Add test for unauthorized access in news endpoint

arthur-mesquita · dan5e3s6ares · commit a497bb961359 · 2025-10-28T23:12:52.000Z
diff --git a/app/routers/libraries/routes.py b/app/routers/libraries/routes.py
@@ -3,7 +3,6 @@
 from fastapi import APIRouter, Header, HTTPException, Request, status
 from fastapi.params import Depends
 from pydantic import BaseModel
-from services.encryption import encrypt_email
 
 from app.routers.authentication import get_current_active_community
 from app.schemas import Library as LibrarySchema
@@ -20,6 +19,7 @@
 )
 from app.services.database.orm.library_request import insert_library_request
 from app.services.database.orm.subscription import upsert_multiple_subscription
+from app.services.encryption import encrypt_email
 from app.services.limiter import limiter
 
 
diff --git a/tests/conftest.py b/tests/conftest.py
@@ -22,7 +22,7 @@
 # --- Configurações do Banco de Dados em Memória para Testes ---
 # Usamos engine e AsyncSessionLocal apenas para os testes.
 # Isso garante que os testes são isolados e usam o banco de dados em memória.
-TEST_DATABASE_URL = "sqlite+aiosqlite:///:memory:"
+TEST_DATABASE_URL = "sqlite+aiosqlite:////tmp/pynewsdb.db"
 os.environ["ADMIN_USER"] = "ADMIN_USER"
 os.environ["ADMIN_PASSWORD"] = "ADMIN_PASSWORD"
 os.environ["ADMIN_EMAIL"] = "ADMIN_EMAIL"
diff --git a/tests/test_news.py b/tests/test_news.py
@@ -423,3 +423,35 @@ async def test_news_likes_endpoint(
     assert stored_news is not None
     assert stored_news.likes == 0
     assert stored_news.user_email_list == "[]"
+
+
+@pytest.mark.asyncio
+async def test_news_endpoint_blocks_unauthorized_access(
+    async_client: AsyncClient,
+):
+    news_data = {
+        "title": "Test News",
+        "content": "Test news content.",
+        "category": "test_category",
+        "tags": "test_tag",
+        "source_url": "https://example.com/test-news",
+        "social_media_url": "https://test.com/test_news",
+    }
+    response: Response = await async_client.post(
+        url="/api/news", json=news_data
+    )
+    assert response.status_code == status.HTTP_401_UNAUTHORIZED
+
+    response: Response = await async_client.get(url="/api/news")
+    assert response.status_code == status.HTTP_401_UNAUTHORIZED
+
+    response: Response = await async_client.put(
+        url="/api/news/1", json=news_data
+    )
+    assert response.status_code == status.HTTP_401_UNAUTHORIZED
+
+    response: Response = await async_client.post(url="/api/news/1/like")
+    assert response.status_code == status.HTTP_401_UNAUTHORIZED
+
+    response: Response = await async_client.delete(url="/api/news/1/like")
+    assert response.status_code == status.HTTP_401_UNAUTHORIZED
