django-bolt 0.1.0__cp310-abi3-win_amd64.whl

django_bolt/tests/conftest.py

@@ -0,0 +1,165 @@
+"""
+Pytest configuration for Django-Bolt tests.
+
+Ensures Django settings are properly reset between tests.
+Provides utilities for subprocess-based testing.
+"""
+import os
+import pathlib
+import signal
+import socket
+import subprocess
+import sys
+import time
+import logging
+import pytest
+
+# Suppress httpx INFO logs during tests
+logging.getLogger("httpx").setLevel(logging.WARNING)
+
+
+def pytest_configure(config):
+    """Configure Django settings for pytest-django."""
+    import django
+    from django.conf import settings
+
+    # Skip configuration if DJANGO_SETTINGS_MODULE is already set
+    # This allows specific test modules to use their own Django settings
+    if os.getenv("DJANGO_SETTINGS_MODULE"):
+        return
+
+    if not settings.configured:
+        # Configure with all apps including admin to support all tests
+        # The admin apps don't significantly impact non-admin tests
+        settings.configure(
+            DEBUG=True,
+            SECRET_KEY='test-secret-key-global',
+            ALLOWED_HOSTS=['*'],
+            INSTALLED_APPS=[
+                'django.contrib.admin',
+                'django.contrib.auth',
+                'django.contrib.contenttypes',
+                'django.contrib.sessions',
+                'django.contrib.messages',
+                'django.contrib.staticfiles',
+                'django_bolt',
+            ],
+            MIDDLEWARE=[
+                'django.middleware.security.SecurityMiddleware',
+                'django.contrib.sessions.middleware.SessionMiddleware',
+                'django.middleware.common.CommonMiddleware',
+                'django.middleware.csrf.CsrfViewMiddleware',
+                'django.contrib.auth.middleware.AuthenticationMiddleware',
+                'django.contrib.messages.middleware.MessageMiddleware',
+                'django.middleware.clickjacking.XFrameOptionsMiddleware',
+            ],
+            ROOT_URLCONF='django_bolt.tests.admin_tests.urls',
+            TEMPLATES=[
+                {
+                    'BACKEND': 'django.template.backends.django.DjangoTemplates',
+                    'DIRS': [],
+                    'APP_DIRS': True,
+                    'OPTIONS': {
+                        'context_processors': [
+                            'django.template.context_processors.debug',
+                            'django.template.context_processors.request',
+                            'django.contrib.auth.context_processors.auth',
+                            'django.contrib.messages.context_processors.messages',
+                        ],
+                    },
+                },
+            ],
+            DATABASES={
+                'default': {
+                    'ENGINE': 'django.db.backends.sqlite3',
+                    'NAME': ':memory:',
+                }
+            },
+            USE_TZ=True,
+            LANGUAGE_CODE='en-us',
+            TIME_ZONE='UTC',
+            USE_I18N=True,
+            STATIC_URL='/static/',
+            DEFAULT_AUTO_FIELD='django.db.models.BigAutoField',
+        )
+        # Setup Django apps so ExceptionReporter works
+        django.setup()
+
+
+@pytest.fixture(scope='session')
+def django_db_setup(django_db_setup, django_db_blocker):
+    """
+    Ensure database migrations are run before any tests that use the database.
+    This creates the auth_user table and other Django core tables.
+    Also creates test model tables (Article, etc.).
