pi3c/blog.pyaqa.ru
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Tests #12

Merged
pi3c merged 8 commits from feature/tests into dev 2026-05-09 17:00:58 +00:00
Conversation 0 Commits 8 Files Changed 63 +5822 -1512
63 changed files with 5822 additions and 1512 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
.woodpecker/lint.yaml
View File

@@ -1,14 +0,0 @@
when:
- event: [push, pull_request]
branch: dev
steps:
- name: lint
image: python:3.13
commands:
- pip install uv
- uv sync --no-dev --only-group lints
- uv run ruff check .
- uv run ruff format --check .
- uv run isort --check-only .

89
.woodpecker/pipeline.yml Normal file
View File

@@ -0,0 +1,89 @@
when:
event: [push, pull_request]
branch: [dev, main, master]
steps:
- name: deps
image: python:3.13
volumes:
- /tmp/uv-cache:/root/.cache/uv
environment:
UV_CACHE_DIR: /root/.cache/uv
UV_LINK_MODE: copy
UV_PYTHON: "3.13"
commands:
- pip install uv
- cd ..
- |
cat > pyproject.toml << 'EOF'
[project]
name = "pyaqa"
version = "0.1.0"
requires-python = ">=3.13"
dependencies = []
[tool.uv.workspace]
members = ["blog.pyaqa.ru", "pytfm"]
EOF
- git clone https://git.pyaqa.ru/pi3c/pytfm.git
- cd $CI_WORKSPACE
- rm -rf .venv
- uv sync --group lints --group tests --group types --group dev
- name: lint
image: python:3.13
volumes:
- /tmp/uv-cache:/root/.cache/uv
environment:
UV_CACHE_DIR: /root/.cache/uv
UV_LINK_MODE: copy
UV_PYTHON: "3.13"
depends_on: [deps]
commands:
- pip install uv
- uv run --no-sync ruff check .
- uv run --no-sync ruff format --check .
- uv run --no-sync isort --check-only .
- name: type
image: python:3.13
volumes:
- /tmp/uv-cache:/root/.cache/uv
environment:
UV_CACHE_DIR: /root/.cache/uv
UV_LINK_MODE: copy
UV_PYTHON: "3.13"
depends_on: [deps]
commands:
- pip install uv
- uv run --no-sync mypy .
- name: test-unit
image: python:3.13
volumes:
- /tmp/uv-cache:/root/.cache/uv
environment:
UV_CACHE_DIR: /root/.cache/uv
UV_LINK_MODE: copy
UV_PYTHON: "3.13"
depends_on: [deps]
commands:
- pip install uv
- uv run --no-sync pytest tests/unit/
- name: test-e2e
image: python:3.13
volumes:
- /tmp/uv-cache:/root/.cache/uv
environment:
UV_CACHE_DIR: /root/.cache/uv
UV_LINK_MODE: copy
UV_PYTHON: "3.13"
depends_on: [deps]
commands:
- pip install uv
- apt-get update && apt-get install -y libnss3 libnspr4 libatk1.0-0 libatk-bridge2.0-0 libcups2 libdrm2 libxkbcommon0 libxcomposite1 libxdamage1 libxfixes3 libxrandr2 libgbm1 libasound2
- uv run --no-sync playwright install chromium
- uv run --no-sync blog &
- sleep 5
- uv run --no-sync pytest tests/e2e/ -v --no-cov

11
.woodpecker/test.yaml
View File

@@ -1,11 +0,0 @@
when:
- event: [push, pull_request]
branch: dev
steps:
- name: test
image: python:3.13
commands:
- pip install uv
- uv sync --no-dev --group tests
- uv run pytest --cov=app --cov-fail-under=70 --cov-report=term-missing

11
.woodpecker/type.yaml
View File

@@ -1,11 +0,0 @@
when:
- event: [push, pull_request]
branch: dev
steps:
- name: type
image: python:3.13
commands:
- pip install uv
- uv sync --no-dev --only-group types
- uv run mypy .

215
AGENTS.md
View File

@@ -1,5 +1,9 @@
# Blog AGENTS.md
**Generated:** 2026-05-03 22:15 UTC
**Commit:** 41f2a3d
**Branch:** feature/tests
## Stack
- Python 3.13+, FastAPI, pydantic, uvicorn
- SQLAlchemy 2.0 (async), aiosqlite
@@ -89,6 +93,34 @@ tests/
└── e2e/ # End-to-end tests
```
## Where to Look
| Task | Location | Notes |
|------|----------|-------|
| Add a new use case | `app/application/use_cases/` | Follow naming: `{action}_post.py` |
| Add a new API endpoint | `app/presentation/api/v1/posts.py` | Or create new module in `v1/` |
| Add a new web page | `app/presentation/web/routes.py` | Integrate real use cases, not mocks |
| Add a domain entity | `app/domain/entities/` | Inherit from `BaseEntity`, add to `domain/__init__.py` |
| Add a repository method | `app/infrastructure/repositories/post.py` | Mirror in `app/domain/repositories/post.py` |
| Configure DI provider | `app/infrastructure/di/providers.py` | Add to existing provider class or create new one |
| Change database schema | `app/infrastructure/database/models.py` | Mirror changes in domain entity |
| Add/modify tests | `tests/unit/{layer}/` | Mirror `app/` structure exactly |
| Run linting | `uv run ruff check . --fix` | Pre-commit: ruff → ruff format → isort → mypy |
| Run tests | `uv run pytest` | Coverage auto-collected, HTML report at `htmlcov/` |
| Run type check | `uv run mypy .` | Strict mode; excludes `tests/e2e` |
## Code Map
| Symbol | Type | Location | Refs | Role |
|--------|------|----------|------|------|
| `app_factory` | Function | `app/main.py:50` | 3 | FastAPI app factory with DI lifespan |
| `SQLAlchemyPostRepository` | Class | `app/infrastructure/repositories/post.py:18` | 1 | Concrete repository implementation |
| `Post` | Class | `app/domain/entities/post.py:17` | 1 | Core domain entity |
| `PostRepository` | Class | `app/domain/repositories/post.py:13` | 1 | Repository interface |
| `CreatePostUseCase` | Class | `app/application/use_cases/create_post.py:14` | 1 | Use case for creating posts |
| `home` | Function | `app/presentation/web/routes.py:189` | 1 | Web home page route |
| `create_post` | Function | `app/presentation/api/v1/posts.py:35` | 1 | API create post endpoint |
## Key Conventions
### Dependency Rule
@@ -99,9 +131,6 @@ tests/
### Testing
- **Unit tests**: Test domain logic without DB/external services
- **Integration tests**: Test repository implementations with real DB
- **API tests**: Test endpoints with mocked use cases
- **E2E tests**: Full workflow testing
### Code Patterns
- Use **dataclasses** for entities and value objects
@@ -110,6 +139,17 @@ tests/
- Use **Repository** pattern for data access
- Use **Dependency Injection** via FastAPI's Depends()
## Anti-Patterns (This Project)
- **NO inline comments** — Self-documenting code only; Google-style docstrings required
- **NO type suppression** — Never use `typing.Any` casts or `# type: ignore` to bypass mypy strict mode
- **Dead code**: `create_container()` in `app/infrastructure/di/container.py` is defined but never used; `main.py` calls `make_async_container()` directly
- **Empty directories**: `app/domain/exceptions/` and `app/presentation/api/deps/` are empty dirs that co-exist with `.py` files of the same name — import ambiguity risk
- **Missing `__main__.py`**: `python -m app` fails; use `uv run blog` or `python app/main.py`
- **Stale config**: `pyproject.toml` excludes `tests/e2e` but the directory does not exist
- **Unused dependency**: `black` is in `[dependency-groups] lints` but never invoked; ruff format is used instead
- **Pre-commit excludes `__init__.py`**: All `__init__.py` files skip linting and import sorting
## AI Code Generation Requirements
### Documentation Standards
@@ -313,3 +353,172 @@ response.set_cookie(
- SQLite by default (aiosqlite)
- Tables auto-created on startup
- Use `init_db()` and `close_db()` in lifespan
## TDD Development Workflow
This project uses **Test-Driven Development (TDD)** with a formal test agreement process.
### Feature Lifecycle
```
User: "начнем новую фичу"
|
v
Discovery Phase (автоматически)
|-- Анализ существующего кода
|-- Определение затронутых слоев DDD
|-- Рекомендации по тесткейсам
|
v
User Agreement (согласование)
|-- Пользователь подтверждает/корректирует тесткейсы
|
v
Test Design
|-- Актуализация FEATURE_*.md
|-- Создание artifact: pyaqa/feature/{feature-name}.md
|-- Назначение TC-UNIT-NNN, TC-API-NNN, TC-WEB-NNN, TC-E2E-NNN
|
v
Write Tests (RED)
|-- Написать тесты, убедиться что они падают
|
v
Implementation (GREEN)
|-- Domain -> Application -> Infrastructure -> Presentation
|-- Минимальная реализация для прохождения тестов
|
v
Refactor
|-- Улучшение кода с сохранением зеленых тестов
|-- Линтеры, type checker
|
v
Verification
|-- ruff check, ruff format, isort, mypy
|-- pytest (coverage ≥70%)
|-- E2E tests
|
v
User Acceptance
|-- Пользователь подтверждает приемку
|
v
Commit (во все затронутые проекты)
|-- blog, pytfm, pyaqa (root)
```
### Bugfix Lifecycle
```
User: "исправить баг"
|
v
Reproduction Phase
|-- Анализ бага, воспроизведение
|-- Определение root cause
|-- Создание artifact: pyaqa/bugfix/{name}.md
|
v
Write Regression Test
|-- Написать тест, воспроизводящий баг
|-- Убедиться что тест падает (RED)
|
v
Fix (GREEN)
|-- Минимальный фикс
|-- Убедиться что тест проходит
|
v
Verification
|-- Все существующие тесты проходят
|-- Coverage не упал
|-- Линтеры, type checker
|
v
User Acceptance
|-- Пользователь проверяет исправление
|
v
Commit (во все затронутые проекты)
```
### Refactoring Lifecycle
```
User: "отрефакторить"
|
v
Analysis Phase
|-- Анализ кода
|-- Определение scope и рисков
|-- Создание artifact: pyaqa/refactor/{name}.md (опционально)
|
v
Pre-check
|-- Все тесты проходят ДО рефакторинга
|-- Фиксация coverage baseline
|
v
Refactoring
|-- Пошаговые изменения
|-- Проверка тестов после каждого шага
|
v
Post-check
|-- Все тесты проходят ПОСЛЕ рефакторинга
|-- Coverage не ниже baseline
|-- Поведение не изменилось
|
v
Verification
|-- Линтеры, type checker
|-- Нет новых warnings
|
v
User Acceptance (опционально)
|-- Пользователь проверяет, что ничего не сломалось
|
v
Commit (во все затронутые проекты)
```
### Branch Naming
- **Feature**: `feature/{feature-name}` от `dev`
- **Bugfix**: `bugfix/{bug-name}` от `dev`
- **Refactor**: `refactor/{name}` от `dev`
### Test Case IDs
- `TC-UNIT-NNN` — unit тесты (domain, use cases)
- `TC-API-NNN` — API endpoint тесты
- `TC-WEB-NNN` — Web route тесты (HTML responses)
- `TC-E2E-NNN` — End-to-end тесты (Playwright)
### Test Level Selection
Все 4 уровня по умолчанию. Можно сокращать в зависимости от задачи:
- **Domain-only фича**: только TC-UNIT
- **API-only фича**: TC-UNIT + TC-API
- **Web UI фича**: TC-UNIT + TC-WEB + TC-E2E
- **Full-stack фича**: все 4 уровня
- **Bugfix**: уровни в зависимости от слоя бага (минимум unit + regression)
- **Refactor**: все существующие тесты (unit + api + web + e2e)
### Artifact Location
- **Feature**: `pyaqa/feature/TEMPLATE.md``pyaqa/feature/{feature-name}.md`
- **Bugfix**: `pyaqa/bugfix/TEMPLATE.md``pyaqa/bugfix/{bug-name}.md`
- **Refactor**: `pyaqa/refactor/TEMPLATE.md``pyaqa/refactor/{name}.md`
### Commit Rules
При завершении коммитить во ВСЕ затронутые подпроекты:
1. `blog/` — если изменен
2. `pytfm/` — если изменен
3. `pyaqa/` (root) — всегда (обновление ссылок на подпроекты)
## Notes
- Web routes (`app/presentation/web/routes.py`) currently use `MockPost` and `MOCK_POSTS` instead of real use cases — integrate with actual use cases when ready
- `alembic/` directory exists but is non-functional (no `alembic.ini`, no migration scripts)
- `tests/integration/`, `tests/api/`, `tests/e2e/` are documented in architecture but do not exist yet
- `app/domain/roles.py` exists but its symbols are not exported in `app/domain/__init__.py`
- Woodpecker CI uses `.woodpecker/` directory (3 separate YAML files) instead of single `.woodpecker.yml` — valid but non-standard
- CI pipelines have copy-paste boilerplate; `test.yaml` uses `--group tests` while `lint.yaml` and `type.yaml` use `--only-group <X>`

13
app/application/use_cases/delete_post.py
View File

@@ -9,6 +9,7 @@ from uuid import UUID
from app.application.interfaces import TransactionManager
from app.domain.exceptions import ForbiddenException, NotFoundException
from app.domain.repositories import PostRepository
from app.domain.roles import Role
class DeletePostUseCase:
@@ -40,22 +41,28 @@ class DeletePostUseCase:
self._post_repo = post_repo
self._tx_manager = tx_manager
async def execute(self, post_id: UUID, current_user_id: str) -> None:
async def execute(
self,
post_id: UUID,
current_user_id: str,
current_role: Role = Role.USER,
) -> None:
"""Execute the use case to delete a post.
Args:
post_id: Unique identifier of the post to delete.
current_user_id: ID of the user requesting deletion.
current_role: Role of the requesting user (default USER).
Raises:
NotFoundException: If post with given ID does not exist.
ForbiddenException: If user is not the post author.
ForbiddenException: If user is not the post author and not admin.
"""
post = await self._post_repo.get_by_id(post_id)
if not post:
raise NotFoundException(f"Post with id '{post_id}' not found")
if post.author_id != current_user_id:
if current_role != Role.ADMIN and post.author_id != current_user_id:
raise ForbiddenException("You can only delete your own posts")
await self._post_repo.delete(post_id)

25
app/application/use_cases/publish_post.py
View File

@@ -11,6 +11,7 @@ from app.application.interfaces import TransactionManager
from app.domain.entities import Post
from app.domain.exceptions import ForbiddenException, NotFoundException
from app.domain.repositories import PostRepository
from app.domain.roles import Role
class PublishPostUseCase:
@@ -42,25 +43,31 @@ class PublishPostUseCase:
self._post_repo = post_repo
self._tx_manager = tx_manager
async def publish(self, post_id: UUID, current_user_id: str) -> PostResponseDTO:
async def publish(
self,
post_id: UUID,
current_user_id: str,
current_role: Role = Role.USER,
) -> PostResponseDTO:
"""Publish a post.
Args:
post_id: Unique identifier of the post.
current_user_id: ID of the user requesting publication.
current_role: Role of the requesting user (default USER).
Returns:
PostResponseDTO with updated post data.
Raises:
NotFoundException: If post with given ID does not exist.
ForbiddenException: If user is not the post author.
ForbiddenException: If user is not the post author and not admin.
"""
post = await self._post_repo.get_by_id(post_id)
if not post:
raise NotFoundException(f"Post with id '{post_id}' not found")
if post.author_id != current_user_id:
if current_role != Role.ADMIN and post.author_id != current_user_id:
raise ForbiddenException("You can only publish your own posts")
post.publish()
@@ -69,25 +76,31 @@ class PublishPostUseCase:
return self._map_to_dto(post)
async def unpublish(self, post_id: UUID, current_user_id: str) -> PostResponseDTO:
async def unpublish(
self,
post_id: UUID,
current_user_id: str,
current_role: Role = Role.USER,
) -> PostResponseDTO:
"""Unpublish a post.
Args:
post_id: Unique identifier of the post.
current_user_id: ID of the user requesting unpublish.
current_role: Role of the requesting user (default USER).
Returns:
PostResponseDTO with updated post data.
Raises:
NotFoundException: If post with given ID does not exist.
ForbiddenException: If user is not the post author.
ForbiddenException: If user is not the post author and not admin.
"""
post = await self._post_repo.get_by_id(post_id)
if not post:
raise NotFoundException(f"Post with id '{post_id}' not found")
if post.author_id != current_user_id:
if current_role != Role.ADMIN and post.author_id != current_user_id:
raise ForbiddenException("You can only unpublish your own posts")
post.unpublish()

7
app/application/use_cases/update_post.py
View File

@@ -11,6 +11,7 @@ from app.application.interfaces import TransactionManager
from app.domain.entities import Post
from app.domain.exceptions import ForbiddenException, NotFoundException
from app.domain.repositories import PostRepository
from app.domain.roles import Role
from app.domain.value_objects import Content, Title
@@ -50,6 +51,7 @@ class UpdatePostUseCase:
post_id: UUID,
dto: UpdatePostDTO,
current_user_id: str,
current_role: Role = Role.USER,
) -> PostResponseDTO:
"""Execute the use case to update a post.
@@ -57,19 +59,20 @@ class UpdatePostUseCase:
post_id: Unique identifier of the post to update.
dto: Data transfer object with update data.
current_user_id: ID of the user requesting update.
current_role: Role of the requesting user (default USER).
Returns:
PostResponseDTO with updated post data.
Raises:
NotFoundException: If post with given ID does not exist.
ForbiddenException: If user is not the post author.
ForbiddenException: If user is not the post author and not admin.
"""
post = await self._post_repo.get_by_id(post_id)
if not post:
raise NotFoundException(f"Post with id '{post_id}' not found")
if post.author_id != current_user_id:
if current_role != Role.ADMIN and post.author_id != current_user_id:
raise ForbiddenException("You can only update your own posts")
if dto.title is not None:

3
app/infrastructure/auth/__init__.py
View File

@@ -5,6 +5,7 @@ for token validation and user info retrieval.
"""
from app.infrastructure.auth.client import KeycloakAuthClient
from app.infrastructure.auth.mock_client import MockKeycloakClient
from app.infrastructure.auth.models import KeycloakUser, TokenInfo
__all__ = ["KeycloakAuthClient", "KeycloakUser", "TokenInfo"]
__all__ = ["KeycloakAuthClient", "KeycloakUser", "MockKeycloakClient", "TokenInfo"]

75
app/infrastructure/auth/mock_client.py Normal file
View File

@@ -0,0 +1,75 @@
"""Mock Keycloak client for development mode.
This module provides a mock Keycloak authentication client that bypasses
real Keycloak server authentication in development mode. It generates
token info based on dev-specific token formats.
"""
from app.infrastructure.auth.models import TokenInfo
class MockKeycloakClient:
"""Mock Keycloak client for development and testing.
Bypasses real Keycloak server authentication. Parses dev-specific
token formats to generate TokenInfo with configurable roles.
Attributes:
_settings: Application settings.
Example:
>>> client = MockKeycloakClient()
>>> token_info = await client.introspect_token("dev-token-admin")
"""
def __init__(self) -> None:
"""Initialize mock client."""
pass
async def introspect_token(self, token: str) -> TokenInfo:
"""Introspect token in dev mode.
If token starts with 'dev-token-', parses role from suffix.
Otherwise returns inactive token.
Args:
token: Access token string.
Returns:
TokenInfo with dev user data if dev token, inactive otherwise.
"""
dev_users: dict[str, dict[str, str]] = {
"dev-token-user": {
"user_id": "dev-user",
"username": "Dev User",
"email": "dev.user@example.com",
"role": "user",
},
"dev-token-user2": {
"user_id": "dev-user2",
"username": "Test User",
"email": "test.user@example.com",
"role": "user",
},
"dev-token-admin": {
"user_id": "dev-admin",
"username": "Dev Admin",
"email": "dev.admin@example.com",
"role": "admin",
},
}
if token == "dev-token-guest":
return TokenInfo(active=False)
if token in dev_users:
user = dev_users[token]
return TokenInfo(
active=True,
user_id=user["user_id"],
username=user["username"],
email=user["email"],
roles=[user["role"]],
)
return TokenInfo(active=False)

11
app/infrastructure/di/providers.py
View File

@@ -19,7 +19,7 @@ from app.application import (
)
from app.application.interfaces import TransactionManager
from app.domain.repositories import PostRepository
from app.infrastructure.auth import KeycloakAuthClient
from app.infrastructure.auth import KeycloakAuthClient, MockKeycloakClient
from app.infrastructure.config.settings import settings
from app.infrastructure.database.connection import AsyncSessionLocal, engine
from app.infrastructure.repositories.post import SQLAlchemyPostRepository
@@ -241,7 +241,7 @@ class KeycloakProvider(Provider):
"""Provider for Keycloak authentication client.
Provides Keycloak client as application-scoped singleton.
Client is stateless and can be shared across requests.
In development mode uses MockKeycloakClient for local testing.
Example:
>>> provider = KeycloakProvider()
@@ -249,9 +249,14 @@ class KeycloakProvider(Provider):
@provide(scope=Scope.APP)
def get_keycloak_client(self) -> KeycloakAuthClient:
"""Provide KeycloakAuthClient singleton.
"""Provide KeycloakAuthClient or MockKeycloakClient singleton.
Returns MockKeycloakClient in dev mode for local testing
without a real Keycloak server.
Returns:
KeycloakAuthClient instance.
"""
if settings.is_dev:
return MockKeycloakClient() # type: ignore[return-value]
return KeycloakAuthClient(settings)

9
app/infrastructure/di/transaction_manager.py
View File

@@ -37,17 +37,12 @@ class SessionTransactionManager(TransactionManager):
"""Commit the current transaction.
Persists all pending changes to the database.
Only commits once - subsequent calls are no-ops.
"""
if not self._committed:
await self._session.commit()
self._committed = True
await self._session.commit()
async def rollback(self) -> None:
"""Rollback the current transaction.
Discards all pending changes.
Only rolls back if not already committed.
"""
if not self._committed:
await self._session.rollback()
await self._session.rollback()

10
app/infrastructure/repositories/post.py
View File

@@ -179,7 +179,11 @@ class SQLAlchemyPostRepository(PostRepository):
Returns:
List of Post entities by the author.
"""
query = select(PostORM).where(PostORM.author_id == author_id)
query = (
select(PostORM)
.where(PostORM.author_id == author_id)
.order_by(PostORM.created_at.desc())
)
if limit is not None:
query = query.limit(limit)
if offset is not None:
@@ -202,7 +206,9 @@ class SQLAlchemyPostRepository(PostRepository):
Returns:
List of published Post entities.
"""
query = select(PostORM).where(PostORM.published.is_(True))
query = (
select(PostORM).where(PostORM.published.is_(True)).order_by(PostORM.created_at.desc())
)
if limit is not None:
query = query.limit(limit)
if offset is not None:

2
app/main.py
View File

@@ -82,6 +82,8 @@ def app_factory() -> FastAPI:
"""Middleware to setup flash manager for each request."""
await setup_flash_manager(request)
response = await call_next(request)
if hasattr(request.state, "flash_manager"):
request.state.flash_manager.set_cookie(response)
return response
app.add_middleware(

16
app/presentation/api/v1/posts.py
View File

@@ -249,6 +249,7 @@ async def update_post(
schema: PostUpdateSchema,
use_case: UpdatePostDep,
current_user_id: CurrentUserDep,
role: CurrentRoleDep,
) -> PostResponseSchema:
"""Update a post.
@@ -257,6 +258,7 @@ async def update_post(
schema: Update data.
use_case: UpdatePostUseCase dependency.
current_user_id: Authenticated user ID.
role: Current user role.
Returns:
PostResponseSchema with updated post data.
@@ -266,7 +268,7 @@ async def update_post(
content=schema.content,
tags=schema.tags,
)
result = await use_case.execute(post_id, dto, current_user_id)
result = await use_case.execute(post_id, dto, current_user_id, role)
return PostResponseSchema(**result.__dict__)
@@ -279,6 +281,7 @@ async def delete_post(
post_id: UUID,
use_case: DeletePostDep,
current_user_id: CurrentUserDep,
role: CurrentRoleDep,
) -> None:
"""Delete a post.
@@ -286,8 +289,9 @@ async def delete_post(
post_id: Unique post identifier.
use_case: DeletePostUseCase dependency.
current_user_id: Authenticated user ID.
role: Current user role.
"""
await use_case.execute(post_id, current_user_id)
await use_case.execute(post_id, current_user_id, role)
@router.post(
@@ -299,6 +303,7 @@ async def publish_post(
post_id: UUID,
use_case: PublishPostDep,
current_user_id: CurrentUserDep,
role: CurrentRoleDep,
) -> PostResponseSchema:
"""Publish a post.
@@ -306,11 +311,12 @@ async def publish_post(
post_id: Unique post identifier.
use_case: PublishPostUseCase dependency.
current_user_id: Authenticated user ID.
role: Current user role.
Returns:
PostResponseSchema with published post data.
"""
result = await use_case.publish(post_id, current_user_id)
result = await use_case.publish(post_id, current_user_id, role)
return PostResponseSchema(**result.__dict__)
@@ -323,6 +329,7 @@ async def unpublish_post(
post_id: UUID,
use_case: PublishPostDep,
current_user_id: CurrentUserDep,
role: CurrentRoleDep,
) -> PostResponseSchema:
"""Unpublish a post.
@@ -330,9 +337,10 @@ async def unpublish_post(
post_id: Unique post identifier.
use_case: PublishPostUseCase dependency.
current_user_id: Authenticated user ID.
role: Current user role.
Returns:
PostResponseSchema with unpublished post data.
"""
result = await use_case.unpublish(post_id, current_user_id)
result = await use_case.unpublish(post_id, current_user_id, role)
return PostResponseSchema(**result.__dict__)

2
app/presentation/templates/base.html
View File

@@ -37,6 +37,8 @@
<link rel="stylesheet" href="/static/css/base.css" data-testid="base-stylesheet">
<link rel="stylesheet" href="/static/css/components.css" data-testid="components-stylesheet">
<link rel="stylesheet" href="/static/css/layout.css" data-testid="layout-stylesheet">
<link rel="stylesheet" href="/static/css/markdown.css" data-testid="markdown-stylesheet">
<link rel="stylesheet" href="/static/css/pygments.css" data-testid="pygments-stylesheet">
{% block extra_css %}{% endblock %}
</head>

37
app/presentation/templates/pages/about.html Normal file
View File

@@ -0,0 +1,37 @@
{% extends "base.html" %}
{% block title %}About - Blog{% endblock %}
{% block meta_description %}A modern blog built with FastAPI and DDD architecture.{% endblock %}
{% block content %}
<div class="page-header" data-testid="page-header-about">
<h1 class="page-title" data-testid="page-title-about">About</h1>
</div>
<div class="card" data-testid="about-card">
<div class="card-body" data-testid="about-card-body">
<p data-testid="about-description">
A modern blog built with FastAPI and Domain-Driven Design architecture.
</p>
<div class="divider" data-testid="about-divider"></div>
<p data-testid="about-user">
{% if user %}
Signed in as <strong>{{ user.username }}</strong>.
{% else %}
You are browsing as a guest.
