refactor: Replace OAuth fixtures with factories and add test helper methods

aaronjae22 · aaronjae22 · commit a826684041b6 · 2025-08-10T17:34:29.000-06:00
diff --git a/testbed/core/factories.py b/testbed/core/factories.py
@@ -1,6 +1,8 @@
 import factory
 from factory.django import DjangoModelFactory
 from django.contrib.auth.models import User
+from datetime import datetime, timezone, timedelta
+from oauth2_provider.models import Application, AccessToken
 from testbed.core.models import (
     Actor,
     Note,
@@ -128,4 +130,32 @@ def activities(self, create, extracted, **kwargs):
                 note=None,
                 visibility="public"
             )
-            self.add_activity(activity)
+            self.add_activity(activity)
+
+# OAuth-related factories for testing authentication
+class ApplicationFactory(DjangoModelFactory):
+    class Meta:
+        model = Application
+    
+    name = factory.Sequence(lambda n: f"Test Application {n}")
+    client_type = Application.CLIENT_CONFIDENTIAL
+    authorization_grant_type = Application.GRANT_AUTHORIZATION_CODE
+    redirect_uris = "http://localhost:8000/callback/"
+
+class AccessTokenFactory(DjangoModelFactory):
+    class Meta:
+        model = AccessToken
+    
+    user = factory.SubFactory(UserOnlyFactory)
+    application = factory.SubFactory(ApplicationFactory)
+    token = factory.Sequence(lambda n: f"test-token-{n}")
+    scope = "read write"
+    expires = factory.LazyFunction(lambda: datetime.now(timezone.utc) + timedelta(hours=1))
+    
+    class Params:
+        lola_scope = factory.Trait(
+            scope='activitypub_account_portability read write'
+        )
+        expired = factory.Trait(
+            expires=factory.LazyFunction(lambda: datetime.now(timezone.utc) - timedelta(hours=1))
+        )
diff --git a/testbed/core/tests/test_api.py b/testbed/core/tests/test_api.py
@@ -5,7 +5,7 @@
 from django.contrib.auth import get_user_model
 from oauth2_provider.models import Application, AccessToken
 from testbed.core.models import Actor
-from testbed.core.factories import ActorFactory
+from testbed.core.factories import ActorFactory, ApplicationFactory, AccessTokenFactory
 from testbed.core.tests.conftest import create_isolated_actor
 from testbed.core.json_ld_utils import (
     build_basic_context,
@@ -78,50 +78,44 @@ def test_outbox_not_found():
 Tests the complete request-response cycle with different authentication states
 to verify that endpoints properly serve enhanced data for LOLA-authenticated requests.
 """
-class TestLOLAAuthenticationAPI:    
-
-    # Create OAuth application for testing
-    @pytest.fixture
-    def oauth_application(self, db):
-        return Application.objects.create(
-            name="LOLA Test Application",
-            client_type=Application.CLIENT_CONFIDENTIAL,
-            authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
-            redirect_uris="http://localhost:8000/callback/",
-        )
-    
-    # Create user for OAuth token testing
-    @pytest.fixture
-    def authenticated_user(self, db):
-        return User.objects.create_user(
-            username='lola_test_user',
-            email='lola@test.example.com',
-            password='test123password'
-        )
-    
-    # Create access token with LOLA portability scope
-    @pytest.fixture
-    def lola_token(self, oauth_application, authenticated_user):
-        from datetime import datetime, timezone, timedelta
-        return AccessToken.objects.create(
-            user=authenticated_user,
-            application=oauth_application,
-            token='lola-portability-token-12345',
-            scope='activitypub_account_portability read write',
-            expires=datetime.now(timezone.utc) + timedelta(hours=1)  # Expires in 1 hour
-        )
+class TestLOLAAuthenticationAPI:
+    # Constants for OAuth scopes
+    LOLA_SCOPE = 'activitypub_account_portability read write'
+    BASIC_SCOPE = 'read write'
     
