test: achieve 100% coverage on app code

seapagan · seapagan · commit 71bc018b262f · 2026-04-18T14:19:22.000+01:00
Add lifespan test for SECRETS_DIR warning logging and validator
test for None admin encryption key, covering the last two
uncovered branches.

Signed-off-by: Grant Ramsay &lt;seapagan@gmail.com&gt;
diff --git a/tests/unit/test_lifespan.py b/tests/unit/test_lifespan.py
@@ -238,6 +238,36 @@ async def test_lifespan_warns_on_cors_wildcard(
         )
         loguru_warning.assert_called_once()
 
+    async def test_lifespan_warns_on_secrets_dir_issues(
+        self, caplog, mocker
+    ) -> None:
+        """Ensure warnings are logged when SECRETS_DIR has issues."""
+        app = FastAPI()
+        mock_session = mocker.patch(self.mock_session)
+        mock_connection = (
+            mock_session.return_value.__aenter__.return_value.connection
+        )
+        mock_connection.return_value = None
+
+        mocker.patch("app.main.get_settings").return_value.cache_enabled = False
+        mocker.patch("app.main.cors_list", ["https://example.com"])
+        mocker.patch(
+            "app.main.check_secrets_dir",
+            return_value=["SECRETS_DIR is writable by the current process."],
+        )
+        loguru_warning = mocker.patch("app.main.loguru_logger.warning")
+
+        caplog.set_level(logging.WARNING)
+
+        async with lifespan(app):
+            pass  # NOSONAR
+
+        assert any(
+            "SECRETS_DIR is writable" in record.message
+            for record in caplog.records
+        )
+        loguru_warning.assert_called_once()
+
     async def test_lifespan_initializes_redis_and_closes_client(
         self, caplog, mocker
     ) -> None:
diff --git a/tests/unit/test_validation.py b/tests/unit/test_validation.py
@@ -481,6 +481,13 @@ def test_empty_admin_encryption_key_generates_default(
         assert encryption_key
         assert Fernet(encryption_key.encode())
 
+    def test_none_admin_encryption_key_generates_default(self) -> None:
+        """None admin encryption key should generate a valid key."""
+        result = Settings.validate_admin_pages_encryption_key(None)
+
+        assert isinstance(result, SecretStr)
+        assert Fernet(unwrap_secret(result).encode())
+
     def test_get_settings_uses_secrets_dir_env_var(
         self, monkeypatch, mocker
     ) -> None:
