perplexity/Timmy-time-dashboard
Archived
1
0
Fork 0
forked from Rockachopa/Timmy-time-dashboard
Code Issues Pull Requests 1 Activity
This repository has been archived on 2026-03-24. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
548a3f980dc2d02c32990cdcedac84249ba0cb5f
Timmy-time-dashboard/tests/dashboard/test_middleware_migration.py
Alexander Whitestone 15c7ee5d1e Refactor: migrate inline middleware to dedicated classes (#123)
2026-03-04 07:58:39 -05:00

35 lines
1.3 KiB
Python
Raw Blame History

import pytest
from fastapi.testclient import TestClient
from dashboard.app import app
@pytest.fixture
def client():
return TestClient(app)
def test_security_headers_middleware_is_used(client):
"""Verify that SecurityHeadersMiddleware is used instead of the inline function."""
response = client.get("/")
# SecurityHeadersMiddleware sets X-Frame-Options to 'DENY' by default
# The inline function in app.py sets it to 'SAMEORIGIN'
assert response.headers["X-Frame-Options"] == "DENY"
# SecurityHeadersMiddleware also sets Permissions-Policy
assert "Permissions-Policy" in response.headers
def test_request_logging_middleware_is_used(client):
"""Verify that RequestLoggingMiddleware is used."""
response = client.get("/")
# RequestLoggingMiddleware adds X-Correlation-ID to the response
assert "X-Correlation-ID" in response.headers
def test_csrf_middleware_is_used(client):
"""Verify that CSRFMiddleware is used."""
# GET request should set a csrf_token cookie if not present
response = client.get("/")
assert "csrf_token" in response.cookies
# POST request without token should be blocked (403)
# Use a path that isn't likely to be exempt
response = client.post("/agents/create")
assert response.status_code == 403
assert response.json()["code"] == "CSRF_INVALID"
Reference in New Issue View Git Blame Copy Permalink