Fork: 0
root / gnexus-creds
Transfer to URL with SHA Find file
Newer
Older
gnexus-creds / tests / test_config.py
@Eugene Sukhodolskiy Eugene Sukhodolskiy 4 days ago 2 KB Add official MCP transport and production hardening
Raw Blame History 
import pytest
from pydantic import ValidationError

from gnexus_creds.config import Settings


def test_production_rejects_unsafe_defaults():
    with pytest.raises(ValidationError, match="Unsafe production defaults"):
        Settings(
            env="production",
            database_url="postgresql+psycopg://user:pass@postgres:5432/db",
            master_key="change-me-to-a-32-byte-url-safe-key",
            session_secret="change-me",
            auth_client_id="gnexus-creds",
            auth_client_secret="change-me",
            auth_webhook_secret="change-me",
            auth_base_url="https://auth.gnexus.space",
            auth_redirect_uri="https://creds.gnexus.space/auth/callback",
            mcp_resource_url="https://creds.gnexus.space/mcp-protocol/",
        )


def test_production_rejects_sqlite_database():
    with pytest.raises(ValidationError, match="PostgreSQL"):
        Settings(
            env="production",
            database_url="sqlite+pysqlite:///prod.sqlite",
            master_key="prod-master-key-prod-master-key",
            session_secret="prod-session-secret",
            auth_client_id="prod-client",
            auth_client_secret="prod-client-secret",
            auth_webhook_secret="prod-webhook-secret",
            auth_base_url="https://auth.gnexus.space",
            auth_redirect_uri="https://creds.gnexus.space/auth/callback",
            mcp_resource_url="https://creds.gnexus.space/mcp-protocol/",
        )


def test_production_requires_https_urls():
    with pytest.raises(ValidationError, match="https"):
        Settings(
            env="production",
            database_url="postgresql+psycopg://user:pass@postgres:5432/db",
            master_key="prod-master-key-prod-master-key",
            session_secret="prod-session-secret",
            auth_client_id="prod-client",
            auth_client_secret="prod-client-secret",
            auth_webhook_secret="prod-webhook-secret",
            auth_base_url="http://auth.gnexus.space",
            auth_redirect_uri="https://creds.gnexus.space/auth/callback",
            mcp_resource_url="https://creds.gnexus.space/mcp-protocol/",
        )