forked from Rockachopa/Timmy-time-dashboard
Fix font resolution in creative module and add security headers to dashboard (#103)
This commit is contained in:
Alexander Whitestone
committed by
GitHub
GitHub
parent
39df3dd7d5
commit
b1552b9f64
73
tests/creative/test_font_resolution.py
Normal file
73
tests/creative/test_font_resolution.py
Normal file
@@ -0,0 +1,73 @@
|
||||
"""Test font resolution logic in the creative module."""
|
||||
|
||||
import pytest
|
||||
from pathlib import Path
|
||||
from unittest.mock import patch, MagicMock
|
||||
|
||||
|
||||
def test_resolve_font_prefers_dejavu():
|
||||
"""Test that _resolve_font prefers DejaVu fonts when available."""
|
||||
from creative.assembler import _resolve_font
|
||||
|
||||
# This test will pass on systems with DejaVu fonts installed
|
||||
# (most Linux distributions)
|
||||
font = _resolve_font()
|
||||
assert isinstance(font, str)
|
||||
assert font.endswith(".ttf") or font.endswith(".ttc")
|
||||
assert Path(font).exists()
|
||||
|
||||
|
||||
def test_resolve_font_returns_valid_path():
|
||||
"""Test that _resolve_font returns a valid, existing path."""
|
||||
from creative.assembler import _resolve_font
|
||||
|
||||
font = _resolve_font()
|
||||
assert isinstance(font, str)
|
||||
# Should be a path, not just a font name
|
||||
assert "/" in font or "\\" in font
|
||||
assert Path(font).exists()
|
||||
|
||||
|
||||
def test_resolve_font_no_invalid_fallback():
|
||||
"""Test that _resolve_font never returns invalid font names like 'Helvetica'."""
|
||||
from creative.assembler import _resolve_font
|
||||
|
||||
font = _resolve_font()
|
||||
# Should not return bare font names that Pillow can't find
|
||||
assert font not in ["Helvetica", "Arial", "Times New Roman"]
|
||||
# Should be a valid path
|
||||
assert Path(font).exists()
|
||||
|
||||
|
||||
@patch("creative.assembler.Path.exists")
|
||||
@patch("subprocess.run")
|
||||
def test_resolve_font_fallback_search(mock_run, mock_exists):
|
||||
"""Test that _resolve_font falls back to searching for any TTF."""
|
||||
# Mock: no preferred fonts exist
|
||||
mock_exists.return_value = False
|
||||
|
||||
# Mock: subprocess finds a font
|
||||
mock_result = MagicMock()
|
||||
mock_result.stdout = "/usr/share/fonts/truetype/liberation/LiberationSans-Regular.ttf\n"
|
||||
mock_run.return_value = mock_result
|
||||
|
||||
from creative.assembler import _resolve_font
|
||||
|
||||
font = _resolve_font()
|
||||
assert "LiberationSans-Regular.ttf" in font
|
||||
|
||||
|
||||
@patch("creative.assembler.Path.exists")
|
||||
@patch("subprocess.run")
|
||||
def test_resolve_font_raises_on_no_fonts(mock_run, mock_exists):
|
||||
"""Test that _resolve_font raises RuntimeError when no fonts are found."""
|
||||
# Mock: no fonts found anywhere
|
||||
mock_exists.return_value = False
|
||||
mock_result = MagicMock()
|
||||
mock_result.stdout = ""
|
||||
mock_run.return_value = mock_result
|
||||
|
||||
from creative.assembler import _resolve_font
|
||||
|
||||
with pytest.raises(RuntimeError, match="No suitable TrueType font found"):
|
||||
_resolve_font()
|
||||
61
tests/dashboard/test_security_headers.py
Normal file
61
tests/dashboard/test_security_headers.py
Normal file
@@ -0,0 +1,61 @@
|
||||
"""Test security headers middleware in FastAPI app."""
|
||||
|
||||
import pytest
|
||||
from fastapi.testclient import TestClient
|
||||
|
||||
|
||||
def test_security_headers_present(client: TestClient):
|
||||
"""Test that security headers are present in all responses."""
|
||||
response = client.get("/")
|
||||
|
||||
# Check for security headers
|
||||
assert "X-Frame-Options" in response.headers
|
||||
assert response.headers["X-Frame-Options"] == "SAMEORIGIN"
|
||||
|
||||
assert "X-Content-Type-Options" in response.headers
|
||||
assert response.headers["X-Content-Type-Options"] == "nosniff"
|
||||
|
||||
assert "X-XSS-Protection" in response.headers
|
||||
assert response.headers["X-XSS-Protection"] == "1; mode=block"
|
||||
|
||||
assert "Referrer-Policy" in response.headers
|
||||
assert response.headers["Referrer-Policy"] == "strict-origin-when-cross-origin"
|
||||
|
||||
assert "Content-Security-Policy" in response.headers
|
||||
|
||||
|
||||
def test_csp_header_content(client: TestClient):
|
||||
"""Test that Content Security Policy is properly configured."""
|
||||
response = client.get("/")
|
||||
csp = response.headers.get("Content-Security-Policy", "")
|
||||
|
||||
# Should restrict default-src to self
|
||||
assert "default-src 'self'" in csp
|
||||
|
||||
# Should allow scripts from self and CDN
|
||||
assert "script-src 'self' 'unsafe-inline' cdn.jsdelivr.net" in csp
|
||||
|
||||
# Should allow styles from self, CDN, and Google Fonts
|
||||
assert "style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net" in csp
|
||||
|
||||
# Should restrict frame ancestors to self
|
||||
assert "frame-ancestors 'self'" in csp
|
||||
|
||||
|
||||
def test_cors_headers_restricted(client: TestClient):
|
||||
"""Test that CORS is properly restricted (not allow-origins: *)."""
|
||||
response = client.get("/")
|
||||
|
||||
# Should not have overly permissive CORS
|
||||
# (The actual CORS headers depend on the origin of the request,
|
||||
# so we just verify the app doesn't crash with permissive settings)
|
||||
assert response.status_code == 200
|
||||
|
||||
|
||||
def test_health_endpoint_has_security_headers(client: TestClient):
|
||||
"""Test that security headers are present on all endpoints."""
|
||||
response = client.get("/health")
|
||||
|
||||
assert "X-Frame-Options" in response.headers
|
||||
assert "X-Content-Type-Options" in response.headers
|
||||
assert "Content-Security-Policy" in response.headers
|
||||
Reference in New Issue
Block a user