{% endif %}
</p>
</div>
<div class="card-footer" data-testid="about-card-footer">
<a href="/web/" class="btn" data-testid="btn-back-home">
<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg" style="margin-right: 0.5rem;">
<path d="M10 12L6 8L10 4" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
</svg>
Back to Home
</a>
</div>
</div>
{% endblock %}

12
app/presentation/templates/pages/index.html
View File

@@ -35,7 +35,7 @@
<article class="card post-card" data-testid="post-card-{{ post.id }}">
<div class="post-card-header" data-testid="post-card-header-{{ post.id }}">
<h2 class="post-card-title" data-testid="post-title-{{ post.id }}">
<a href="/web/posts/{{ post.slug.value }}" data-testid="post-title-link-{{ post.id }}">{{ post.title }}</a>
<a href="/web/posts/{{ post.slug }}" data-testid="post-title-link-{{ post.id }}">{{ post.title }}</a>
</h2>
{% if post.published %}
<span class="badge badge-success" data-testid="post-status-{{ post.id }}">Published</span>
@@ -55,7 +55,7 @@
</div>
<div class="post-card-content" data-testid="post-content-preview-{{ post.id }}">
{{ post.content.value[:200] }}{% if post.content.value|length > 200 %}...{% endif %}
{{ post.content[:200] }}{% if post.content|length > 200 %}...{% endif %}
</div>
<div class="post-card-footer" data-testid="post-card-footer-{{ post.id }}">
@@ -64,7 +64,7 @@
<span class="tag" data-testid="post-tag-{{ post.id }}-{{ loop.index }}">{{ tag }}</span>
{% endfor %}
</div>
<a href="/web/posts/{{ post.slug.value }}" class="btn btn-sm" data-testid="btn-read-more-{{ post.id }}">
<a href="/web/posts/{{ post.slug }}" class="btn btn-sm" data-testid="btn-read-more-{{ post.id }}">
Read more
<svg width="14" height="14" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg" style="margin-left: 0.25rem;">
<path d="M6 12L10 8L6 4" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
@@ -77,7 +77,7 @@
<nav class="pagination" data-testid="pagination" aria-label="Pagination">
{% if has_prev %}
<a href="/?page={{ current_page - 1 }}" class="pagination-item" data-testid="pagination-prev">Previous</a>
<a href="{{ request.url.path }}?page={{ current_page - 1 }}" class="pagination-item" data-testid="pagination-prev">Previous</a>
{% else %}
<span class="pagination-item disabled" data-testid="pagination-prev">Previous</span>
{% endif %}
@@ -85,7 +85,7 @@
<span class="pagination-item active" data-testid="pagination-current">{{ current_page }}</span>
{% if has_next %}
<a href="/?page={{ current_page + 1 }}" class="pagination-item" data-testid="pagination-next">Next</a>
<a href="{{ request.url.path }}?page={{ current_page + 1 }}" class="pagination-item" data-testid="pagination-next">Next</a>
{% else %}
<span class="pagination-item disabled" data-testid="pagination-next">Next</span>
{% endif %}
@@ -96,7 +96,7 @@
<div class="empty-state-icon" data-testid="empty-state-icon">📝</div>
<h3 data-testid="empty-state-title">No posts yet</h3>
<p data-testid="empty-state-description">Be the first to write a post!</p>
<a href="/posts/new" class="btn btn-primary" data-testid="btn-create-first-post">Create your first post</a>
<a href="/web/posts/new" class="btn btn-primary" data-testid="btn-create-first-post">Create your first post</a>
</div>
{% endif %}
{% endblock %}

18
app/presentation/templates/pages/post_detail.html
View File

@@ -1,19 +1,19 @@
{% extends "base.html" %}
{% block title %}{{ post.title }} - Blog{% endblock %}
{% block meta_description %}{{ post.content.value[:160] }}{% endblock %}
{% block meta_description %}{{ post.content[:160] }}{% endblock %}
{% block meta_keywords %}{{ post.tags|join(', ') }}{% endblock %}
{% block meta_author %}{{ post.author_id }}{% endblock %}
{% block canonical_url %}{{ request.base_url }}web/posts/{{ post.slug.value }}{% endblock %}
{% block canonical_url %}{{ request.base_url }}web/posts/{{ post.slug }}{% endblock %}
{% block og_type %}article{% endblock %}
{% block og_url %}{{ request.base_url }}web/posts/{{ post.slug.value }}{% endblock %}
{% block og_url %}{{ request.base_url }}web/posts/{{ post.slug }}{% endblock %}
{% block og_title %}{{ post.title }}{% endblock %}
{% block og_description %}{{ post.content.value[:160] }}{% endblock %}
{% block og_description %}{{ post.content[:160] }}{% endblock %}
{% block twitter_title %}{{ post.title }}{% endblock %}
{% block twitter_description %}{{ post.content.value[:160] }}{% endblock %}
{% block twitter_description %}{{ post.content[:160] }}{% endblock %}
{% block content %}
<article class="post-detail" data-testid="post-detail">
@@ -36,8 +36,8 @@
</div>
</header>
<div class="post-detail-content" data-testid="post-detail-content">
{{ post.content.value|nl2br }}
<div class="post-detail-content markdown-body" data-testid="post-detail-content">
{{ post.content|markdown|safe }}
</div>
<footer class="post-detail-footer" data-testid="post-detail-footer">
@@ -60,7 +60,7 @@
{% if can_edit or can_delete %}
<div class="flex gap-2" data-testid="post-detail-edit-actions">
{% if can_edit %}
<a href="/web/posts/{{ post.slug.value }}/edit" class="btn" data-testid="btn-edit-post">
<a href="/web/posts/{{ post.slug }}/edit" class="btn" data-testid="btn-edit-post">
<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg" style="margin-right: 0.5rem;">
<path d="M11 2L14 5M2 14L3 10L12 1L15 4L6 13L2 14Z" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
</svg>
@@ -68,7 +68,7 @@
</a>
{% endif %}
{% if can_delete %}
<form action="/web/posts/{{ post.slug.value }}/delete" method="POST" style="display: inline;" data-testid="form-delete-post">
<form action="/web/posts/{{ post.slug }}/delete" method="POST" style="display: inline;" data-testid="form-delete-post">
<button type="submit" class="btn btn-danger" data-testid="btn-delete-post" onclick="return confirm('Are you sure you want to delete this post?');">
<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg" style="margin-right: 0.5rem;">
<path d="M2 4h12M6 4V2a2 2 0 012-2h0a2 2 0 012 2v2m3 0v10a2 2 0 01-2 2H5a2 2 0 01-2-2V4h9z" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>

54
app/presentation/templates/pages/post_form.html
View File

@@ -2,6 +2,10 @@
{% block title %}{% if is_edit %}Edit Post{% else %}New Post{% endif %} - Blog{% endblock %}
{% block extra_css %}
<link rel="stylesheet" href="/static/css/easymde.min.css" data-testid="easymde-stylesheet">
{% endblock %}
{% block content %}
<section class="page-header" data-testid="page-header-form">
<h1 class="page-title" data-testid="page-title-form">
@@ -11,7 +15,7 @@
<form
method="POST"
action="{% if is_edit %}/web/posts/{{ post.slug.value }}/edit{% else %}/web/posts/new{% endif %}"
action="{% if is_edit %}/web/posts/{{ post.slug }}/edit{% else %}/web/posts/new{% endif %}"
class="card"
data-testid="form-post"
>
@@ -25,7 +29,7 @@
id="title"
name="title"
class="input input-lg"
value="{% if post %}{{ post.title.value }}{% endif %}"
value="{% if post %}{{ post.title }}{% endif %}"
placeholder="Enter post title"
required
data-testid="input-title"
@@ -40,12 +44,11 @@
<textarea
id="content"
name="content"
class="textarea"
rows="12"
placeholder="Write your post content here..."
required
data-testid="textarea-content"
>{% if post %}{{ post.content.value }}{% endif %}</textarea>
>{% if post %}{{ post.content }}{% endif %}</textarea>
<span class="form-hint" data-testid="hint-content">The main content of your post. Markdown is supported.</span>
</div>
@@ -65,23 +68,11 @@
<span class="form-hint" data-testid="hint-tags">Comma-separated list of tags</span>
</div>
<div class="form-group" data-testid="form-group-published">
<label class="form-label" data-testid="label-published">
<input
type="checkbox"
name="published"
value="true"
{% if post and post.published %}checked{% endif %}
data-testid="checkbox-published"
>
Publish immediately
</label>
</div>
</div>
<div class="card-footer" data-testid="form-post-footer">
<div class="flex justify-between items-center" data-testid="form-actions">
<a href="{% if is_edit %}/web/posts/{{ post.slug.value }}{% else %}/web/{% endif %}" class="btn" data-testid="btn-cancel">
<a href="{% if is_edit %}/web/posts/{{ post.slug }}{% else %}/web/{% endif %}" class="btn" data-testid="btn-cancel">
Cancel
</a>
@@ -97,3 +88,32 @@
</div>
</form>
{% endblock %}
{% block extra_js %}
<script src="/static/js/easymde.min.js" data-testid="easymde-script"></script>
<script>
(function() {
'use strict';
var easyMDE = new EasyMDE({
element: document.getElementById('content'),
spellChecker: false,
status: false,
minHeight: '300px',
placeholder: 'Write your post content here...',
toolbar: [
'bold', 'italic', 'heading', '|',
'code', 'quote', 'unordered-list', 'ordered-list', '|',
'link', 'image', 'table', 'horizontal-rule', '|',
'preview', 'side-by-side', 'fullscreen', '|',
'guide'
]
});
var form = document.querySelector('form[data-testid="form-post"]');
if (form) {
form.addEventListener('submit', function() {
easyMDE.toTextArea();
});
}
})();
</script>
{% endblock %}

8
app/presentation/templates/partials/header.html
View File

@@ -1,6 +1,6 @@
<header class="site-header" data-testid="site-header">
<div class="container" data-testid="header-container">
<a href="/" class="site-logo" data-testid="nav-logo">
<a href="/web/" class="site-logo" data-testid="nav-logo">
<svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg" data-testid="logo-icon">
<rect width="32" height="32" rx="6" fill="var(--color-primary)"/>
<path d="M8 12h16M8 16h12M8 20h8" stroke="white" stroke-width="2" stroke-linecap="round"/>
@@ -254,13 +254,13 @@
<!-- Mobile Navigation Menu -->
<nav class="mobile-nav" id="mobile-nav" data-testid="mobile-nav" aria-label="Mobile navigation">
<a href="/" class="nav-link {% if active_page == 'home' %}active{% endif %}" data-testid="mobile-nav-link-home">
<a href="/web/" class="nav-link {% if active_page == 'home' %}active{% endif %}" data-testid="mobile-nav-link-home">
Home
</a>
<a href="/posts" class="nav-link {% if active_page == 'posts' %}active{% endif %}" data-testid="mobile-nav-link-posts">
<a href="/web/posts" class="nav-link {% if active_page == 'posts' %}active{% endif %}" data-testid="mobile-nav-link-posts">
Posts
</a>
<a href="/about" class="nav-link {% if active_page == 'about' %}active{% endif %}" data-testid="mobile-nav-link-about">
<a href="/web/about" class="nav-link {% if active_page == 'about' %}active{% endif %}" data-testid="mobile-nav-link-about">
About
</a>
</nav>

6
app/presentation/templates/partials/nav.html
View File

@@ -1,11 +1,11 @@
<nav class="main-nav" data-testid="main-nav" aria-label="Main navigation">
<a href="/" class="nav-link {% if active_page == 'home' %}active{% endif %}" data-testid="nav-link-home">
<a href="/web/" class="nav-link {% if active_page == 'home' %}active{% endif %}" data-testid="nav-link-home">
Home
</a>
<a href="/posts" class="nav-link {% if active_page == 'posts' %}active{% endif %}" data-testid="nav-link-posts">
<a href="/web/posts" class="nav-link {% if active_page == 'posts' %}active{% endif %}" data-testid="nav-link-posts">
Posts
</a>
<a href="/about" class="nav-link {% if active_page == 'about' %}active{% endif %}" data-testid="nav-link-about">
<a href="/web/about" class="nav-link {% if active_page == 'about' %}active{% endif %}" data-testid="nav-link-about">
About
</a>
</nav>

51
app/presentation/web/AGENTS.md Normal file
View File

@@ -0,0 +1,51 @@
# Web UI Knowledge Base
**Generated:** 2026-05-03 22:15 UTC
**Commit:** 41f2a3d
**Branch:** feature/tests
## Overview
FastAPI Jinja2 web UI layer with Keycloak auth integration, flash messages, and theme support.
## Structure
```
app/presentation/web/
├── __init__.py
├── auth.py # Keycloak OAuth login/logout/callback
├── deps.py # Web dependency injection (current_user, require_auth)
├── error_handlers.py # HTTP exception handlers for web routes
├── flash.py # Flash message middleware
└── routes.py # All web page routes (largest file in project)
```
## Where to Look
| Task | Location |
|------|----------|
| Add a new page | `routes.py` |
| Change auth flow | `auth.py` |
| Change flash messages | `flash.py` |
| Change error pages | `error_handlers.py` |
| Change DI for web | `deps.py` |
## Conventions
- **Templates**: Jinja2 in `app/presentation/templates/`
- **data-testid attributes REQUIRED** on all interactive elements
- **Theme support**: Light/dark via `data-theme` on `<html>`, LocalStorage persistence
- **Auth**: HTTP-only cookie `access_token`, Keycloak integration
- **Mock data**: Routes currently use `MockPost`/`MOCK_POSTS` — integrate real use cases when ready
## Anti-Patterns
- Do NOT use inline comments — self-documenting code only
- Do NOT add external CDN dependencies — all assets must be in `static/`
- Do NOT bypass `filter_visible_posts()` for draft access control
## Notes
- `routes.py` is the largest file in the project (519 lines) — consider splitting by concern
- `home`, `list_posts`, `post_detail`, `new_post_form`, `edit_post_form`, `create_post`, `update_post`, `delete_post`, `profile`, `about` are all defined in `routes.py`
- Web routers are imported directly in `main.py`, bypassing `app/presentation/__init__.py`

198
app/presentation/web/auth.py
View File

@@ -86,14 +86,20 @@ async def exchange_code_for_token(code: str, redirect_uri: str) -> dict[str, Any
@router.get("/login")
async def login(request: Request) -> RedirectResponse:
"""Redirect to Keycloak login page.
"""Redirect to Keycloak login page or dev login in development mode.
In development mode redirects to the local dev login page
instead of the external Keycloak server.
Args:
request: HTTP request object.
Returns:
RedirectResponse to Keycloak authorization endpoint.
RedirectResponse to Keycloak or dev login endpoint.
"""
if settings.is_dev:
return RedirectResponse(url="/auth/dev-login")
callback_url = str(request.base_url).rstrip("/") + "/auth/callback"
login_url = get_keycloak_login_url(callback_url)
return RedirectResponse(url=login_url)
@@ -142,16 +148,196 @@ async def callback(request: Request, code: str | None = None) -> Response:
async def logout(request: Request) -> Response:
"""Logout user and clear token cookie.
In development mode redirects directly to home page.
In production redirects to Keycloak logout endpoint.
Args:
request: HTTP request object.
Returns:
RedirectResponse to Keycloak logout with cookie cleared.
RedirectResponse with cookie cleared.
"""
home_url = str(request.base_url).rstrip("/") + "/web/"
logout_url = get_keycloak_logout_url(home_url)
response = RedirectResponse(url=logout_url)
response = RedirectResponse(url=home_url)
response.delete_cookie(key="access_token")
if not settings.is_dev:
logout_url = get_keycloak_logout_url(home_url)
response = RedirectResponse(url=logout_url)
response.delete_cookie(key="access_token")
return response
@router.get("/dev-login")
async def dev_login(request: Request) -> Response:
"""Show dev login page for development mode.
Only available in development mode. Provides a simple form
to select role and log in without a real Keycloak server.
Args:
request: HTTP request object.
Returns:
HTMLResponse with dev login form.
Raises:
HTTPException: If accessed outside development mode.
"""
if not settings.is_dev:
raise HTTPException(status_code=404, detail="Not found")
from fastapi.responses import HTMLResponse
return HTMLResponse(
content="""<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Dev Login - Blog</title>
<style>
:root {
--bg: #f5f5f5;
--card: #fff;
--text: #333;
--border: #ddd;
--primary: #0366d6;
--primary-text: #fff;
--error: #d73a49;
}
@media (prefers-color-scheme: dark) {
:root {
--bg: #0d1117;
--card: #161b22;
--text: #c9d1d9;
--border: #30363d;
--primary: #58a6ff;
--primary-text: #0d1117;
}
}
* { box-sizing: border-box; }
body {
margin: 0;
padding: 2rem;
font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
background: var(--bg);
color: var(--text);
display: flex;
justify-content: center;
align-items: center;
min-height: 100vh;
}
.card {
background: var(--card);
border: 1px solid var(--border);
border-radius: 8px;
padding: 2rem;
max-width: 400px;
width: 100%;
box-shadow: 0 4px 12px rgba(0,0,0,0.1);
}
h1 { margin: 0 0 0.5rem; font-size: 1.5rem; }
.badge {
display: inline-block;
background: var(--error);
color: #fff;
padding: 0.25rem 0.5rem;
border-radius: 4px;
font-size: 0.75rem;
font-weight: 600;
margin-bottom: 1.5rem;
}
label {
display: block;
margin-bottom: 0.5rem;
font-weight: 500;
font-size: 0.875rem;
}
input, select {
width: 100%;
padding: 0.625rem 0.75rem;
border: 1px solid var(--border);
border-radius: 6px;
background: var(--bg);
color: var(--text);
font-size: 0.9375rem;
margin-bottom: 1rem;
}
button {
width: 100%;
padding: 0.75rem;
background: var(--primary);
color: var(--primary-text);
border: none;
border-radius: 6px;
font-size: 1rem;
font-weight: 600;
cursor: pointer;
}
button:hover { opacity: 0.9; }
.hint {
margin-top: 1.5rem;
font-size: 0.8125rem;
color: var(--text);
opacity: 0.7;
}
</style>
</head>
<body>
<div class="card">
<h1>Development Login</h1>
<span class="badge">DEV ONLY</span>
<form method="POST" action="/auth/dev-login">
<label for="username">Username</label>
<input type="text" id="username" name="username" value="Dev User" required>
<label for="role">Role</label>
<select id="role" name="role">
<option value="user">User</option>
<option value="user2">Test User</option>
<option value="admin">Admin</option>
<option value="guest">Guest (unauthenticated)</option>
</select>
<button type="submit">Sign In</button>
</form>
<p class="hint">This bypasses Keycloak for local development only.</p>
</div>
</body>
</html>"""
)
@router.post("/dev-login")
async def dev_login_submit(request: Request) -> Response:
"""Handle dev login form submission.
Sets a dev-specific cookie that MockKeycloakClient recognizes.
Args:
request: HTTP request object with form data.
Returns:
RedirectResponse to home page with dev token cookie set.
Raises:
HTTPException: If accessed outside development mode.
"""
if not settings.is_dev:
raise HTTPException(status_code=404, detail="Not found")
form = await request.form()
role = str(form.get("role", "user")).strip()
token = f"dev-token-{role}"
response = RedirectResponse(url="/web/", status_code=302)
response.set_cookie(
key="access_token",
value=token,
httponly=True,
secure=False,
samesite="lax",
max_age=86400,
)
return response

28
app/presentation/web/deps.py
View File

@@ -9,19 +9,26 @@ from typing import Annotated
from fastapi import Cookie, Depends, HTTPException, Request
from app.domain.roles import Role, get_effective_role
from app.infrastructure.auth import KeycloakAuthClient, TokenInfo
from app.infrastructure.auth import KeycloakAuthClient, MockKeycloakClient, TokenInfo
from app.infrastructure.config.settings import settings
def get_keycloak_client(request: Request) -> KeycloakAuthClient:
async def get_keycloak_client(
request: Request,
) -> KeycloakAuthClient | MockKeycloakClient:
"""Get Keycloak client from DI container via request state.
In development mode returns MockKeycloakClient for local testing.
Args:
request: FastAPI request object.
Returns:
KeycloakAuthClient instance from container.
KeycloakAuthClient or MockKeycloakClient instance from container.
"""
client: KeycloakAuthClient = request.state.dishka_container.get(KeycloakAuthClient)
client: KeycloakAuthClient | MockKeycloakClient = await request.state.dishka_container.get(
KeycloakAuthClient
)
return client
@@ -42,14 +49,17 @@ async def get_optional_user(
return None
try:
keycloak_client = get_keycloak_client(request)
keycloak_client = await get_keycloak_client(request)
token_info = await keycloak_client.introspect_token(access_token)
if not token_info.is_valid:
return None
return token_info
except Exception:
except Exception as e:
import logging
logging.getLogger(__name__).warning(f"Token validation error: {e}")
return None
@@ -72,9 +82,10 @@ async def get_current_user(
user = await get_optional_user(request, access_token)
if not user:
login_url = "/auth/dev-login" if settings.is_dev else "/auth/login"
raise HTTPException(
status_code=307,
headers={"Location": "/auth/login"},
headers={"Location": login_url},
)
return user
@@ -122,9 +133,10 @@ def require_role(required_role: Role): # type: ignore[no-untyped-def]
HTTPException: If user lacks required role.
"""
if not user:
login_url = "/auth/dev-login" if settings.is_dev else "/auth/login"
raise HTTPException(
status_code=307,
headers={"Location": "/auth/login"},
headers={"Location": login_url},
)
user_role = get_user_role(user)

461
app/presentation/web/routes.py
View File

@@ -1,17 +1,37 @@
"""Web UI routes for blog application with authentication.
"""Web UI routes for blog application with real use case integration.
This module provides HTML endpoints for the blog web interface
with role-based access control and user authentication.
with role-based access control, user authentication, and full
integration with the application's use cases and domain layer.
"""
from datetime import datetime
from typing import Any
from uuid import uuid4
from dishka.integrations.fastapi import DishkaRoute, FromDishka
from fastapi import APIRouter, HTTPException, Request
from fastapi.responses import HTMLResponse, RedirectResponse
from fastapi.templating import Jinja2Templates
from markdown_it import MarkdownIt
from pygments import highlight
from pygments.formatters import HtmlFormatter
from pygments.lexers import get_lexer_by_name
from pygments.util import ClassNotFound
from app.application.dtos import CreatePostDTO, UpdatePostDTO
from app.application.use_cases import (
CreatePostUseCase,
DeletePostUseCase,
GetPostUseCase,
ListPostsUseCase,
PublishPostUseCase,
UpdatePostUseCase,
)
from app.domain.exceptions import (
AlreadyExistsException,
NotFoundException,
ValidationException,
)
from app.domain.roles import Role, get_effective_role
from app.infrastructure.auth import TokenInfo
from app.presentation.web.deps import (
OptionalUserDep,
@@ -20,135 +40,52 @@ from app.presentation.web.deps import (
can_delete_post,
can_edit_post,
can_see_draft,
get_user_role,
)
from app.presentation.web.flash import flash
router = APIRouter(prefix="/web", tags=["web"])
router = APIRouter(prefix="/web", tags=["web"], route_class=DishkaRoute)
templates = Jinja2Templates(directory="app/presentation/templates")
def nl2br(value: str) -> str:
"""Convert newlines to HTML line breaks.
_md = MarkdownIt("commonmark", {"html": False}).enable("table")
def _highlight_code(code: str, lang: str, _: Any) -> str:
try:
lexer = get_lexer_by_name(lang)
except ClassNotFound:
lexer = get_lexer_by_name("text")
formatter = HtmlFormatter(nowrap=True)
result: str = highlight(code, lexer, formatter)
return result
def markdown_filter(value: str) -> str:
md = MarkdownIt("commonmark", {"html": False, "highlight": _highlight_code}).enable("table")
return str(md.render(value))
templates.env.filters["markdown"] = markdown_filter
_DEFAULT_PAGE_SIZE = 10
def _get_user_role(user: TokenInfo | None) -> Role:
"""Get effective role from user token.
Args:
value: String with newlines.
user: User token info or None for guest.
Returns:
String with <br> tags instead of newlines.
Effective role for the user.
"""
return value.replace("\n", "<br>\n")
if not user:
return Role.GUEST
return get_effective_role(user.roles)
templates.env.filters["nl2br"] = nl2br
class MockPost:
"""Mock post object for UI demonstration.
This class simulates a Post entity for template rendering
before integration with actual use cases.
Attributes:
id: Unique identifier for the post.
title: Post title value object.
content: Post content value object.
slug: URL-friendly slug.
author_id: Identifier of the post author.
published: Publication status flag.
tags: List of tags associated with the post.
created_at: Timestamp when the post was created.
updated_at: Timestamp when the post was last updated.
"""
def __init__(
self,
id: str,
title: str,
content: str,
slug: str,
author_id: str,
published: bool,
tags: list[str],
created_at: datetime | None = None,
) -> None:
"""Initialize mock post with provided attributes.
Args:
id: Unique identifier for the post.
title: Post title string.
content: Post content string.
slug: URL-friendly slug string.
author_id: Author identifier string.
published: Whether the post is published.
tags: List of tag strings.
created_at: Optional creation timestamp, defaults to now.
"""
self.id = id
self.title = MockValueObject(title)
self.content = MockValueObject(content)
self.slug = MockValueObject(slug)
self.author_id = author_id
self.published = published
self.tags = tags
self.created_at = created_at or datetime.now()
self.updated_at = self.created_at
class MockValueObject:
"""Mock value object for simulating domain value objects.
Wraps a raw value to simulate the interface of domain
value objects like Title, Content, and Slug.
Attributes:
value: The wrapped string value.
"""
def __init__(self, value: str) -> None:
"""Initialize with a string value.
Args:
value: The string value to wrap.
"""
self.value = value
MOCK_POSTS = [
MockPost(
id=str(uuid4()),
title="Getting Started with FastAPI",
content="FastAPI is a modern, fast (high-performance), web framework for building APIs with Python 3.7+ based on standard Python type hints. It is designed to be easy to use while providing high performance.",
slug="getting-started-with-fastapi",
author_id="john_doe",
published=True,
tags=["python", "fastapi", "tutorial"],
created_at=datetime(2026, 1, 15, 10, 30),
),
MockPost(
id=str(uuid4()),
title="Understanding DDD Architecture",
content="Domain-Driven Design (DDD) is an approach to software development that centers the development on programming a domain model that has a rich understanding of the processes and rules of a domain. The term was coined by Eric Evans in his book of the same title.",
slug="understanding-ddd-architecture",
author_id="jane_smith",
published=True,
tags=["ddd", "architecture", "software-design"],
created_at=datetime(2026, 1, 14, 14, 45),
),
MockPost(
id=str(uuid4()),
title="Draft Post Example",
content="This is a draft post that hasn't been published yet. It demonstrates how unpublished posts appear in the UI.",
slug="draft-post-example",
author_id="john_doe",
published=False,
tags=["draft"],
created_at=datetime(2026, 1, 13, 9, 0),
),
]
def get_base_context(user: TokenInfo | None) -> dict[str, Any]:
def _get_base_context(user: TokenInfo | None) -> dict[str, Any]:
"""Get base template context with user info and permissions.
Args:
@@ -157,7 +94,7 @@ def get_base_context(user: TokenInfo | None) -> dict[str, Any]:
Returns:
Dictionary with user, user_role, and can_create flags.
"""
user_role = get_user_role(user)
user_role = _get_user_role(user)
return {
"user": user,
@@ -166,42 +103,77 @@ def get_base_context(user: TokenInfo | None) -> dict[str, Any]:
}
def filter_visible_posts(posts: list[MockPost], user: TokenInfo | None) -> list[MockPost]:
"""Filter posts based on user permissions.
async def _get_visible_posts(
list_use_case: ListPostsUseCase,
user: TokenInfo | None,
limit: int,
offset: int,
) -> tuple[list[Any], bool]:
"""Fetch posts visible to the user with pagination.
For guests: only published posts.
For users: published posts plus own drafts.
For admins: all posts.
Args:
posts: List of all posts.
list_use_case: Use case for listing posts.
user: Current user or None for guest.
limit: Maximum number of posts to return.
offset: Number of posts to skip.
Returns:
Filtered list of posts visible to the user.
Tuple of (visible posts, has_next flag).
"""
visible_posts = []
user_role = _get_user_role(user)
for post in posts:
if post.published or can_see_draft(user, post.author_id):
visible_posts.append(post)
if user_role == Role.ADMIN:
posts = await list_use_case.all_posts()
posts = sorted(posts, key=lambda p: p.created_at, reverse=True)
total = len(posts)
posts = posts[offset : offset + limit]
has_next = offset + limit < total
return posts, has_next
return visible_posts
published = await list_use_case.published_posts(limit=limit + 1, offset=offset)
has_next = len(published) > limit
published = published[:limit]
if user_role == Role.USER and user is not None:
own = await list_use_case.by_author(user.user_id)
published_ids = {p.id for p in published}
own_drafts = [p for p in own if p.id not in published_ids and not p.published]
merged = list(published) + own_drafts
merged.sort(key=lambda p: p.created_at, reverse=True)
return merged[:limit], has_next
return published, has_next
@router.get("/", response_class=HTMLResponse)
async def home(
request: Request,
user: OptionalUserDep,
list_use_case: FromDishka[ListPostsUseCase],
) -> HTMLResponse:
"""Render the home page with list of posts.
Args:
request: The HTTP request object for template context.
user: Current user from dependency.
list_use_case: Use case for listing posts.
Returns:
HTMLResponse with rendered posts list template.
"""
context = get_base_context(user)
visible_posts = filter_visible_posts(MOCK_POSTS, user)
page_str = request.query_params.get("page", "1")
page = max(1, int(page_str) if page_str.isdigit() else 1)
offset = (page - 1) * _DEFAULT_PAGE_SIZE
visible_posts, has_next = await _get_visible_posts(
list_use_case, user, _DEFAULT_PAGE_SIZE, offset
)
context = _get_base_context(user)
return templates.TemplateResponse(
request,
"pages/index.html",
@@ -209,9 +181,9 @@ async def home(
**context,
"posts": visible_posts,
"active_page": "home",
"current_page": 1,
"has_prev": False,
"has_next": False,
"current_page": page,
"has_prev": page > 1,
"has_next": has_next,
},
)
@@ -220,19 +192,27 @@ async def home(
async def list_posts(
request: Request,
user: OptionalUserDep,
list_use_case: FromDishka[ListPostsUseCase],
) -> HTMLResponse:
"""Render the posts listing page.
Args:
request: The HTTP request object for template context.
user: Current user from dependency.
list_use_case: Use case for listing posts.
Returns:
HTMLResponse with rendered posts list template.
"""
context = get_base_context(user)
visible_posts = filter_visible_posts(MOCK_POSTS, user)
page_str = request.query_params.get("page", "1")
page = max(1, int(page_str) if page_str.isdigit() else 1)
offset = (page - 1) * _DEFAULT_PAGE_SIZE
visible_posts, has_next = await _get_visible_posts(
list_use_case, user, _DEFAULT_PAGE_SIZE, offset
)
context = _get_base_context(user)
return templates.TemplateResponse(
request,
"pages/index.html",
@@ -240,9 +220,9 @@ async def list_posts(
**context,
"posts": visible_posts,
"active_page": "posts",
"current_page": 1,
"has_prev": False,
"has_next": True,
"current_page": page,
"has_prev": page > 1,
"has_next": has_next,
},
)
@@ -261,7 +241,7 @@ async def new_post_form(
Returns:
HTMLResponse with rendered post form template.
"""
context = get_base_context(user)
context = _get_base_context(user)
return templates.TemplateResponse(
request,
@@ -279,19 +259,51 @@ async def new_post_form(
async def create_post(
request: Request,
user: RequireUserDep,
create_use_case: FromDishka[CreatePostUseCase],
publish_use_case: FromDishka[PublishPostUseCase],
) -> RedirectResponse:
"""Handle new post creation form submission.
Args:
request: The HTTP request object containing form data.
user: Current user (required).
create_use_case: Use case for creating posts.
publish_use_case: Use case for publishing posts.
Returns:
RedirectResponse to the new post or home page.
RedirectResponse to the new post or form page.
"""
flash(request, "Post created successfully!", "success")
response = RedirectResponse(url="/web/", status_code=303)
return response
form = await request.form()
title = str(form.get("title", "")).strip()
content = str(form.get("content", "")).strip()
tags_str = str(form.get("tags", "")).strip()
action = str(form.get("action", "draft")).strip()
tags = [t.strip() for t in tags_str.split(",") if t.strip()]
try:
dto = CreatePostDTO(
title=title,
content=content,
author_id=user.user_id,
tags=tags,
)
result = await create_use_case.execute(dto)
user_role = _get_user_role(user)
if action == "publish":
await publish_use_case.publish(result.id, user.user_id, user_role)
flash(request, "Post published successfully!", "success")
else:
flash(request, "Post saved as draft!", "success")
return RedirectResponse(url=f"/web/posts/{result.slug}", status_code=303)
except AlreadyExistsException as exc:
flash(request, str(exc), "error")
return RedirectResponse(url="/web/posts/new", status_code=303)
except ValidationException as exc:
flash(request, str(exc), "error")
return RedirectResponse(url="/web/posts/new", status_code=303)
@router.get("/posts/{post_slug}", response_class=HTMLResponse)
@@ -299,13 +311,15 @@ async def post_detail(
request: Request,
post_slug: str,
user: OptionalUserDep,
get_use_case: FromDishka[GetPostUseCase],
) -> HTMLResponse:
"""Render a single post detail page.
Args:
request: The HTTP request object for template context.
post_id: The unique identifier of the post to display.
post_slug: The URL-friendly slug of the post to display.
user: Current user from dependency.
get_use_case: Use case for retrieving posts.
Returns:
HTMLResponse with rendered post detail template.
@@ -313,15 +327,15 @@ async def post_detail(
Raises:
HTTPException: If post not found or not visible to user.
"""
post = next((p for p in MOCK_POSTS if p.slug.value == post_slug), None)
if not post:
raise HTTPException(status_code=404, detail="Post not found")
try:
post = await get_use_case.by_slug(post_slug)
except NotFoundException:
raise HTTPException(status_code=404, detail="Post not found") from None
if not post.published and not can_see_draft(user, post.author_id):
raise HTTPException(status_code=404, detail="Post not found")
context = get_base_context(user)
context = _get_base_context(user)
return templates.TemplateResponse(
request,
@@ -341,13 +355,15 @@ async def edit_post_form(
request: Request,
post_slug: str,
user: RequireUserDep,
get_use_case: FromDishka[GetPostUseCase],
) -> HTMLResponse:
"""Render the post edit form.
Args:
request: The HTTP request object for template context.
post_id: The unique identifier of the post to edit.
post_slug: The URL-friendly slug of the post to edit.
user: Current user (required).
get_use_case: Use case for retrieving posts.
Returns:
HTMLResponse with rendered post form template.
@@ -355,15 +371,15 @@ async def edit_post_form(
Raises:
HTTPException: If post not found or user cannot edit it.
"""
post = next((p for p in MOCK_POSTS if p.slug.value == post_slug), None)
if not post:
raise HTTPException(status_code=404, detail="Post not found")
try:
post = await get_use_case.by_slug(post_slug)
except NotFoundException:
raise HTTPException(status_code=404, detail="Post not found") from None
if not can_edit_post(user, post.author_id):
raise HTTPException(status_code=403, detail="Not authorized to edit this post")
context = get_base_context(user)
context = _get_base_context(user)
return templates.TemplateResponse(
request,
@@ -377,90 +393,103 @@ async def edit_post_form(
)
@router.post("/posts/{post_slug}/edit", response_class=HTMLResponse)
@router.post("/posts/{post_slug}/edit")
async def update_post(
request: Request,
post_slug: str,
user: RequireUserDep,
) -> HTMLResponse:
get_use_case: FromDishka[GetPostUseCase],
update_use_case: FromDishka[UpdatePostUseCase],
publish_use_case: FromDishka[PublishPostUseCase],
) -> RedirectResponse:
"""Handle post update form submission.
Args:
request: The HTTP request object containing form data.
post_id: The unique identifier of the post to update.
post_slug: The URL-friendly slug of the post to update.
user: Current user (required).
get_use_case: Use case for retrieving posts.
update_use_case: Use case for updating posts.
publish_use_case: Use case for publishing posts.
Returns:
HTMLResponse with rendered post detail template.
Raises:
HTTPException: If post not found or user cannot edit it.
RedirectResponse to the updated post or form page.
"""
post = next((p for p in MOCK_POSTS if p.slug.value == post_slug), None)
form = await request.form()
title = str(form.get("title", "")).strip()
content = str(form.get("content", "")).strip()
tags_str = str(form.get("tags", "")).strip()
action = str(form.get("action", "draft")).strip()
if not post:
raise HTTPException(status_code=404, detail="Post not found")
tags = [t.strip() for t in tags_str.split(",") if t.strip()]
try:
post = await get_use_case.by_slug(post_slug)
except NotFoundException:
raise HTTPException(status_code=404, detail="Post not found") from None
if not can_edit_post(user, post.author_id):
raise HTTPException(status_code=403, detail="Not authorized to edit this post")
context = get_base_context(user)
try:
dto = UpdatePostDTO(
title=title if title else None,
content=content if content else None,
tags=tags if tags else None,
)
user_role = _get_user_role(user)
result = await update_use_case.execute(post.id, dto, user.user_id, user_role)
return templates.TemplateResponse(
request,
"pages/post_detail.html",
{
**context,
"post": post,
"active_page": "posts",
"can_edit": True,
"can_delete": can_delete_post(user, post.author_id),
},
)
if action == "publish":
if not result.published:
await publish_use_case.publish(result.id, user.user_id, user_role)
else:
if result.published:
await publish_use_case.unpublish(result.id, user.user_id, user_role)
flash(request, "Post updated successfully!", "success")
return RedirectResponse(url=f"/web/posts/{result.slug}", status_code=303)
except (AlreadyExistsException, ValidationException) as exc:
flash(request, str(exc), "error")
return RedirectResponse(url=f"/web/posts/{post_slug}/edit", status_code=303)
@router.post("/posts/{post_slug}/delete", response_class=HTMLResponse)
@router.post("/posts/{post_slug}/delete")
async def delete_post(
request: Request,
post_slug: str,
user: RequireUserDep,
) -> HTMLResponse:
get_use_case: FromDishka[GetPostUseCase],
delete_use_case: FromDishka[DeletePostUseCase],
) -> RedirectResponse:
"""Handle post deletion.
Args:
request: The HTTP request object.
post_id: The unique identifier of the post to delete.
post_slug: The URL-friendly slug of the post to delete.
user: Current user (required).
get_use_case: Use case for retrieving posts.
delete_use_case: Use case for deleting posts.
Returns:
HTMLResponse redirecting to the home page.
Raises:
HTTPException: If post not found or user cannot delete it.
RedirectResponse redirecting to the home page.
"""
post = next((p for p in MOCK_POSTS if p.slug.value == post_slug), None)
if not post:
raise HTTPException(status_code=404, detail="Post not found")
try:
post = await get_use_case.by_slug(post_slug)
except NotFoundException:
raise HTTPException(status_code=404, detail="Post not found") from None
if not can_delete_post(user, post.author_id):
raise HTTPException(status_code=403, detail="Not authorized to delete this post")
context = get_base_context(user)
visible_posts = filter_visible_posts(MOCK_POSTS, user)
try:
user_role = _get_user_role(user)
await delete_use_case.execute(post.id, user.user_id, user_role)
flash(request, "Post deleted successfully!", "success")
except NotFoundException:
flash(request, "Post not found.", "error")
return templates.TemplateResponse(
request,
"pages/index.html",
{
**context,
"posts": visible_posts,
"active_page": "home",
"current_page": 1,
"has_prev": False,
"has_next": False,
},
)
return RedirectResponse(url="/web/", status_code=303)
@router.get("/profile", response_class=HTMLResponse)
@@ -477,7 +506,7 @@ async def profile(
Returns:
HTMLResponse with rendered profile template.
"""
context = get_base_context(user)
context = _get_base_context(user)
return templates.TemplateResponse(
request,
@@ -503,17 +532,13 @@ async def about(
Returns:
HTMLResponse with rendered about page template.
"""
return HTMLResponse(
content=f"""
<!DOCTYPE html>
<html>
<head><title>About - Blog</title></head>
<body>
<h1>About</h1>
<p>A modern blog built with FastAPI and DDD architecture.</p>
<p>User: {user.username if user else "Guest"}</p>
<a href="/web/">Back to home</a>
</body>
</html>
"""
context = _get_base_context(user)
return templates.TemplateResponse(
request,
"pages/about.html",
{
**context,
"active_page": "about",
},
)

20
pyproject.toml
View File

@@ -16,6 +16,9 @@ dependencies = [
"httpx>=0.28.0",
"jinja2>=3.1.6",
"itsdangerous>=2.2.0",
"markdown-it-py>=4.0.0",
"mdit-py-plugins>=0.5.0",
"pygments>=2.20.0",
]
[build-system]
@@ -30,7 +33,11 @@ dev = [
{include-group = "lints"},
{include-group = "tests"},
{include-group = "types"},
"playwright>=1.59.0",
"pre-commit>=4.5.1",
"pytest-playwright>=0.7.2",
"python-multipart>=0.0.27",
"types-pygments>=2.20.0.20260408",
]
tests = [
"httpx>=0.28.1",
@@ -38,30 +45,35 @@ tests = [
"pytest>=9.0.3",
"pytest-asyncio>=1.3.0",
"pytest-cov>=7.1.0",
"pytfm",
]
lints = [
"black>=23.7.0",
"ruff>=0.15.11",
"isort>=8.0.1",
]
types = [
"mimesis>=19.1.0",
"mypy>=1.20.1",
]
[project.scripts]
blog = "app.main:main"
[tool.uv.sources]
pytfm = { workspace = true }
[tool.pytest.ini_options]
asyncio_mode = "auto"
asyncio_default_fixture_loop_scope = "function"
addopts = "--cov=app --cov-report=term-missing --cov-report=html"
addopts = "--cov=app --cov-fail-under=70 --cov-report=term-missing --cov-report=html"
pythonpath = "."
testpaths = "tests"
xfail_strict = true
markers = [
"e2e: End-to-end tests requiring running server",
]
[tool.mypy]
strict = true
exclude = ["tests/e2e"]
plugins = ["pydantic.mypy"]
[tool.ruff]

7
static/css/easymde.min.css vendored Normal file
View File

File diff suppressed because one or more lines are too long

10
static/css/highlight-github.min.css vendored Normal file
View File

@@ -0,0 +1,10 @@
pre code.hljs{display:block;overflow-x:auto;padding:1em}code.hljs{padding:3px 5px}/*!
Theme: GitHub
Description: Light theme as seen on github.com
Author: github.com
Maintainer: @Hirse
Updated: 2021-05-15
Outdated base version: https://github.com/primer/github-syntax-light
Current colors taken from GitHub's CSS
*/.hljs{color:#24292e;background:#fff}.hljs-doctag,.hljs-keyword,.hljs-meta .hljs-keyword,.hljs-template-tag,.hljs-template-variable,.hljs-type,.hljs-variable.language_{color:#d73a49}.hljs-title,.hljs-title.class_,.hljs-title.class_.inherited__,.hljs-title.function_{color:#6f42c1}.hljs-attr,.hljs-attribute,.hljs-literal,.hljs-meta,.hljs-number,.hljs-operator,.hljs-selector-attr,.hljs-selector-class,.hljs-selector-id,.hljs-variable{color:#005cc5}.hljs-meta .hljs-string,.hljs-regexp,.hljs-string{color:#032f62}.hljs-built_in,.hljs-symbol{color:#e36209}.hljs-code,.hljs-comment,.hljs-formula{color:#6a737d}.hljs-name,.hljs-quote,.hljs-selector-pseudo,.hljs-selector-tag{color:#22863a}.hljs-subst{color:#24292e}.hljs-section{color:#005cc5;font-weight:700}.hljs-bullet{color:#735c0f}.hljs-emphasis{color:#24292e;font-style:italic}.hljs-strong{color:#24292e;font-weight:700}.hljs-addition{color:#22863a;background-color:#f0fff4}.hljs-deletion{color:#b31d28;background-color:#ffeef0}

131
static/css/markdown.css Normal file
View File

@@ -0,0 +1,131 @@
.markdown-body h1,
.markdown-body h2,
.markdown-body h3,
.markdown-body h4,
.markdown-body h5,
.markdown-body h6 {
margin-top: 1.5em;
margin-bottom: 0.5em;
font-weight: 600;
line-height: 1.25;
}
.markdown-body h1 { font-size: 2em; border-bottom: 1px solid var(--color-border); padding-bottom: 0.3em; }
.markdown-body h2 { font-size: 1.5em; border-bottom: 1px solid var(--color-border); padding-bottom: 0.3em; }
.markdown-body h3 { font-size: 1.25em; }
.markdown-body h4 { font-size: 1em; }
.markdown-body h5 { font-size: 0.875em; }
.markdown-body h6 { font-size: 0.85em; color: var(--color-text-light); }
.markdown-body p {
margin-bottom: 1em;
line-height: 1.6;
}
.markdown-body ul,
.markdown-body ol {
margin-bottom: 1em;
padding-left: 2em;
}
.markdown-body li {
margin-bottom: 0.25em;
}
.markdown-body blockquote {
margin: 0 0 1em;
padding: 0 1em;
color: var(--color-text-light);
border-left: 0.25em solid var(--color-border);
}
.markdown-body pre {
margin-bottom: 1em;
padding: 1em;
overflow: auto;
font-size: 0.875em;
line-height: 1.45;
background-color: var(--color-box-body);
border-radius: 6px;
}
.markdown-body pre code {
padding: 0;
background-color: transparent;
font-size: inherit;
}
.markdown-body .highlight {
margin-bottom: 1em;
padding: 1em;
overflow: auto;
font-size: 0.875em;
line-height: 1.45;
background-color: var(--color-box-body);
border-radius: 6px;
}
.markdown-body .highlight pre {
margin: 0;
padding: 0;
overflow: visible;
background-color: transparent;
}
.markdown-body table {
margin-bottom: 1em;
border-collapse: collapse;
border-spacing: 0;
width: 100%;
overflow: auto;
}
.markdown-body table th,
.markdown-body table td {
padding: 0.5em 1em;
border: 1px solid var(--color-border);
}
.markdown-body table th {
font-weight: 600;
background-color: var(--color-box-body);
}
.markdown-body table tr:nth-child(2n) {
background-color: var(--color-box-body);
}
.markdown-body hr {
height: 0.25em;
padding: 0;
margin: 1.5em 0;
background-color: var(--color-border);
border: 0;
}
.markdown-body a {
color: var(--color-primary);
text-decoration: none;
}
.markdown-body a:hover {
text-decoration: underline;
}
.markdown-body img {
max-width: 100%;
height: auto;
border-radius: 6px;
}
.markdown-body strong {
font-weight: 600;
}
.markdown-body em {
font-style: italic;
}
.markdown-body del {
text-decoration: line-through;
}

75
static/css/pygments.css Normal file
View File

@@ -0,0 +1,75 @@
pre { line-height: 125%; }
td.linenos .normal { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
span.linenos { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
td.linenos .special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
span.linenos.special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
.highlight .hll { background-color: #ffffcc }
.highlight { background: #f8f8f8; }
.highlight .c { color: #3D7B7B; font-style: italic } /* Comment */
.highlight .err { border: 1px solid #F00 } /* Error */
.highlight .k { color: #008000; font-weight: bold } /* Keyword */
.highlight .o { color: #666 } /* Operator */
.highlight .ch { color: #3D7B7B; font-style: italic } /* Comment.Hashbang */
.highlight .cm { color: #3D7B7B; font-style: italic } /* Comment.Multiline */
.highlight .cp { color: #9C6500 } /* Comment.Preproc */
.highlight .cpf { color: #3D7B7B; font-style: italic } /* Comment.PreprocFile */
.highlight .c1 { color: #3D7B7B; font-style: italic } /* Comment.Single */
.highlight .cs { color: #3D7B7B; font-style: italic } /* Comment.Special */
.highlight .gd { color: #A00000 } /* Generic.Deleted */
.highlight .ge { font-style: italic } /* Generic.Emph */
.highlight .ges { font-weight: bold; font-style: italic } /* Generic.EmphStrong */
.highlight .gr { color: #E40000 } /* Generic.Error */
.highlight .gh { color: #000080; font-weight: bold } /* Generic.Heading */
.highlight .gi { color: #008400 } /* Generic.Inserted */
.highlight .go { color: #717171 } /* Generic.Output */
.highlight .gp { color: #000080; font-weight: bold } /* Generic.Prompt */
.highlight .gs { font-weight: bold } /* Generic.Strong */
.highlight .gu { color: #800080; font-weight: bold } /* Generic.Subheading */
.highlight .gt { color: #04D } /* Generic.Traceback */
.highlight .kc { color: #008000; font-weight: bold } /* Keyword.Constant */
.highlight .kd { color: #008000; font-weight: bold } /* Keyword.Declaration */
.highlight .kn { color: #008000; font-weight: bold } /* Keyword.Namespace */
.highlight .kp { color: #008000 } /* Keyword.Pseudo */
.highlight .kr { color: #008000; font-weight: bold } /* Keyword.Reserved */
.highlight .kt { color: #B00040 } /* Keyword.Type */
.highlight .m { color: #666 } /* Literal.Number */
.highlight .s { color: #BA2121 } /* Literal.String */
.highlight .na { color: #687822 } /* Name.Attribute */
.highlight .nb { color: #008000 } /* Name.Builtin */
.highlight .nc { color: #00F; font-weight: bold } /* Name.Class */
.highlight .no { color: #800 } /* Name.Constant */
.highlight .nd { color: #A2F } /* Name.Decorator */
.highlight .ni { color: #717171; font-weight: bold } /* Name.Entity */
.highlight .ne { color: #CB3F38; font-weight: bold } /* Name.Exception */
.highlight .nf { color: #00F } /* Name.Function */
.highlight .nl { color: #767600 } /* Name.Label */
.highlight .nn { color: #00F; font-weight: bold } /* Name.Namespace */
.highlight .nt { color: #008000; font-weight: bold } /* Name.Tag */
.highlight .nv { color: #19177C } /* Name.Variable */
.highlight .ow { color: #A2F; font-weight: bold } /* Operator.Word */
.highlight .w { color: #BBB } /* Text.Whitespace */
.highlight .mb { color: #666 } /* Literal.Number.Bin */
.highlight .mf { color: #666 } /* Literal.Number.Float */
.highlight .mh { color: #666 } /* Literal.Number.Hex */
.highlight .mi { color: #666 } /* Literal.Number.Integer */
.highlight .mo { color: #666 } /* Literal.Number.Oct */
.highlight .sa { color: #BA2121 } /* Literal.String.Affix */
.highlight .sb { color: #BA2121 } /* Literal.String.Backtick */
.highlight .sc { color: #BA2121 } /* Literal.String.Char */
.highlight .dl { color: #BA2121 } /* Literal.String.Delimiter */
.highlight .sd { color: #BA2121; font-style: italic } /* Literal.String.Doc */
.highlight .s2 { color: #BA2121 } /* Literal.String.Double */
.highlight .se { color: #AA5D1F; font-weight: bold } /* Literal.String.Escape */
.highlight .sh { color: #BA2121 } /* Literal.String.Heredoc */
.highlight .si { color: #A45A77; font-weight: bold } /* Literal.String.Interpol */
.highlight .sx { color: #008000 } /* Literal.String.Other */
.highlight .sr { color: #A45A77 } /* Literal.String.Regex */
.highlight .s1 { color: #BA2121 } /* Literal.String.Single */
.highlight .ss { color: #19177C } /* Literal.String.Symbol */
.highlight .bp { color: #008000 } /* Name.Builtin.Pseudo */
.highlight .fm { color: #00F } /* Name.Function.Magic */
.highlight .vc { color: #19177C } /* Name.Variable.Class */
.highlight .vg { color: #19177C } /* Name.Variable.Global */
.highlight .vi { color: #19177C } /* Name.Variable.Instance */
.highlight .vm { color: #19177C } /* Name.Variable.Magic */
.highlight .il { color: #666 } /* Literal.Number.Integer.Long */

7
static/js/easymde.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

1213
static/js/highlight.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

163
tests/AGENTS.md Normal file
View File

@@ -0,0 +1,163 @@
# Tests Knowledge Base
**Generated:** 2026-05-03 22:15 UTC
**Commit:** 41f2a3d
**Branch:** feature/tests
## Overview
Unit test suite mirroring DDD layers. 100% unit coverage; integration, API, and E2E test directories are documented but not yet populated.
## Structure
```
tests/
├── conftest.py # Session fixtures (event_loop_policy, playwright)
└── unit/
├── conftest.py # Shared mocks (repository, transaction_manager)
├── test_main.py # App factory, lifespan, CLI entry
├── domain/ # Entity, VO, exception, role tests
├── application/ # Use case tests
└── infrastructure/ # Config, auth, transaction manager tests
```
## Test Model
The project maintains a **feature-based test model** in Markdown files next to the test code.
Agents MUST consult these files before adding or modifying tests.
| Model File | Scope |
|------------|-------|
| [`TEST_MODEL.md`](TEST_MODEL.md) | Global coverage matrix, risk areas, TC-ID conventions |
| [`FEATURE_POST_LIFECYCLE.md`](FEATURE_POST_LIFECYCLE.md) | CRUD, publish, visibility |
| [`FEATURE_RBAC.md`](FEATURE_RBAC.md) | Roles, permissions, access policies |
| [`FEATURE_DOMAIN_FOUNDATION.md`](FEATURE_DOMAIN_FOUNDATION.md) | Entities, value objects, exceptions |
| [`FEATURE_INFRASTRUCTURE.md`](FEATURE_INFRASTRUCTURE.md) | Config, auth client, bootstrap, tx manager |
### Adding a New Test
1. Pick the relevant feature model file.
2. Assign the next available `TC-UNIT-NNN` or `TC-E2E-NNN` ID.
3. Append a test-case entry with **Type**, **Layer**, **File**, **Steps**, **Expected**, and **Last Verified**.
4. If the test closes a gap, update the `Gaps` section and the coverage matrix in `TEST_MODEL.md`.
## Where to Look
| Task | Location |
|------|----------|
| Check coverage before adding tests | `tests/TEST_MODEL.md` |
| Add a domain test | `tests/unit/domain/` |
| Add a use case test | `tests/unit/application/` |
| Add an infra test | `tests/unit/infrastructure/` |
| Add an E2E test | `tests/e2e/` + update relevant `FEATURE_*.md` |
| Shared mock fixtures | `tests/unit/conftest.py` |
## Conventions
- **Class-per-entity/use-case**: `TestPost`, `TestCreatePostUseCase`, etc.
- **asyncio_mode=auto**: `@pytest.mark.asyncio` is redundant but harmless
- **Return types**: All test functions must have `-> None`
- **Coverage gate**: 70% minimum enforced in CI
- **Mock pattern**: `Mock(spec=Interface)` or `MagicMock(spec=Interface)` — project uses both inconsistently
- **Async mocking**: Use `AsyncMock()` for async methods (commit, rollback, repo methods)
## TDD Test Case Workflow
### Adding a Feature Test
1. **User triggers**: `"начем новую фичу"`
2. **Agent analyzes**: существующий код, затронутые слои, рекомендует тесткейсы
3. **User agrees**: подтверждает или корректирует набор тесткейсов
4. **Agent creates**:
- `pyaqa/feature/{feature-name}.md` — артефакт фичи
- Обновляет `FEATURE_*.md` — добавляет новые TC
5. **Agent writes tests**: в порядке TC-UNIT → TC-API → TC-WEB → TC-E2E
6. **Agent marks**: в артефакте статус "tests-ready"
7. **Agent implements**: фичу по слоям (Domain → Application → Infra → Presentation)
8. **Agent verifies**: линтеры, тесты, coverage
9. **User accepts**: подтверждает приемку
10. **Agent commits**: во все затронутые проекты
### Bugfix Test Workflow
1. **User triggers**: `"исправить баг"`
2. **Agent analyzes**: воспроизводит баг, определяет root cause
3. **Agent creates**: `pyaqa/bugfix/{bug-name}.md` — артефакт бага
4. **Agent writes regression test**:
- Unit тест, воспроизводящий баг (должен падать)
- Дополнительные тесты на уровне бага (API/Web/E2E)
5. **Agent fixes**: минимальный фикс
6. **Agent verifies**: все тесты проходят, coverage не упал
7. **User accepts**: проверяет исправление
8. **Agent commits**: во все затронутые проекты
### Refactor Test Workflow
1. **User triggers**: `"отрефакторить"`
2. **Agent analyzes**: scope рефакторинга, затронутые файлы
3. **Agent creates**: `pyaqa/refactor/{name}.md` (опционально)
4. **Pre-check**: фиксирует baseline (все тесты проходят, coverage)
5. **Agent refactors**: пошаговые изменения
6. **Post-check**: все тесты проходят, coverage не ниже baseline
7. **Agent verifies**: линтеры, нет новых warnings
8. **User accepts**: опционально проверяет поведение
9. **Agent commits**: во все затронутые проекты
### Test Case Assignment Rules
- **TC-UNIT-NNN**: unit тесты (domain, use cases)
- **TC-API-NNN**: API endpoint тесты
- **TC-WEB-NNN**: Web route тесты (HTML responses, redirects)
- **TC-E2E-NNN**: End-to-end тесты (Playwright)
Нумерация внутри каждого уровня последовательная. Пропуски допустимы только при удалении устаревших тестов.
### Test Case Format
```markdown
### TC-UNIT-NNN: Test Name
- **Type:** Positive | Negative | Policy | Regression
- **Layer:** Unit | API | Web | E2E
- **File:** `path/to/test.py::TestClass::test_method`
- **Expected:** Что ожидается
- **Last Verified:** YYYY-MM-DD
```
### Red → Green → Refactor
- **RED**: Написать тест, убедиться что он падает
- **GREEN**: Написать минимальную реализацию, тест проходит
- **REFACTOR**: Улучшить код, тесты остаются зелеными
### Test Coverage Requirements
| Layer | Minimum Coverage | Notes |
|-------|-----------------|-------|
| Unit | 80% | Domain + Application |
| API | 70% | Endpoints + deps |
| Web | 60% | Routes + handlers |
| E2E | Cover all AC | Все acceptance criteria |
### Regression Test Rules
- **Bugfix**: ДОЛЖЕН включать regression test (unit минимум)
- **Refactor**: ВСЕ существующие тесты должны проходить ДО и ПОСЛЕ
- **Coverage**: Не должен упасть после багфикса или рефакторинга
## Anti-Patterns
- Do NOT add `@pytest.mark.asyncio` to `async def` tests (auto mode handles it)
- Do NOT use bare `Mock()` without `spec=` for interface mocks
- Do NOT delete tests to "fix" coverage — this is grounds for rollback
- Do NOT put fixtures in `__init__.py` — use `conftest.py`
- Do NOT write implementation before tests (no TDD bypass)
- Do NOT skip RED phase (tests must fail before implementation)
- Do NOT commit багфикс без regression test
- Do NOT commit рефакторинг с упавшим coverage
## Notes
- `mimesis` is installed but unused in any test
- E2E tests are excluded from default runs (`pyproject.toml` excludes `tests/e2e`)
- Pytest always runs with coverage (`--cov=app` in `addopts`)
- HTML coverage report generated at `htmlcov/index.html`

246
tests/FEATURE_DOMAIN_FOUNDATION.md Normal file
View File

@@ -0,0 +1,246 @@
# Test Model: Domain Foundation
Feature: Core domain building blocks — entities, value objects, and exceptions.
These tests validate business rules at the domain layer with no external dependencies.
## Unit Test Cases
### Entities
#### TC-UNIT-201: Post Creation
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/domain/test_entities.py::TestPost::test_post_creation`
- **Expected:**
- `id` is a valid UUID
- `title.value == "Test Title"`
- `content.value` matches input
- `slug.value == "test-title"` (auto-generated)
- `author_id == "user-123"`
- `published is False`
- `tags == ["test", "python"]`
- **Last Verified:** 2026-05-07
#### TC-UNIT-202: Post Publish
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/domain/test_entities.py::TestPost::test_post_publish`
- **Expected:** `published` transitions from `False` to `True`
- **Last Verified:** 2026-05-07
#### TC-UNIT-203: Post Unpublish
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/domain/test_entities.py::TestPost::test_post_unpublish`
- **Expected:** `published` transitions from `True` to `False`
- **Last Verified:** 2026-05-07
#### TC-UNIT-204: Post Update Title
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/domain/test_entities.py::TestPost::test_post_update_title`
- **Expected:** Title and slug updated, `updated_at` changed
- **Last Verified:** 2026-05-07
#### TC-UNIT-205: Post Update Content
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/domain/test_entities.py::TestPost::test_post_update_content`
- **Expected:** Content updated, `updated_at` changed
- **Last Verified:** 2026-05-07
#### TC-UNIT-206: Post Update Tags
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/domain/test_entities.py::TestPost::test_post_update_tags`
- **Expected:** Tags replaced with new list, `updated_at` changed
- **Last Verified:** 2026-05-07
#### TC-UNIT-207: Post Add Tag
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/domain/test_entities.py::TestPost::test_post_add_tag`
- **Expected:** New tag appended to existing tags
- **Last Verified:** 2026-05-07
#### TC-UNIT-208: Post Remove Tag
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/domain/test_entities.py::TestPost::test_post_remove_tag`
- **Expected:** Tag removed from list
- **Last Verified:** 2026-05-07
### Value Objects
#### TC-UNIT-301: Title — Valid
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/domain/test_value_objects.py::TestTitle::test_valid_title`
- **Expected:** `Title("Valid Title").value == "Valid Title"`
- **Last Verified:** 2026-05-07
#### TC-UNIT-302: Title — Too Short
- **Type:** Negative
- **Layer:** Unit
- **File:** `unit/domain/test_value_objects.py::TestTitle::test_title_too_short`
- **Expected:** Raises `ValueError` with message containing "at least"
- **Last Verified:** 2026-05-07
#### TC-UNIT-303: Title — Too Long
- **Type:** Negative
- **Layer:** Unit
- **File:** `unit/domain/test_value_objects.py::TestTitle::test_title_too_long`
- **Expected:** Raises `ValueError` with message containing "at most"
- **Last Verified:** 2026-05-07
#### TC-UNIT-304: Title — Empty / Whitespace
- **Type:** Negative
- **Layer:** Unit
- **File:** `unit/domain/test_value_objects.py::TestTitle::test_title_empty`
- **Expected:** Raises `ValueError` with message containing "empty"
- **Last Verified:** 2026-05-07
#### TC-UNIT-305: Title — Non-String
- **Type:** Negative
- **Layer:** Unit
- **File:** `unit/domain/test_value_objects.py::TestTitle::test_title_not_string`
- **Expected:** Raises `ValueError` with message containing "string"
- **Last Verified:** 2026-05-07
#### TC-UNIT-306: Content — Valid
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/domain/test_value_objects.py::TestContent::test_valid_content`
- **Expected:** Content created successfully
- **Last Verified:** 2026-05-07
#### TC-UNIT-307: Content — Too Short
- **Type:** Negative
- **Layer:** Unit
- **File:** `unit/domain/test_value_objects.py::TestContent::test_content_too_short`
- **Expected:** Raises `ValueError` with "at least"
- **Last Verified:** 2026-05-07
#### TC-UNIT-308: Content — Too Long
- **Type:** Negative
- **Layer:** Unit
- **File:** `unit/domain/test_value_objects.py::TestContent::test_content_too_long`
- **Expected:** Raises `ValueError` with "at most"
- **Last Verified:** 2026-05-07
#### TC-UNIT-309: Content — Empty / Whitespace
- **Type:** Negative
- **Layer:** Unit
- **File:** `unit/domain/test_value_objects.py::TestContent::test_content_empty`
- **Expected:** Raises `ValueError` with "empty"
- **Last Verified:** 2026-05-07
#### TC-UNIT-310: Slug — Valid
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/domain/test_value_objects.py::TestSlug::test_valid_slug`
- **Expected:** `Slug("valid-slug").value == "valid-slug"`
- **Last Verified:** 2026-05-07
#### TC-UNIT-311: Slug — From Title
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/domain/test_value_objects.py::TestSlug::test_slug_from_title`
- **Expected:** `Slug.from_title("Hello World Post") == "hello-world-post"`
- **Last Verified:** 2026-05-07
#### TC-UNIT-312: Slug — From Title with Special Characters
- **Type:** Edge
- **Layer:** Unit
- **File:** `unit/domain/test_value_objects.py::TestSlug::test_slug_from_title_with_special_chars`
- **Expected:** Special chars stripped, words hyphenated
- **Last Verified:** 2026-05-07
#### TC-UNIT-313: Slug — From Title with Only Special Characters
- **Type:** Edge
- **Layer:** Unit
- **File:** `unit/domain/test_value_objects.py::TestSlug::test_slug_from_title_only_special_chars`
- **Expected:** Falls back to `"post"`
- **Last Verified:** 2026-05-07
#### TC-UNIT-314: Slug — Invalid Characters (underscore)
- **Type:** Negative
- **Layer:** Unit
- **File:** `unit/domain/test_value_objects.py::TestSlug::test_slug_invalid_chars`
- **Expected:** Raises `ValueError` with "lowercase"
- **Last Verified:** 2026-05-07
#### TC-UNIT-315: Slug — Uppercase Letters
- **Type:** Negative
- **Layer:** Unit
- **File:** `unit/domain/test_value_objects.py::TestSlug::test_slug_uppercase`
- **Expected:** Raises `ValueError` with "lowercase"
- **Last Verified:** 2026-05-07
#### TC-UNIT-316: Slug — Equality and Hash
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/domain/test_value_objects.py::TestSlug::test_slug_equality`
- **Expected:** Equal slugs have equal values and hashes
- **Last Verified:** 2026-05-07
### Exceptions
#### TC-UNIT-401: DomainException — Base
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/domain/test_exceptions.py::TestDomainExceptions::test_base_exception`
- **Expected:** Message stored and returned via `str()`
- **Last Verified:** 2026-05-07
#### TC-UNIT-402: ValidationException
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/domain/test_exceptions.py::TestDomainExceptions::test_validation_exception`
- **Expected:** Inherits `DomainException`, stores message
- **Last Verified:** 2026-05-07
#### TC-UNIT-403: NotFoundException
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/domain/test_exceptions.py::TestDomainExceptions::test_not_found_exception`
- **Expected:** Inherits `DomainException`, stores message
- **Last Verified:** 2026-05-07
#### TC-UNIT-404: AlreadyExistsException
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/domain/test_exceptions.py::TestDomainExceptions::test_already_exists_exception`
- **Expected:** Inherits `DomainException`, stores message
- **Last Verified:** 2026-05-07
#### TC-UNIT-405: UnauthorizedException
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/domain/test_exceptions.py::TestDomainExceptions::test_unauthorized_exception`
- **Expected:** Inherits `DomainException`, stores message
- **Last Verified:** 2026-05-07
#### TC-UNIT-406: ForbiddenException
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/domain/test_exceptions.py::TestDomainExceptions::test_forbidden_exception`
- **Expected:** Inherits `DomainException`, stores message
- **Last Verified:** 2026-05-07
## Coverage Summary
| Component | Cases | Status |
|-----------|-------|--------|
| Post Entity | 8 | ✅ All core operations covered |
| Title VO | 5 | ✅ Validation rules fully covered |
| Content VO | 4 | ✅ Validation rules fully covered |
| Slug VO | 7 | ✅ Generation and validation covered |
| Domain Exceptions | 6 | ✅ All exception types covered |
## Gaps (Not Yet Covered)
- [ ] TC-UNIT-209: Post Entity — `updated_at` does not change when update values are identical
- [ ] TC-UNIT-210: Post Entity — attempt to publish already published post (idempotent behavior)
- [ ] TC-UNIT-317: Slug — collision handling (unique constraint) at domain level
- [ ] TC-UNIT-318: Content — exact boundary values (min length - 1, max length + 1)

335
tests/FEATURE_INFRASTRUCTURE.md Normal file
View File

@@ -0,0 +1,335 @@
# Test Model: Infrastructure & Bootstrap
Feature: Application initialization, configuration, authentication client,
and transaction management. These tests validate the plumbing layer that
supports the domain and application layers.
## Unit Test Cases
### App Bootstrap
#### TC-UNIT-501: Lifespan — Init and Close
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/test_main.py::test_lifespan`
- **Preconditions:** Mock `init_db` and `close_db`
- **Steps:** Enter and exit lifespan context manager
- **Expected:**
- `init_db` called once on enter
- `close_db` called once on exit
- `close_db` not called during context
- **Last Verified:** 2026-05-07
#### TC-UNIT-502: App Factory — Creates FastAPI App
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/test_main.py::test_app_factory`
- **Expected:** Returns `FastAPI` instance
- **Last Verified:** 2026-05-07
#### TC-UNIT-503: App Factory — Has Routes
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/test_main.py::test_app_factory_has_routes`
- **Expected:** `/health` route exists; API routes registered
- **Last Verified:** 2026-05-07
#### TC-UNIT-504: Main — Starts Uvicorn
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/test_main.py::test_main`
- **Preconditions:** Mock `uvicorn.run`
- **Expected:**
- `uvicorn.run` called with `factory=True`
- `host="0.0.0.0"`, `port=8000`
- **Last Verified:** 2026-05-07
### Configuration
#### TC-UNIT-601: Settings — Default Values
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_config.py::TestSettings::test_default_values`
- **Expected:**
- `app.name == "Blog API"`
- `app.debug is False`
- `database_url == "sqlite+aiosqlite:///./blog.db"` (dev default)
- `environment == Environment.DEV`
- **Last Verified:** 2026-05-07
#### TC-UNIT-602: Settings — Custom Values
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_config.py::TestSettings::test_custom_values`
- **Expected:** Custom app, db, and env values applied correctly
- **Last Verified:** 2026-05-07
#### TC-UNIT-603: Settings — is_dev / is_prod Properties
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_config.py::TestSettings::test_is_dev_property`, `test_is_prod_property`
- **Expected:** Boolean properties match environment enum
- **Last Verified:** 2026-05-07
#### TC-UNIT-604: Settings — Prod Requires Security Secret
- **Type:** Negative
- **Layer:** Unit
- **File:** `unit/infrastructure/test_config.py::TestSettings::test_prod_requires_security_secret`
- **Expected:** Raises `ValueError` with `SECURITY_SECRET_KEY` when secret is empty in prod
- **Last Verified:** 2026-05-07
#### TC-UNIT-605: Settings — Prod Requires KC Secret
- **Type:** Negative
- **Layer:** Unit
- **File:** `unit/infrastructure/test_config.py::TestSettings::test_prod_requires_kc_secret`
- **Expected:** Raises `ValueError` with `KC_CLIENT_SECRET` when KC secret is empty in prod
- **Last Verified:** 2026-05-07
#### TC-UNIT-606: Settings — Database URL Dev Default
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_config.py::TestSettings::test_database_url_dev_default`
- **Expected:** Dev mode defaults to SQLite async URL
- **Last Verified:** 2026-05-07
#### TC-UNIT-607: Settings — Database URL Prod Builds Postgres
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_config.py::TestSettings::test_database_url_prod_builds_postgres`
- **Expected:** When `db.url` is None in prod, URL built from host/port/user/password/name
- **Last Verified:** 2026-05-07
#### TC-UNIT-608: Settings — Database URL Override
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_config.py::TestSettings::test_database_url_override`
- **Expected:** Explicit `db.url` overrides auto-building in prod
- **Last Verified:** 2026-05-07
#### TC-UNIT-609: AppConfig — Defaults
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_config.py::TestAppConfig::test_default_values`
- **Expected:** Default name, debug, host, port values
- **Last Verified:** 2026-05-07
#### TC-UNIT-610: DBConfig — Defaults
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_config.py::TestDBConfig::test_default_values`
- **Expected:** Default PostgreSQL connection params
- **Last Verified:** 2026-05-07
#### TC-UNIT-611: DBConfig — URL Validation (Postgres)
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_config.py::TestDBConfig::test_postgres_url_validation`
- **Expected:** Postgres URL accepted
- **Last Verified:** 2026-05-07
#### TC-UNIT-612: DBConfig — URL Validation (SQLite)
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_config.py::TestDBConfig::test_sqlite_url_validation`
- **Expected:** SQLite URL accepted
- **Last Verified:** 2026-05-07
#### TC-UNIT-613: DBConfig — URL Validation Rejects Invalid
- **Type:** Negative
- **Layer:** Unit
- **File:** `unit/infrastructure/test_config.py::TestDBConfig::test_invalid_url_validation`
- **Expected:** Raises `ValueError` for non-SQLite/non-Postgres URLs
- **Last Verified:** 2026-05-07
#### TC-UNIT-614: KCConfig — Defaults
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_config.py::TestKCConfig::test_default_values`
- **Expected:** Default Keycloak server, realm, client settings
- **Last Verified:** 2026-05-07
#### TC-UNIT-615: KCConfig — is_configured With Secret
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_config.py::TestKCConfig::test_is_configured_with_secret`
- **Expected:** `is_configured is True` when `client_secret` is set
- **Last Verified:** 2026-05-07
#### TC-UNIT-616: KCConfig — is_configured Without Secret
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_config.py::TestKCConfig::test_is_configured_without_secret`
- **Expected:** `is_configured is False` when `client_secret` is empty
- **Last Verified:** 2026-05-07
#### TC-UNIT-617: SecurityConfig — Defaults
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_config.py::TestSecurityConfig::test_default_values`
- **Expected:** Default token expiration (30 min)
- **Last Verified:** 2026-05-07
#### TC-UNIT-618: SecurityConfig — is_configured
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_config.py::TestSecurityConfig::test_is_configured_with_secret`, `test_is_configured_without_secret`
- **Expected:** `is_configured` reflects secret presence
- **Last Verified:** 2026-05-07
#### TC-UNIT-619: Environment Enum — Values
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_config.py::TestEnvironment::test_dev_value`, `test_prod_value`
- **Expected:** `DEV.value == "dev"`, `PROD.value == "prod"`
- **Last Verified:** 2026-05-07
### Authentication Client
#### TC-UNIT-701: TokenInfo — Valid Token
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_auth.py::TestTokenInfo::test_token_info_valid`
- **Expected:** `is_valid is True`, all fields populated
- **Last Verified:** 2026-05-07
#### TC-UNIT-702: TokenInfo — Inactive Token
- **Type:** Negative
- **Layer:** Unit
- **File:** `unit/infrastructure/test_auth.py::TestTokenInfo::test_token_info_invalid_not_active`
- **Expected:** `is_valid is False`
- **Last Verified:** 2026-05-07
#### TC-UNIT-703: TokenInfo — Missing user_id
- **Type:** Negative
- **Layer:** Unit
- **File:** `unit/infrastructure/test_auth.py::TestTokenInfo::test_token_info_invalid_no_user_id`
- **Expected:** `is_valid is False`
- **Last Verified:** 2026-05-07
#### TC-UNIT-704: TokenInfo — Empty Roles
- **Type:** Edge
- **Layer:** Unit
- **File:** `unit/infrastructure/test_auth.py::TestTokenInfo::test_token_info_empty_roles`
- **Expected:** `is_valid is True`, roles is empty list
- **Last Verified:** 2026-05-07
#### TC-UNIT-705: KeycloakUser — Creation
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_auth.py::TestKeycloakUser::test_keycloak_user_creation`
- **Expected:** All fields stored correctly
- **Last Verified:** 2026-05-07
#### TC-UNIT-706: KeycloakUser — Defaults
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_auth.py::TestKeycloakUser::test_keycloak_user_defaults`
- **Expected:** Optional fields default to empty strings / lists
- **Last Verified:** 2026-05-07
#### TC-UNIT-707: KeycloakAuthClient — Initialization
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_auth.py::TestKeycloakAuthClient::test_client_initialization`
- **Expected:** Base URL and credentials set from settings
- **Last Verified:** 2026-05-07
#### TC-UNIT-708: KeycloakAuthClient — Introspection URL
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_auth.py::TestKeycloakAuthClient::test_get_introspection_url`
- **Expected:** URL built from settings (server_url, realm)
- **Last Verified:** 2026-05-07
#### TC-UNIT-709: KeycloakAuthClient — Userinfo URL
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_auth.py::TestKeycloakAuthClient::test_get_userinfo_url`
- **Expected:** URL built from settings
- **Last Verified:** 2026-05-07
#### TC-UNIT-710: KeycloakAuthClient — Introspect Success
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_auth.py::TestKeycloakAuthClient::test_introspect_token_success`
- **Preconditions:** Mock `httpx.AsyncClient` with active token response
- **Expected:** Returns `TokenInfo` with active=True, roles parsed from realm_access
- **Last Verified:** 2026-05-07
#### TC-UNIT-711: KeycloakAuthClient — Introspect Inactive Token
- **Type:** Negative
- **Layer:** Unit
- **File:** `unit/infrastructure/test_auth.py::TestKeycloakAuthClient::test_introspect_token_inactive`
- **Expected:** Returns `TokenInfo` with active=False, is_valid=False
- **Last Verified:** 2026-05-07
#### TC-UNIT-712: KeycloakAuthClient — Introspect HTTP Error
- **Type:** Negative
- **Layer:** Unit
- **File:** `unit/infrastructure/test_auth.py::TestKeycloakAuthClient::test_introspect_token_http_error`
- **Expected:** Returns inactive `TokenInfo` (graceful degradation)
- **Last Verified:** 2026-05-07
#### TC-UNIT-713: KeycloakAuthClient — Introspect Uses Cache
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_auth.py::TestKeycloakAuthClient::test_introspect_token_uses_cache`
- **Expected:** Second call with same token uses cache; HTTP client called only once
- **Last Verified:** 2026-05-07
#### TC-UNIT-714: KeycloakAuthClient — Get Userinfo Success
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_auth.py::TestKeycloakAuthClient::test_get_userinfo_success`
- **Expected:** Returns `KeycloakUser` with all profile fields
- **Last Verified:** 2026-05-07
#### TC-UNIT-715: KeycloakAuthClient — Get Userinfo Error
- **Type:** Negative
- **Layer:** Unit
- **File:** `unit/infrastructure/test_auth.py::TestKeycloakAuthClient::test_get_userinfo_error`
- **Expected:** Returns `None` on HTTP error
- **Last Verified:** 2026-05-07
#### TC-UNIT-716: KeycloakAuthClient — Introspect Without Realm Roles
- **Type:** Edge
- **Layer:** Unit
- **File:** `unit/infrastructure/test_auth.py::TestKeycloakAuthClient::test_introspect_token_no_realm_roles`
- **Expected:** Returns active token with empty roles list
- **Last Verified:** 2026-05-07
### Transaction Manager
#### TC-UNIT-801: SessionTransactionManager — Commit
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_transaction_manager.py::TestSessionTransactionManager::test_commit`
- **Expected:** Calls `session.commit` once
- **Last Verified:** 2026-05-07
#### TC-UNIT-802: SessionTransactionManager — Rollback
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/infrastructure/test_transaction_manager.py::TestSessionTransactionManager::test_rollback`
- **Expected:** Calls `session.rollback` once
- **Last Verified:** 2026-05-07
## Coverage Summary
| Component | Cases | Status |
|-----------|-------|--------|
| App Bootstrap | 4 | ✅ Lifespan, factory, routes, main entry |
| Settings & Config | 19 | ✅ Defaults, overrides, validation, env checks |
| Keycloak Auth Client | 16 | ✅ Token introspection, userinfo, caching, errors |
| Transaction Manager | 2 | ⚠️ Only commit/rollback; missing nested tx, error handling |
## Gaps (Not Yet Covered)
- [ ] TC-UNIT-803: Transaction Manager — rollback on exception
- [ ] TC-UNIT-804: Transaction Manager — nested transaction behavior
- [ ] TC-UNIT-805: KeycloakAuthClient — cache expiration (TTL)
- [ ] TC-UNIT-806: KeycloakAuthClient — cache key isolation per token
- [ ] TC-UNIT-807: Settings — prod database URL building with missing components
- [ ] TC-UNIT-808: App Factory — CORS middleware configuration
- [ ] TC-UNIT-809: App Factory — static files mounting
- [ ] TC-UNIT-810: App Factory — error handler registration

278
tests/FEATURE_POST_LIFECYCLE.md Normal file
View File

@@ -0,0 +1,278 @@
# Test Model: Post Lifecycle
Feature: Create, read, update, delete, publish, and unpublish blog posts.
Covers both API use cases and web UI end-to-end flows.
## Unit Test Cases
### TC-UNIT-001: CreatePostUseCase — Success
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/application/test_use_cases.py::TestCreatePostUseCase::test_create_post_success`
- **Preconditions:** Mock repository, mock transaction manager
- **Steps:**
1. Mock `slug_exists` to return `False`
2. Execute `CreatePostUseCase` with valid DTO
- **Expected:**
- Returns `PostResponseDTO` with correct title and author
- `repository.add` called once
- `transaction_manager.commit` called once
- **Last Verified:** 2026-05-07
### TC-UNIT-002: CreatePostUseCase — Duplicate Slug
- **Type:** Negative
- **Layer:** Unit
- **File:** `unit/application/test_use_cases.py::TestCreatePostUseCase::test_create_post_slug_exists`
- **Preconditions:** Mock repository returns `slug_exists=True`
- **Steps:** Execute `CreatePostUseCase` with DTO that would collide
- **Expected:** Raises `AlreadyExistsException`, no DB write
- **Last Verified:** 2026-05-07
### TC-UNIT-003: CreatePostUseCase — Validation Error (implied by VO tests)
- **Type:** Negative
- **Layer:** Unit
- **File:** Covered indirectly via `Title` / `Content` VO tests
- **Gap Note:** No explicit use-case-level validation error test exists.
