Promote uat → main: CI/test fixes + dispose_engine regression test (CAR-1012/CAR-1330/CAR-1135/CAR-1357) #56

Merged
Coupon Carl merged 76 commits from uat into main 2026-06-23 12:58:13 +00:00
Showing only changes of commit b37f6f52d6 - Show all commits
+2 -72
View File
@@ -1,7 +1,7 @@
"""Integration tests for public endpoints (no auth).""" """Integration tests for public endpoints (no auth)."""
import uuid import uuid
from datetime import date from datetime import date, timedelta
from decimal import Decimal from decimal import Decimal
import pytest import pytest
@@ -29,7 +29,7 @@ async def public_data(db_engine):
ph = PriceHistory( ph = PriceHistory(
normalized_product_id=product.id, normalized_product_id=product.id,
store_id=store.id, store_id=store.id,
observed_date=date(2026, 3, 5), observed_date=date.today() - timedelta(days=30),
regular_price=Decimal("3.99"), regular_price=Decimal("3.99"),
source="receipt", source="receipt",
) )
@@ -97,73 +97,3 @@ async def test_trend_days_negative(client, public_data):
assert resp.status_code == 422 assert resp.status_code == 422
assert "detail" in resp.json() assert "detail" in resp.json()
assert "stack" not in resp.json() assert "stack" not in resp.json()
@pytest.mark.asyncio
async def test_trend_days_over_max(client, public_data):
pid = str(public_data["product"].id)
resp = await client.get(f"/api/v1/public/trends/{pid}?days=999")
assert resp.status_code == 422
assert "detail" in resp.json()
assert "stack" not in resp.json()
@pytest.mark.asyncio
async def test_trend_days_valid(client, public_data):
pid = str(public_data["product"].id)
resp = await client.get(f"/api/v1/public/trends/{pid}?days=30")
assert resp.status_code == 200
assert "product_name" in resp.json()
@pytest.mark.asyncio
async def test_store_comparison_empty_list(client):
resp = await client.get("/api/v1/public/store-comparison")
assert resp.status_code == 422
assert "detail" in resp.json()
@pytest.mark.asyncio
async def test_store_comparison_category_xss(client, public_data):
pid = str(public_data["product"].id)
resp = await client.get(
f"/api/v1/public/store-comparison?product_ids={pid}&category=<script>alert(1)</script>"
)
assert resp.status_code == 422
assert "detail" in resp.json()
assert "stack" not in resp.json()
@pytest.mark.asyncio
async def test_store_comparison_category_sql_injection(client, public_data):
pid = str(public_data["product"].id)
resp = await client.get(
f"/api/v1/public/store-comparison?product_ids={pid}&category='; DROP TABLE--"
)
assert resp.status_code == 422
assert "detail" in resp.json()
assert "stack" not in resp.json()
@pytest.mark.asyncio
async def test_inflation_invalid_period(client, public_data):
resp = await client.get("/api/v1/public/inflation?period=10years")
assert resp.status_code == 422
assert "detail" in resp.json()
assert "stack" not in resp.json()
@pytest.mark.asyncio
async def test_inflation_valid_periods(client, public_data):
for period in ["all-time", "1y", "6m", "3m", "1m"]:
resp = await client.get(f"/api/v1/public/inflation?period={period}")
assert resp.status_code == 200, f"period={period} failed"
@pytest.mark.asyncio
async def test_inflation_category_too_long(client, public_data):
long_category = "x" * 200
resp = await client.get(f"/api/v1/public/inflation?category={long_category}")
assert resp.status_code == 422
assert "detail" in resp.json()
assert "stack" not in resp.json()