fix(backend): sprint 5 post-review — name fallback, isinstance guards, 400 tests

- create_simulation: name falls back to template.name when template_id provided and name is absent/empty (AC-27.1) - templates POST/PATCH: isinstance(list) check on technique_ids/tactic_ids before resolving, returns 400 with clear message - 5 new tests: unknown technique_id → 400 (POST+PATCH), unknown tactic_id → 400 (POST+PATCH), name fallback to template.name - mypy: merged template branch into if/else to eliminate union-attr false positives Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-28 07:04:25 +02:00
parent 33a0ca30bb
commit 55f993fa24
4 changed files with 91 additions and 10 deletions
--- a/backend/tests/test_simulation_templates_crud.py
+++ b/backend/tests/test_simulation_templates_crud.py
@@ -97,6 +97,30 @@ def test_create_template_duplicate_name_409(
    assert "already exists" in resp.get_json()["error"]


+def test_create_template_unknown_technique_id_400(
+    client: FlaskClient, admin_token: str
+) -> None:
+    resp = client.post(
+        "/api/templates",
+        headers=_h(admin_token),
+        json={"name": "T", "technique_ids": ["T9999.999"]},
+    )
+    assert resp.status_code == 400
+    assert "unknown technique id" in resp.get_json()["error"]
+
+
+def test_create_template_unknown_tactic_id_400(
+    client: FlaskClient, admin_token: str
+) -> None:
+    resp = client.post(
+        "/api/templates",
+        headers=_h(admin_token),
+        json={"name": "T", "tactic_ids": ["TA9999"]},
+    )
+    assert resp.status_code == 400
+    assert "unknown tactic id" in resp.get_json()["error"]
+
+
 # ---------------------------------------------------------------------------
 # Get single
 # ---------------------------------------------------------------------------
@@ -196,6 +220,32 @@ def test_patch_template_not_found(client: FlaskClient, admin_token: str) -> None
    assert resp.status_code == 404


+def test_patch_template_unknown_technique_id_400(
+    client: FlaskClient, admin_token: str
+) -> None:
+    created = _make_template(client, admin_token)
+    resp = client.patch(
+        f"/api/templates/{created['id']}",
+        headers=_h(admin_token),
+        json={"technique_ids": ["T9999.999"]},
+    )
+    assert resp.status_code == 400
+    assert "unknown technique id" in resp.get_json()["error"]
+
+
+def test_patch_template_unknown_tactic_id_400(
+    client: FlaskClient, admin_token: str
+) -> None:
+    created = _make_template(client, admin_token)
+    resp = client.patch(
+        f"/api/templates/{created['id']}",
+        headers=_h(admin_token),
+        json={"tactic_ids": ["TA9999"]},
+    )
+    assert resp.status_code == 400
+    assert "unknown tactic id" in resp.get_json()["error"]
+
+
 # ---------------------------------------------------------------------------
 # Delete
 # ---------------------------------------------------------------------------
--- a/backend/tests/test_simulations_from_template.py
+++ b/backend/tests/test_simulations_from_template.py
@@ -78,6 +78,20 @@ def test_create_simulation_name_overrides_template(
    assert sim["name"] == "Custom Name"


+def test_create_simulation_name_falls_back_to_template_name(
+    client: FlaskClient, admin_token: str
+) -> None:
+    eng = _make_engagement(client, admin_token)
+    tmpl = _make_template(client, admin_token, name="Recon Template")
+    resp = client.post(
+        f"/api/engagements/{eng['id']}/simulations",
+        headers=_h(admin_token),
+        json={"template_id": tmpl["id"]},
+    )
+    assert resp.status_code == 201
+    assert resp.get_json()["name"] == "Recon Template"
+
+
 def test_create_simulation_template_not_found(
    client: FlaskClient, admin_token: str
 ) -> None: