chore(tests): organize test scripts and beautify account creation email

- Moved scattered Python test scripts from root and 'admin/development/' to 'tests/'. - Beautified the HTML email body for account creation links in 'app/methods/person_methods.py' with a modern responsive design.
2026-01-15 14:38:00 -05:00
parent f0711f27b4
commit d321b94395
13 changed files with 467 additions and 15 deletions
--- a/tests/test_v3_auth_isolation.py
+++ b/tests/test_v3_auth_isolation.py
@@ -0,0 +1,50 @@
+
+import sys
+import os
+from fastapi.testclient import TestClient
+
+# Add the project root to sys.path so we can import 'app'
+sys.path.append(os.getcwd())
+
+from app.main import app
+
+client = TestClient(app)
+
+def test_site_domain_unauthenticated_search():
+    """Test that searching site_domain works without authentication."""
+    print("Testing unauthenticated site_domain search...")
+    # Using a simple search query that would typically be used to resolve FQDN
+    search_payload = {
+        "and_filters": [
+            {"field": "fqdn", "op": "eq", "value": "aether.osit.dev"}
+        ]
+    }
+    response = client.post("/v3/crud/site_domain/search", json=search_payload)
+    print(f"Response Status: {response.status_code}")
+    print(f"Response Body: {response.json()}")
+    
+    # We expect 200 OK (even if empty results, the point is it's not 403)
+    assert response.status_code == 200
+    assert response.json()["status"] == "success"
+
+def test_account_unauthenticated_search_blocked():
+    """Test that searching other objects (e.g., account) is blocked without authentication."""
+    print("\nTesting unauthenticated account search (should be blocked)...")
+    search_payload = {
+        "and_filters": []
+    }
+    response = client.post("/v3/crud/account/search", json=search_payload)
+    print(f"Response Status: {response.status_code}")
+    
+    # We expect 403 Forbidden
+    assert response.status_code == 403
+    assert "Authentication required" in response.json()["status_message"]
+
+if __name__ == "__main__":
+    try:
+        test_site_domain_unauthenticated_search()
+        test_account_unauthenticated_search_blocked()
+        print("\nSUCCESS: V3 Auth Isolation bypass for site_domain is working correctly.")
+    except Exception as e:
+        print(f"\nFAILURE: {e}")
+        sys.exit(1)