-    # Create access token without LOLA portability scope
-    @pytest.fixture
-    def basic_token(self, oauth_application, authenticated_user):
-        from datetime import datetime, timezone, timedelta
-        return AccessToken.objects.create(
-            user=authenticated_user,
-            application=oauth_application,
-            token='basic-oauth-token-67890',
-            scope='read write',
-            expires=datetime.now(timezone.utc) + timedelta(hours=1)  # Expires in 1 hour
-        )
+    # Helper methods for repeated assertions
+
+    # Helper to verify standard ActivityPub fields
+    def assert_basic_activitypub_structure(self, data, actor):
+        assert data["@context"] == build_actor_context()
+        assert data["type"] == "Person"
+        assert data["id"] == build_actor_id(actor.id)
+        assert data["preferredUsername"] == actor.username
+        
+    # Helper to verify LOLA fields are absent
+    def assert_no_lola_fields(self, data):
+        lola_fields = ["accountPortabilityOauth", "content", "blocked", "migration"]
+        for field in lola_fields:
+            assert field not in data
+            
+    # Helper to verify LOLA fields are present and properly formatted        
+    def assert_has_lola_fields(self, data, actor):
+        assert "accountPortabilityOauth" in data
+        assert "content" in data
+        assert "blocked" in data
+        assert "migration" in data
+        
+        # Verify LOLA URLs are properly formatted
+        assert data["accountPortabilityOauth"].endswith("/oauth/authorize/")
+        assert data["content"].endswith(f"/actors/{actor.id}/content")
+        assert data["blocked"].endswith(f"/actors/{actor.id}/blocked")
+        assert data["migration"].endswith(f"/actors/{actor.id}/outbox")
+        
+    # Helper to create authenticated client    
+    def get_authenticated_client(self, token):
+        client = APIClient()
+        client.credentials(HTTP_AUTHORIZATION=f'Bearer {token.token}')
+        return client
     
     # Test that unauthenticated requests return basic ActivityPub data only
     @pytest.mark.django_db
@@ -135,76 +129,49 @@ def test_actor_detail_unauthenticated_returns_basic_activitypub(self):
         assert response.status_code == status.HTTP_200_OK
         
         data = response.data
-        # Should have standard ActivityPub fields
-        assert data["@context"] == build_actor_context()
-        assert data["type"] == "Person"
-        assert data["id"] == build_actor_id(actor.id)
-        assert data["preferredUsername"] == actor.username
-        
-        # Should NOT have LOLA-specific fields
-        assert "accountPortabilityOauth" not in data
-        assert "content" not in data
-        assert "blocked" not in data
-        assert "migration" not in data
+        # Use helper methods for assertions
+        self.assert_basic_activitypub_structure(data, actor)
+        self.assert_no_lola_fields(data)
     
     # Test that LOLA-authenticated requests return enhanced data with collection URLs
     @pytest.mark.django_db
-    def test_actor_detail_with_lola_scope_returns_enhanced_data(self, lola_token):
+    def test_actor_detail_with_lola_scope_returns_enhanced_data(self):
         actor = create_isolated_actor("lola_enhanced_test")
-        client = APIClient()
-        client.credentials(HTTP_AUTHORIZATION=f'Bearer {lola_token.token}')
+        lola_token = AccessTokenFactory(lola_scope=True)
+        client = self.get_authenticated_client(lola_token)
         
         response = client.get(reverse("actor-detail", kwargs={"pk": actor.id}))
         
         # Should succeed with enhanced response
         assert response.status_code == status.HTTP_200_OK
         
         data = response.data
-        # Should have standard ActivityPub fields
-        assert data["@context"] == build_actor_context()
-        assert data["type"] == "Person"
-        assert data["id"] == build_actor_id(actor.id)
-        assert data["preferredUsername"] == actor.username
-        
-        # Should HAVE LOLA-specific collection URLs
-        assert "accountPortabilityOauth" in data
-        assert "content" in data
-        assert "blocked" in data
-        assert "migration" in data
-        
-        # Verify LOLA URLs are properly formatted
-        assert data["accountPortabilityOauth"].endswith("/oauth/authorize/")
-        assert data["content"].endswith(f"/actors/{actor.id}/content")
-        assert data["blocked"].endswith(f"/actors/{actor.id}/blocked")
-        assert data["migration"].endswith(f"/actors/{actor.id}/outbox")
+        # Use helper methods for assertions
+        self.assert_basic_activitypub_structure(data, actor)
+        self.assert_has_lola_fields(data, actor)
     
     # Test that authenticated requests without LOLA scope return basic data
     @pytest.mark.django_db
-    def test_actor_detail_with_basic_token_returns_basic_data(self, basic_token):
+    def test_actor_detail_with_basic_token_returns_basic_data(self):
         actor = create_isolated_actor("basic_token_test")
-        client = APIClient()
-        client.credentials(HTTP_AUTHORIZATION=f'Bearer {basic_token.token}')
+        basic_token = AccessTokenFactory(scope=self.BASIC_SCOPE)
+        client = self.get_authenticated_client(basic_token)
         
         response = client.get(reverse("actor-detail", kwargs={"pk": actor.id}))
         
         # Should succeed but return basic data (no LOLA scope)
         assert response.status_code == status.HTTP_200_OK
         
         data = response.data
-        # Should have standard fields
-        assert data["type"] == "Person"
-        assert data["preferredUsername"] == actor.username
-        
-        # Should NOT have LOLA fields (lacks portability scope)
-        assert "accountPortabilityOauth" not in data
-        assert "content" not in data
-        assert "blocked" not in data
-        assert "migration" not in data
+        # Use helper methods for assertions
+        self.assert_basic_activitypub_structure(data, actor)
+        self.assert_no_lola_fields(data)
     
