(item, "path", None) or getattr(item, "fspath", None)
if item_path and str(item_path).endswith(_RLS_ISOLATION_FILE):
deselected.append(item)
else:
selected.append(item)
if deselected:
config.hook.pytest_deselected(items=deselected)
items[:] = selected
@pytest.fixture
async def test_db() -> AsyncGenerator[AsyncSession, None]:
"""
Create a fresh database for each test function.
This fixture:
1. Creates a test database engine
2. Drops all existing tables (CASCADE to handle circular FKs)
3. Creates all tables
4. Yields a session for the test
5. Drops all tables after the test
"""
# Create async engine for tests (with NullPool to avoid connection reuse issues)
engine = create_async_engine(
TEST_DATABASE_URL,
poolclass=NullPool,
echo=False
)
# Drop and recreate all tables (use raw SQL CASCADE to handle circular FKs
# between users <-> invite_codes)
async with engine.begin() as conn:
await conn.execute(sa.text("DROP SCHEMA public CASCADE"))
await conn.execute(sa.text("CREATE SCHEMA public"))
await conn.run_sync(Base.metadata.create_all)
# Seed plan_limits for subscription checks
await conn.execute(sa.text("""
INSERT INTO plan_limits (plan, max_trees, max_sessions_per_month, max_users, custom_branding, priority_support, export_formats)
VALUES
('free', 3, 20, 1, false, false, '["markdown", "text"]'),
('pro', 25, 200, 5, true, false, '["markdown", "text", "html"]'),
('team', NULL, NULL, NULL, true, true, '["markdown", "text", "html"]')
"""))
# Seed the platform/system account (PLATFORM_ACCOUNT_ID) needed by
# global categories, gallery items, and other platform-owned content.
await conn.execute(sa.text("""
INSERT INTO accounts (id, name, display_code, created_at, updated_at)
VALUES (
'00000000-0000-0000-0000-000000000001',
'ResolutionFlow System',
'RF-SYS-1',
NOW(), NOW()
)
ON CONFLICT (id) DO NOTHING
"""))
# Create async session maker
async_session_maker = async_sessionmaker(
engine,
class_=AsyncSession,
expire_on_commit=False
)
# Provide session to test
async with async_session_maker() as session:
yield session
# Ensure session is fully closed before teardown
await session.close()
# Dispose engine first so all pooled connections are released,
# then reconnect to perform the schema teardown cleanly.
await engine.dispose()
# Drop all tables after test (CASCADE for circular FKs)
teardown_engine = create_async_engine(
TEST_DATABASE_URL,
poolclass=NullPool,
echo=False,
)
try:
async with teardown_engine.begin() as conn:
await conn.execute(sa.text("DROP SCHEMA public CASCADE"))
await conn.execute(sa.text("CREATE SCHEMA public"))
finally:
await teardown_engine.dispose()
@pytest.fixture
async def client(test_db: AsyncSession):
"""
Create an async HTTP client for testing API endpoints.
Overrides the database dependency to use the test database.
"""
async def override_get_db():
yield test_db
app.dependency_overrides[get_db] = override_get_db
# Endpoints that use get_admin_db (register, admin routes, service accounts)
# must also hit the test DB; otherwise they leak into the real admin DB.
# RLS is not enabled in the test schema (create_all, not alembic), so sharing
# the same session is safe.
app.dependency_overrides[get_admin_db] = override_get_db
transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://test") as ac:
yield ac
app.dependency_overrides.clear()
@pytest.fixture
async def test_user(client):
"""
Create a test user and return their credentials.
Returns:
dict with email, password, and user_data
"""
user_data = {
"email": "test@example.com",
"password": "TestPassword123!",
"name": "Test User"
}
response = await client.post("/api/v1/auth/register", json=user_data)
assert response.status_code == 200 or response.status_code == 201
return {
"email": user_data["email"],
"password": user_data["password"],
"user_data": response.json()
}
@pytest.fixture
async def auth_headers(client, test_user):
"""
Get authentication headers for an authenticated test user.
Returns:
dict with Authorization header
"""
login_data = {
"email": test_user["email"],
"password": test_user["password"]
}
response = await client.post("/api/v1/auth/login/json", json=login_data)
assert response.status_code == 200
token_data = response.json()
return {"Authorization": f"Bearer {token_data['access_token']}"}
@pytest.fixture
async def test_tree(client, auth_headers):
"""
Create a test decision tree.
Returns:
dict with tree data
"""
tree_data = {
"name": "Test Troubleshooting Tree",
"description": "A test tree for integration tests",
"category": "Testing",
"tree_structure": {
"id": "root",
"type": "decision",
"question": "Is this a test?",
"options": [
{"id": "yes", "label": "Yes", "next_node_id": "solution1"},
{"id": "no", "label": "No", "next_node_id": "solution2"}
],
"children": [
{
"id": "solution1",
"type": "solution",
"title": "Test Confirmed",
"description": "This is a test tree",
"solution": "Test confirmed - this is a test tree"
},
{
"id": "solution2",
"type": "solution",
"title": "Not a Test",
"description": "This should not happen",
"solution": "Not a test - this should not happen"
}
]
}
}
response = await client.post(
"/api/v1/trees",
json=tree_data,
headers=auth_headers
)
assert response.status_code == 201
return response.json()
@pytest.fixture
async def test_admin(client, test_db):
"""
Create a test super-admin user.
Registers as engineer (the only role available at registration),
then promotes to super_admin directly via the DB session.
"""
from uuid import UUID as PyUUID
from sqlalchemy import select
from app.models.user import User
admin_data = {
"email": "admin@example.com",
"password": "AdminPassword123!",
"name": "Test Admin"
}
response = await client.post("/api/v1/auth/register", json=admin_data)
assert response.status_code == 200 or response.status_code == 201
user_id = PyUUID(response.json()["id"])
result = await test_db.execute(select(User).where(User.id == user_id))
user = result.scalar_one()
user.is_super_admin = True
await test_db.commit()
return {
"email": admin_data["email"],
"password": admin_data["password"],
"user_data": response.json()
}
@pytest.fixture
async def admin_auth_headers(client, test_admin):
"""
Get authentication headers for an authenticated admin user.
Returns:
dict with Authorization header
"""
login_data = {
"email": test_admin["email"],
"password": test_admin["password"]
}
response = await client.post("/api/v1/auth/login/json", json=login_data)
assert response.status_code == 200
token_data = response.json()
return {"Authorization": f"Bearer {token_data['access_token']}"}
Reference in New Issue View Git Blame Copy Permalink