test: fixed authentication tests

.github/workflows/ci.yml

@@ -71,6 +71,9 @@ jobs:
     - name: setup requirements
       working-directory: /home/runner/frappe-bench
       run: bench setup requirements --dev
+    - name: block endpoints
+      working-directory: /home/runner/frappe-bench
+      run: bench --site frappe.local set-config block_endpoints 1
     - name: allow tests
       working-directory: /home/runner/frappe-bench
       run: bench --site frappe.local set-config allow_tests true

lms/test_auth.py

@@ -1,6 +1,7 @@
 import frappe
 from frappe.tests.test_api import FrappeAPITestCase
 
+from lms.auth import authenticate
 from lms.lms.test_utils import TestUtils
 
 
@@ -11,25 +12,16 @@ class TestAuth(FrappeAPITestCase):
 		)
 
 	def test_allowed_path(self):
-		site_url = frappe.utils.get_site_url(frappe.local.site)
-		headers = {"Authorization": "Bearer set_test_example_user"}
-		url = site_url + "/api/method/lms.lms.utils.get_courses"
-		response = self.get(
-			url,
-			headers=headers,
-		)
-		self.assertNotEqual(response.json.get("exc_type"), "PermissionError")
+		frappe.form_dict.cmd = "ping"
+		frappe.session.user = self.normal_user.name
+		authenticate()
+		frappe.session.user = "Administrator"
 
 	def test_not_allowed_path(self):
-		site_url = frappe.utils.get_site_url(frappe.local.site)
-		headers = {"Authorization": "Bearer set_test_example_user"}
-		url = site_url + "/api/method/frappe.auth.get_logged_user"
-		response = self.get(
-			url,
-			headers=headers,
-		)
-		print(response.json)
-		self.assertEqual(response.json.get("exc_type"), "PermissionError")
+		frappe.form_dict.cmd = "frappe.auth.get_logged_user"
+		frappe.session.user = self.normal_user.name
+		self.assertRaises(frappe.PermissionError, authenticate)
+		frappe.session.user = "Administrator"
 
 	def tearDown(self):
 		frappe.delete_doc("User", self.normal_user.name)