alexei.dolgolyov/personal-ai-assistant
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fed6a3df1b4493d582da8b1997a848a7fa5e4d94
personal-ai-assistant/backend/tests/test_pdf.py
dolgolyov.alexei fed6a3df1b Phase 6: PDF & Polish — PDF generation, admin users/settings, AI tool 
Backend:
- Setting + GeneratedPdf models, Alembic migration with default settings seed
- PDF generation service (WeasyPrint + Jinja2 with autoescape)
- Health report HTML template with memory entries + document excerpts
- Admin user management: list, create, update (role/max_chats/is_active)
- Admin settings: self_registration_enabled, default_max_chats
- Self-registration check wired into auth register endpoint
- default_max_chats applied to new user registrations
- AI tool: generate_pdf creates health compilation PDFs
- PDF compile/list/download API endpoints
- WeasyPrint system deps added to Dockerfile

Frontend:
- PDF reports page with generate + download
- Admin users page with create/edit/activate/deactivate
- Admin settings page with self-registration toggle + max chats
- Extended sidebar with PDF reports + admin users/settings links
- English + Russian translations for all new UI

Review fixes applied:
- Jinja2 autoescape enabled (XSS prevention in PDFs)
- db.refresh after flush (created_at populated correctly)
- storage_path removed from API response (no internal path leak)
- Role field uses Literal["user", "admin"] validation
- React hooks called before conditional returns (rules of hooks)
- default_max_chats setting now applied during registration

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 14:37:43 +03:00

46 lines
1.5 KiB
Python
Raw Blame History

import pytest
from httpx import AsyncClient
@pytest.fixture
async def auth_headers(client: AsyncClient):
resp = await client.post("/api/v1/auth/register", json={
"email": "pdfuser@example.com",
"username": "pdfuser",
"password": "testpass123",
})
assert resp.status_code == 201
return {"Authorization": f"Bearer {resp.json()['access_token']}"}
async def test_compile_pdf(client: AsyncClient, auth_headers: dict):
resp = await client.post("/api/v1/pdf/compile", json={
"title": "My Health Report",
}, headers=auth_headers)
assert resp.status_code == 201
data = resp.json()
assert data["title"] == "My Health Report"
async def test_list_pdfs(client: AsyncClient, auth_headers: dict):
await client.post("/api/v1/pdf/compile", json={"title": "Test"}, headers=auth_headers)
resp = await client.get("/api/v1/pdf/", headers=auth_headers)
assert resp.status_code == 200
assert len(resp.json()["pdfs"]) >= 1
async def test_pdf_ownership_isolation(client: AsyncClient, auth_headers: dict):
resp = await client.post("/api/v1/pdf/compile", json={"title": "Private"}, headers=auth_headers)
pdf_id = resp.json()["id"]
resp2 = await client.post("/api/v1/auth/register", json={
"email": "pdfother@example.com",
"username": "pdfother",
"password": "testpass123",
})
other_headers = {"Authorization": f"Bearer {resp2.json()['access_token']}"}
resp = await client.get(f"/api/v1/pdf/{pdf_id}/download", headers=other_headers)
assert resp.status_code == 404
Reference in New Issue View Git Blame Copy Permalink