### TC-UNIT-004: DeletePostUseCase — Success
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/application/test_use_cases.py::TestDeletePostUseCase`
- **Expected:** Post removed, commit called
- **Last Verified:** 2026-05-07
### TC-UNIT-005: GetPostUseCase — By ID Success
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/application/test_use_cases.py::TestGetPostUseCase`
- **Expected:** Returns `PostResponseDTO` for existing post
- **Last Verified:** 2026-05-07
### TC-UNIT-006: GetPostUseCase — By Slug Success
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/application/test_use_cases.py::TestGetPostUseCase`
- **Expected:** Returns `PostResponseDTO` for existing slug
- **Last Verified:** 2026-05-07
### TC-UNIT-007: GetPostUseCase — Not Found
- **Type:** Negative
- **Layer:** Unit
- **File:** `unit/application/test_use_cases.py::TestGetPostUseCase`
- **Expected:** Raises `NotFoundException`
- **Last Verified:** 2026-05-07
### TC-UNIT-008: UpdatePostUseCase — Success
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/application/test_use_cases.py::TestUpdatePostUseCase`
- **Expected:** Post updated, commit called
- **Last Verified:** 2026-05-07
### TC-UNIT-009: UpdatePostUseCase — Forbidden (other author)
- **Type:** Policy
- **Layer:** Unit
- **File:** `unit/application/test_use_cases.py::TestUpdatePostUseCase`
- **Expected:** Raises `ForbiddenException`
- **Last Verified:** 2026-05-07
### TC-UNIT-010: PublishPostUseCase — Publish Success
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/application/test_publish_post.py::TestPublishPost::test_publish_success`
- **Preconditions:** Mock repository returns unpublished post
- **Steps:** Call `publish(post_id, author_id)`
- **Expected:**
- Returns `PostResponseDTO` with `published=True`
- `repository.update` and `commit` called once
- **Last Verified:** 2026-05-07
### TC-UNIT-011: PublishPostUseCase — Publish Not Found
- **Type:** Negative
- **Layer:** Unit
- **File:** `unit/application/test_publish_post.py::TestPublishPost::test_publish_not_found`
- **Expected:** Raises `NotFoundException`
- **Last Verified:** 2026-05-07
### TC-UNIT-012: PublishPostUseCase — Publish Forbidden
- **Type:** Policy
- **Layer:** Unit
- **File:** `unit/application/test_publish_post.py::TestPublishPost::test_publish_forbidden`
- **Expected:** Raises `ForbiddenException` when caller is not the author
- **Last Verified:** 2026-05-07
### TC-UNIT-013: PublishPostUseCase — Unpublish Success
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/application/test_publish_post.py::TestUnpublishPost::test_unpublish_success`
- **Expected:** Returns `PostResponseDTO` with `published=False`
- **Last Verified:** 2026-05-07
### TC-UNIT-014: PublishPostUseCase — Unpublish Not Found
- **Type:** Negative
- **Layer:** Unit
- **File:** `unit/application/test_publish_post.py::TestUnpublishPost::test_unpublish_not_found`
- **Expected:** Raises `NotFoundException`
- **Last Verified:** 2026-05-07
### TC-UNIT-015: PublishPostUseCase — Unpublish Forbidden
- **Type:** Policy
- **Layer:** Unit
- **File:** `unit/application/test_publish_post.py::TestUnpublishPost::test_unpublish_forbidden`
- **Expected:** Raises `ForbiddenException` when caller is not the author
- **Last Verified:** 2026-05-07
### TC-UNIT-016: ListPostsUseCase — All Posts
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/application/test_list_posts.py::TestAllPosts::test_all_posts`
- **Expected:** Returns all posts as DTOs
- **Last Verified:** 2026-05-07
### TC-UNIT-017: ListPostsUseCase — Published Posts
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/application/test_list_posts.py::TestPublishedPosts::test_published_posts`
- **Expected:** Returns only published posts
- **Last Verified:** 2026-05-07
### TC-UNIT-018: ListPostsUseCase — Published Posts with Pagination
- **Type:** Edge
- **Layer:** Unit
- **File:** `unit/application/test_list_posts.py::TestPublishedPosts::test_published_posts_with_limit_offset`
- **Expected:** Repository called with correct limit/offset
- **Last Verified:** 2026-05-07
### TC-UNIT-019: ListPostsUseCase — By Author
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/application/test_list_posts.py::TestByAuthor::test_by_author`
- **Expected:** Returns posts filtered by author_id
- **Last Verified:** 2026-05-07
### TC-UNIT-020: ListPostsUseCase — By Tag
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/application/test_list_posts.py::TestByTag::test_by_tag`
- **Expected:** Returns posts containing the tag
- **Last Verified:** 2026-05-07
### TC-UNIT-021: ListPostsUseCase — Search
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/application/test_list_posts.py::TestSearch::test_search`
- **Expected:** Returns posts matching the query
- **Last Verified:** 2026-05-07
### TC-UNIT-022: ListPostsUseCase — Search No Results
- **Type:** Edge
- **Layer:** Unit
- **File:** `unit/application/test_list_posts.py::TestSearch::test_search_no_results`
- **Expected:** Returns empty list
- **Last Verified:** 2026-05-07
## E2E Test Cases
### TC-E2E-001: Positive — Create and Publish Post
- **Type:** Positive
- **Layer:** E2E
- **File:** `e2e/test_post_lifecycle.py::test_user_creates_and_publishes_post_visible_to_guest_and_admin`
- **Preconditions:** Dev server running, `user_page`, `guest_page`, `admin_page` fixtures
- **Steps:**
1. Generate post data via `PostDataGenerator`
2. Open home page and click "Write a Post"
3. Fill form (title, content, tags)
4. Click "Publish Post"
- **Expected:**
- Redirect to `/web/posts/{slug}`
- Status badge shows "Published"
- Post visible on home page for user, guest, and admin
- Post detail accessible to guest and admin
- **Last Verified:** 2026-05-07
### TC-E2E-002: Policy — Draft Visibility Across Roles
- **Type:** Policy
- **Layer:** E2E
- **File:** `e2e/test_post_lifecycle.py::test_post_visibility_policies_across_users`
- **Preconditions:** Dev server running, `user_page`, `user2_page`, `guest_page`, `admin_page` fixtures
- **Steps:**
1. User creates a draft post
2. User creates and publishes another post
3. Check visibility for each role on the home page
4. Attempt direct access to draft by user2
- **Expected:**
- User sees both posts
- User2 and guest see only the published post
- Admin sees both posts
- User2 receives 404 when accessing draft directly
- **Last Verified:** 2026-05-07
### TC-E2E-003: Negative — 404 for Nonexistent Post
- **Type:** Negative
- **Layer:** E2E
- **File:** `e2e/test_errors.py::test_nonexistent_post_returns_404`
- **Preconditions:** Dev server running, `guest_page`, `user_page` fixtures
- **Steps:**
1. Generate a random slug that does not exist in the database.
2. Navigate to `/web/posts/{fake-slug}` as guest and as authenticated user.
- **Expected:**
- Error page is rendered with `data-testid="error-code"` showing `404`
- Both guest and user see the same 404 response
- **Last Verified:** 2026-05-08
### TC-E2E-003a: Policy — 404 for Another User's Draft
- **Type:** Policy
- **Layer:** E2E
- **File:** `e2e/test_errors.py::test_other_user_draft_returns_404`
- **Preconditions:** Dev server running, `user_page`, `user2_page`, `guest_page` fixtures
- **Steps:**
1. User creates a draft post and saves it.
2. Extract the slug from the detail page URL.
3. User2 and guest navigate to `/web/posts/{slug}`.
- **Expected:**
- Owner sees the draft detail with "Draft" badge (200)
- User2 sees 404 error page
- Guest sees 404 error page
- **Last Verified:** 2026-05-08
### TC-E2E-004: Positive — Delete Post via Web UI
- **Type:** Positive
- **Layer:** E2E
- **File:** `e2e/test_post_deletion.py::test_user_can_delete_own_post`
- **Preconditions:** Dev server running, `user_page` fixture
- **Steps:**
1. Generate post data via `PostDataGenerator`
2. Open home page and click "Write a Post"
3. Fill form (title, content, tags) and click "Publish Post"
4. On post detail page, click "Delete" and accept confirm dialog
- **Expected:**
- Redirect to `/web/`
- Post no longer appears on home page
- **Last Verified:** 2026-05-07
## Coverage Summary
| Aspect | Coverage | Notes |
|--------|----------|-------|
| Create post | Unit + E2E | Both happy path and duplicate slug covered |
| Read post (by id/slug) | Unit | E2E implicitly via detail page |
| Update post | Unit | No dedicated E2E |
| Delete post | Unit + E2E | Own-post and admin-delete covered |
| Publish / Unpublish | Unit + E2E | Draft-to-publish flow covered via edit |
| List posts (all filters) | Unit | Pagination arguments passed but not edge-case tested |
| Search posts | Unit | No E2E search flow |
## Gaps (Not Yet Covered)
- [ ] TC-UNIT-023: CreatePostUseCase — explicit validation error (title too short, content empty)
- [x] TC-UNIT-024: UpdatePostUseCase — not found scenario
- [x] TC-UNIT-025: UpdatePostUseCase — content and tags update
- [ ] TC-UNIT-026: ListPostsUseCase — pagination edge cases (page boundaries, empty page)
- [x] TC-E2E-003: 404 error page for nonexistent post
- [x] TC-E2E-003a: Edit post via web UI and verify changes (own post)
- [x] TC-E2E-004: Delete post via web UI and verify removal
- [x] TC-E2E-005: Save post as draft and publish via edit, verify visibility change
- [ ] TC-E2E-006: Search posts via web UI
- [x] TC-E2E-007: Pagination navigation on home page
- [x] TC-E2E-009: Profile page renders user info and role badge correctly
- [x] TC-E2E-010: Theme toggle switches between light and dark with localStorage persistence

172
tests/FEATURE_RBAC.md Normal file
View File

@@ -0,0 +1,172 @@
# Test Model: RBAC & Access Control
Feature: Role-based access control and post visibility policies.
Defines who can create, read, update, delete, and view posts based on role
(GUEST, USER, ADMIN) and ownership.
## Unit Test Cases
### TC-UNIT-101: Role Enum Values
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/domain/test_roles.py::TestRole::test_role_values`
- **Expected:** `Role.ADMIN.value == "admin"`, `Role.USER.value == "user"`, `Role.GUEST.value == "guest"`
- **Last Verified:** 2026-05-07
### TC-UNIT-102: Permission Constants
- **Type:** Positive
- **Layer:** Unit
- **File:** `unit/domain/test_roles.py::TestPermissions::test_permission_values`
- **Expected:** All permission strings match definitions (`post:create`, `post:read`, etc.)
- **Last Verified:** 2026-05-07
### TC-UNIT-103: Admin Has All Permissions
- **Type:** Policy
- **Layer:** Unit
- **File:** `unit/domain/test_roles.py::TestRolePermissions::test_admin_has_all_permissions`
- **Expected:** `ROLE_PERMISSIONS[Role.ADMIN]` contains all defined permissions
- **Last Verified:** 2026-05-07
### TC-UNIT-104: User Permissions — No Unpublished Read
- **Type:** Policy
- **Layer:** Unit
- **File:** `unit/domain/test_roles.py::TestRolePermissions::test_user_permissions`
- **Expected:** User has `post:create`, `post:read`, `post:update`, `post:delete`, `post:publish` but **not** `post:read_unpublished`
- **Last Verified:** 2026-05-07
### TC-UNIT-105: Guest Permissions — Read Only
- **Type:** Policy
- **Layer:** Unit
- **File:** `unit/domain/test_roles.py::TestRolePermissions::test_guest_permissions`
- **Expected:** Guest has only `post:read`; no create, update, delete, publish, or unpublished read
- **Last Verified:** 2026-05-07
### TC-UNIT-106: has_permission — Admin Check
- **Type:** Policy
- **Layer:** Unit
- **File:** `unit/domain/test_roles.py::TestHasPermission::test_admin_has_all_permissions_check`
- **Expected:** `has_permission(Role.ADMIN, any_perm)` is `True`; unknown permission returns `False`
- **Last Verified:** 2026-05-07
### TC-UNIT-107: has_permission — User Cannot Read Unpublished
- **Type:** Policy
- **Layer:** Unit
- **File:** `unit/domain/test_roles.py::TestHasPermission::test_user_limited_permissions`
- **Expected:** `has_permission(Role.USER, POST_READ_UNPUBLISHED)` is `False`
- **Last Verified:** 2026-05-07
### TC-UNIT-108: has_permission — Guest Read Only
- **Type:** Policy
- **Layer:** Unit
- **File:** `unit/domain/test_roles.py::TestHasPermission::test_guest_read_only`
- **Expected:** `has_permission(Role.GUEST, POST_READ)` is `True`; all others `False`
- **Last Verified:** 2026-05-07
### TC-UNIT-109: get_effective_role — Admin Priority
- **Type:** Policy
- **Layer:** Unit
- **File:** `unit/domain/test_roles.py::TestGetEffectiveRole::test_admin_from_roles_list`
- **Expected:** Any list containing `"admin"` resolves to `Role.ADMIN`
- **Last Verified:** 2026-05-07
### TC-UNIT-110: get_effective_role — User Priority
- **Type:** Policy
- **Layer:** Unit
- **File:** `unit/domain/test_roles.py::TestGetEffectiveRole::test_user_from_roles_list`
- **Expected:** List with `"user"` (and no `"admin"`) resolves to `Role.USER`
- **Last Verified:** 2026-05-07
### TC-UNIT-111: get_effective_role — Guest Fallback
- **Type:** Policy
- **Layer:** Unit
- **File:** `unit/domain/test_roles.py::TestGetEffectiveRole::test_guest_from_roles_list`
- **Expected:** Empty list or unknown roles resolve to `Role.GUEST`
- **Last Verified:** 2026-05-07
### TC-UNIT-112: get_effective_role — Priority Order
- **Type:** Policy
- **Layer:** Unit
- **File:** `unit/domain/test_roles.py::TestGetEffectiveRole::test_role_priority`
- **Expected:** Priority is `admin > user > guest`
- **Last Verified:** 2026-05-07
## E2E Test Cases
### TC-E2E-101: Draft Visibility Policy Across Roles
- **Type:** Policy
- **Layer:** E2E
- **File:** `e2e/test_post_lifecycle.py::test_post_visibility_policies_across_users`
- **Preconditions:** Four browser contexts: user, user2, guest, admin
- **Steps:**
1. User creates a draft
2. User creates a published post
3. Verify home-page visibility for each role
4. Verify direct draft access by user2 returns 404
- **Expected:**
- User sees both posts
- User2 sees only published
- Guest sees only published
- Admin sees both
- User2 gets 404 on direct draft URL
- **Last Verified:** 2026-05-07
## Web Route Policy Reference
The following policies are implemented in `app/presentation/web/deps.py` and
`app/presentation/web/routes.py`. They are covered via E2E but lack dedicated
unit tests for the web layer.
| Function | Rule | Covered By |
|----------|------|------------|
| `can_create_post` | USER or ADMIN | E2E-001 |
| `can_edit_post` | ADMIN or own post author | Unit (use cases) |
| `can_delete_post` | ADMIN or own post author | Unit (use cases) |
| `can_see_draft` | ADMIN or own post author | E2E-101 |
| `_get_visible_posts` | GUEST: published only; USER: published + own drafts; ADMIN: all | E2E-101 |
### TC-E2E-102: Admin Can Edit Any Post
- **Type:** Positive
- **Layer:** E2E
- **File:** `e2e/test_post_ownership.py::test_admin_can_edit_any_post`
- **Preconditions:** Two browser contexts: user (creates post), admin (edits post)
- **Steps:**
1. User creates and publishes a post
2. Admin opens the post detail page
3. Admin clicks edit, changes title, and saves
4. Verify the post detail shows the updated title
- **Expected:** Admin sees edit button, successfully updates post, detail page reflects new title
- **Last Verified:** 2026-05-07
### TC-E2E-103: User Cannot Edit Other User's Post
- **Type:** Negative
- **Layer:** E2E
- **File:** `e2e/test_post_ownership.py::test_user_cannot_edit_other_users_post`
- **Preconditions:** Two browser contexts: user (creates post), user2 (attempts edit)
- **Steps:**
1. User creates and publishes a post
2. User2 opens the post detail page
3. Verify edit button is not visible
4. User2 attempts direct access to `/web/posts/{slug}/edit`
- **Expected:** Edit button is hidden; direct access returns 403 error page
- **Last Verified:** 2026-05-07
## Coverage Summary
| Aspect | Coverage | Notes |
|--------|----------|-------|
| Role definitions | Unit | Enum values and permission mapping fully tested |
| Permission checks | Unit | `has_permission` and `get_effective_role` fully tested |
| Web-level enforcement | E2E | Visibility and ownership rules tested via browser |
| API-level enforcement | — | No API tests exist after refactor |
## Gaps (Not Yet Covered)
- [x] TC-UNIT-113: Web deps — `can_create_post` for each role
- [x] TC-UNIT-114: Web deps — `can_edit_post` for owner vs non-owner
- [x] TC-UNIT-115: Web deps — `can_delete_post` for owner vs non-owner
- [x] TC-UNIT-116: Web deps — `can_see_draft` for each role combination
- [ ] TC-API-101: API POST create — unauthorized (no token)
- [ ] TC-API-102: API POST create — forbidden (guest token)
- [ ] TC-API-103: API GET unpublished post — forbidden (other user)
- [ ] TC-E2E-104: Admin can delete any post via web UI
- [ ] TC-E2E-105: User cannot delete other user's post via web UI

56
tests/TEST_MODEL.md Normal file
View File

@@ -0,0 +1,56 @@
# Test Model: Blog
Global test coverage map for the blog application. Use this file to assess
which features are covered, where gaps exist, and what to prioritize when
adding new tests.
## Coverage Matrix
| Feature | Unit | Integration | API | E2E | Priority | Status |
|---------|:----:|:-----------:|:---:|:---:|:--------:|:------:|
| Post Lifecycle (CRUD, Publish) | 85% | — | — | 70% | P0 | ✅ Active |
| RBAC & Access Control | 100% | — | — | 60% | P0 | ✅ Active |
| Domain Value Objects | 100% | — | — | — | P0 | ✅ Stable |
| Domain Entities | 95% | — | — | — | P0 | ✅ Stable |
| Domain Exceptions | 100% | — | — | — | P1 | ✅ Stable |
| List & Search Posts | 70% | — | — | — | P1 | ⚠️ Partial |
| Keycloak Auth Client | 80% | — | — | — | P0 | ✅ Active |
| App Bootstrap & Config | 75% | — | — | — | P1 | ✅ Stable |
| Transaction Manager | 60% | — | — | — | P2 | ⚠️ Partial |
| Web UI Error Handling | — | — | — | 50% | P1 | ⚠️ Partial |
| Pagination | 40% | — | — | 60% | P1 | ⚠️ Partial |
| Post Edit via Web | — | — | — | 40% | P1 | ⚠️ Partial |
| Post Delete via Web | — | — | — | 40% | P1 | ⚠️ Partial |
Legend: ✅ Covered / ⚠️ Partial / ❌ Missing / — Not Applicable
## Feature Files
| Feature | Model File |
|---------|------------|
| Post Lifecycle | [FEATURE_POST_LIFECYCLE.md](FEATURE_POST_LIFECYCLE.md) |
| RBAC & Access Control | [FEATURE_RBAC.md](FEATURE_RBAC.md) |
| Domain Foundation | [FEATURE_DOMAIN_FOUNDATION.md](FEATURE_DOMAIN_FOUNDATION.md) |
| Infrastructure & Bootstrap | [FEATURE_INFRASTRUCTURE.md](FEATURE_INFRASTRUCTURE.md) |
## Test Naming Convention
- **TC-UNIT-NNN**: Unit test case
- **TC-E2E-NNN**: End-to-end test case
- **TC-INT-NNN**: Integration test case
- **TC-API-NNN**: API test case
## How to Update This Model
1. When adding a new test, assign the next available TC-ID in the relevant feature file.
2. Update the Coverage Matrix above if the new test closes a gap or changes coverage percentage.
3. Update the `Last Verified` field in the feature file after running the test successfully.
4. When a test is deleted or renamed, update the corresponding TC entry and mark it as **Deprecated**.
## Risk Areas
1. **No Integration Tests**: SQLAlchemy repository has no integration tests against a real database.
2. **Deleted API Tests**: API endpoint tests were removed in a previous refactor and need restoration.
3. **Web UI Error Handling**: Only covered indirectly via E2E; no dedicated error-scenario E2E tests.
4. **Pagination Edge Cases**: Page boundaries, empty pages, and large offsets are not explicitly tested.
5. **Edit/Delete Web Flows**: No E2E coverage for editing or deleting posts through the web UI.

0
tests/api/__init__.py
View File

57
tests/api/conftest.py
View File

@@ -1,57 +0,0 @@
"""API test fixtures."""
from collections.abc import AsyncGenerator
from unittest.mock import AsyncMock, MagicMock, patch
import pytest
from httpx import ASGITransport, AsyncClient
from app.infrastructure.auth.models import TokenInfo
from app.main import app_factory
@pytest.fixture
def mock_keycloak_client() -> MagicMock:
"""Create mock Keycloak client for testing."""
mock_client = AsyncMock()
mock_client.introspect_token.return_value = TokenInfo(
active=True,
user_id="test-user-id",
username="testuser",
email="test@example.com",
roles=["user"],
)
return mock_client
@pytest.fixture
async def client(mock_keycloak_client: MagicMock) -> AsyncGenerator[AsyncClient]:
"""Create async HTTP client for API testing."""
with patch(
"app.presentation.api.deps.KeycloakAuthClient",
return_value=mock_keycloak_client,
):
app = app_factory()
transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://test") as ac:
yield ac
@pytest.fixture
def auth_headers() -> dict[str, str]:
"""Return mock authentication headers."""
return {"Authorization": "Bearer test_token"}
@pytest.fixture
def unauthorized_keycloak_client() -> MagicMock:
"""Create mock Keycloak client that returns invalid token."""
mock_client = AsyncMock()
mock_client.introspect_token.return_value = TokenInfo(
active=False,
user_id="",
username="",
email="",
roles=[],
)
return mock_client

207
tests/api/test_error_handlers.py
View File

@@ -1,207 +0,0 @@
"""Tests for error handler middleware.
Tests exception handling and error responses.
"""
from unittest.mock import patch
from httpx import ASGITransport, AsyncClient
from app.domain.exceptions import (
AlreadyExistsException,
DomainException,
ForbiddenException,
NotFoundException,
ValidationException,
)
from app.main import app_factory
class TestDomainExceptionHandlers:
"""Test suite for domain exception handlers."""
async def test_validation_exception(self) -> None:
"""Test ValidationException returns 400."""
with patch(
"app.application.use_cases.get_post.GetPostUseCase.by_id",
side_effect=ValidationException("Invalid input"),
):
app = app_factory()
transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://test") as client:
response = await client.get("/api/v1/posts/12345678-1234-1234-1234-123456789abc")
assert response.status_code == 400
data = response.json()
assert data["error"] == "ValidationException"
assert data["message"] == "Invalid input"
assert "timestamp" in data
assert "path" in data
async def test_forbidden_exception(self) -> None:
"""Test ForbiddenException returns 403."""
with patch(
"app.application.use_cases.get_post.GetPostUseCase.by_id",
side_effect=ForbiddenException("Access denied"),
):
app = app_factory()
transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://test") as client:
response = await client.get("/api/v1/posts/12345678-1234-1234-1234-123456789abc")
assert response.status_code == 403
data = response.json()
assert data["error"] == "ForbiddenException"
assert data["message"] == "Access denied"
async def test_not_found_exception(self) -> None:
"""Test NotFoundException returns 404."""
with patch(
"app.application.use_cases.get_post.GetPostUseCase.by_id",
side_effect=NotFoundException("Post not found"),
):
app = app_factory()
transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://test") as client:
response = await client.get("/api/v1/posts/12345678-1234-1234-1234-123456789abc")
assert response.status_code == 404
data = response.json()
assert data["error"] == "NotFoundException"
assert data["message"] == "Post not found"
async def test_already_exists_exception(self) -> None:
"""Test AlreadyExistsException returns 409."""
with patch(
"app.application.use_cases.get_post.GetPostUseCase.by_id",
side_effect=AlreadyExistsException("Post already exists"),
):
app = app_factory()
transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://test") as client:
response = await client.get("/api/v1/posts/12345678-1234-1234-1234-123456789abc")
assert response.status_code == 409
data = response.json()
assert data["error"] == "AlreadyExistsException"
assert data["message"] == "Post already exists"
async def test_generic_domain_exception(self) -> None:
"""Test generic DomainException returns 500."""
with patch(
"app.application.use_cases.get_post.GetPostUseCase.by_id",
side_effect=DomainException("Generic error"),
):
app = app_factory()
transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://test") as client:
response = await client.get("/api/v1/posts/12345678-1234-1234-1234-123456789abc")
assert response.status_code == 500
data = response.json()
assert data["error"] == "DomainException"
assert data["message"] == "Generic error"
class TestHTTPExceptionHandler:
"""Test suite for HTTP exception handling."""
async def test_http_exception_structure(self) -> None:
"""Test HTTP exception response structure."""
# Test that exception handler is registered and produces correct format
import json
from dataclasses import dataclass, field
from starlette.exceptions import HTTPException
from app.infrastructure.middleware.error_handler import http_exception_handler
# Create mock request
@dataclass
class MockURL:
path: str = "/test"
@dataclass
class MockRequest:
url: MockURL = field(default_factory=MockURL)
exc = HTTPException(status_code=404, detail="Not found")
response = await http_exception_handler(MockRequest(), exc) # type: ignore[arg-type]
assert response.status_code == 404
body_bytes: bytes = response.body # type: ignore[assignment]
data: dict[str, object] = json.loads(body_bytes.decode("utf-8"))
assert data["error"] == "HTTPException"
assert "message" in data
class TestGenericExceptionHandler:
"""Test suite for generic exception handling."""
async def test_generic_exception_handler_function(self) -> None:
"""Test generic exception handler function directly."""
import json
from dataclasses import dataclass, field
from app.infrastructure.middleware.error_handler import (
generic_exception_handler,
)
# Create mock request
@dataclass
class MockURL:
path: str = "/test"
@dataclass
class MockRequest:
url: MockURL = field(default_factory=MockURL)
exc = RuntimeError("Internal error")
response = await generic_exception_handler(MockRequest(), exc) # type: ignore[arg-type]
assert response.status_code == 500
body_bytes: bytes = response.body # type: ignore[assignment]
data: dict[str, object] = json.loads(body_bytes.decode("utf-8"))
assert data["error"] == "InternalServerError"
assert data["message"] == "An unexpected error occurred"
assert "timestamp" in data
assert "path" in data
class TestGetStatusCode:
"""Test suite for get_status_code function."""
def test_validation_exception_status(self) -> None:
"""Test ValidationException maps to 400."""
from app.infrastructure.middleware.error_handler import get_status_code
exc = ValidationException("Invalid")
assert get_status_code(exc) == 400
def test_forbidden_exception_status(self) -> None:
"""Test ForbiddenException maps to 403."""
from app.infrastructure.middleware.error_handler import get_status_code
exc = ForbiddenException("Forbidden")
assert get_status_code(exc) == 403
def test_not_found_exception_status(self) -> None:
"""Test NotFoundException maps to 404."""
from app.infrastructure.middleware.error_handler import get_status_code
exc = NotFoundException("Not found")
assert get_status_code(exc) == 404
def test_already_exists_exception_status(self) -> None:
"""Test AlreadyExistsException maps to 409."""
from app.infrastructure.middleware.error_handler import get_status_code
exc = AlreadyExistsException("Already exists")
assert get_status_code(exc) == 409
def test_generic_exception_status(self) -> None:
"""Test generic DomainException maps to 500."""
from app.infrastructure.middleware.error_handler import get_status_code
exc = DomainException("Generic")
assert get_status_code(exc) == 500

318
tests/api/test_posts.py
View File

@@ -1,318 +0,0 @@
"""API tests for posts endpoints.
Tests REST API endpoints - focusing on endpoints that don't require
complex Dishka dependency mocking.
