fbf26453f2
ConsentOS — a privacy-first cookie consent management platform. Self-hosted, source-available alternative to OneTrust, Cookiebot, and CookieYes. Full standards coverage (IAB TCF v2.2, GPP v1, Google Consent Mode v2, GPC, Shopify Customer Privacy API), multi-tenant architecture with role-based access, configuration cascade (system → org → group → site → region), dark-pattern detection in the scanner, and a tamper-evident consent record audit trail. This is the initial public release. Prior development history is retained internally. See README.md for the feature list, architecture overview, and quick-start instructions. Licensed under the Elastic Licence 2.0 — self-host freely; do not resell as a managed service.
105 lines
3.4 KiB
Python
105 lines
3.4 KiB
Python
"""Tests for site group config endpoints."""
|
|
|
|
import uuid
|
|
|
|
import pytest
|
|
|
|
from tests.conftest import requires_db
|
|
|
|
|
|
class TestSiteGroupConfigRoutes:
|
|
"""Unit tests — no database required."""
|
|
|
|
def test_group_config_get_route_registered(self, app):
|
|
routes = [r.path for r in app.routes]
|
|
assert "/api/v1/site-groups/{group_id}/config" in routes
|
|
|
|
def test_group_config_put_route_registered(self, app):
|
|
routes = [r.path for r in app.routes]
|
|
assert "/api/v1/site-groups/{group_id}/config" in routes
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_get_group_config_requires_auth(self, client):
|
|
group_id = uuid.uuid4()
|
|
resp = await client.get(f"/api/v1/site-groups/{group_id}/config")
|
|
assert resp.status_code == 401
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_put_group_config_requires_auth(self, client):
|
|
group_id = uuid.uuid4()
|
|
resp = await client.put(
|
|
f"/api/v1/site-groups/{group_id}/config",
|
|
json={"blocking_mode": "opt_in"},
|
|
)
|
|
assert resp.status_code == 401
|
|
|
|
|
|
class TestSiteGroupConfigIntegration:
|
|
"""Integration tests — require a running PostgreSQL database."""
|
|
|
|
@requires_db
|
|
async def test_create_group_and_get_config(self, db_client, auth_headers):
|
|
# Create a group
|
|
resp = await db_client.post(
|
|
"/api/v1/site-groups/",
|
|
json={"name": f"test-group-{uuid.uuid4().hex[:8]}"},
|
|
headers=auth_headers,
|
|
)
|
|
assert resp.status_code == 201
|
|
group_id = resp.json()["id"]
|
|
|
|
# GET config (auto-creates empty row)
|
|
resp = await db_client.get(
|
|
f"/api/v1/site-groups/{group_id}/config",
|
|
headers=auth_headers,
|
|
)
|
|
assert resp.status_code == 200
|
|
data = resp.json()
|
|
assert data["site_group_id"] == group_id
|
|
assert data["blocking_mode"] is None
|
|
assert data["consent_expiry_days"] is None
|
|
|
|
@requires_db
|
|
async def test_update_group_config(self, db_client, auth_headers):
|
|
# Create a group
|
|
resp = await db_client.post(
|
|
"/api/v1/site-groups/",
|
|
json={"name": f"cfg-group-{uuid.uuid4().hex[:8]}"},
|
|
headers=auth_headers,
|
|
)
|
|
group_id = resp.json()["id"]
|
|
|
|
# PUT config
|
|
resp = await db_client.put(
|
|
f"/api/v1/site-groups/{group_id}/config",
|
|
json={
|
|
"blocking_mode": "opt_out",
|
|
"consent_expiry_days": 90,
|
|
"tcf_enabled": True,
|
|
},
|
|
headers=auth_headers,
|
|
)
|
|
assert resp.status_code == 200
|
|
data = resp.json()
|
|
assert data["blocking_mode"] == "opt_out"
|
|
assert data["consent_expiry_days"] == 90
|
|
assert data["tcf_enabled"] is True
|
|
|
|
# GET confirms persistence
|
|
resp = await db_client.get(
|
|
f"/api/v1/site-groups/{group_id}/config",
|
|
headers=auth_headers,
|
|
)
|
|
data = resp.json()
|
|
assert data["blocking_mode"] == "opt_out"
|
|
assert data["consent_expiry_days"] == 90
|
|
|
|
@requires_db
|
|
async def test_group_config_not_found_for_other_org(self, db_client, auth_headers):
|
|
fake_group_id = str(uuid.uuid4())
|
|
resp = await db_client.get(
|
|
f"/api/v1/site-groups/{fake_group_id}/config",
|
|
headers=auth_headers,
|
|
)
|
|
assert resp.status_code == 404
|