mcp-security-framework 1.1.0__py3-none-any.whl → 1.1.1__py3-none-any.whl

tests/test_integration/test_fastapi_integration.py

@@ -11,25 +11,30 @@ License: MIT
 """
 
 import json
-import tempfile
 import os
-from unittest.mock import patch, MagicMock
-from typing import Dict, Any
+import tempfile
+from typing import Any, Dict
+from unittest.mock import MagicMock, patch
 
 import pytest
-from fastapi.testclient import TestClient
 from cryptography import x509
 from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import rsa
+from fastapi.testclient import TestClient
 
-from mcp_security_framework.examples.fastapi_example import FastAPISecurityExample
 from mcp_security_framework.core.security_manager import SecurityManager
-from mcp_security_framework.schemas.config import SecurityConfig, AuthConfig, RateLimitConfig, SSLConfig
+from mcp_security_framework.examples.fastapi_example import FastAPISecurityExample
+from mcp_security_framework.schemas.config import (
+    AuthConfig,
+    RateLimitConfig,
+    SecurityConfig,
+    SSLConfig,
+)
 
 
 class TestFastAPIIntegration:
     """Integration tests for FastAPI with security framework."""
-    
+
     def setup_method(self):
         """Set up test fixtures before each test method."""
         # Create temporary configuration
@@ -40,237 +45,232 @@ class TestFastAPIIntegration:
                 "api_keys": {
                     "admin_key_123": {"username": "admin", "roles": ["admin", "user"]},
                     "user_key_456": {"username": "user", "roles": ["user"]},
-                    "readonly_key_789": {"username": "readonly", "roles": ["readonly"]}
+                    "readonly_key_789": {"username": "readonly", "roles": ["readonly"]},
                 },
-                "public_paths": ["/health", "/metrics"]
-            },
-            "rate_limit": {
-                "enabled": True,
-                "default_requests_per_minute": 100
+                "public_paths": ["/health", "/metrics"],
             },
-            "ssl": {
-                "enabled": False
-            },
-            "permissions": {
-                "enabled": True,
-                "roles_file": "test_roles.json"
-            },
-            "certificates": {
-                "enabled": False
-            },
-            "logging": {
-                "level": "INFO",
-                "format": "standard"
-            }
+            "rate_limit": {"enabled": True, "default_requests_per_minute": 100},
+            "ssl": {"enabled": False},
+            "permissions": {"enabled": True, "roles_file": "test_roles.json"},
+            "certificates": {"enabled": False},
+            "logging": {"level": "INFO", "format": "standard"},
         }
-        
+
         # Create temporary config file
-        self.config_fd, self.config_path = tempfile.mkstemp(suffix='.json')
-        with os.fdopen(self.config_fd, 'w') as f:
+        self.config_fd, self.config_path = tempfile.mkstemp(suffix=".json")
+        with os.fdopen(self.config_fd, "w") as f:
             json.dump(self.test_config, f)
-        
+
         # Create temporary roles file
         self.roles_config = {
             "roles": {
                 "admin": {
-                    "permissions": ["read:own", "write:own", "delete:own", "admin", "*"],
-                    "description": "Administrator role"
+                    "permissions": [
+                        "read:own",
+                        "write:own",
+                        "delete:own",
+                        "admin",
+                        "*",
+                    ],
+                    "description": "Administrator role",
                 },
                 "user": {
                     "permissions": ["read:own", "write:own"],
-                    "description": "Regular user role"
+                    "description": "Regular user role",
                 },
                 "readonly": {
                     "permissions": ["read:own"],
-                    "description": "Read-only user role"
-                }
+                    "description": "Read-only user role",
+                },
             }
         }
-        
-        self.roles_fd, self.roles_path = tempfile.mkstemp(suffix='.json')
-        with os.fdopen(self.roles_fd, 'w') as f:
+
+        self.roles_fd, self.roles_path = tempfile.mkstemp(suffix=".json")
+        with os.fdopen(self.roles_fd, "w") as f:
             json.dump(self.roles_config, f)
-        
+
         # Update config to use roles file
         self.test_config["permissions"]["roles_file"] = self.roles_path
-        
+
         # Recreate config file with updated roles path
-        with open(self.config_path, 'w') as f:
+        with open(self.config_path, "w") as f:
             json.dump(self.test_config, f)
-    
+
     def teardown_method(self):
         """Clean up after each test method."""
         # Remove temporary files
-        if hasattr(self, 'config_path') and os.path.exists(self.config_path):
+        if hasattr(self, "config_path") and os.path.exists(self.config_path):
             os.unlink(self.config_path)
-        if hasattr(self, 'roles_path') and os.path.exists(self.roles_path):
+        if hasattr(self, "roles_path") and os.path.exists(self.roles_path):
             os.unlink(self.roles_path)
-    
+
     def test_fastapi_full_integration(self):
         """Test complete FastAPI integration with security framework."""
         # Create FastAPI example
         example = FastAPISecurityExample(config_path=self.config_path)
-        
+
         # Test that the app is properly configured
         assert example.app is not None
-        assert hasattr(example.app, 'add_middleware')
-        
+        assert hasattr(example.app, "add_middleware")
+
         # Test that security manager is configured
         assert example.security_manager is not None
         assert isinstance(example.security_manager, SecurityManager)
-        
+
         # Test that configuration is loaded
         assert example.config is not None
         assert example.config.auth.enabled is True
         assert example.config.rate_limit.enabled is True
-    
+
     def test_fastapi_authentication_flow(self):
         """Test complete authentication flow in FastAPI."""