     # Test that URL parameter authentication works for LOLA testing
     @pytest.mark.django_db
-    def test_actor_detail_url_parameter_authentication(self, lola_token):
+    def test_actor_detail_url_parameter_authentication(self):
         actor = create_isolated_actor("url_param_test")
+        lola_token = AccessTokenFactory(lola_scope=True)
         client = APIClient()
         
         # Use auth_token URL parameter instead of Authorization header
@@ -215,14 +182,13 @@ def test_actor_detail_url_parameter_authentication(self, lola_token):
         
         data = response.data
         # Should have LOLA fields (proves URL parameter auth worked)
-        assert "accountPortabilityOauth" in data
-        assert "content" in data
-        assert "blocked" in data
+        self.assert_has_lola_fields(data, actor)
     
     # Test that outbox shows different content based on authentication
     @pytest.mark.django_db
-    def test_outbox_content_filtering_by_authentication(self, lola_token):
+    def test_outbox_content_filtering_by_authentication(self):
         actor = create_isolated_actor("outbox_filtering_test")
+        lola_token = AccessTokenFactory(lola_scope=True)
         client = APIClient()
         
         # Test unauthenticated outbox (public activities only)
@@ -256,17 +222,17 @@ def test_outbox_content_filtering_by_authentication(self, lola_token):
     
     # Test that demonstrates clear differences between public and LOLA responses
     @pytest.mark.django_db
-    def test_side_by_side_authentication_comparison(self, lola_token):
+    def test_side_by_side_authentication_comparison(self):
         actor = create_isolated_actor("comparison_test")
+        lola_token = AccessTokenFactory(lola_scope=True)
         
         # Public request
         public_client = APIClient()
         public_response = public_client.get(reverse("actor-detail", kwargs={"pk": actor.id}))
         public_data = public_response.data
         
         # LOLA request
-        lola_client = APIClient()
-        lola_client.credentials(HTTP_AUTHORIZATION=f'Bearer {lola_token.token}')
+        lola_client = self.get_authenticated_client(lola_token)
         lola_response = lola_client.get(reverse("actor-detail", kwargs={"pk": actor.id}))
         lola_data = lola_response.data
         
@@ -307,35 +273,32 @@ def test_invalid_token_graceful_degradation(self):
         assert "blocked" not in data
     
     # Test graceful handling of malformed authorization headers
+    @pytest.mark.parametrize("malformed_header", [
+        "Bearer",  # Missing token
+        "Basic invalid-format",  # Wrong auth type
+        "Bearer  ",  # Empty token
+        "InvalidFormat token",  # Malformed header
+    ])
     @pytest.mark.django_db
-    def test_malformed_authorization_header_handling(self):
+    def test_malformed_authorization_header_handling(self, malformed_header):
         actor = create_isolated_actor("malformed_header_test")
         client = APIClient()
+        client.credentials(HTTP_AUTHORIZATION=malformed_header)
         
-        test_cases = [
-            "Bearer",  # Missing token
-            "Basic invalid-format",  # Wrong auth type
-            "Bearer  ",  # Empty token
-            "InvalidFormat token",  # Malformed header
-        ]
+        response = client.get(reverse("actor-detail", kwargs={"pk": actor.id}))
         
-        for malformed_header in test_cases:
-            client.credentials(HTTP_AUTHORIZATION=malformed_header)
-            response = client.get(reverse("actor-detail", kwargs={"pk": actor.id}))
-            
-            # Should succeed with public data for all malformed cases
-            assert response.status_code == status.HTTP_200_OK
-            data = response.data
-            assert data["type"] == "Person"
-            # Should NOT have LOLA fields
-            assert "accountPortabilityOauth" not in data
+        # Should succeed with public data for all malformed cases
+        assert response.status_code == status.HTTP_200_OK
+        data = response.data
+        self.assert_basic_activitypub_structure(data, actor)
+        self.assert_no_lola_fields(data)
     
     # Test that content-type headers are set correctly for API responses
     @pytest.mark.django_db
-    def test_content_type_headers_set_correctly(self, lola_token):
+    def test_content_type_headers_set_correctly(self):
         actor = create_isolated_actor("content_type_test")
-        client = APIClient()
-        client.credentials(HTTP_AUTHORIZATION=f'Bearer {lola_token.token}')
+        lola_token = AccessTokenFactory(lola_scope=True)
+        client = self.get_authenticated_client(lola_token)
         
         # Request with format=json 
         response = client.get(reverse("actor-detail", kwargs={"pk": actor.id}), {"format": "json"})
