""" US3 regression tests: all read endpoints must remain accessible without a token even after require_auth is applied to write endpoints. """ import io import pytest def _minimal_jpeg() -> bytes: return ( b"\xff\xd8\xff\xe0\x00\x10JFIF\x00\x01\x01\x00\x00\x01\x00\x01\x00\x03" b"\xff\xd9" ) @pytest.mark.asyncio async def test_list_images_without_token_is_200(authed_client): client, _ = authed_client response = await client.get("/api/v1/images") assert response.status_code == 200 @pytest.mark.asyncio async def test_get_image_without_token_is_200(authed_client): client, token = authed_client data = _minimal_jpeg() upload = await client.post( "/api/v1/images", files={"file": ("pub-test.jpg", io.BytesIO(data), "image/jpeg")}, headers={"Authorization": f"Bearer {token}"}, ) image_id = upload.json()["id"] response = await client.get(f"/api/v1/images/{image_id}") assert response.status_code == 200 @pytest.mark.asyncio async def test_serve_file_without_token_is_200(authed_client): client, token = authed_client data = _minimal_jpeg() upload = await client.post( "/api/v1/images", files={"file": ("pub-file.jpg", io.BytesIO(data), "image/jpeg")}, headers={"Authorization": f"Bearer {token}"}, ) image_id = upload.json()["id"] response = await client.get(f"/api/v1/images/{image_id}/file") assert response.status_code == 200 @pytest.mark.asyncio async def test_serve_thumbnail_without_token_is_200(authed_client): client, token = authed_client data = _minimal_jpeg() upload = await client.post( "/api/v1/images", files={"file": ("pub-thumb.jpg", io.BytesIO(data), "image/jpeg")}, headers={"Authorization": f"Bearer {token}"}, ) image_id = upload.json()["id"] response = await client.get(f"/api/v1/images/{image_id}/thumbnail") assert response.status_code == 200 @pytest.mark.asyncio async def test_list_tags_without_token_is_200(authed_client): client, _ = authed_client response = await client.get("/api/v1/tags") assert response.status_code == 200