         example = FastAPISecurityExample(config_path=self.config_path)
         client = TestClient(example.app)
-        
+
         # Test unauthenticated access to protected endpoint
         response = client.get("/api/v1/users/me")
         assert response.status_code == 401
-        
+
         # Test authenticated access with valid API key
         headers = {"X-API-Key": "admin_key_123"}
         response = client.get("/api/v1/users/me", headers=headers)
         assert response.status_code == 200  # Should be authenticated
-        
+
         # Test authenticated access with different user
         headers = {"X-API-Key": "user_key_456"}
         response = client.get("/api/v1/users/me", headers=headers)
         assert response.status_code == 200  # User should be authenticated
-    
+
     def test_fastapi_authorization_flow(self):
         """Test complete authorization flow in FastAPI."""
         example = FastAPISecurityExample(config_path=self.config_path)
         client = TestClient(example.app)
-        
+
         # Test admin access to admin-only endpoint
         headers = {"X-API-Key": "admin_key_123"}
         response = client.get("/admin/users", headers=headers)
         assert response.status_code == 200  # Admin should have access
-        
+
         # Test regular user access to admin-only endpoint (should be denied)
         headers = {"X-API-Key": "user_key_456"}
         response = client.get("/admin/users", headers=headers)
         assert response.status_code == 403  # User should be denied admin access
-        
-                # Test readonly user access to data endpoint (should be allowed for read)
+
+        # Test readonly user access to data endpoint (should be allowed for read)
         headers = {"X-API-Key": "readonly_key_789"}
         response = client.get("/api/v1/data", headers=headers)
         assert response.status_code == 200  # Readonly user should have read access
-    
+
     def test_fastapi_rate_limiting(self):
         """Test rate limiting in FastAPI."""
         example = FastAPISecurityExample(config_path=self.config_path)
         client = TestClient(example.app)
-        
+
         headers = {"X-API-Key": "user_key_456"}
-        
+
         # Make multiple requests to trigger rate limiting
         responses = []
         for i in range(105):  # Exceed the 100 requests per minute limit
             response = client.get("/api/v1/users/me", headers=headers)
             responses.append(response.status_code)
-        
+
         # Check that some requests were rate limited
         # Note: Rate limiting may not be triggered in test environment
         # but the requests should still be processed
         assert len(responses) == 105, "All requests should be processed"
-        assert all(status in [200, 429] for status in responses), "Responses should be either 200 or 429"
-    
+        assert all(
+            status in [200, 429] for status in responses
+        ), "Responses should be either 200 or 429"
+
     def test_fastapi_ssl_integration(self):
         """Test SSL/TLS integration in FastAPI."""
         # Create config with SSL enabled
         ssl_config = self.test_config.copy()
-        ssl_config["ssl"] = {
-            "enabled": False  # Disable SSL for testing
-        }
-        
+        ssl_config["ssl"] = {"enabled": False}  # Disable SSL for testing
+
         # Create temporary SSL config file
-        ssl_config_fd, ssl_config_path = tempfile.mkstemp(suffix='.json')
-        with os.fdopen(ssl_config_fd, 'w') as f:
+        ssl_config_fd, ssl_config_path = tempfile.mkstemp(suffix=".json")
+        with os.fdopen(ssl_config_fd, "w") as f:
             json.dump(ssl_config, f)
-        
+
         try:
             # Mock SSL context creation to avoid file requirements
-            with patch('mcp_security_framework.core.ssl_manager.SSLManager.create_server_context') as mock_ssl:
+            with patch(
+                "mcp_security_framework.core.ssl_manager.SSLManager.create_server_context"
+            ) as mock_ssl:
                 mock_ssl.return_value = MagicMock()
-                
+
                 example = FastAPISecurityExample(config_path=ssl_config_path)
-                
+
                 # Test that SSL is configured
                 assert example.config.ssl.enabled is False  # SSL disabled for testing
-                
+
         finally:
             os.unlink(ssl_config_path)
-    
+
     def test_fastapi_error_handling(self):
         """Test error handling in FastAPI integration."""
         example = FastAPISecurityExample(config_path=self.config_path)
         client = TestClient(example.app)
-        
+
         # Test invalid API key
         headers = {"X-API-Key": "invalid_key"}
         response = client.get("/api/v1/users/me", headers=headers)
         assert response.status_code == 401
-        
+
         # Test malformed request
         headers = {"X-API-Key": "admin_key_123"}
         response = client.get("/api/v1/data", headers=headers)
         assert response.status_code == 200  # Should succeed with valid auth
-    
+
     def test_fastapi_health_and_metrics(self):
         """Test health check and metrics endpoints."""
         example = FastAPISecurityExample(config_path=self.config_path)
         client = TestClient(example.app)
-        
+
         # Test health check
         response = client.get("/health")
         assert response.status_code == 200
         data = response.json()
         assert "status" in data
         assert data["status"] == "healthy"
-        
+
         # Test metrics
         response = client.get("/metrics")
         assert response.status_code == 200
         data = response.json()
         assert "metrics" in data  # The actual response structure has "metrics" wrapper
         assert "framework" in data
-    
+
     def test_fastapi_data_operations(self):
         """Test data operations with security."""
         example = FastAPISecurityExample(config_path=self.config_path)
         client = TestClient(example.app)
-        
+
         headers = {"X-API-Key": "admin_key_123"}
-        
+
         # Get data
         create_response = client.get("/api/v1/data", headers=headers)
 
         assert create_response.status_code == 200  # Should succeed with valid auth
         data = create_response.json()
         assert "message" in data  # The actual response contains "message"
-        
+
         # Retrieve data (using the general data endpoint since there's no specific ID endpoint)
         get_response = client.get("/api/v1/data", headers=headers)
         assert get_response.status_code == 200
         retrieved_data = get_response.json()
         assert "data" in retrieved_data
-    
+
     def test_fastapi_middleware_integration(self):
         """Test that security middleware is properly integrated."""
         example = FastAPISecurityExample(config_path=self.config_path)
-        
+
         # Check that middleware is configured
         # Note: In test environment, middleware setup is skipped
         # but we can verify the app structure
-        assert hasattr(example.app, 'user_middleware')
-        
+        assert hasattr(example.app, "user_middleware")
+
         # Test that routes are properly configured
         routes = [route.path for route in example.app.routes]
         expected_routes = [
@@ -278,58 +278,55 @@ class TestFastAPIIntegration:
             "/metrics",
             "/admin/users",
             "/api/v1/users/me",
-            "/api/v1/data"
+            "/api/v1/data",
         ]
-        
+
         for route in expected_routes:
             assert route in routes, f"Route {route} not found in app routes"
-    
+
     def test_fastapi_configuration_validation(self):
         """Test configuration validation in FastAPI integration."""
         # Test with invalid configuration
-        invalid_config = {
-            "auth": {
-                "enabled": True,
-                "methods": ["invalid_method"]
-            }
-        }
-        
-        invalid_config_fd, invalid_config_path = tempfile.mkstemp(suffix='.json')
-        with os.fdopen(invalid_config_fd, 'w') as f:
+        invalid_config = {"auth": {"enabled": True, "methods": ["invalid_method"]}}
+
+        invalid_config_fd, invalid_config_path = tempfile.mkstemp(suffix=".json")
+        with os.fdopen(invalid_config_fd, "w") as f:
             json.dump(invalid_config, f)
-        
+
         try:
             # Should raise validation error
             with pytest.raises(Exception):
                 FastAPISecurityExample(config_path=invalid_config_path)
         finally:
             os.unlink(invalid_config_path)
-    
+
     def test_fastapi_performance_benchmark(self):
         """Test performance of FastAPI integration."""
         example = FastAPISecurityExample(config_path=self.config_path)
         client = TestClient(example.app)
-        
+
         headers = {"X-API-Key": "user_key_456"}
-        
+
         import time
-        
+
         # Benchmark health check endpoint
         start_time = time.time()
         for _ in range(100):
             response = client.get("/health")
             assert response.status_code == 200
         end_time = time.time()
-        
+
         avg_time = (end_time - start_time) / 100
         assert avg_time < 0.01, f"Health check too slow: {avg_time:.4f}s per request"
-        
+
         # Benchmark authenticated endpoint
         start_time = time.time()
         for _ in range(50):
             response = client.get("/api/v1/users/me", headers=headers)
             assert response.status_code == 200  # Should be authenticated
         end_time = time.time()
-        
+
         avg_time = (end_time - start_time) / 50
-        assert avg_time < 0.02, f"Authenticated endpoint too slow: {avg_time:.4f}s per request"
+        assert (
+            avg_time < 0.02
+        ), f"Authenticated endpoint too slow: {avg_time:.4f}s per request"