[ENHANCEMENT] Strengthen OAuth Test Suite with Pytest & Security Coverage test_oauth.py #648
Description
⚙️ Current Behavior
The existing test_oauth.py script relies on print statements and manual execution.
It validates only the happy path and depends on .env configuration.
Current limitations:
- No pytest integration (not CI-friendly)
- No negative test cases
- No replay attack/state reuse testing
- No entropy validation for OAuth state
- No database isolation (depends on local environment)
🚀 Proposed Improvement
Refactor the test script into a proper pytest-based test suite with:
- Assertion-based validation instead of prints
- Mocked environment variables using
monkeypatch - In-memory SQLite database for isolation
- OAuth state entropy + uniqueness checks
- Replay attack protection test (state reuse prevention)
- Negative test cases (missing env, invalid state, etc.)
🔍 Why It’s Needed
OAuth is a security boundary.
Testing only the success path is insufficient for authentication flows.
This improvement:
- Makes tests CI-compatible
- Prevents silent misconfigurations
- Detects CSRF/state replay vulnerabilities
- Improves reliability and maintainability
- Removes dependency on local
.env
🧩 Possible Implementation
Example structure using pytest:
def test_state_reuse_protection():
state = generate_state()
store_oauth_state(state, "google")
assert verify_oauth_state(state) == "google"
assert verify_oauth_state(state) is None # replay blocked✅ Checklist
- I’ve reviewed existing issues to ensure this isn’t a duplicate.
- I’ve explained how this improves performance or readability.