"""
from datetime import datetime
from unittest.mock import patch
from uuid import uuid4
import pytest
from httpx import ASGITransport, AsyncClient
from app.application.dtos import PostResponseDTO
from app.domain.exceptions import NotFoundException
from app.main import app_factory
@pytest.fixture
def sample_post_dto() -> PostResponseDTO:
"""Create a sample post DTO for testing."""
return PostResponseDTO(
id=uuid4(),
title="Test Post",
content="This is test content for the blog post",
slug="test-post",
author_id="test-user-id",
published=True,
tags=["python", "testing"],
created_at=datetime.now(),
updated_at=datetime.now(),
)
class TestListPublishedPosts:
"""Test suite for GET /api/v1/posts/published endpoint."""
async def test_list_published_posts(
self,
sample_post_dto: PostResponseDTO,
) -> None:
"""Test listing published posts without authentication."""
with patch(
"app.application.use_cases.list_posts.ListPostsUseCase.published_posts",
return_value=[sample_post_dto],
):
app = app_factory()
transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://test") as client:
response = await client.get("/api/v1/posts/published")
assert response.status_code == 200
data = response.json()
assert "items" in data
assert data["total"] == 1
class TestSearchPosts:
"""Test suite for GET /api/v1/posts/search endpoint."""
async def test_search_posts(
self,
sample_post_dto: PostResponseDTO,
) -> None:
"""Test searching posts by query."""
with patch(
"app.application.use_cases.list_posts.ListPostsUseCase.search",
return_value=[sample_post_dto],
):
app = app_factory()
transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://test") as client:
response = await client.get("/api/v1/posts/search?query=test")
assert response.status_code == 200
data = response.json()
assert "items" in data
assert data["total"] == 1
async def test_search_posts_empty_query(self) -> None:
"""Test search with empty query returns empty results."""
with patch(
"app.application.use_cases.list_posts.ListPostsUseCase.search",
return_value=[],
):
app = app_factory()
transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://test") as client:
response = await client.get("/api/v1/posts/search?query=")
# Empty query returns 200 with empty results (not 422)
# as query param accepts empty strings
assert response.status_code == 200
data = response.json()
assert data["items"] == []
assert data["total"] == 0
class TestGetPostsByTag:
"""Test suite for GET /api/v1/posts/by-tag/{tag} endpoint."""
async def test_get_posts_by_tag(
self,
sample_post_dto: PostResponseDTO,
) -> None:
"""Test getting posts by tag."""
with patch(
"app.application.use_cases.list_posts.ListPostsUseCase.by_tag",
return_value=[sample_post_dto],
):
app = app_factory()
transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://test") as client:
response = await client.get("/api/v1/posts/by-tag/python")
assert response.status_code == 200
data = response.json()
assert "items" in data
assert data["total"] == 1
class TestGetPostsByAuthor:
"""Test suite for GET /api/v1/posts/by-author/{author_id} endpoint."""
async def test_get_posts_by_author(
self,
sample_post_dto: PostResponseDTO,
) -> None:
"""Test getting posts by author."""
with patch(
"app.application.use_cases.list_posts.ListPostsUseCase.by_author",
return_value=[sample_post_dto],
):
app = app_factory()
transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://test") as client:
response = await client.get("/api/v1/posts/by-author/test-user-id")
assert response.status_code == 200
data = response.json()
assert "items" in data
assert data["total"] == 1
class TestGetPostById:
"""Test suite for GET /api/v1/posts/{post_id} endpoint."""
async def test_get_post_by_id_success(
self,
sample_post_dto: PostResponseDTO,
) -> None:
"""Test getting a post by ID."""
with patch(
"app.application.use_cases.get_post.GetPostUseCase.by_id",
return_value=sample_post_dto,
):
app = app_factory()
transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://test") as client:
response = await client.get(f"/api/v1/posts/{sample_post_dto.id}")
assert response.status_code == 200
data = response.json()
assert data["id"] == str(sample_post_dto.id)
assert data["title"] == sample_post_dto.title
async def test_get_post_by_id_not_found(self) -> None:
"""Test getting a non-existing post returns 404."""
with patch(
"app.application.use_cases.get_post.GetPostUseCase.by_id",
side_effect=NotFoundException("Post not found"),
):
app = app_factory()
transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://test") as client:
response = await client.get(f"/api/v1/posts/{uuid4()}")
assert response.status_code == 404
class TestGetPostBySlug:
"""Test suite for GET /api/v1/posts/slug/{slug} endpoint."""
async def test_get_post_by_slug_success(
self,
sample_post_dto: PostResponseDTO,
) -> None:
"""Test getting a post by slug."""
with patch(
"app.application.use_cases.get_post.GetPostUseCase.by_slug",
return_value=sample_post_dto,
):
app = app_factory()
transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://test") as client:
response = await client.get("/api/v1/posts/slug/test-post")
assert response.status_code == 200
data = response.json()
assert data["slug"] == "test-post"
async def test_get_post_by_slug_not_found(self) -> None:
"""Test getting a non-existing post by slug returns 404."""
with patch(
"app.application.use_cases.get_post.GetPostUseCase.by_slug",
side_effect=NotFoundException("Post not found"),
):
app = app_factory()
transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://test") as client:
response = await client.get("/api/v1/posts/slug/non-existing-slug")
assert response.status_code == 404
class TestCreatePostAuth:
"""Test suite for POST /api/v1/posts authentication."""
async def test_create_post_unauthorized(self) -> None:
"""Test post creation without authentication returns 401."""
app = app_factory()
transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://test") as client:
response = await client.post(
"/api/v1/posts",
json={
"title": "Test Post",
"content": "This is test content for the blog post",
},
)
assert response.status_code == 401
class TestUpdatePostAuth:
"""Test suite for PATCH /api/v1/posts/{post_id} authentication."""
async def test_update_post_unauthorized(self) -> None:
"""Test updating post without authentication returns 401."""
app = app_factory()
transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://test") as client:
response = await client.patch(
f"/api/v1/posts/{uuid4()}",
json={"title": "Updated Title"},
)
assert response.status_code == 401
class TestDeletePostAuth:
"""Test suite for DELETE /api/v1/posts/{post_id} authentication."""
async def test_delete_post_unauthorized(self) -> None:
"""Test deleting post without authentication returns 401."""
app = app_factory()
transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://test") as client:
response = await client.delete(f"/api/v1/posts/{uuid4()}")
assert response.status_code == 401
class TestPublishPostAuth:
"""Test suite for POST /api/v1/posts/{post_id}/publish authentication."""
async def test_publish_post_unauthorized(self) -> None:
"""Test publishing post without authentication returns 401."""
app = app_factory()
transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://test") as client:
response = await client.post(f"/api/v1/posts/{uuid4()}/publish")
assert response.status_code == 401
class TestUnpublishPostAuth:
"""Test suite for POST /api/v1/posts/{post_id}/unpublish authentication."""
async def test_unpublish_post_unauthorized(self) -> None:
"""Test unpublishing post without authentication returns 401."""
app = app_factory()
transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://test") as client:
response = await client.post(f"/api/v1/posts/{uuid4()}/unpublish")
assert response.status_code == 401
class TestHealthEndpoint:
"""Test suite for health check endpoint."""
async def test_health_check(self) -> None:
"""Test health check endpoint returns ok status."""
app = app_factory()
transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://test") as client:
response = await client.get("/health")
assert response.status_code == 200
data = response.json()
assert data["status"] == "ok"
assert "app" in data
assert "env" in data
class TestRootRedirect:
"""Test suite for root redirect."""
async def test_root_redirect(self) -> None:
"""Test root URL redirects to web UI."""
app = app_factory()
transport = ASGITransport(app=app)
async with AsyncClient(transport=transport, base_url="http://test") as client:
response = await client.get("/")
assert response.status_code == 200
assert "web/" in response.text

10
tests/conftest.py
View File

@@ -1,8 +1,18 @@
"""Global test configuration for pytest.
This module provides:
- pytest-playwright plugin registration
- Default event loop policy for async tests
"""
from asyncio import AbstractEventLoopPolicy, DefaultEventLoopPolicy
import pytest
pytest_plugins = ["pytest_playwright"]
@pytest.fixture(scope="session")
def event_loop_policy() -> AbstractEventLoopPolicy:
"""Return default event loop policy for the test session."""
return DefaultEventLoopPolicy()

307
tests/e2e/conftest.py
View File

@@ -1,30 +1,299 @@
# E2E test fixtures
# Provides: full application state, end-to-end workflows, cleanup
"""E2E test configuration for blog application.
from collections.abc import AsyncGenerator
Provides DevAuthProvider for cookie-based dev authentication
and role-specific browser context fixtures.
"""
from __future__ import annotations
from collections.abc import Generator
from typing import TYPE_CHECKING, Any
import pytest
from fastapi import FastAPI
from pytfm.auth import AuthProvider, TestUser
if TYPE_CHECKING:
from playwright.sync_api import Browser, BrowserContext, Page
class DevAuthProvider(AuthProvider):
"""Authentication provider for blog dev mode.
Bypasses real Keycloak by generating dev-specific tokens
recognized by MockKeycloakClient.
Attributes:
_users: Mapping of usernames to test users.
"""
def __init__(self) -> None:
"""Initialize the dev auth provider."""
self._users: dict[str, TestUser] = {}
def create_user(
self,
username: str,
password: str,
email: str,
roles: list[str] | None = None,
) -> TestUser:
"""Create a test user mapped to a dev token role.
Args:
username: Login name (used as display name).
password: Password (ignored in dev mode).
email: Email address.
roles: List of roles. First role determines dev token.
Returns:
Created TestUser instance.
"""
role = (roles or ["user"])[0]
user = TestUser(
id=f"dev-{role}",
username=username,
email=email,
password=password,
roles=roles or ["user"],
)
self._users[username] = user
return user
def login(self, username: str, password: str) -> str:
"""Return dev token for the user's role.
Args:
username: User login name.
password: User password (ignored).
Returns:
Dev authentication token string.
Raises:
ValueError: If user does not exist.
"""
user = self._users.get(username)
if not user:
raise ValueError("User not found")
role = user.roles[0] if user.roles else "user"
return f"dev-token-{role}"
def build_auth_cookie(self, token: str, domain: str) -> dict[str, Any]:
"""Build access_token cookie for blog dev auth.
Args:
token: Dev authentication token.
domain: Cookie domain.
Returns:
Cookie dict compatible with Playwright.
"""
return {
"name": "access_token",
"value": token,
"domain": domain,
"path": "/",
"httpOnly": True,
"secure": False,
"sameSite": "Lax",
}
@pytest.fixture(scope="session")
def base_url() -> str:
"""Return the base URL for the blog application.
Returns:
Application base URL.
"""
return "http://127.0.0.1:8000"
@pytest.fixture(scope="session")
def pytfm_auth_provider() -> DevAuthProvider:
"""Return DevAuthProvider for blog dev mode.
Returns:
DevAuthProvider instance.
"""
return DevAuthProvider()
def _create_authenticated_context(
browser: Browser,
base_url: str,
pytfm_auth_provider: DevAuthProvider,
role: str,
) -> BrowserContext:
"""Create a browser context authenticated with a dev token role.
Args:
browser: Playwright Browser instance.
base_url: Application base URL.
pytfm_auth_provider: Dev auth provider.
role: Dev role (user, user2, admin, guest).
Returns:
Authenticated BrowserContext.
"""
user = pytfm_auth_provider.create_user(
username=f"e2e_{role}",
password="pass",
email=f"{role}@example.com",
roles=[role],
)
token = pytfm_auth_provider.login(user.username, user.password)
context = browser.new_context(
viewport={"width": 1280, "height": 720},
)
cookie_domain = base_url.replace("http://", "").replace("https://", "").split(":")[0]
cookie = pytfm_auth_provider.build_auth_cookie(token, cookie_domain)
context.add_cookies([cookie])
return context
@pytest.fixture
async def e2e_app() -> AsyncGenerator[FastAPI]:
"""Create full application instance for E2E testing."""
from app.main import app_factory
def user_context(
browser: Browser,
base_url: str,
pytfm_auth_provider: DevAuthProvider,
) -> Generator[BrowserContext, None, None]:
"""Create a browser context authenticated as a regular user.
app = app_factory()
yield app
# Cleanup after E2E test
Args:
browser: Playwright Browser instance.
base_url: Application base URL.
pytfm_auth_provider: Dev auth provider.
Yields:
Authenticated BrowserContext for user role.
"""
context = _create_authenticated_context(browser, base_url, pytfm_auth_provider, "user")
yield context
context.close()
@pytest.fixture
def e2e_user_data() -> dict[str, str]:
"""Generate realistic user data for E2E scenarios."""
from mimesis import Person
def user_page(user_context: BrowserContext) -> Generator[Page, None, None]:
"""Create a page authenticated as a regular user.
person = Person()
return {
"username": person.username(),
"email": person.email(),
"password": "SecurePass123!",
}
Args:
user_context: Authenticated browser context.
Yields:
Authenticated Playwright Page.
"""
page = user_context.new_page()
yield page
page.close()
@pytest.fixture
def admin_context(
browser: Browser,
base_url: str,
pytfm_auth_provider: DevAuthProvider,
) -> Generator[BrowserContext, None, None]:
"""Create a browser context authenticated as admin.
Args:
browser: Playwright Browser instance.
base_url: Application base URL.
pytfm_auth_provider: Dev auth provider.
Yields:
Authenticated BrowserContext for admin role.
"""
context = _create_authenticated_context(browser, base_url, pytfm_auth_provider, "admin")
yield context
context.close()
@pytest.fixture
def admin_page(admin_context: BrowserContext) -> Generator[Page, None, None]:
"""Create a page authenticated as admin.
Args:
admin_context: Authenticated browser context.
Yields:
Authenticated Playwright Page.
"""
page = admin_context.new_page()
yield page
page.close()
@pytest.fixture
def user2_context(
browser: Browser,
base_url: str,
pytfm_auth_provider: DevAuthProvider,
) -> Generator[BrowserContext, None, None]:
"""Create a browser context authenticated as a second regular user.
Args:
browser: Playwright Browser instance.
base_url: Application base URL.
pytfm_auth_provider: Dev auth provider.
Yields:
Authenticated BrowserContext for user2 role.
"""
context = _create_authenticated_context(browser, base_url, pytfm_auth_provider, "user2")
yield context
context.close()
@pytest.fixture
def user2_page(user2_context: BrowserContext) -> Generator[Page, None, None]:
"""Create a page authenticated as a second regular user.
Args:
user2_context: Authenticated browser context.
Yields:
Authenticated Playwright Page.
"""
page = user2_context.new_page()
yield page
page.close()
@pytest.fixture
def guest_context(
browser: Browser,
base_url: str,
) -> Generator[BrowserContext, None, None]:
"""Create an unauthenticated browser context.
Args:
browser: Playwright Browser instance.
base_url: Application base URL.
Yields:
Unauthenticated BrowserContext.
"""
context = browser.new_context(
viewport={"width": 1280, "height": 720},
)
yield context
context.close()
@pytest.fixture
def guest_page(guest_context: BrowserContext) -> Generator[Page, None, None]:
"""Create an unauthenticated page.
Args:
guest_context: Unauthenticated browser context.
Yields:
Unauthenticated Playwright Page.
"""
page = guest_context.new_page()
yield page
page.close()

277
tests/e2e/pages/__init__.py Normal file
View File

@@ -0,0 +1,277 @@
"""Page Object Models for blog web UI.
Provides POM classes for home page, post form, and post detail pages.
"""
from __future__ import annotations
from typing import TYPE_CHECKING
from pytfm.web import BasePage, SmartLocator
if TYPE_CHECKING:
from playwright.sync_api import Page
class HomePage(BasePage):
"""Page object for the blog home/posts listing page.
Attributes:
path: URL path for the home page.
"""
path = "/web/"
def __init__(self, page: Page, base_url: str) -> None:
"""Initialize the home page object.
Args:
page: Playwright Page instance.
base_url: Application base URL.
"""
super().__init__(page, base_url)
self._create_post_btn = SmartLocator.by_testid("btn-create-post-header")
self._post_list = SmartLocator.by_testid("post-list")
self._empty_state = SmartLocator.by_testid("empty-state")
def create_post(self) -> None:
"""Click the 'Write a Post' button to navigate to the form."""
self._create_post_btn.click(self.page)
def has_post_with_title(self, title: str) -> bool:
"""Check if a post with the given title is present in the list.
Args:
title: Post title to search for.
Returns:
True if the post title is found on the page.
"""
safe_title = title.replace('"', '\\"')
selector = f'[data-testid^="post-title-link-"]:has-text("{safe_title}")'
return self.page.locator(selector).count() > 0
def has_no_post_with_title(self, title: str) -> bool:
"""Check that no post with the given title is present in the list.
Args:
title: Post title to search for.
Returns:
True if the post title is not found on the page.
"""
safe_title = title.replace('"', '\\"')
selector = f'[data-testid^="post-title-link-"]:has-text("{safe_title}")'
return self.page.locator(selector).count() == 0
def open_post(self, title: str) -> None:
"""Click on a post title link to open the detail page.
Args:
title: Post title to click.
"""
locator = self.page.locator("[data-testid^='post-title-link-']").filter(has_text=title)
locator.click()
def is_empty(self) -> bool:
"""Check if the posts list is empty.
Returns:
True if the empty state is visible.
"""
return self._empty_state.is_visible(self.page)
def count_posts(self) -> int:
"""Count the number of post cards on the page.
Returns:
Number of visible post cards.
"""
return self.page.locator('article[data-testid^="post-card-"]').count()
def get_current_page(self) -> int:
"""Get the current pagination page number.
Returns:
Current page number as integer.
"""
text = self.page.locator('[data-testid="pagination-current"]').text_content()
return int(text) if text else 1
def can_go_next(self) -> bool:
"""Check if the next page link is enabled.
Returns:
True if the next pagination control is a clickable link.
"""
tag = self.page.locator('[data-testid="pagination-next"]').evaluate(
"el => el.tagName.toLowerCase()"
)
return tag == "a"
def can_go_prev(self) -> bool:
"""Check if the previous page link is enabled.
Returns:
True if the previous pagination control is a clickable link.
"""
tag = self.page.locator('[data-testid="pagination-prev"]').evaluate(
"el => el.tagName.toLowerCase()"
)
return tag == "a"
def go_to_next_page(self) -> None:
"""Click the next page pagination link."""
self.page.locator('[data-testid="pagination-next"]').click()
def go_to_prev_page(self) -> None:
"""Click the previous page pagination link."""
self.page.locator('[data-testid="pagination-prev"]').click()
class PostFormPage(BasePage):
"""Page object for the new post / edit post form.
Attributes:
path: URL path for the new post form.
"""
path = "/web/posts/new"
def __init__(self, page: Page, base_url: str) -> None:
"""Initialize the post form page object.
Args:
page: Playwright Page instance.
base_url: Application base URL.
"""
super().__init__(page, base_url)
self._title_input = SmartLocator.by_testid("input-title")
self._content_input = SmartLocator.by_testid("textarea-content")
self._tags_input = SmartLocator.by_testid("input-tags")
self._publish_btn = SmartLocator.by_testid("btn-publish-post")
self._save_draft_btn = SmartLocator.by_testid("btn-save-draft")
def fill_form(self, title: str, content: str, tags: str) -> None:
"""Fill the post creation form.
Args:
title: Post title.
content: Post content (markdown).
tags: Comma-separated tags string.
"""
self._title_input.fill(self.page, title)
self._tags_input.fill(self.page, tags)
self.page.evaluate(
"(content) => {"
" const cm = document.querySelector('.CodeMirror');"
" if (cm && cm.CodeMirror) {"
" cm.CodeMirror.setValue(content);"
" }"
" const textarea = document.querySelector('[data-testid=\"textarea-content\"]');"
" if (textarea) textarea.value = content;"
"}",
content,
)
def publish(self) -> None:
"""Click the publish button to submit the form."""
self._publish_btn.click(self.page)
def save_draft(self) -> None:
"""Click the 'Save as Draft' button."""
self._save_draft_btn.click(self.page)
class PostDetailPage(BasePage):
"""Page object for the post detail page.
Attributes:
path_template: URL path template with {slug} placeholder.
"""
path_template = "/web/posts/{slug}"
def __init__(self, page: Page, base_url: str, slug: str) -> None:
"""Initialize the post detail page object.
Args:
page: Playwright Page instance.
base_url: Application base URL.
slug: Post URL slug.
"""
super().__init__(page, base_url)
self.slug = slug
self._title = SmartLocator.by_testid("post-detail-title")
self._status = SmartLocator.by_testid("post-detail-status")
self._content = SmartLocator.by_testid("post-detail-content")
self._edit_btn = SmartLocator.by_testid("btn-edit-post")
self._delete_btn = SmartLocator.by_testid("btn-delete-post")
@property
def url(self) -> str:
"""Return the full URL for this post detail page.
Returns:
Full post detail URL.
"""
return f"{self.base_url}{self.path_template.format(slug=self.slug)}"
def open(self) -> PostDetailPage:
"""Navigate to the post detail page.
Returns:
Self for method chaining.
"""
self.page.goto(self.url)
return self
def get_title(self) -> str:
"""Get the post title text.
Returns:
Post title string.
"""
return self._title.get_text(self.page)
def get_status(self) -> str:
"""Get the post status badge text.
Returns:
Status text ('Published' or 'Draft').
"""
return self._status.get_text(self.page)
def is_published(self) -> bool:
"""Check if the post status is 'Published'.
Returns:
True if status badge reads 'Published'.
"""
return self.get_status() == "Published"
def edit(self) -> None:
"""Click the edit button to navigate to the edit form."""
self._edit_btn.click(self.page)
def can_edit(self) -> bool:
"""Check if the edit button is visible.
Returns:
True if edit button is present.
"""
return self._edit_btn.is_visible(self.page)
def can_delete(self) -> bool:
"""Check if the delete button is visible.
Returns:
True if delete button is present.
"""
return self._delete_btn.is_visible(self.page)
def delete(self) -> None:
"""Click the delete button and accept the confirmation dialog."""
self.page.on("dialog", lambda dialog: dialog.accept())
self._delete_btn.click(self.page)

111
tests/e2e/test_errors.py Normal file
View File

@@ -0,0 +1,111 @@
"""End-to-end tests for error page handling in the web UI.
Tests that the blog renders appropriate error pages with correct status codes
and contextual elements for common error scenarios.
"""
from __future__ import annotations
import uuid
import pytest
from playwright.sync_api import Page
from tests.e2e.pages import HomePage, PostDetailPage, PostFormPage
def _unique_title(base: str) -> str:
"""Append a short UUID to a title to avoid slug collisions."""
return f"{base} {uuid.uuid4().hex[:8]}"
@pytest.mark.e2e
def test_nonexistent_post_returns_404(
guest_page: Page,
user_page: Page,
base_url: str,
) -> None:
"""Test that accessing a nonexistent post slug returns a 404 error page.
Steps:
1. Generate a random slug that does not exist.
2. Navigate to the detail page as a guest.
3. Verify the error page shows code 404.
4. Repeat as an authenticated user.
Args:
guest_page: Unauthenticated Playwright page.
user_page: Playwright page authenticated as regular user.
base_url: Application base URL.
"""
fake_slug = f"nonexistent-{uuid.uuid4().hex[:8]}"
detail = PostDetailPage(guest_page, base_url, fake_slug)
detail.open()
guest_page.wait_for_selector('[data-testid="error-code"]')
error_code = guest_page.locator('[data-testid="error-code"]').text_content()
assert error_code == "404"
detail_user = PostDetailPage(user_page, base_url, fake_slug)
detail_user.open()
user_page.wait_for_selector('[data-testid="error-code"]')
error_code_user = user_page.locator('[data-testid="error-code"]').text_content()
assert error_code_user == "404"
@pytest.mark.e2e
def test_other_user_draft_returns_404(
user_page: Page,
user2_page: Page,
guest_page: Page,
base_url: str,
) -> None:
"""Test that a draft post returns 404 to anyone except the owner and admin.
Steps:
1. User creates a draft post and saves it.
2. Extract the slug from the detail page URL.
3. User2 navigates to the draft slug and verifies 404.
4. Guest navigates to the draft slug and verifies 404.
5. Owner (user) navigates to the same slug and verifies 200 with Draft badge.
Args:
user_page: Playwright page authenticated as the draft owner.
user2_page: Playwright page authenticated as another regular user.
guest_page: Unauthenticated Playwright page.
base_url: Application base URL.
"""
from pytfm.generators import PostDataGenerator
generator = PostDataGenerator()
post_data = generator.generate_post()
title = _unique_title(str(post_data["title"]))
content = str(post_data["content"])
tags = ", ".join(post_data["tags"])
home = HomePage(user_page, base_url)
home.open()
home.create_post()
form = PostFormPage(user_page, base_url)
form.fill_form(title, content, tags)
with user_page.expect_navigation(wait_until="networkidle"):
form.save_draft()
draft_url = user_page.url
assert "new" not in draft_url, f"Still on form page: {draft_url}"
slug = draft_url.rstrip("/").split("/")[-1]
user_page.wait_for_selector('[data-testid="post-detail-title"]')
owner_detail = PostDetailPage(user_page, base_url, slug)
assert owner_detail.get_title() == title
assert owner_detail.get_status() == "Draft"
user2_detail = PostDetailPage(user2_page, base_url, slug)
user2_detail.open()
user2_page.wait_for_selector('[data-testid="error-code"]')
assert user2_page.locator('[data-testid="error-code"]').text_content() == "404"
guest_detail = PostDetailPage(guest_page, base_url, slug)
guest_detail.open()
guest_page.wait_for_selector('[data-testid="error-code"]')
assert guest_page.locator('[data-testid="error-code"]').text_content() == "404"

111
tests/e2e/test_pagination.py Normal file
View File

@@ -0,0 +1,111 @@
"""End-to-end tests for pagination on the home and posts listing pages.
Tests that pagination controls appear when there are more posts than the
page size, that navigation between pages works, and that boundary controls
are correctly disabled on the first and last pages.
"""
from __future__ import annotations
import pytest
from playwright.sync_api import Page
from tests.e2e.pages import HomePage
def _seed_posts(page: Page, base_url: str, count: int) -> None:
"""Create published posts via form POST to ensure pagination exists.
Args:
page: Authenticated Playwright page.
base_url: Application base URL.
count: Number of posts to create.
"""
for idx in range(count):
response = page.request.post(
f"{base_url}/web/posts/new",
form={
"title": f"Pagination Seed {idx:03d}",
"content": f"Content for seed post {idx}.",
"tags": "pagination",
"action": "publish",
},
)
assert response.ok, f"Failed to create post {idx}: {response.status}"
@pytest.mark.e2e
def test_pagination_navigation_across_pages(
user_page: Page,
base_url: str,
) -> None:
"""Test pagination navigation between pages.
Steps:
1. Ensure enough posts exist for pagination.
2. Open home page and verify page 1 boundary state.
3. Click "Next" and verify page advances.
4. Click "Previous" and verify back on page 1.
Args:
user_page: Playwright page authenticated as regular user.
base_url: Application base URL.
"""
home = HomePage(user_page, base_url)
home.open()
if not home.can_go_next():
_seed_posts(user_page, base_url, 12)
home.open()
assert home.get_current_page() == 1
assert not home.can_go_prev()
assert home.can_go_next()
assert home.count_posts() <= 10
with user_page.expect_navigation(wait_until="networkidle"):
home.go_to_next_page()
assert home.get_current_page() == 2
assert home.can_go_prev()
assert home.count_posts() <= 10
with user_page.expect_navigation(wait_until="networkidle"):
home.go_to_prev_page()
assert home.get_current_page() == 1
assert not home.can_go_prev()
@pytest.mark.e2e
def test_pagination_boundary_on_last_page(
user_page: Page,
base_url: str,
) -> None:
"""Test that the last page has "Next" disabled and "Previous" enabled.
Steps:
1. Ensure enough posts exist for pagination.
2. Navigate through all pages to the last one.
3. Verify boundary controls on the last page.
Args:
user_page: Playwright page authenticated as regular user.
base_url: Application base URL.
"""
home = HomePage(user_page, base_url)
home.open()
if not home.can_go_next():
_seed_posts(user_page, base_url, 12)
home.open()
assert home.can_go_next()
while home.can_go_next():
with user_page.expect_navigation(wait_until="networkidle"):
home.go_to_next_page()
assert home.can_go_prev()
assert not home.can_go_next()
assert home.count_posts() <= 10

175
tests/e2e/test_post_deletion.py Normal file
View File

@@ -0,0 +1,175 @@
"""End-to-end tests for post deletion via web UI.
Tests that users can delete their own posts, admins can delete any post,
and regular users cannot delete posts they do not own.
