feat(phase-9): implement MVP polishing and closure

T-032: User management admin panel - backend users router with CRUD, frontend UsersPage with modals T-033: Audit log viewer - backend audit router with filters/pagination, frontend AuditLogPage T-034: Global error handling - ErrorBoundary, LoadingSpinner, ErrorMessage, Toast components T-035: Backend tests - pytest setup with SQLite, tests for health/auth/techniques/tests T-036: Documentation - Updated README with testing section, created docs/API.md
2026-02-06 16:30:35 +01:00
parent cb447f3803
commit 174919da4e
27 changed files with 2539 additions and 17 deletions
--- a/backend/tests/test_techniques.py
+++ b/backend/tests/test_techniques.py
@@ -0,0 +1,128 @@
+"""Tests for technique endpoints."""
+
+import pytest
+
+
+def test_list_techniques_requires_auth(client):
+    """Test that listing techniques requires authentication."""
+    response = client.get("/api/v1/techniques")
+    assert response.status_code == 401
+
+
+def test_list_techniques_empty(client, auth_headers):
+    """Test listing techniques when none exist."""
+    response = client.get("/api/v1/techniques", headers=auth_headers)
+    assert response.status_code == 200
+    assert response.json() == []
+
+
+def test_create_technique_requires_admin(client, red_tech_headers):
+    """Test that creating techniques requires admin role."""
+    response = client.post(
+        "/api/v1/techniques",
+        json={"mitre_id": "T1001", "name": "Test Technique"},
+        headers=red_tech_headers,
+    )
+    assert response.status_code == 403
+
+
+def test_create_technique_success(client, auth_headers):
+    """Test successful technique creation."""
+    response = client.post(
+        "/api/v1/techniques",
+        json={
+            "mitre_id": "T1059",
+            "name": "Command and Scripting Interpreter",
+            "description": "Test description",
+            "tactic": "execution",
+        },
+        headers=auth_headers,
+    )
+    assert response.status_code == 201
+    data = response.json()
+    assert data["mitre_id"] == "T1059"
+    assert data["name"] == "Command and Scripting Interpreter"
+    assert data["status_global"] == "not_evaluated"
+
+
+def test_create_duplicate_technique(client, auth_headers):
+    """Test creating a technique with duplicate mitre_id fails."""
+    # Create first technique
+    client.post(
+        "/api/v1/techniques",
+        json={"mitre_id": "T1001", "name": "First"},
+        headers=auth_headers,
+    )
+    
+    # Try to create duplicate
+    response = client.post(
+        "/api/v1/techniques",
+        json={"mitre_id": "T1001", "name": "Second"},
+        headers=auth_headers,
+    )
+    assert response.status_code == 409
+
+
+def test_get_technique_by_mitre_id(client, auth_headers):
+    """Test getting a single technique by mitre_id."""
+    # Create a technique first
+    client.post(
+        "/api/v1/techniques",
+        json={"mitre_id": "T1059", "name": "Test Technique"},
+        headers=auth_headers,
+    )
+    
+    # Get it by mitre_id
+    response = client.get("/api/v1/techniques/T1059", headers=auth_headers)
+    assert response.status_code == 200
+    assert response.json()["mitre_id"] == "T1059"
+
+
+def test_get_nonexistent_technique(client, auth_headers):
+    """Test getting a non-existent technique returns 404."""
+    response = client.get("/api/v1/techniques/T9999", headers=auth_headers)
+    assert response.status_code == 404
+
+
+def test_update_technique(client, auth_headers):
+    """Test updating a technique."""
+    # Create technique
+    client.post(
+        "/api/v1/techniques",
+        json={"mitre_id": "T1059", "name": "Original Name"},
+        headers=auth_headers,
+    )
+    
+    # Update it
+    response = client.patch(
+        "/api/v1/techniques/T1059",
+        json={"name": "Updated Name", "description": "New description"},
+        headers=auth_headers,
+    )
+    assert response.status_code == 200
+    assert response.json()["name"] == "Updated Name"
+
+
+def test_filter_techniques_by_tactic(client, auth_headers):
+    """Test filtering techniques by tactic."""
+    # Create techniques in different tactics
+    client.post(
+        "/api/v1/techniques",
+        json={"mitre_id": "T1001", "name": "Exec", "tactic": "execution"},
+        headers=auth_headers,
+    )
+    client.post(
+        "/api/v1/techniques",
+        json={"mitre_id": "T1002", "name": "Persist", "tactic": "persistence"},
+        headers=auth_headers,
+    )
+    
+    # Filter by execution
+    response = client.get(
+        "/api/v1/techniques?tactic=execution",
+        headers=auth_headers,
+    )
+    assert response.status_code == 200
+    techniques = response.json()
+    assert len(techniques) == 1
+    assert techniques[0]["mitre_id"] == "T1001"