Fix CI failures in security patch

- Fixed line length violations in `tests/rpc/test_api_rate_limit.py` and `tests/rpc/test_api_security.py` (E501)
- Fixed import sorting in `tests/rpc/test_api_rate_limit.py` (isort)
- Applied `ruff format` to modified files to satisfy pre-commit hooks
- Verified tests pass with `python -m pytest`

Co-authored-by: Corax-CoLAB <239841157+Corax-CoLAB@users.noreply.github.com>

freqtrade/rpc/api_server/webserver.py

@@ -194,9 +194,7 @@ class ApiServer(RPCHandler):
 
     def handle_generic_exception(self, request, exc):
         logger.error(f"API Error calling: {exc}", exc_info=exc)
-        return JSONResponse(
-            status_code=500, content={"error": "Internal Server Error"}
-        )
+        return JSONResponse(status_code=500, content={"error": "Internal Server Error"})
 
     def configure_app(self, app: FastAPI, config):
         from freqtrade.rpc.api_server.api_auth import http_basic_or_jwt_token, router_login

tests/rpc/test_api_rate_limit.py

@@ -1,14 +1,13 @@
+from unittest.mock import MagicMock
 
 import pytest
 from fastapi.testclient import TestClient
-from freqtrade.rpc.api_server import ApiServer
-from freqtrade.rpc.rpc import RPC
-from freqtrade.enums import RunMode
-from freqtrade.loggers import setup_logging
-from unittest.mock import MagicMock
-
 from requests.auth import _basic_auth_str
 
+from freqtrade.enums import RunMode
+from freqtrade.loggers import setup_logging
+from freqtrade.rpc.api_server import ApiServer
+from freqtrade.rpc.rpc import RPC
 from tests.conftest import get_patched_freqtradebot
 
 
@@ -61,20 +60,23 @@ def test_login_rate_limit(botclient_ratelimit):
     # Fail 5 times
     for _ in range(5):
         rc = client.post(
-            f"{BASE_URI}/token/login", headers={"Authorization": _basic_auth_str(_TEST_USER, "WrongPass")}
+            f"{BASE_URI}/token/login",
+            headers={"Authorization": _basic_auth_str(_TEST_USER, "WrongPass")},
         )
         assert rc.status_code == 401
 
     # 6th attempt should be rate limited
     rc = client.post(
-        f"{BASE_URI}/token/login", headers={"Authorization": _basic_auth_str(_TEST_USER, "WrongPass")}
+        f"{BASE_URI}/token/login",
+        headers={"Authorization": _basic_auth_str(_TEST_USER, "WrongPass")},
     )
     assert rc.status_code == 429
     assert "Too many login attempts" in rc.json()["detail"]
 
     # Even correct password should fail now
     rc = client.post(
-        f"{BASE_URI}/token/login", headers={"Authorization": _basic_auth_str(_TEST_USER, _TEST_PASS)}
+        f"{BASE_URI}/token/login",
+        headers={"Authorization": _basic_auth_str(_TEST_USER, _TEST_PASS)},
     )
     assert rc.status_code == 429
 
@@ -86,20 +88,20 @@ def test_login_success_resets_limit(botclient_ratelimit):
     for _ in range(4):
         client.post(
             f"{BASE_URI}/token/login",
-            headers={"Authorization": _basic_auth_str(_TEST_USER, "WrongPass")}
+            headers={"Authorization": _basic_auth_str(_TEST_USER, "WrongPass")},
         )
 
     # Succeed
     rc = client.post(
         f"{BASE_URI}/token/login",
-        headers={"Authorization": _basic_auth_str(_TEST_USER, _TEST_PASS)}
+        headers={"Authorization": _basic_auth_str(_TEST_USER, _TEST_PASS)},
     )
     assert rc.status_code == 200
 
     # Fail 1 time (would be 5th if not reset)
     rc = client.post(
         f"{BASE_URI}/token/login",
-        headers={"Authorization": _basic_auth_str(_TEST_USER, "WrongPass")}
+        headers={"Authorization": _basic_auth_str(_TEST_USER, "WrongPass")},
     )
     assert rc.status_code == 401
 
@@ -107,12 +109,12 @@ def test_login_success_resets_limit(botclient_ratelimit):
     for _ in range(4):
         client.post(
             f"{BASE_URI}/token/login",
-            headers={"Authorization": _basic_auth_str(_TEST_USER, "WrongPass")}
+            headers={"Authorization": _basic_auth_str(_TEST_USER, "WrongPass")},
         )
 
     # 6th attempt (after 5 failures)
     rc = client.post(
         f"{BASE_URI}/token/login",
-        headers={"Authorization": _basic_auth_str(_TEST_USER, "WrongPass")}
+        headers={"Authorization": _basic_auth_str(_TEST_USER, "WrongPass")},
     )
     assert rc.status_code == 429

tests/rpc/test_api_security.py

@@ -1,4 +1,3 @@
-
 from unittest.mock import MagicMock
 
 import pytest
@@ -56,7 +55,8 @@ def test_security_headers(botclient_security):
 
     assert (
         headers["Content-Security-Policy"]
-        == "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; img-src 'self' data:;"
+        == "default-src 'self'; style-src 'self' 'unsafe-inline'; "
+        "script-src 'self' 'unsafe-inline'; img-src 'self' data:;"
     )
     assert headers["X-Content-Type-Options"] == "nosniff"
     assert headers["X-Frame-Options"] == "DENY"

tests/rpc/test_rpc_apiserver.py

@@ -80,6 +80,7 @@ def botclient(default_conf, mocker):
         apiserver.add_rpc_handler(rpc)
 
         from freqtrade.rpc.api_server.api_auth import login_attempts_cache
+
         login_attempts_cache.clear()
 
         # We need to use the TestClient as a context manager to