"""
from __future__ import annotations
import uuid
import pytest
from playwright.sync_api import Page
from pytfm.generators import PostDataGenerator
from tests.e2e.pages import HomePage, PostDetailPage, PostFormPage
def _unique_title(base: str) -> str:
"""Append a short UUID to a title to avoid slug collisions."""
return f"{base} {uuid.uuid4().hex[:8]}"
@pytest.mark.e2e
def test_user_can_delete_own_post(
user_page: Page,
base_url: str,
) -> None:
"""Test that a user can delete their own post.
Steps:
1. User creates and publishes a post.
2. User opens the post detail page.
3. User clicks delete and confirms.
4. Verify redirect to home page.
5. Verify the post no longer appears in the list.
Args:
user_page: Playwright page authenticated as regular user.
base_url: Application base URL.
"""
generator = PostDataGenerator()
post_data = generator.generate_post()
title = _unique_title(str(post_data["title"]))
content = str(post_data["content"])
tags = ", ".join(post_data["tags"])
home = HomePage(user_page, base_url)
home.open()
home.create_post()
form = PostFormPage(user_page, base_url)
form.fill_form(title, content, tags)
with user_page.expect_navigation(wait_until="networkidle"):
form.publish()
current_url = user_page.url
assert "new" not in current_url, f"Still on form page: {current_url}"
slug = current_url.rstrip("/").split("/")[-1]
user_page.wait_for_selector('[data-testid="post-detail-title"]')
detail = PostDetailPage(user_page, base_url, slug)
assert detail.get_title() == title
assert detail.can_delete()
with user_page.expect_navigation(wait_until="networkidle"):
detail.delete()
current_url = user_page.url
assert current_url.rstrip("/").endswith("/web")
response = user_page.request.get(f"{base_url}/web/posts/{slug}")
assert response.status == 404
@pytest.mark.e2e
def test_admin_can_delete_any_post(
user_page: Page,
admin_page: Page,
base_url: str,
) -> None:
"""Test that admin can delete a post created by another user.
Steps:
1. User creates and publishes a post.
2. Admin opens the post detail page.
3. Admin clicks delete and confirms.
4. Verify redirect to home page.
5. Verify the post no longer appears in the list.
Args:
user_page: Playwright page authenticated as regular user.
admin_page: Playwright page authenticated as admin.
base_url: Application base URL.
"""
generator = PostDataGenerator()
post_data = generator.generate_post()
title = _unique_title(str(post_data["title"]))
content = str(post_data["content"])
tags = ", ".join(post_data["tags"])
home = HomePage(user_page, base_url)
home.open()
home.create_post()
form = PostFormPage(user_page, base_url)
form.fill_form(title, content, tags)
with user_page.expect_navigation(wait_until="networkidle"):
form.publish()
current_url = user_page.url
assert "new" not in current_url, f"Still on form page: {current_url}"
slug = current_url.rstrip("/").split("/")[-1]
user_page.wait_for_selector('[data-testid="post-detail-title"]')
detail = PostDetailPage(user_page, base_url, slug)
assert detail.get_title() == title
admin_detail = PostDetailPage(admin_page, base_url, slug)
admin_detail.open()
assert admin_detail.can_delete()
with admin_page.expect_navigation(wait_until="networkidle"):
admin_detail.delete()
current_url = admin_page.url
assert current_url.rstrip("/").endswith("/web")
response = admin_page.request.get(f"{base_url}/web/posts/{slug}")
assert response.status == 404
@pytest.mark.e2e
def test_user_cannot_delete_other_users_post(
user_page: Page,
user2_page: Page,
base_url: str,
) -> None:
"""Test that a regular user cannot delete another user's post.
Steps:
1. User creates and publishes a post.
2. User2 opens the post detail page.
3. Verify the delete button is not visible.
4. User2 attempts a direct POST to the delete endpoint.
5. Verify a 403 error page is returned.
Args:
user_page: Playwright page authenticated as the first regular user.
user2_page: Playwright page authenticated as the second regular user.
base_url: Application base URL.
"""
generator = PostDataGenerator()
post_data = generator.generate_post()
title = _unique_title(str(post_data["title"]))
content = str(post_data["content"])
tags = ", ".join(post_data["tags"])
home = HomePage(user_page, base_url)
home.open()
home.create_post()
form = PostFormPage(user_page, base_url)
form.fill_form(title, content, tags)
with user_page.expect_navigation(wait_until="networkidle"):
form.publish()
current_url = user_page.url
assert "new" not in current_url, f"Still on form page: {current_url}"
slug = current_url.rstrip("/").split("/")[-1]
user_page.wait_for_selector('[data-testid="post-detail-title"]')
detail = PostDetailPage(user_page, base_url, slug)
assert detail.get_title() == title
user2_detail = PostDetailPage(user2_page, base_url, slug)
user2_detail.open()
assert not user2_detail.can_delete()
response = user2_page.request.post(f"{base_url}/web/posts/{slug}/delete")
assert response.status == 403

252
tests/e2e/test_post_lifecycle.py Normal file
View File

@@ -0,0 +1,252 @@
"""End-to-end tests for blog post lifecycle.
Tests the complete flow from post creation through publishing
and visibility verification across different user roles.
"""
from __future__ import annotations
import uuid
import pytest
from playwright.sync_api import Page
from pytfm.generators import PostDataGenerator
from tests.e2e.pages import HomePage, PostDetailPage, PostFormPage
def _unique_title(base: str) -> str:
"""Append a short UUID to a title to avoid slug collisions."""
return f"{base} {uuid.uuid4().hex[:8]}"
@pytest.mark.e2e
def test_user_creates_and_publishes_post_visible_to_guest_and_admin(
user_page: Page,
guest_page: Page,
admin_page: Page,
base_url: str,
) -> None:
"""Test positive scenario: user creates post, publishes it, and verifies visibility.
Steps:
1. Generate unique post data.
2. Authenticated user opens home, clicks "Write a Post".
3. Fills form and publishes the post.
4. Verifies redirect to detail page with "Published" status.
5. Verifies post appears on home page for the user.
6. Verifies post is visible to guest (unauthenticated).
7. Verifies post detail is accessible to guest.
8. Verifies post is visible to admin.
9. Verifies post detail is accessible to admin.
Args:
user_page: Playwright page authenticated as regular user.
guest_page: Unauthenticated Playwright page.
admin_page: Playwright page authenticated as admin.
base_url: Application base URL.
"""
generator = PostDataGenerator()
post_data = generator.generate_post()
title = _unique_title(str(post_data["title"]))
content = str(post_data["content"])
tags = ", ".join(post_data["tags"])
home = HomePage(user_page, base_url)
home.open()
home.create_post()
form = PostFormPage(user_page, base_url)
form.fill_form(title, content, tags)
with user_page.expect_navigation(wait_until="networkidle"):
form.publish()
current_url = user_page.url
assert "new" not in current_url, f"Still on form page: {current_url}"
slug = current_url.rstrip("/").split("/")[-1]
user_page.wait_for_selector('[data-testid="post-detail-title"]')
detail = PostDetailPage(user_page, base_url, slug)
assert detail.get_title() == title
assert detail.is_published()
home.open()
assert home.has_post_with_title(title)
guest_home = HomePage(guest_page, base_url)
guest_home.open()
assert guest_home.has_post_with_title(title)
guest_detail = PostDetailPage(guest_page, base_url, slug)
guest_detail.open()
assert guest_detail.get_title() == title
assert guest_detail.is_published()
admin_home = HomePage(admin_page, base_url)
admin_home.open()
assert admin_home.has_post_with_title(title)
admin_detail = PostDetailPage(admin_page, base_url, slug)
admin_detail.open()
assert admin_detail.get_title() == title
assert admin_detail.is_published()
@pytest.mark.e2e
def test_post_visibility_policies_across_users(
user_page: Page,
user2_page: Page,
guest_page: Page,
admin_page: Page,
base_url: str,
) -> None:
"""Test visibility policies: drafts vs published posts across roles.
Steps:
1. User creates a draft post.
2. User creates and publishes another post.
3. Verify user sees both posts on the home page.
4. Verify user2 sees only the published post.
5. Verify guest sees only the published post.
6. Verify admin sees both posts.
7. Verify user2 receives 404 when accessing the draft directly.
Args:
user_page: Playwright page authenticated as the first regular user.
user2_page: Playwright page authenticated as the second regular user.
guest_page: Unauthenticated Playwright page.
admin_page: Playwright page authenticated as admin.
base_url: Application base URL.
"""
generator = PostDataGenerator()
draft_data = generator.generate_post()
draft_title = _unique_title(str(draft_data["title"]))
draft_content = str(draft_data["content"])
draft_tags = ", ".join(draft_data["tags"])
home = HomePage(user_page, base_url)
home.open()
home.create_post()
form = PostFormPage(user_page, base_url)
form.fill_form(draft_title, draft_content, draft_tags)
with user_page.expect_navigation(wait_until="networkidle"):
form.save_draft()
draft_url = user_page.url
assert "new" not in draft_url, f"Still on form page: {draft_url}"
draft_slug = draft_url.rstrip("/").split("/")[-1]
user_page.wait_for_selector('[data-testid="post-detail-title"]')
draft_detail = PostDetailPage(user_page, base_url, draft_slug)
assert draft_detail.get_title() == draft_title
assert not draft_detail.is_published()
published_data = generator.generate_post()
published_title = _unique_title(str(published_data["title"]))
published_content = str(published_data["content"])
published_tags = ", ".join(published_data["tags"])
home.open()
home.create_post()
form = PostFormPage(user_page, base_url)
form.fill_form(published_title, published_content, published_tags)
with user_page.expect_navigation(wait_until="networkidle"):
form.publish()
published_url = user_page.url
assert "new" not in published_url, f"Still on form page: {published_url}"
published_slug = published_url.rstrip("/").split("/")[-1]
user_page.wait_for_selector('[data-testid="post-detail-title"]')
published_detail = PostDetailPage(user_page, base_url, published_slug)
assert published_detail.get_title() == published_title
assert published_detail.is_published()
home.open()
assert home.has_post_with_title(draft_title)
assert home.has_post_with_title(published_title)
user2_home = HomePage(user2_page, base_url)
user2_home.open()
assert user2_home.has_no_post_with_title(draft_title)
assert user2_home.has_post_with_title(published_title)
guest_home = HomePage(guest_page, base_url)
guest_home.open()
assert guest_home.has_no_post_with_title(draft_title)
assert guest_home.has_post_with_title(published_title)
admin_home = HomePage(admin_page, base_url)
admin_home.open()
assert admin_home.has_post_with_title(draft_title)
assert admin_home.has_post_with_title(published_title)
user2_page.goto(f"{base_url}/web/posts/{draft_slug}")
user2_page.wait_for_selector('[data-testid="error-code"]', timeout=10000)
error_code = user2_page.locator('[data-testid="error-code"]').text_content()
assert error_code == "404"
@pytest.mark.e2e
def test_user_saves_draft_then_publishes_via_edit(
user_page: Page,
guest_page: Page,
base_url: str,
) -> None:
"""Test draft-to-publish flow through the web UI.
Steps:
1. User creates a post and saves it as draft.
2. Verify the post shows Draft status and guest cannot see it.
3. User opens the edit form and clicks Update Post (publish).
4. Verify the post shows Published status and guest can now see it.
Args:
user_page: Playwright page authenticated as regular user.
guest_page: Unauthenticated Playwright page.
base_url: Application base URL.
"""
generator = PostDataGenerator()
post_data = generator.generate_post()
title = _unique_title(str(post_data["title"]))
content = str(post_data["content"])
tags = ", ".join(post_data["tags"])
home = HomePage(user_page, base_url)
home.open()
home.create_post()
form = PostFormPage(user_page, base_url)
form.fill_form(title, content, tags)
with user_page.expect_navigation(wait_until="networkidle"):
form.save_draft()
current_url = user_page.url
assert "new" not in current_url, f"Still on form page: {current_url}"
slug = current_url.rstrip("/").split("/")[-1]
user_page.wait_for_selector('[data-testid="post-detail-title"]')
detail = PostDetailPage(user_page, base_url, slug)
assert detail.get_title() == title
assert detail.get_status() == "Draft"
guest_home = HomePage(guest_page, base_url)
guest_home.open()
assert guest_home.has_no_post_with_title(title)
detail.edit()
user_page.wait_for_url(
lambda url: f"/web/posts/{slug}/edit" in url,
timeout=15000,
)
edit_form = PostFormPage(user_page, base_url)
with user_page.expect_navigation(wait_until="networkidle"):
edit_form.publish()
user_page.wait_for_selector('[data-testid="post-detail-title"]')
updated_detail = PostDetailPage(user_page, base_url, slug)
assert updated_detail.get_title() == title
assert updated_detail.get_status() == "Published"
guest_home.open()
assert guest_home.has_post_with_title(title)

209
tests/e2e/test_post_ownership.py Normal file
View File

@@ -0,0 +1,209 @@
"""End-to-end tests for post ownership and RBAC policies.
Tests that admin can edit any post and that regular users
cannot edit posts they do not own.
"""
from __future__ import annotations
import uuid
import pytest
from playwright.sync_api import Page
from pytfm.generators import PostDataGenerator
from tests.e2e.pages import HomePage, PostDetailPage, PostFormPage
def _unique_title(base: str) -> str:
"""Append a short UUID to a title to avoid slug collisions."""
return f"{base} {uuid.uuid4().hex[:8]}"
@pytest.mark.e2e
def test_admin_can_edit_any_post(
user_page: Page,
admin_page: Page,
base_url: str,
) -> None:
"""Test that admin can edit a post created by another user.
Steps:
1. User creates and publishes a post.
2. Admin opens the post detail page.
3. Admin clicks edit, changes the title, and saves.
4. Verify the post detail shows the updated title.
Args:
user_page: Playwright page authenticated as regular user.
admin_page: Playwright page authenticated as admin.
base_url: Application base URL.
"""
generator = PostDataGenerator()
post_data = generator.generate_post()
title = _unique_title(str(post_data["title"]))
content = str(post_data["content"])
tags = ", ".join(post_data["tags"])
home = HomePage(user_page, base_url)
home.open()
home.create_post()
form = PostFormPage(user_page, base_url)
form.fill_form(title, content, tags)
with user_page.expect_navigation(wait_until="networkidle"):
form.publish()
current_url = user_page.url
assert "new" not in current_url, f"Still on form page: {current_url}"
slug = current_url.rstrip("/").split("/")[-1]
user_page.wait_for_selector('[data-testid="post-detail-title"]')
detail = PostDetailPage(user_page, base_url, slug)
assert detail.get_title() == title
admin_detail = PostDetailPage(admin_page, base_url, slug)
admin_detail.open()
assert admin_detail.can_edit()
admin_detail.edit()
admin_page.wait_for_url(
lambda url: f"/web/posts/{slug}/edit" in url,
timeout=15000,
)
new_data = generator.generate_post()
new_title = _unique_title(str(new_data["title"]))
new_content = str(new_data["content"])
new_tags = ", ".join(new_data["tags"])
admin_form = PostFormPage(admin_page, base_url)
admin_form.fill_form(new_title, new_content, new_tags)
with admin_page.expect_navigation(wait_until="networkidle"):
admin_form.publish()
admin_page.wait_for_selector(
'[data-testid="post-detail-title"]',
timeout=15000,
)
updated_title = admin_page.locator('[data-testid="post-detail-title"]').text_content()
assert updated_title == new_title
updated_status = admin_page.locator('[data-testid="post-detail-status"]').text_content()
assert updated_status == "Published"
@pytest.mark.e2e
def test_user_can_edit_own_post(
user_page: Page,
base_url: str,
) -> None:
"""Test that a user can edit their own post.
Steps:
1. User creates and publishes a post.
2. User opens the post detail page and clicks edit.
3. User changes the title and saves.
4. Verify the post detail shows the updated title.
Args:
user_page: Playwright page authenticated as regular user.
base_url: Application base URL.
"""
generator = PostDataGenerator()
post_data = generator.generate_post()
title = _unique_title(str(post_data["title"]))
content = str(post_data["content"])
tags = ", ".join(post_data["tags"])
home = HomePage(user_page, base_url)
home.open()
home.create_post()
form = PostFormPage(user_page, base_url)
form.fill_form(title, content, tags)
with user_page.expect_navigation(wait_until="networkidle"):
form.publish()
current_url = user_page.url
assert "new" not in current_url, f"Still on form page: {current_url}"
slug = current_url.rstrip("/").split("/")[-1]
user_page.wait_for_selector('[data-testid="post-detail-title"]')
detail = PostDetailPage(user_page, base_url, slug)
assert detail.get_title() == title
assert detail.can_edit()
detail.edit()
user_page.wait_for_url(
lambda url: f"/web/posts/{slug}/edit" in url,
timeout=15000,
)
new_data = generator.generate_post()
new_title = _unique_title(str(new_data["title"]))
new_content = str(new_data["content"])
new_tags = ", ".join(new_data["tags"])
edit_form = PostFormPage(user_page, base_url)
edit_form.fill_form(new_title, new_content, new_tags)
with user_page.expect_navigation(wait_until="networkidle"):
edit_form.publish()
user_page.wait_for_selector(
'[data-testid="post-detail-title"]',
timeout=15000,
)
updated_title = user_page.locator('[data-testid="post-detail-title"]').text_content()
assert updated_title == new_title
updated_status = user_page.locator('[data-testid="post-detail-status"]').text_content()
assert updated_status == "Published"
@pytest.mark.e2e
def test_user_cannot_edit_other_users_post(
user_page: Page,
user2_page: Page,
base_url: str,
) -> None:
"""Test that a regular user cannot edit another user's post.
Steps:
1. User creates and publishes a post.
2. User2 opens the post detail page.
3. Verify the edit button is not visible.
4. User2 attempts direct access to the edit URL.
5. Verify a 403 error page is returned.
Args:
user_page: Playwright page authenticated as the first regular user.
user2_page: Playwright page authenticated as the second regular user.
base_url: Application base URL.
"""
generator = PostDataGenerator()
post_data = generator.generate_post()
title = _unique_title(str(post_data["title"]))
content = str(post_data["content"])
tags = ", ".join(post_data["tags"])
home = HomePage(user_page, base_url)
home.open()
home.create_post()
form = PostFormPage(user_page, base_url)
form.fill_form(title, content, tags)
with user_page.expect_navigation(wait_until="networkidle"):
form.publish()
current_url = user_page.url
assert "new" not in current_url, f"Still on form page: {current_url}"
slug = current_url.rstrip("/").split("/")[-1]
user_page.wait_for_selector('[data-testid="post-detail-title"]')
detail = PostDetailPage(user_page, base_url, slug)
assert detail.get_title() == title
user2_detail = PostDetailPage(user2_page, base_url, slug)
user2_detail.open()
assert not user2_detail.can_edit()
user2_page.goto(f"{base_url}/web/posts/{slug}/edit")
user2_page.wait_for_selector('[data-testid="error-code"]', timeout=10000)
error_code = user2_page.locator('[data-testid="error-code"]').text_content()
assert error_code == "403"

114
tests/e2e/test_profile_and_theme.py Normal file
View File

@@ -0,0 +1,114 @@
"""End-to-end tests for profile page and theme toggle.
Tests that authenticated users can view their profile with correct data
and that the theme switcher toggles between light and dark modes with
localStorage persistence.
"""
from __future__ import annotations
import pytest
from playwright.sync_api import Page
@pytest.mark.e2e
def test_user_profile_page_renders_correctly(
user_page: Page,
admin_page: Page,
base_url: str,
) -> None:
"""Test that profile page displays user info, role badge, and actions.
Steps:
1. User navigates to /web/profile.
2. Verify username, role badge, email, and user ID are visible.
3. Admin navigates to /web/profile.
4. Verify admin sees ADMIN role badge with primary CSS class.
5. Guest attempts to access /web/profile and is redirected to login.
Args:
user_page: Playwright page authenticated as regular user.
admin_page: Playwright page authenticated as admin.
base_url: Application base URL.
"""
user_page.goto(f"{base_url}/web/profile")
user_page.wait_for_selector('[data-testid="profile-username"]')
username = user_page.locator('[data-testid="profile-username"]').text_content()
assert username
assert len(username) > 0
role = user_page.locator('[data-testid="profile-role"]').text_content()
assert "USER" in role
role_class = user_page.locator('[data-testid="profile-role"]').evaluate(
"el => el.className",
)
assert "badge-success" in role_class
user_id = user_page.locator('[data-testid="profile-value-userid"]').text_content()
assert user_id
assert len(user_id) > 0
assert user_page.locator('[data-testid="btn-create-post-profile"]').is_visible()
admin_page.goto(f"{base_url}/web/profile")
admin_page.wait_for_selector('[data-testid="profile-username"]')
admin_role = admin_page.locator('[data-testid="profile-role"]').text_content()
assert "ADMIN" in admin_role
admin_role_class = admin_page.locator('[data-testid="profile-role"]').evaluate(
"el => el.className",
)
assert "badge-primary" in admin_role_class
@pytest.mark.e2e
def test_theme_toggle_switches_between_light_and_dark(
user_page: Page,
base_url: str,
) -> None:
"""Test that the theme toggle switches between light and dark modes.
Steps:
1. Open home page and read initial theme from html data-theme.
2. Click the theme toggle button.
3. Verify the theme attribute flips and localStorage updates.
4. Click again and verify it flips back.
5. Verify icon visibility changes accordingly.
Args:
user_page: Playwright page authenticated as regular user.
base_url: Application base URL.
"""
user_page.goto(f"{base_url}/web/")
user_page.wait_for_selector('[data-testid="theme-toggle"]')
initial_theme = user_page.evaluate(
"() => document.documentElement.getAttribute('data-theme')",
)
assert initial_theme in ("light", "dark")
user_page.locator('[data-testid="theme-toggle"]').click()
user_page.wait_for_timeout(300)
new_theme = user_page.evaluate(
"() => document.documentElement.getAttribute('data-theme')",
)
assert new_theme != initial_theme
assert new_theme in ("light", "dark")
stored = user_page.evaluate("() => localStorage.getItem('blog-theme')")
assert stored == new_theme
user_page.locator('[data-testid="theme-toggle"]').click()
user_page.wait_for_timeout(300)
restored_theme = user_page.evaluate(
"() => document.documentElement.getAttribute('data-theme')",
)
assert restored_theme == initial_theme
stored_restored = user_page.evaluate("() => localStorage.getItem('blog-theme')")
assert stored_restored == initial_theme

0
tests/integration/__init__.py
View File

58
tests/integration/conftest.py
View File

@@ -1,58 +0,0 @@
"""Integration test fixtures."""
from collections.abc import AsyncGenerator
import pytest
from sqlalchemy.ext.asyncio import (
AsyncEngine,
AsyncSession,
async_sessionmaker,
create_async_engine,
)
from app.infrastructure.database.models import Base
# Use in-memory SQLite for tests
TEST_DATABASE_URL = "sqlite+aiosqlite:///:memory:"
@pytest.fixture(scope="session")
def engine() -> AsyncEngine:
"""Create test engine."""
return create_async_engine(
TEST_DATABASE_URL,
echo=False,
future=True,
)
@pytest.fixture(scope="session")
def session_factory(engine: AsyncEngine) -> async_sessionmaker[AsyncSession]:
"""Create test session factory."""
return async_sessionmaker(
engine,
class_=AsyncSession,
expire_on_commit=False,
autoflush=False,
autocommit=False,
)
@pytest.fixture(autouse=True)
async def setup_db(engine: AsyncEngine) -> AsyncGenerator[None]:
"""Setup database tables for each test."""
async with engine.begin() as conn:
await conn.run_sync(Base.metadata.create_all)
yield
async with engine.begin() as conn:
await conn.run_sync(Base.metadata.drop_all)
@pytest.fixture
async def db_session(
session_factory: async_sessionmaker[AsyncSession],
) -> AsyncGenerator[AsyncSession]:
"""Create database session for testing."""
async with session_factory() as session:
yield session
await session.rollback()

479
tests/integration/test_repositories.py
View File

@@ -1,479 +0,0 @@
"""Integration tests for SQLAlchemyPostRepository.
Tests repository implementation with real in-memory SQLite database.
Note: Some tests involving JSON array operations are skipped for SQLite
as it has limited support compared to PostgreSQL.
