fix tests 2

Author: HardMax71

backend/app/api/routes/auth.py

@@ -65,10 +65,6 @@ async def login(
         )
 
     settings = get_settings()
-    access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
-    access_token = security_service.create_access_token(
-        data={"sub": user.username}, expires_delta=access_token_expires
-    )
 
     logger.info(
         "Login successful",
@@ -80,6 +76,14 @@ async def login(
         },
     )
 
+    access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
+    access_token = security_service.create_access_token(
+        data={"sub": user.username}, expires_delta=access_token_expires
+    )
+
+    session_id = security_service.get_session_id_from_request(request)
+    csrf_token = security_service.generate_csrf_token(session_id)
+
     # Set httpOnly cookie for secure token storage
     response.set_cookie(
         key="access_token",
@@ -91,10 +95,6 @@ async def login(
         path="/",
     )
 
-    # Generate CSRF token for the session
-    session_id = security_service.get_session_id_from_request(request)
-    csrf_token = security_service.generate_csrf_token(session_id)
-
     return {"message": "Login successful", "username": user.username, "csrf_token": csrf_token}
 
 

backend/tests/integration/test_auth_api.py

@@ -1,5 +1,5 @@
 import time
-
+import httpx
 import pytest
 from app.schemas.user import UserCreate
 from httpx import AsyncClient
@@ -117,12 +117,21 @@ async def test_verify_token_valid(self) -> None:
     @pytest.mark.asyncio
     async def test_verify_token_invalid_token(self) -> None:
         """Verify an invalid/malformed token fails."""
-        # Clear cookies to simulate invalid token
-        response = await self.client.get("/api/v1/verify-token", cookies={})
-        assert response.status_code == 401
+        async with httpx.AsyncClient(
+            base_url="https://localhost:443",
+            verify=False,
+            timeout=30.0
+        ) as new_client:
+            response = await new_client.get("/api/v1/verify-token")
+            assert response.status_code == 401
 
     @pytest.mark.asyncio
     async def test_verify_token_no_token(self) -> None:
         """Verify request fails without token."""
-        response = await self.client.get("/api/v1/verify-token", cookies={})  # No cookies
-        assert response.status_code == 401
+        async with httpx.AsyncClient(
+            base_url="https://localhost:443",
+            verify=False,
+            timeout=30.0
+        ) as new_client:
+            response = await new_client.get("/api/v1/verify-token")
+            assert response.status_code == 401

backend/tests/integration/test_execution_api.py

@@ -1,12 +1,11 @@
 import asyncio
 import time
-
+import httpx
 import pytest
 from app.schemas.user import UserCreate
 from httpx import AsyncClient, HTTPStatusError
 from motor.motor_asyncio import AsyncIOMotorDatabase
 
-# Define polling parameters
 POLL_INTERVAL = 2  # seconds
 EXECUTION_TIMEOUT = 120  # seconds
 
@@ -146,16 +145,28 @@ async def test_k8s_resource_limits(self) -> None:
     @pytest.mark.asyncio
     async def test_execute_endpoint_without_auth(self) -> None:
         """Test accessing execute endpoint without authentication (should succeed)."""
-        execution_request = {"script": "print('no auth test should pass')"}
-        response = await self.client.post("/api/v1/execute", json=execution_request, cookies={})  # No cookies
-        # Expect 200 OK because the endpoint is public
-        assert response.status_code == 200
-        assert "execution_id" in response.json()
-        assert "status" in response.json()
+        async with httpx.AsyncClient(
+            base_url="https://localhost:443",
+            verify=False,
+            timeout=30.0
+        ) as new_client:
+            execution_request = {"script": "print('no auth test should pass')"}
+            response = await new_client.post("/api/v1/execute", json=execution_request)
+            # Expect 200 OK because the endpoint is public
+            assert response.status_code == 200
+            assert "execution_id" in response.json()
+            assert "status" in response.json()
 
     @pytest.mark.asyncio
     async def test_result_endpoint_without_auth(self) -> None:
-        non_existent_id = "nonexistent-public-id-999"
-        response = await self.client.get(f"/api/v1/result/{non_existent_id}", cookies={})  # No cookies
-        # Expect 404 Not Found because the ID doesn't exist, *not* 401 because the endpoint is public
-        assert response.status_code == 404
+        # Create a new client without cookies to simulate no auth
+        import httpx
+        async with httpx.AsyncClient(
+            base_url="https://localhost:443",
+            verify=False,
+            timeout=30.0
+        ) as new_client:
+            non_existent_id = "nonexistent-public-id-999"
+            response = await new_client.get(f"/api/v1/result/{non_existent_id}")
+            # Expect 404 Not Found because the ID doesn't exist, *not* 401 because the endpoint is public
+            assert response.status_code == 404

backend/tests/integration/test_saved_scripts_api.py

@@ -1,5 +1,5 @@
 import time
-
+import httpx
 import pytest
 from app.schemas.user import UserCreate
 from httpx import AsyncClient
@@ -132,13 +132,17 @@ async def test_list_scripts_empty(self) -> None:
     @pytest.mark.asyncio
     async def test_scripts_endpoints_without_auth(self) -> None:
         """Test accessing scripts endpoints without authentication."""
-        script_data = {"name": "No Auth", "script": "print('no')"}
-        # Use empty cookies to simulate no authentication
-        response_post = await self.client.post("/api/v1/scripts", json=script_data, cookies={})
-        response_get_list = await self.client.get("/api/v1/scripts", cookies={})
-        response_get_one = await self.client.get("/api/v1/scripts/some-id", cookies={})
-        response_put = await self.client.put("/api/v1/scripts/some-id", json=script_data, cookies={})
-        response_delete = await self.client.delete("/api/v1/scripts/some-id", cookies={})
+        async with httpx.AsyncClient(
+            base_url="https://localhost:443",
+            verify=False,
+            timeout=30.0
+        ) as new_client:
+            script_data = {"name": "No Auth", "script": "print('no')"}
+            response_post = await new_client.post("/api/v1/scripts", json=script_data)
+            response_get_list = await new_client.get("/api/v1/scripts")
+            response_get_one = await new_client.get("/api/v1/scripts/some-id")
+            response_put = await new_client.put("/api/v1/scripts/some-id", json=script_data)
+            response_delete = await new_client.delete("/api/v1/scripts/some-id")
 
         assert response_post.status_code == 401
         assert response_get_list.status_code == 401