+    """
+    from django.core.management import call_command
+    from django.db import connection
+
+    with django_db_blocker.unblock():
+        # Run migrations to create all necessary tables
+        call_command('migrate', '--run-syncdb', verbosity=0)
+
+        # Create test model tables manually since they're not in migrations
+        with connection.schema_editor() as schema_editor:
+            from django_bolt.tests.test_models import Article
+            schema_editor.create_model(Article)
+
+
+def spawn_process(command):
+    """Spawn a subprocess in a new process group"""
+    import platform
+    if platform.system() == "Windows":
+        process = subprocess.Popen(
+            command,
+            shell=True,
+            creationflags=subprocess.CREATE_NEW_PROCESS_GROUP,
+            stdout=subprocess.PIPE,
+            stderr=subprocess.PIPE
+        )
+    else:
+        process = subprocess.Popen(
+            command,
+            preexec_fn=os.setsid,
+            stdout=subprocess.PIPE,
+            stderr=subprocess.PIPE
+        )
+    return process
+
+
+def kill_process(process):
+    """Kill a subprocess and its process group"""
+    import platform
+    if platform.system() == "Windows":
+        try:
+            process.send_signal(signal.CTRL_BREAK_EVENT)
+        except:
+            pass
+        try:
+            process.kill()
+        except:
+            pass
+    else:
+        try:
+            os.killpg(os.getpgid(process.pid), signal.SIGKILL)
+        except ProcessLookupError:
+            pass
+        except:
+            pass
+
+
+def wait_for_server(host, port, timeout=15):
+    """Wait for server to be reachable"""
+    start_time = time.time()
+    while time.time() - start_time < timeout:
+        try:
+            sock = socket.create_connection((host, port), timeout=2)
+            sock.close()
+            return True
+        except Exception:
+            time.sleep(0.5)
+    return False
+
+
+# Django configuration is now handled by pytest-django
+# via pytest_configure above

django_bolt/tests/test_action_decorator.py

@@ -0,0 +1,399 @@
+"""
+Tests for @action decorator with ViewSets.
+
+This test suite verifies that the @action decorator works correctly:
+- Instance-level actions (detail=True)
+- Collection-level actions (detail=False)
+- Multiple HTTP methods on single action
+- Custom path parameter
+- Auth/guards inheritance from class-level
+"""
+import pytest
+import msgspec
+from django_bolt import BoltAPI, ViewSet, action
+from django_bolt.testing import TestClient
+from .test_models import Article
+
+
+# --- Fixtures ---
+
+@pytest.fixture
+def api():
+    """Create a fresh BoltAPI instance for each test."""
+    return BoltAPI()
+
+
+# --- Schemas ---
+
+class ArticleSchema(msgspec.Struct):
+    """Article schema."""
+    id: int
+    title: str
+    content: str
+
+
+class ArticleCreateSchema(msgspec.Struct):
+    """Schema for creating articles."""
+    title: str
+    content: str
+    author: str
+
+
+# --- Tests ---
+
+@pytest.mark.django_db(transaction=True)
+def test_action_decorator_detail_true(api):
+    """Test @action with detail=True (instance-level action)."""
+
+    @api.viewset("/articles")
+    class ArticleViewSet(ViewSet):
+        queryset = Article.objects.all()
+        serializer_class = ArticleSchema
+
+        async def list(self, request):
+            """List articles."""
+            articles = []
+            async for article in await self.get_queryset():
+                articles.append(ArticleSchema(
+                    id=article.id,
+                    title=article.title,
+                    content=article.content
+                ))
+            return articles
+
+        async def retrieve(self, request, pk: int):
+            """Retrieve single article."""
+            article = await self.get_object(pk)
+            return ArticleSchema(
+                id=article.id,
+                title=article.title,
+                content=article.content
+            )
+
+        @action(methods=["POST"], detail=True)
+        async def publish(self, request, pk: int):
+            """Publish an article. POST /articles/{pk}/publish"""
+            article = await self.get_object(pk)
+            article.is_published = True
+            await article.asave()
+            return {"published": True, "article_id": pk}
+
+    # Create test article
+    article = Article.objects.create(
+        title="Test Article",
+        content="Test content",
+        author="Test Author",
+        is_published=False
+    )
+
+    client = TestClient(api)
+
+    # Test the custom action
+    response = client.post(f"/articles/{article.id}/publish")
+    assert response.status_code == 200
+    data = response.json()
+    assert data["published"] is True
+    assert data["article_id"] == article.id
+
+    # Verify article was published
+    article.refresh_from_db()
+    assert article.is_published is True
+
+
+@pytest.mark.django_db(transaction=True)
+def test_action_decorator_detail_false(api):
+    """Test @action with detail=False (collection-level action)."""
