OSIT-AE-API-FastAPI/tests/test_v3_auth_isolation.py

import sys
import os
from fastapi.testclient import TestClient

# Add the project root to sys.path so we can import 'app'
sys.path.append(os.getcwd())

from app.main import app

client = TestClient(app)

def test_site_domain_unauthenticated_search():
    """Test that searching site_domain works without authentication."""
    print("Testing unauthenticated site_domain search...")
    # Using a simple search query that would typically be used to resolve FQDN
    search_payload = {
        "and_filters": [
            {"field": "fqdn", "op": "eq", "value": "aether.osit.dev"}
        ]
    }
    response = client.post("/v3/crud/site_domain/search", json=search_payload)
    print(f"Response Status: {response.status_code}")
    print(f"Response Body: {response.json()}")
    
    # We expect 200 OK (even if empty results, the point is it's not 403)
    assert response.status_code == 200
    assert response.json()["status"] == "success"

def test_account_unauthenticated_search_blocked():
    """Test that searching other objects (e.g., account) is blocked without authentication."""
    print("\nTesting unauthenticated account search (should be blocked)...")
    search_payload = {
        "and_filters": []
    }
    response = client.post("/v3/crud/account/search", json=search_payload)
    print(f"Response Status: {response.status_code}")
    
    # We expect 403 Forbidden
    assert response.status_code == 403
    assert "Authentication required" in response.json()["status_message"]

if __name__ == "__main__":
    try:
        test_site_domain_unauthenticated_search()
        test_account_unauthenticated_search_blocked()
        print("\nSUCCESS: V3 Auth Isolation bypass for site_domain is working correctly.")
    except Exception as e:
        print(f"\nFAILURE: {e}")
        sys.exit(1)