Sharing Service Tests
Overview
Integration tests for the sharing-service, testing the complete lifecycle of device sharing, invitations, and permission management against a live service.
Running Tests
cd /backend
make test sharing
Test Configuration
- Auth URL:
http://localhost:80/api/auth(via gateway) - Device URL:
http://localhost:80/api/devices(via gateway) - Sharing URL:
http://localhost:80/api/sharing(via gateway) - Database: Direct PostgreSQL connection for test setup/cleanup
- Email Domain:
@test.vislagps.com(generated per test)
Test Flows
| Test Class | Description |
|---|---|
TestHealth | health check returns 200 |
TestShareAndAcceptFlow | owner shares → target accepts → target sees device |
TestSharePermissions | share with specific perms → owner updates perms → target perms change |
TestRevokeShare | owner revokes → target loses access (403) |
TestLeaveDevice | target leaves → target loses access (403) |
TestCannotShareWithSelf | owner cannot share with self (400) |
TestCannotShareTwice | duplicate share returns 409 Conflict |
TestNonOwnerCannotShare | shared user cannot share with others (403) |
TestCancelInvite | owner cancels invite → target cannot accept (404) |
TestOwnerCannotLeave | owner cannot leave their own device (400) |
TestShareNonExistentUser | share with non-existent email returns 404 |
Helper Functions
Located in tests/helpers.py:
Database Setup
| Function | Description |
|---|---|
create_user(role, email?, password?) | Create user directly in DB |
delete_user(user_id) | Delete user and their device links |
create_device_for_user(user_id, ...) | Create device and link to user (owner) |
delete_device(device_id) | Delete device and all links/tokens |
Authentication
| Function | Description |
|---|---|
login_user(auth_client, email, password) | Login via auth API, returns access token |
get_auth_headers(access_token) | Create Authorization: Bearer header |
Sharing API Calls
| Function | Description |
|---|---|
check_health(client) | Verify service is healthy |
share_device(client, headers, dev_id, email, ...) | POST /devices/{id}/share |
list_shares(client, headers, dev_id) | GET /devices/{id}/shares |
update_share(client, headers, dev_id, uid, perms) | PUT /devices/{id}/shares/{uid} |
revoke_share(client, headers, dev_id, uid) | DELETE /devices/{id}/shares/{uid} |
leave_device(client, headers, dev_id) | DELETE /devices/{id}/leave |
list_invites(client, headers) | GET /invites |
accept_invite(client, headers, token) | POST /invites/accept |
cancel_invite(client, headers, token) | DELETE /invites/{token} |
Test Strategy
Tests use a hybrid approach:
- Direct DB: helper functions create users and devices directly in PostgreSQL to ensure isolation and bypass the need for email verification or complex setup flows.
- Auth API: Real login via
auth-serviceestablishes a valid JWT session. - Gateway API: All sharing operations go through the Nginx gateway to verify header propagation (
X-User-Id,X-User-Role) and service integration.
Permissions Tested
| Operation | Owner | Shared User | Non-Shared User |
|---|---|---|---|
| Share Device | ✅ | ❌ | ❌ |
| Update Share | ✅ | ❌ | ❌ |
| Revoke Share | ✅ | ❌ | ❌ |
| Leave Device | ❌ | ✅ | N/A |
| List Shares | ✅ | ❌ | ❌ |
| View Device | ✅ | ✅ | ❌ |
| Cancel Invite | ✅ | N/A | N/A |
| Accept Invite | N/A | ✅ | N/A |