+
+    @api.viewset("/articles")
+    class ArticleViewSet(ViewSet):
+        queryset = Article.objects.all()
+        serializer_class = ArticleSchema
+
+        async def list(self, request):
+            """List articles."""
+            articles = []
+            async for article in await self.get_queryset():
+                articles.append(ArticleSchema(
+                    id=article.id,
+                    title=article.title,
+                    content=article.content
+                ))
+            return articles
+
+        @action(methods=["GET"], detail=False)
+        async def published(self, request):
+            """Get published articles. GET /articles/published"""
+            articles = []
+            async for article in Article.objects.filter(is_published=True):
+                articles.append(ArticleSchema(
+                    id=article.id,
+                    title=article.title,
+                    content=article.content
+                ))
+            return articles
+
+    # Create test articles
+    Article.objects.create(
+        title="Published 1",
+        content="Content 1",
+        author="Author 1",
+        is_published=True
+    )
+    Article.objects.create(
+        title="Draft",
+        content="Content 2",
+        author="Author 2",
+        is_published=False
+    )
+    Article.objects.create(
+        title="Published 2",
+        content="Content 3",
+        author="Author 3",
+        is_published=True
+    )
+
+    client = TestClient(api)
+
+    # Test the custom action
+    response = client.get("/articles/published")
+    assert response.status_code == 200
+    data = response.json()
+    assert len(data) == 2
+    assert all(article["title"].startswith("Published") for article in data)
+
+
+@pytest.mark.django_db(transaction=True)
+def test_action_decorator_multiple_methods(api):
+    """Test @action with multiple HTTP methods."""
+
+    class StatusUpdate(msgspec.Struct):
+        """Schema for status update."""
+        is_published: bool
+
+    @api.viewset("/articles")
+    class ArticleViewSet(ViewSet):
+        queryset = Article.objects.all()
+        serializer_class = ArticleSchema
+
+        async def list(self, request):
+            """List articles."""
+            return []
+
+        @action(methods=["GET"], detail=True, path="status")
+        async def get_status(self, request, pk: int):
+            """GET /articles/{pk}/status - Get article status"""
+            article = await self.get_object(pk)
+            return {"is_published": article.is_published}
+
+        @action(methods=["POST"], detail=True, path="status")
+        async def update_status(self, request, pk: int, data: StatusUpdate):
+            """POST /articles/{pk}/status - Update article status"""
+            article = await self.get_object(pk)
+            article.is_published = data.is_published
+            await article.asave()
+            return {"updated": True, "is_published": article.is_published}
+
+    # Create test article
+    article = Article.objects.create(
+        title="Test Article",
+        content="Test content",
+        author="Test Author",
+        is_published=False
+    )
+
+    client = TestClient(api)
+
+    # Test GET
+    response = client.get(f"/articles/{article.id}/status")
+    assert response.status_code == 200
+    data = response.json()
+    assert data["is_published"] is False
+
+    # Test POST
+    response = client.post(f"/articles/{article.id}/status", json={"is_published": True})
+    assert response.status_code == 200
+    data = response.json()
+    assert data["updated"] is True
+    assert data["is_published"] is True
+
+
+@pytest.mark.django_db(transaction=True)
+def test_action_decorator_custom_path(api):
+    """Test @action with custom path parameter."""
+
+    @api.viewset("/articles")
+    class ArticleViewSet(ViewSet):
+        queryset = Article.objects.all()
+        serializer_class = ArticleSchema
+
+        async def list(self, request):
+            """List articles."""
+            return []
+
+        @action(methods=["POST"], detail=True, path="custom-action-name")
+        async def some_method_name(self, request, pk: int):
+            """POST /articles/{pk}/custom-action-name"""
+            return {"action": "custom-action-name", "article_id": pk}
+
+    client = TestClient(api)
+
+    # Create test article
+    article = Article.objects.create(
+        title="Test Article",
+        content="Test content",
+        author="Test Author"
+    )
+
+    # Test custom path (not method name)
+    response = client.post(f"/articles/{article.id}/custom-action-name")
+    assert response.status_code == 200
+    data = response.json()
+    assert data["action"] == "custom-action-name"
+    assert data["article_id"] == article.id
+
+
+@pytest.mark.django_db(transaction=True)
+def test_action_decorator_with_api_view_raises_error(api):
+    """Test that @action raises error when used with api.view() instead of api.viewset()."""
