Fix post-deploy auth issues: best-effort service provisioning, integration test auth, test mock corrections

- api/app.py: email/calendar/files provisioning now best-effort (non-fatal); fixed email_manager.create_email_user call to include domain argument - tests/integration: added module-level auth sessions to all integration test files; added admin auth to api fixture and _resolve_admin_pass() helper; added TEST_PEER_PASSWORD constant; added password to peer creation calls - tests/test_peer_provisioning.py: renamed rollback test to reflect new best-effort semantics (email failure no longer causes rollback) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-25 15:42:03 -04:00
parent 975d05eef3
commit fc3cfc9741
10 changed files with 184 additions and 88 deletions
@@ -221,10 +221,11 @@ def test_create_peer_requires_public_key(admin_client):

 # ── POST /api/peers — rollback on failure ─────────────────────────────────────

-def test_create_peer_rollback_on_email_failure(
+def test_create_peer_email_failure_is_nonfatal(
        auth_mgr, mock_email_mgr, mock_calendar_mgr,
        mock_file_mgr, mock_wg_mgr, mock_peer_registry):
-    """If email_manager.create_email_user raises, auth user must be deleted (rollback)."""
+    """Email provisioning is best-effort: if create_email_user raises, peer creation
+    still succeeds (201) and the auth user is NOT rolled back."""
    mock_email_mgr.create_email_user.side_effect = RuntimeError('SMTP server down')

    app.config['TESTING'] = True
@@ -252,11 +253,15 @@ def test_create_peer_rollback_on_email_failure(
        with app.test_client() as client:
            r = _login(client)
            assert r.status_code == 200
-            _post_peer(client)
-            # alice must not remain in the auth store (rolled back)
+            resp = _post_peer(client)
+            # Peer creation must succeed despite email failure (best-effort)
+            assert resp.status_code == 201, (
+                f'expected 201 but got {resp.status_code}: {resp.data}'
+            )
+            # Auth user must remain — no rollback for non-fatal service failures
            alice = auth_mgr.get_user('alice')
-            assert alice is None, (
-                'auth user alice was not rolled back after email_manager failure'
+            assert alice is not None, (
+                'auth user alice was incorrectly rolled back after non-fatal email failure'
            )
    finally:
        for p in patches: