add tests to test_fpnv.py to increase coverage to 100%

Author: tomaszjaniewicz-gl

tests/test_fpnv.py

@@ -106,6 +106,13 @@ def test_client_explicit_app(self):
         client = fpnv.client(app)
         assert isinstance(client, fpnv.FpnvClient)
 
+    def test_client_illegal_app_argument_wrong_app_type(self):
+        cred = testutils.MockCredential()
+        app = ""
+        with pytest.raises(ValueError, match = 'Illegal app argument. Argument must be of type firebase_admin.App, but given '
+        f'"{type(app)}".'):
+            client = fpnv.client(app)
+
 
 class TestVerifyToken(TestCommon):
 
@@ -198,6 +205,14 @@ def test_verify_token_success(self, mock_header, mock_decode, mock_jwks_cls, cli
             issuer=_ISSUER
         )
 
+    @mock.patch('jwt.get_unverified_header')
+    def test_verify_token_no_name(self, mock_header):
+        app = firebase_admin.get_app()
+        client = fpnv.client(app)
+        mock_header.return_value = {'kid': 'k', 'typ': 'JWT', 'alg': 'ES256'}
+        with pytest.raises(ValueError, match="must be a non-empty string"):
+            client.verify_token('')
+
     @mock.patch('jwt.get_unverified_header')
     def test_verify_token_no_kid(self, mock_header):
         app = firebase_admin.get_app()
@@ -212,6 +227,12 @@ def test_verify_token_wrong_alg(self, mock_header, client):
         with pytest.raises(ValueError, match="incorrect alg"):
             client.verify_token('token')
 
+    @mock.patch('jwt.get_unverified_header')
+    def test_verify_token_wrong_typ(self, mock_header, client):
+        mock_header.return_value = {'kid': 'k', 'typ': 'WRONG', 'alg': 'ES256'} # wrong typ
+        with pytest.raises(ValueError, match="incorrect type header"):
+            client.verify_token('token')
+
     def test_verify_token_jwk_error(self, client):
         # Access the ACTUAL client instance used by the verifier
         # (Assuming internal structure: client -> _verifier -> _jwks_client)
@@ -243,6 +264,21 @@ def test_verify_token_expired(self, mock_header, mock_decode, mock_jwks_cls, cli
         with pytest.raises(ValueError, match="token has expired"):
             client.verify_token('token')
 
+    @mock.patch('jwt.PyJWKClient')
+    @mock.patch('jwt.decode')
+    @mock.patch('jwt.get_unverified_header')
+    def test_verify_token_invalid_signature(self, mock_header, mock_decode, mock_jwks_cls, client):
+        mock_header.return_value = {'kid': 'k', 'typ': 'JWT', 'alg': 'ES256'}
+        mock_jwks_instance = mock_jwks_cls.return_value
+        mock_jwks_instance.get_signing_key_from_jwt.return_value.key = _PUBLIC_KEY
+        client._verifier._jwks_client = mock_jwks_instance
+
+        # Simulate InvalidSignatureError
+        mock_decode.side_effect = jwt.InvalidSignatureError("Wrong Signature")
+
+        with pytest.raises(ValueError, match="invalid signature"):
+            client.verify_token('token')
+
     @mock.patch('jwt.PyJWKClient')
     @mock.patch('jwt.decode')
     @mock.patch('jwt.get_unverified_header')
@@ -272,3 +308,18 @@ def test_verify_token_invalid_issuer(self, mock_header, mock_decode, mock_jwks_c
 
         with pytest.raises(ValueError, match="incorrect \"iss\""):
             client.verify_token('token')
+
+    @mock.patch('jwt.PyJWKClient')
+    @mock.patch('jwt.decode')
+    @mock.patch('jwt.get_unverified_header')
+    def test_verify_token_invalid_token(self, mock_header, mock_decode, mock_jwks_cls, client):
+        mock_header.return_value = {'kid': 'k', 'typ': 'JWT', 'alg': 'ES256'}
+        mock_jwks_instance = mock_jwks_cls.return_value
+        mock_jwks_instance.get_signing_key_from_jwt.return_value.key = _PUBLIC_KEY
+        client._verifier._jwks_client = mock_jwks_instance
+
+        # Simulate InvalidTokenError
+        mock_decode.side_effect = jwt.InvalidTokenError("Decoding FPNV token failed")
+
+        with pytest.raises(ValueError, match="incorrect \"iss\""):
+            client.verify_token('token')