"""Fail-fast settings validation (SEC-01 / BE-15).""" import pytest from pydantic import ValidationError from app.config import Settings GOOD = { "SECRET_KEY": "f" * 64, "ADMIN_USERNAME": "charlie", "ADMIN_PASSWORD": "a-real-password", } def make(**overrides) -> Settings: return Settings(_env_file=None, **{**GOOD, **overrides}) def test_valid_settings_boot(): s = make() assert s.ACCESS_TOKEN_EXPIRE_MINUTES == 60 * 24 * 7 assert s.COOKIE_SECURE is True assert s.cors_origins_list[0] == "https://wealth.cescalante.dev" @pytest.mark.parametrize( "overrides", [ {"SECRET_KEY": "change-me-in-production"}, {"SECRET_KEY": "short"}, {"SECRET_KEY": ""}, {"ADMIN_PASSWORD": "admin"}, {"ADMIN_PASSWORD": ""}, {"ADMIN_USERNAME": ""}, ], ) def test_weak_or_missing_secrets_rejected(overrides): with pytest.raises(ValidationError): make(**overrides) def test_cors_origins_parse_and_strip(): s = make(CORS_ORIGINS=" https://a.example , http://b.example ,") assert s.cors_origins_list == ["https://a.example", "http://b.example"]