avm/mostovik-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Рефакторинг инфраструктуры и конфигурации проекта
Some checks failed
CI/CD Pipeline / Code Quality Checks (push) Successful in 1m52s
Details
CI/CD Pipeline / Run Tests (push) Failing after 2m2s
Details
CI/CD Pipeline / Build & Push Images (push) Has been skipped
Details

Browse Source 
- Перенесена структура Django-конфига в src/core и src/settings

- Унифицирована Docker-сборка и docker-compose для dev/prod

- Добавлены startup-checks (DB/Redis) и обновлены env-шаблоны

- Расширена OpenAPI-документация и ответы API

- Удалены устаревшие deploy/requirements/служебные скрипты

- Обновлены CI/CD, README и тесты
This commit is contained in:
Aleksandr Meshchriakov
2026-02-18 13:25:01 +01:00
parent 0f4af561de
commit d5d184537f
71 changed files with 1253 additions and 2318 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
tests/apps/user/test_views.py
View File

@@ -6,7 +6,7 @@ from django.contrib.auth import get_user_model
from django.urls import reverse
from faker import Faker
from rest_framework import status
from rest_framework.test import APITestCase
from rest_framework.test import APIClient, APITestCase
from .factories import ProfileFactory, UserFactory
@@ -310,3 +310,33 @@ class TokenRefreshViewTest(APITestCase):
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertIn("error", response.data)
class ApiJwtOnlyAuthenticationTest(APITestCase):
"""Tests that API auth flow is JWT-only and not session-cookie based."""
def setUp(self):
self.user = UserFactory.create_user()
self.tokens = UserService.get_tokens_for_user(self.user)
self.update_url = reverse("api_v1:user:user_update")
self.patch_data = {"username": fake.unique.user_name()}
# Explicitly enable CSRF checks to catch accidental SessionAuthentication usage.
self.client = APIClient(enforce_csrf_checks=True)
self.client.cookies["sessionid"] = "fake-admin-session"
self.client.cookies["csrftoken"] = "fake-csrf-token"
def test_patch_with_bearer_and_session_cookies_returns_200(self):
"""Bearer JWT should authenticate even if session cookies are present."""
self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {self.tokens['access']}")
response = self.client.patch(self.update_url, self.patch_data, format="json")
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data["id"], self.user.id)
def test_patch_with_only_session_cookies_returns_401_not_403(self):
"""Session cookies without JWT should not trigger CSRF 403 for API auth."""
response = self.client.patch(self.update_url, self.patch_data, format="json")
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)