feat: Update API token handling to use API-TOKEN header and improve related tests

2025-07-27 22:15:23 +02:00
parent 3dc21337f9
commit 58030914e6
5 changed files with 80 additions and 85 deletions
--- a/tests/api/v1/test_api_token_endpoints.py
+++ b/tests/api/v1/test_api_token_endpoints.py
@@ -239,7 +239,7 @@ class TestApiTokenEndpoints:
        api_token = token_response.json()["api_token"]

        # Use API token to authenticate
-        headers = {"Authorization": f"Bearer {api_token}"}
+        headers = {"API-TOKEN": api_token}
        response = await client.get("/api/v1/auth/me", headers=headers)

        assert response.status_code == 200
@@ -250,7 +250,7 @@ class TestApiTokenEndpoints:
    @pytest.mark.asyncio
    async def test_api_token_authentication_invalid_token(self, client: AsyncClient):
        """Test authentication with invalid API token."""
-        headers = {"Authorization": "Bearer invalid_token"}
+        headers = {"API-TOKEN": "invalid_token"}
        response = await client.get("/api/v1/auth/me", headers=headers)

        assert response.status_code == 401
@@ -271,7 +271,7 @@ class TestApiTokenEndpoints:

        # Mock expired token
        with patch("app.utils.auth.TokenUtils.is_token_expired", return_value=True):
-            headers = {"Authorization": f"Bearer {api_token}"}
+            headers = {"API-TOKEN": api_token}
            response = await client.get("/api/v1/auth/me", headers=headers)

            assert response.status_code == 401
@@ -279,18 +279,18 @@ class TestApiTokenEndpoints:
            assert "API token has expired" in data["detail"]

    @pytest.mark.asyncio
-    async def test_api_token_authentication_malformed_header(self, client: AsyncClient):
-        """Test authentication with malformed Authorization header."""
-        # Missing Bearer prefix
-        headers = {"Authorization": "invalid_format"}
+    async def test_api_token_authentication_empty_token(self, client: AsyncClient):
+        """Test authentication with empty API-TOKEN header."""
+        # Empty token
+        headers = {"API-TOKEN": ""}
        response = await client.get("/api/v1/auth/me", headers=headers)

        assert response.status_code == 401
        data = response.json()
-        assert "Invalid authorization header format" in data["detail"]
+        assert "Could not validate credentials" in data["detail"]

-        # Empty token
-        headers = {"Authorization": "Bearer "}
+        # Whitespace only token
+        headers = {"API-TOKEN": "   "}
        response = await client.get("/api/v1/auth/me", headers=headers)

        assert response.status_code == 401
@@ -313,7 +313,7 @@ class TestApiTokenEndpoints:
        authenticated_user.is_active = False

        # Try to authenticate with API token
-        headers = {"Authorization": f"Bearer {api_token}"}
+        headers = {"API-TOKEN": api_token}
        response = await client.get("/api/v1/auth/me", headers=headers)

        assert response.status_code == 401
@@ -332,9 +332,9 @@ class TestApiTokenEndpoints:
        )
        api_token = token_response.json()["api_token"]

-        # Set both cookies and Authorization header
+        # Set both cookies and API-TOKEN header
        client.cookies.update(auth_cookies)
-        headers = {"Authorization": f"Bearer {api_token}"}
+        headers = {"API-TOKEN": api_token}

        # This should use API token authentication
        response = await client.get("/api/v1/auth/me", headers=headers)