+
+    # This should raise an error because api.view() doesn't support @action
+    with pytest.raises(ValueError, match="uses @action decorator.*api.viewset"):
+        @api.view("/articles", methods=["GET"])
+        class ArticleViewSet(ViewSet):
+            async def get(self, request):
+                return []
+
+            @action(methods=["POST"], detail=False)
+            async def custom_action(self, request):
+                return {"ok": True}
+
+
+@pytest.mark.django_db(transaction=True)
+def test_action_decorator_defaults_to_function_name(api):
+    """Test that @action uses function name as default path."""
+
+    @api.viewset("/articles")
+    class ArticleViewSet(ViewSet):
+        queryset = Article.objects.all()
+        serializer_class = ArticleSchema
+
+        async def list(self, request):
+            """List articles."""
+            return []
+
+        @action(methods=["POST"], detail=True)
+        async def archive(self, request, pk: int):
+            """POST /articles/{pk}/archive"""
+            return {"archived": True, "article_id": pk}
+
+    client = TestClient(api)
+
+    # Create test article
+    article = Article.objects.create(
+        title="Test Article",
+        content="Test content",
+        author="Test Author"
+    )
+
+    # Test action at /articles/{pk}/archive (function name)
+    response = client.post(f"/articles/{article.id}/archive")
+    assert response.status_code == 200
+    data = response.json()
+    assert data["archived"] is True
+    assert data["article_id"] == article.id
+
+
+@pytest.mark.django_db(transaction=True)
+def test_action_decorator_with_query_params(api):
+    """Test @action with query parameters."""
+
+    @api.viewset("/articles")
+    class ArticleViewSet(ViewSet):
+        queryset = Article.objects.all()
+        serializer_class = ArticleSchema
+
+        async def list(self, request):
+            """List articles."""
+            return []
+
+        @action(methods=["GET"], detail=False)
+        async def search(self, request, query: str, limit: int = 10):
+            """GET /articles/search?query=xxx&limit=5"""
+            articles = []
+            async for article in Article.objects.filter(title__icontains=query)[:limit]:
+                articles.append(ArticleSchema(
+                    id=article.id,
+                    title=article.title,
+                    content=article.content
+                ))
+            return {"query": query, "limit": limit, "results": articles}
+
+    # Create test articles
+    Article.objects.create(title="Python Guide", content="Content", author="Author")
+    Article.objects.create(title="Django Tutorial", content="Content", author="Author")
+    Article.objects.create(title="Python Basics", content="Content", author="Author")
+
+    client = TestClient(api)
+
+    # Test with query params
+    response = client.get("/articles/search?query=Python&limit=5")
+    assert response.status_code == 200
+    data = response.json()
+    assert data["query"] == "Python"
+    assert data["limit"] == 5
+    assert len(data["results"]) == 2
+
+
+@pytest.mark.django_db(transaction=True)
+def test_action_decorator_invalid_method(api):
+    """Test that @action raises error for invalid HTTP methods."""
+
+    with pytest.raises(ValueError, match="Invalid HTTP method"):
+        @action(methods=["INVALID"], detail=True)
+        async def some_action(self, request, pk: int):
+            pass
+
+
+@pytest.mark.django_db(transaction=True)
+def test_action_decorator_with_different_lookup_fields(api):
+    """Test @action respects custom lookup_field."""
+
+    @api.viewset("/articles")
+    class ArticleViewSet(ViewSet):
+        queryset = Article.objects.all()
+        serializer_class = ArticleSchema
+        lookup_field = 'id'  # Explicitly set to 'id' instead of default 'pk'
+
+        async def list(self, request):
+            """List articles."""