"""
from uuid import UUID, uuid4
import pytest
from sqlalchemy.ext.asyncio import AsyncSession
from app.domain.entities import Post
from app.domain.repositories import PostRepository
from app.domain.value_objects import Content, Slug, Title
from app.infrastructure.repositories.post import SQLAlchemyPostRepository
@pytest.fixture
def repository(db_session: AsyncSession) -> PostRepository:
"""Create repository instance for testing."""
return SQLAlchemyPostRepository(db_session)
@pytest.fixture
def sample_post() -> Post:
"""Create a sample post for testing."""
return Post(
id=uuid4(),
title=Title("Test Post Title"),
content=Content("Test content for the blog post"),
slug=Slug("test-post-title"),
author_id="test-author-123",
published=False,
tags=["python", "testing"],
)
@pytest.fixture
def published_post() -> Post:
"""Create a published post for testing."""
post = Post(
id=uuid4(),
title=Title("Published Post"),
content=Content("This is a published post content"),
slug=Slug("published-post"),
author_id="test-author-456",
published=True,
tags=["published", "blog"],
)
return post
class TestPostRepositoryCreate:
"""Test suite for post creation operations."""
async def test_add_post(
self,
repository: PostRepository,
sample_post: Post,
db_session: AsyncSession,
) -> None:
"""Test adding a new post to the database."""
await repository.add(sample_post)
await db_session.commit()
retrieved = await repository.get_by_id(sample_post.id)
assert retrieved is not None
assert retrieved.id == sample_post.id
assert retrieved.title.value == sample_post.title.value
assert retrieved.content.value == sample_post.content.value
assert retrieved.slug.value == sample_post.slug.value
assert retrieved.author_id == sample_post.author_id
assert retrieved.published == sample_post.published
assert retrieved.tags == sample_post.tags
async def test_get_by_id_existing(
self,
repository: PostRepository,
sample_post: Post,
db_session: AsyncSession,
) -> None:
"""Test retrieving an existing post by ID."""
await repository.add(sample_post)
await db_session.commit()
result = await repository.get_by_id(sample_post.id)
assert result is not None
assert result.id == sample_post.id
async def test_get_by_id_non_existing(self, repository: PostRepository) -> None:
"""Test retrieving a non-existing post returns None."""
non_existing_id = uuid4()
result = await repository.get_by_id(non_existing_id)
assert result is None
class TestPostRepositoryGetAll:
"""Test suite for retrieving all posts."""
async def test_get_all_empty(self, repository: PostRepository) -> None:
"""Test retrieving all posts when database is empty."""
results = await repository.get_all()
assert results == []
async def test_get_all_multiple_posts(
self,
repository: PostRepository,
sample_post: Post,
published_post: Post,
db_session: AsyncSession,
) -> None:
"""Test retrieving all posts returns all entries."""
await repository.add(sample_post)
await repository.add(published_post)
await db_session.commit()
results = await repository.get_all()
assert len(results) == 2
ids = {post.id for post in results}
assert sample_post.id in ids
assert published_post.id in ids
class TestPostRepositoryUpdate:
"""Test suite for post update operations."""
async def test_update_post(
self,
repository: PostRepository,
sample_post: Post,
db_session: AsyncSession,
) -> None:
"""Test updating an existing post."""
await repository.add(sample_post)
await db_session.commit()
# Refresh to get latest state
await db_session.flush()
# Create a new post instance with updated values
updated_post = Post(
id=sample_post.id,
title=Title("Updated Title"),
content=Content("Updated content for the post"),
slug=sample_post.slug,
author_id=sample_post.author_id,
published=sample_post.published,
tags=["updated", "tags"],
created_at=sample_post.created_at,
updated_at=sample_post.updated_at,
)
await repository.update(updated_post)
await db_session.commit()
retrieved = await repository.get_by_id(sample_post.id)
assert retrieved is not None
assert retrieved.title.value == "Updated Title"
assert retrieved.content.value == "Updated content for the post"
assert retrieved.tags == ["updated", "tags"]
async def test_update_publishes_post(
self,
repository: PostRepository,
sample_post: Post,
db_session: AsyncSession,
) -> None:
"""Test that update reflects published status change."""
await repository.add(sample_post)
await db_session.commit()
await db_session.flush()
# Create updated post with published=True
updated_post = Post(
id=sample_post.id,
title=sample_post.title,
content=sample_post.content,
slug=sample_post.slug,
author_id=sample_post.author_id,
published=True,
tags=sample_post.tags,
created_at=sample_post.created_at,
updated_at=sample_post.updated_at,
)
await repository.update(updated_post)
await db_session.commit()
retrieved = await repository.get_by_id(sample_post.id)
assert retrieved is not None
assert retrieved.published is True
class TestPostRepositoryDelete:
"""Test suite for post deletion operations."""
async def test_delete_existing_post(
self,
repository: PostRepository,
sample_post: Post,
db_session: AsyncSession,
) -> None:
"""Test deleting an existing post."""
await repository.add(sample_post)
await db_session.commit()
await repository.delete(sample_post.id)
await db_session.commit()
retrieved = await repository.get_by_id(sample_post.id)
assert retrieved is None
async def test_delete_non_existing_post(self, repository: PostRepository) -> None:
"""Test deleting a non-existing post does not raise error."""
non_existing_id = uuid4()
await repository.delete(non_existing_id)
class TestPostRepositoryExists:
"""Test suite for post existence checks."""
async def test_exists_true(
self,
repository: PostRepository,
sample_post: Post,
db_session: AsyncSession,
) -> None:
"""Test exists returns True for existing post."""
await repository.add(sample_post)
await db_session.commit()
result = await repository.exists(sample_post.id)
assert result is True
async def test_exists_false(self, repository: PostRepository) -> None:
"""Test exists returns False for non-existing post."""
non_existing_id = uuid4()
result = await repository.exists(non_existing_id)
assert result is False
class TestPostRepositoryGetBySlug:
"""Test suite for slug-based retrieval."""
async def test_get_by_slug_existing(
self,
repository: PostRepository,
sample_post: Post,
db_session: AsyncSession,
) -> None:
"""Test retrieving post by existing slug."""
await repository.add(sample_post)
await db_session.commit()
result = await repository.get_by_slug(sample_post.slug.value)
assert result is not None
assert result.id == sample_post.id
assert result.slug.value == sample_post.slug.value
async def test_get_by_slug_non_existing(self, repository: PostRepository) -> None:
"""Test retrieving by non-existing slug returns None."""
result = await repository.get_by_slug("non-existing-slug")
assert result is None
class TestPostRepositoryGetByAuthor:
"""Test suite for author-based retrieval."""
async def test_get_by_author(
self,
repository: PostRepository,
sample_post: Post,
db_session: AsyncSession,
) -> None:
"""Test retrieving posts by author ID."""
await repository.add(sample_post)
await db_session.commit()
results = await repository.get_by_author(sample_post.author_id)
assert len(results) == 1
assert results[0].id == sample_post.id
async def test_get_by_author_empty(self, repository: PostRepository) -> None:
"""Test retrieving posts by author with no posts."""
results = await repository.get_by_author("non-existing-author")
assert results == []
class TestPostRepositoryGetPublished:
"""Test suite for published posts retrieval."""
async def test_get_published_only(
self,
repository: PostRepository,
sample_post: Post,
published_post: Post,
db_session: AsyncSession,
) -> None:
"""Test retrieving only published posts."""
await repository.add(sample_post)
await repository.add(published_post)
await db_session.commit()
results = await repository.get_published()
assert len(results) == 1
assert results[0].id == published_post.id
class TestPostRepositoryGetByTag:
"""Test suite for tag-based retrieval.
Note: These tests are skipped for SQLite as it has limited JSON support.
"""
@pytest.mark.skip(reason="SQLite has limited JSON array support")
async def test_get_by_tag(self, repository: PostRepository, sample_post: Post) -> None:
"""Test retrieving posts by tag."""
pass
@pytest.mark.skip(reason="SQLite has limited JSON array support")
async def test_get_by_tag_multiple_posts(self, repository: PostRepository) -> None:
"""Test retrieving multiple posts with same tag."""
pass
@pytest.mark.skip(reason="SQLite has limited JSON array support")
async def test_get_by_tag_not_found(
self,
repository: PostRepository,
sample_post: Post,
) -> None:
"""Test retrieving by non-existing tag returns empty list."""
pass
class TestPostRepositorySlugExists:
"""Test suite for slug existence checks."""
async def test_slug_exists_true(
self,
repository: PostRepository,
sample_post: Post,
db_session: AsyncSession,
) -> None:
"""Test slug_exists returns True for existing slug."""
await repository.add(sample_post)
await db_session.commit()
result = await repository.slug_exists(sample_post.slug.value)
assert result is True
async def test_slug_exists_false(self, repository: PostRepository) -> None:
"""Test slug_exists returns False for non-existing slug."""
result = await repository.slug_exists("non-existing-slug")
assert result is False
class TestPostRepositorySearch:
"""Test suite for post search functionality."""
async def test_search_by_title(
self,
repository: PostRepository,
sample_post: Post,
db_session: AsyncSession,
) -> None:
"""Test searching posts by title."""
await repository.add(sample_post)
await db_session.commit()
results = await repository.search("Test Post")
assert len(results) == 1
assert results[0].id == sample_post.id
async def test_search_by_content(
self,
repository: PostRepository,
sample_post: Post,
db_session: AsyncSession,
) -> None:
"""Test searching posts by content."""
await repository.add(sample_post)
await db_session.commit()
results = await repository.search("blog post")
assert len(results) == 1
assert results[0].id == sample_post.id
async def test_search_case_insensitive(
self,
repository: PostRepository,
sample_post: Post,
db_session: AsyncSession,
) -> None:
"""Test search is case insensitive."""
await repository.add(sample_post)
await db_session.commit()
results = await repository.search("TEST POST")
assert len(results) == 1
async def test_search_no_results(
self,
repository: PostRepository,
sample_post: Post,
db_session: AsyncSession,
) -> None:
"""Test search with no matching results."""
await repository.add(sample_post)
await db_session.commit()
results = await repository.search("xyz123nonexistent")
assert results == []
@pytest.mark.skip(reason="SQLite behavior without ORDER BY is non-deterministic")
async def test_search_with_limit(
self,
repository: PostRepository,
db_session: AsyncSession,
) -> None:
"""Test search with limit - skipped for SQLite."""
pass
@pytest.mark.skip(reason="SQLite order non-deterministic without ORDER BY")
async def test_search_with_offset(
self,
repository: PostRepository,
db_session: AsyncSession,
) -> None:
"""Test search with offset."""
pass
class TestPostRepositoryConversion:
"""Test suite for domain/ORM conversion."""
async def test_to_domain_preserves_all_fields(
self,
repository: SQLAlchemyPostRepository,
sample_post: Post,
db_session: AsyncSession,
) -> None:
"""Test that domain conversion preserves all post fields."""
await repository.add(sample_post)
await db_session.commit()
retrieved = await repository.get_by_id(sample_post.id)
assert retrieved is not None
assert isinstance(retrieved.id, UUID)
assert retrieved.title.value == sample_post.title.value
assert retrieved.content.value == sample_post.content.value
assert retrieved.slug.value == sample_post.slug.value
assert retrieved.author_id == sample_post.author_id
assert retrieved.published == sample_post.published
assert retrieved.tags == sample_post.tags

162
tests/unit/application/test_use_cases.py
View File

@@ -20,6 +20,7 @@ from app.domain.exceptions import (
ForbiddenException,
NotFoundException,
)
from app.domain.roles import Role
@pytest.fixture
@@ -125,48 +126,39 @@ class TestGetPostUseCase:
with pytest.raises(NotFoundException):
await use_case.by_id(post_id)
class TestUpdatePostUseCase:
@pytest.mark.asyncio
async def test_update_post_success(
async def test_get_post_by_slug_success(
self,
mock_post_repository: Mock,
mock_transaction_manager: Mock,
test_post: Post,
) -> None:
"""Test successful post update."""
# Setup
mock_post_repository.get_by_id = AsyncMock(return_value=test_post)
mock_post_repository.update = AsyncMock()
"""Test successful get post by slug."""
mock_post_repository.get_by_slug = AsyncMock(return_value=test_post)
use_case = UpdatePostUseCase(mock_post_repository, mock_transaction_manager)
dto = UpdatePostDTO(title="Updated Title")
use_case = GetPostUseCase(mock_post_repository, mock_transaction_manager)
result = await use_case.by_slug(test_post.slug.value)
# Execute
result = await use_case.execute(test_post.id, dto, "user-123")
# Assert
assert result.title == "Updated Title"
mock_post_repository.update.assert_called_once()
mock_transaction_manager.commit.assert_called_once()
assert result.id == test_post.id
assert result.title == test_post.title.value
mock_post_repository.get_by_slug.assert_called_once_with(test_post.slug.value)
@pytest.mark.asyncio
async def test_update_post_not_found(
async def test_get_post_by_slug_not_found(
self,
mock_post_repository: Mock,
mock_transaction_manager: Mock,
) -> None:
"""Test update post when not found."""
# Setup
mock_post_repository.get_by_id = AsyncMock(return_value=None)
"""Test get post by slug when not found."""
mock_post_repository.get_by_slug = AsyncMock(return_value=None)
use_case = UpdatePostUseCase(mock_post_repository, mock_transaction_manager)
dto = UpdatePostDTO(title="Updated Title")
use_case = GetPostUseCase(mock_post_repository, mock_transaction_manager)
# Execute & Assert
with pytest.raises(NotFoundException):
await use_case.execute(uuid4(), dto, "user-123")
await use_case.by_slug("nonexistent-slug")
class TestUpdatePostUseCase:
@pytest.mark.asyncio
async def test_update_post_forbidden(
self,
@@ -177,6 +169,7 @@ class TestUpdatePostUseCase:
"""Test update post by different user."""
# Setup
mock_post_repository.get_by_id = AsyncMock(return_value=test_post)
mock_post_repository.update = AsyncMock()
use_case = UpdatePostUseCase(mock_post_repository, mock_transaction_manager)
dto = UpdatePostDTO(title="Updated Title")
@@ -185,6 +178,69 @@ class TestUpdatePostUseCase:
with pytest.raises(ForbiddenException):
await use_case.execute(test_post.id, dto, "other-user")
@pytest.mark.asyncio
async def test_update_post_admin_can_edit_any_post(
self,
mock_post_repository: Mock,
mock_transaction_manager: Mock,
test_post: Post,
) -> None:
"""Test admin can update any post regardless of author."""
# Setup
mock_post_repository.get_by_id = AsyncMock(return_value=test_post)
mock_post_repository.update = AsyncMock()
use_case = UpdatePostUseCase(mock_post_repository, mock_transaction_manager)
dto = UpdatePostDTO(title="Admin Updated Title")
# Execute
result = await use_case.execute(test_post.id, dto, "admin-user", Role.ADMIN)
# Assert
assert result.title == "Admin Updated Title"
mock_post_repository.update.assert_called_once()
mock_transaction_manager.commit.assert_called_once()
@pytest.mark.asyncio
async def test_update_post_not_found(
self,
mock_post_repository: Mock,
mock_transaction_manager: Mock,
) -> None:
"""Test update post when post does not exist."""
mock_post_repository.get_by_id = AsyncMock(return_value=None)
use_case = UpdatePostUseCase(mock_post_repository, mock_transaction_manager)
dto = UpdatePostDTO(title="New Title")
post_id = uuid4()
with pytest.raises(NotFoundException):
await use_case.execute(post_id, dto, "user-123")
@pytest.mark.asyncio
async def test_update_post_with_content_and_tags(
self,
mock_post_repository: Mock,
mock_transaction_manager: Mock,
test_post: Post,
) -> None:
"""Test update post content and tags."""
mock_post_repository.get_by_id = AsyncMock(return_value=test_post)
mock_post_repository.update = AsyncMock()
use_case = UpdatePostUseCase(mock_post_repository, mock_transaction_manager)
dto = UpdatePostDTO(
content="Updated content with enough characters for validation",
tags=["new", "tags"],
)
result = await use_case.execute(test_post.id, dto, "user-123")
assert result.content == dto.content
assert result.tags == dto.tags
mock_post_repository.update.assert_called_once()
mock_transaction_manager.commit.assert_called_once()
class TestDeletePostUseCase:
@pytest.mark.asyncio
@@ -225,6 +281,42 @@ class TestDeletePostUseCase:
with pytest.raises(ForbiddenException):
await use_case.execute(test_post.id, "other-user")
@pytest.mark.asyncio
async def test_delete_post_admin_can_delete_any_post(
self,
mock_post_repository: Mock,
mock_transaction_manager: Mock,
test_post: Post,
) -> None:
"""Test admin can delete any post regardless of author."""
# Setup
mock_post_repository.get_by_id = AsyncMock(return_value=test_post)
mock_post_repository.delete = AsyncMock()
use_case = DeletePostUseCase(mock_post_repository, mock_transaction_manager)
# Execute
await use_case.execute(test_post.id, "admin-user", Role.ADMIN)
# Assert
mock_post_repository.delete.assert_called_once_with(test_post.id)
mock_transaction_manager.commit.assert_called_once()
@pytest.mark.asyncio
async def test_delete_post_not_found(
self,
mock_post_repository: Mock,
mock_transaction_manager: Mock,
) -> None:
"""Test delete post when post does not exist."""
mock_post_repository.get_by_id = AsyncMock(return_value=None)
use_case = DeletePostUseCase(mock_post_repository, mock_transaction_manager)
post_id = uuid4()
with pytest.raises(NotFoundException):
await use_case.execute(post_id, "user-123")
class TestPublishPostUseCase:
@pytest.mark.asyncio
@@ -249,6 +341,28 @@ class TestPublishPostUseCase:
mock_post_repository.update.assert_called_once()
mock_transaction_manager.commit.assert_called_once()
@pytest.mark.asyncio
async def test_publish_post_admin_can_publish_any_post(
self,
mock_post_repository: Mock,
mock_transaction_manager: Mock,
test_post: Post,
) -> None:
"""Test admin can publish any post regardless of author."""
# Setup
mock_post_repository.get_by_id = AsyncMock(return_value=test_post)
mock_post_repository.update = AsyncMock()
use_case = PublishPostUseCase(mock_post_repository, mock_transaction_manager)
# Execute
result = await use_case.publish(test_post.id, "admin-user", Role.ADMIN)
# Assert
assert result.published is True
mock_post_repository.update.assert_called_once()
mock_transaction_manager.commit.assert_called_once()
class TestListPostsUseCase:
@pytest.mark.asyncio

17
tests/unit/domain/test_entities.py
View File

@@ -1,5 +1,6 @@
"""Tests for domain entities."""
from typing import Any
from uuid import UUID
from app.domain.entities import Post
@@ -126,3 +127,19 @@ class TestPost:
assert "id" in data
assert "created_at" in data
assert "updated_at" in data
def test_base_entity_eq_and_hash(self) -> None:
"""Test BaseEntity equality and hash directly."""
from app.domain.entities.base import BaseEntity
class ConcreteEntity(BaseEntity):
def to_dict(self) -> dict[str, Any]:
return {}
e1 = ConcreteEntity()
e2 = ConcreteEntity()
e2.id = e1.id
assert BaseEntity.__eq__(e1, e2) is True
assert BaseEntity.__eq__(e1, "not an entity") == NotImplemented
assert BaseEntity.__hash__(e1) == hash(e1.id)

64
tests/unit/domain/test_roles.py
View File

@@ -1,11 +1,17 @@
"""Tests for role-based access control."""
from typing import Any
import pytest
from app.domain.exceptions import ForbiddenException
from app.domain.roles import (
ROLE_PERMISSIONS,
Permission,
Role,
get_effective_role,
has_permission,
require_permission,
)
@@ -121,3 +127,61 @@ class TestGetEffectiveRole:
assert get_effective_role(["user", "admin", "guest"]) == Role.ADMIN
# User takes precedence over guest
assert get_effective_role(["guest", "user"]) == Role.USER
class TestRequirePermission:
"""Test require_permission decorator."""
async def test_admin_passes_permission_check(self) -> None:
"""Test admin with permission succeeds."""
@require_permission(Permission.POST_CREATE)
async def dummy(*, token_info: Any = None) -> str:
return "ok"
token = type("TokenInfo", (), {"roles": ["admin"]})()
result = await dummy(token_info=token)
assert result == "ok"
async def test_user_passes_permission_check(self) -> None:
"""Test user with permission succeeds."""
@require_permission(Permission.POST_READ)
async def dummy(*, token_info: Any = None) -> str:
return "ok"
token = type("TokenInfo", (), {"roles": ["user"]})()
result = await dummy(token_info=token)
assert result == "ok"
async def test_no_token_raises(self) -> None:
"""Test missing token raises ForbiddenException."""
@require_permission(Permission.POST_CREATE)
async def dummy(*, token_info: Any = None) -> str:
return "ok"
with pytest.raises(ForbiddenException, match="Authentication required"):
await dummy()
async def test_guest_without_permission_raises(self) -> None:
"""Test guest lacking permission raises ForbiddenException."""
@require_permission(Permission.POST_CREATE)
async def dummy(*, token_info: Any = None) -> str:
return "ok"
token = type("TokenInfo", (), {"roles": []})()
with pytest.raises(ForbiddenException, match="Permission 'post:create' required"):
await dummy(token_info=token)
async def test_user_forbidden_unpublished(self) -> None:
"""Test user cannot read unpublished via decorator."""
@require_permission(Permission.POST_READ_UNPUBLISHED)
async def dummy(*, token_info: Any = None) -> str:
return "ok"
token = type("TokenInfo", (), {"roles": ["user"]})()
with pytest.raises(ForbiddenException, match="Permission 'post:read_unpublished' required"):
await dummy(token_info=token)

70
tests/unit/domain/test_value_objects.py
View File

@@ -91,3 +91,73 @@ class TestSlug:
slug2 = Slug("test-slug")
assert slug1 == slug2
assert hash(slug1) == hash(slug2)
def test_slug_str_and_primitive(self) -> None:
"""Test slug string and primitive conversion."""
slug = Slug("test-slug")
assert str(slug) == "test-slug"
assert slug.to_primitive() == "test-slug"
def test_slug_eq_with_non_value_object(self) -> None:
"""Test slug equality with non-ValueObject returns False."""
slug = Slug("test-slug")
assert slug != "test-slug"
def test_slug_not_string(self) -> None:
"""Test non-string slug raises ValueError."""
with pytest.raises(ValueError, match="string"):
Slug(123) # type: ignore[arg-type]
def test_slug_too_long(self) -> None:
"""Test slug exceeding max length raises ValueError."""
with pytest.raises(ValueError, match="at most"):
Slug("a" * 201)
class TestValueObjectBase:
"""Test base ValueObject behavior across types."""
def test_title_eq_with_non_value_object(self) -> None:
"""Test title equality with non-ValueObject returns False."""
title = Title("Test Title")
assert title != "Test Title"
def test_content_str_and_primitive(self) -> None:
"""Test content string and primitive conversion."""
content = Content("Enough characters for valid content")
assert str(content) == "Enough characters for valid content"
assert content.to_primitive() == "Enough characters for valid content"
def test_content_not_string(self) -> None:
"""Test non-string content raises ValueError."""
with pytest.raises(ValueError, match="string"):
Content(123) # type: ignore[arg-type]
def test_value_object_eq_and_hash_directly(self) -> None:
"""Test ValueObject base eq and hash via direct call."""
from app.domain.value_objects.base import ValueObject
class SimpleVO(ValueObject[str]):
def _validate(self) -> None:
pass
vo1 = SimpleVO("test")
vo2 = SimpleVO("test")
vo3 = SimpleVO("other")
assert ValueObject.__eq__(vo1, vo2) is True
assert ValueObject.__eq__(vo1, vo3) is False
assert ValueObject.__eq__(vo1, "test") is False
assert ValueObject.__hash__(vo1) == hash("test")
def test_content_exact_min_length(self) -> None:
"""Test content at exact minimum length boundary."""
min_content = "a" * 10
content = Content(min_content)
assert content.value == min_content
def test_slug_exact_max_length(self) -> None:
"""Test slug at exact maximum length boundary."""
max_slug = "a" * 200
slug = Slug(max_slug)
assert slug.value == max_slug

22
tests/unit/infrastructure/test_auth.py
View File

@@ -234,6 +234,28 @@ class TestKeycloakAuthClient:
assert mock_async_client.post.call_count == 1
assert result1.user_id == result2.user_id
def test_get_cached_token_expired(self, client: KeycloakAuthClient) -> None:
"""Test expired cache entry returns None and is removed."""
from app.infrastructure.auth.models import TokenInfo
client._cache["expired-token"] = (TokenInfo(active=True), 0)
with patch("time.time", return_value=1000):
result = client._get_cached_token("expired-token")
assert result is None
assert "expired-token" not in client._cache
def test_cache_token_removes_expired_entries(self, client: KeycloakAuthClient) -> None:
"""Test caching new token removes expired existing entries."""
from app.infrastructure.auth.models import TokenInfo
old_token = TokenInfo(active=True)
new_token = TokenInfo(active=True)
client._cache["old"] = (old_token, 0)
with patch("time.time", return_value=1000):
client._cache_token("new", new_token)
assert "old" not in client._cache
assert "new" in client._cache
@pytest.mark.asyncio
async def test_get_userinfo_success(self, client: KeycloakAuthClient) -> None:
"""Test successful userinfo retrieval."""

14
tests/unit/infrastructure/test_di_container.py Normal file
View File

@@ -0,0 +1,14 @@
"""Tests for DI container."""
from app.infrastructure.di.container import create_container
class TestContainer:
"""Test DI container creation."""
def test_create_container(self) -> None:
"""Test container factory returns AsyncContainer."""
from dishka import AsyncContainer
container = create_container()
assert isinstance(container, AsyncContainer)

54
tests/unit/infrastructure/test_mock_auth.py Normal file
View File

@@ -0,0 +1,54 @@
"""Tests for mock Keycloak client."""
import pytest
from app.infrastructure.auth.mock_client import MockKeycloakClient
class TestMockKeycloakClient:
"""Test MockKeycloakClient token introspection."""
@pytest.fixture
def client(self) -> MockKeycloakClient:
"""Create mock client instance."""
return MockKeycloakClient()
@pytest.mark.asyncio
async def test_introspect_user_token(self, client: MockKeycloakClient) -> None:
"""Test introspecting user token."""
result = await client.introspect_token("dev-token-user")
assert result.is_valid is True
assert result.user_id == "dev-user"
assert result.username == "Dev User"
assert result.email == "dev.user@example.com"
assert result.roles == ["user"]
@pytest.mark.asyncio
async def test_introspect_user2_token(self, client: MockKeycloakClient) -> None:
"""Test introspecting user2 token."""
result = await client.introspect_token("dev-token-user2")
assert result.is_valid is True
assert result.user_id == "dev-user2"
assert result.username == "Test User"
assert result.roles == ["user"]
@pytest.mark.asyncio
async def test_introspect_admin_token(self, client: MockKeycloakClient) -> None:
"""Test introspecting admin token."""
result = await client.introspect_token("dev-token-admin")
assert result.is_valid is True
assert result.user_id == "dev-admin"
assert result.username == "Dev Admin"
assert result.roles == ["admin"]
@pytest.mark.asyncio
async def test_introspect_guest_token(self, client: MockKeycloakClient) -> None:
"""Test introspecting guest token returns inactive."""
result = await client.introspect_token("dev-token-guest")
assert result.is_valid is False
@pytest.mark.asyncio
async def test_introspect_unknown_token(self, client: MockKeycloakClient) -> None:
"""Test introspecting unknown token returns inactive."""
result = await client.introspect_token("unknown-token")
assert result.is_valid is False

131
tests/unit/presentation/test_web_deps.py Normal file
View File

@@ -0,0 +1,131 @@
"""Tests for web dependencies."""
from unittest.mock import MagicMock
from app.domain.roles import Role
from app.presentation.web.deps import (
can_create_post,
can_delete_post,
can_edit_post,
can_see_draft,
get_user_role,
)
class TestGetUserRole:
"""Test get_user_role function."""
def test_none_returns_guest(self) -> None:
"""Test None user returns GUEST role."""
assert get_user_role(None) == Role.GUEST
def test_admin_roles(self) -> None:
"""Test admin role detection."""
user = MagicMock()
user.roles = ["admin"]
assert get_user_role(user) == Role.ADMIN
def test_user_roles(self) -> None:
"""Test user role detection."""
user = MagicMock()
user.roles = ["user"]
assert get_user_role(user) == Role.USER
def test_empty_roles_returns_guest(self) -> None:
"""Test empty roles list returns GUEST."""
user = MagicMock()
user.roles = []
assert get_user_role(user) == Role.GUEST
class TestCanCreatePost:
"""Test can_create_post function."""
def test_guest_cannot_create(self) -> None:
"""Test guest cannot create posts."""
assert can_create_post(None) is False
def test_user_can_create(self) -> None:
"""Test user can create posts."""
user = MagicMock()
user.roles = ["user"]
assert can_create_post(user) is True
def test_admin_can_create(self) -> None:
"""Test admin can create posts."""
user = MagicMock()
user.roles = ["admin"]
assert can_create_post(user) is True
class TestCanEditPost:
"""Test can_edit_post function."""
def test_guest_cannot_edit(self) -> None:
"""Test guest cannot edit any post."""
assert can_edit_post(None, "author-1") is False
def test_user_can_edit_own(self) -> None:
"""Test user can edit own post."""
user = MagicMock()
user.roles = ["user"]
user.user_id = "author-1"
assert can_edit_post(user, "author-1") is True
def test_user_cannot_edit_other(self) -> None:
"""Test user cannot edit other's post."""
user = MagicMock()
user.roles = ["user"]
user.user_id = "user-2"
assert can_edit_post(user, "author-1") is False
def test_admin_can_edit_any(self) -> None:
"""Test admin can edit any post."""
user = MagicMock()
user.roles = ["admin"]
user.user_id = "admin-1"
assert can_edit_post(user, "author-1") is True
class TestCanDeletePost:
"""Test can_delete_post function."""
def test_delegates_to_can_edit(self) -> None:
"""Test can_delete_post delegates to can_edit_post logic."""
user = MagicMock()
user.roles = ["user"]
user.user_id = "author-1"
assert can_delete_post(user, "author-1") is True
def test_guest_cannot_delete(self) -> None:
"""Test guest cannot delete posts."""
assert can_delete_post(None, "author-1") is False
class TestCanSeeDraft:
"""Test can_see_draft function."""
def test_guest_cannot_see(self) -> None:
"""Test guest cannot see drafts."""
assert can_see_draft(None, "author-1") is False
def test_user_can_see_own(self) -> None:
"""Test user can see own draft."""
user = MagicMock()
user.roles = ["user"]
user.user_id = "author-1"
assert can_see_draft(user, "author-1") is True
def test_user_cannot_see_other(self) -> None:
"""Test user cannot see other's draft."""
user = MagicMock()
user.roles = ["user"]
user.user_id = "user-2"
assert can_see_draft(user, "author-1") is False
def test_admin_can_see_any(self) -> None:
"""Test admin can see any draft."""
user = MagicMock()
user.roles = ["admin"]
user.user_id = "admin-1"
assert can_see_draft(user, "author-1") is True