giorgio/read.markets
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

email: tighten unsubscribe — test isolation, accurate comments, tighter assertion

Browse source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Giorgio Gilestro 2026-05-25 23:10:29 +02:00
parent a292289dc6
commit 0a476bed22
2 changed files with 13 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

19
tests/test_email_unsubscribe.py
View file

@ -4,9 +4,8 @@ from __future__ import annotations
import asyncio
def _build_app(tmp_path, secret="rt-secret-32-bytes-or-so-padding-here"):
import os
os.environ["CASSANDRA_SESSION_SECRET"] = secret
def _build_app(tmp_path, monkeypatch, secret="rt-secret-32-bytes-or-so-padding-here"):
monkeypatch.setenv("CASSANDRA_SESSION_SECRET", secret)
from fastapi import FastAPI
from fastapi.testclient import TestClient
@ -48,8 +47,8 @@ def test_sign_and_verify_token_roundtrip(monkeypatch):
assert verify_unsubscribe_token("garbage") is None
def test_get_unsubscribe_flips_flag(tmp_path):
client = _build_app(tmp_path)
def test_get_unsubscribe_flips_flag(tmp_path, monkeypatch):
client = _build_app(tmp_path, monkeypatch)
from app.routers.email import sign_unsubscribe_token
tok = sign_unsubscribe_token(42)
r = client.get(f"/email/unsubscribe?token={tok}")
@ -65,16 +64,16 @@ def test_get_unsubscribe_flips_flag(tmp_path):
asyncio.run(_check())
def test_get_unsubscribe_invalid_token_returns_generic_page(tmp_path):
client = _build_app(tmp_path)
def test_get_unsubscribe_invalid_token_returns_generic_page(tmp_path, monkeypatch):
client = _build_app(tmp_path, monkeypatch)
r = client.get("/email/unsubscribe?token=garbage")
# We don't 4xx — that would leak token validity. Show the generic page.
assert r.status_code == 200
assert "unsubscribed" in r.text.lower() or "preferences" in r.text.lower()
assert "you're unsubscribed" in r.text.lower()
def test_replay_is_idempotent(tmp_path):
client = _build_app(tmp_path)
def test_replay_is_idempotent(tmp_path, monkeypatch):
client = _build_app(tmp_path, monkeypatch)
from app.routers.email import sign_unsubscribe_token
tok = sign_unsubscribe_token(42)
r1 = client.get(f"/email/unsubscribe?token={tok}")