+            return []
+
+        async def retrieve(self, request, id: int):
+            """Retrieve article by id."""
+            article = await self.get_object(id=id)
+            return ArticleSchema(
+                id=article.id,
+                title=article.title,
+                content=article.content
+            )
+
+        @action(methods=["POST"], detail=True)
+        async def feature(self, request, id: int):
+            """POST /articles/{id}/feature"""
+            return {"featured": True, "article_id": id}
+
+    client = TestClient(api)
+
+    # Create test article
+    article = Article.objects.create(
+        title="Test Article",
+        content="Test content",
+        author="Test Author"
+    )
+
+    # Test action with custom lookup field
+    response = client.post(f"/articles/{article.id}/feature")
+    assert response.status_code == 200
+    data = response.json()
+    assert data["featured"] is True
+    assert data["article_id"] == article.id

django_bolt/tests/test_auth_secret_key.py

@@ -0,0 +1,83 @@
+"""
+Test that JWT authentication uses Django SECRET_KEY when not specified
+"""
+import pytest
+from django_bolt import BoltAPI
+from django_bolt.auth import JWTAuthentication
+from django_bolt.auth import IsAuthenticated
+
+
+def test_jwt_auth_uses_django_secret_key():
+    """Test that JWTAuthentication uses Django SECRET_KEY when secret not provided"""
+    # Django is already configured by pytest-django with SECRET_KEY='test-secret-key-global'
+    from django.conf import settings
+
+    # Create JWT auth without explicit secret
+    auth = JWTAuthentication()  # No secret specified
+
+    # Should use Django's SECRET_KEY
+    assert auth.secret == settings.SECRET_KEY
+    print("✓ JWTAuthentication uses Django SECRET_KEY when not specified")
+
+
+def test_jwt_auth_explicit_secret_overrides():
+    """Test that explicit secret overrides Django SECRET_KEY"""
+    from django.conf import settings
+
+    # Create with explicit secret
+    auth = JWTAuthentication(secret="custom-secret")
+
+    # Should use the explicit secret, not Django's
+    assert auth.secret == 'custom-secret'
+    assert auth.secret != settings.SECRET_KEY
+    print("✓ Explicit secret overrides Django SECRET_KEY")
+
+
+def test_route_with_django_secret():
+    """Test that route-level auth uses Django SECRET_KEY"""
+    from django.conf import settings
+
+    api = BoltAPI()
+
+    @api.get(
+        "/protected",
+        auth=[JWTAuthentication()],  # No secret - should use Django's
+        guards=[IsAuthenticated()]
+    )
+    async def protected_endpoint():
+        return {"message": "Protected"}
+
+    # Check that metadata has Django SECRET_KEY
+    handler_id = 0
+    if handler_id in api._handler_middleware:
+        metadata = api._handler_middleware[handler_id]
+        auth_backends = metadata.get('auth_backends', [])
+        assert len(auth_backends) > 0
+        assert auth_backends[0]['secret'] == settings.SECRET_KEY
+        print("✓ Route-level JWT auth uses Django SECRET_KEY")
+
+
+def test_global_auth_with_django_secret():
+    """Test global auth configuration with Django SECRET_KEY"""
+    from django.conf import settings
+
+    # Set auth classes (settings already configured by pytest-django)
+    settings.BOLT_AUTHENTICATION_CLASSES = [
+        JWTAuthentication()  # No secret - should use Django's
+    ]
+
+    from django_bolt.auth import get_default_authentication_classes
+
+    auth_classes = get_default_authentication_classes()
+    assert len(auth_classes) > 0
+    assert auth_classes[0].secret == settings.SECRET_KEY
+    print("✓ Global auth configuration uses Django SECRET_KEY")
+
+
+if __name__ == "__main__":
+    test_jwt_auth_uses_django_secret_key()
+    test_jwt_auth_explicit_secret_overrides()
+    test_route_with_django_secret()
+    test_global_auth_with_django_secret()
+
+    print("\n✅ All Django SECRET_KEY integration tests passed!")