103 lines
No EOL
3.1 KiB
Python
103 lines
No EOL
3.1 KiB
Python
"""Test Auth API endpoints."""
|
|
|
|
import pytest
|
|
|
|
|
|
REGISTER_URL = "/api/v1/auth/register"
|
|
LOGIN_URL = "/api/v1/auth/login"
|
|
ME_URL = "/api/v1/auth/me"
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_register_new_user(client):
|
|
"""Should register a new user and return 201 with a JWT token."""
|
|
response = await client.post(
|
|
REGISTER_URL,
|
|
json={"email": "newuser@example.com", "password": "securepassword123"},
|
|
)
|
|
assert response.status_code == 201
|
|
data = response.json()
|
|
assert "access_token" in data
|
|
assert data["token_type"] == "bearer"
|
|
assert len(data["access_token"]) > 0
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_register_duplicate_email(client):
|
|
"""Should return 409 when registering with an email that already exists."""
|
|
# Register first user
|
|
await client.post(
|
|
REGISTER_URL,
|
|
json={"email": "duplicate@example.com", "password": "password123"},
|
|
)
|
|
# Try to register again with same email
|
|
response = await client.post(
|
|
REGISTER_URL,
|
|
json={"email": "duplicate@example.com", "password": "differentpassword"},
|
|
)
|
|
assert response.status_code == 409
|
|
assert "already exists" in response.json()["detail"].lower()
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_login_correct_password(client):
|
|
"""Should return 200 with a JWT token on successful login."""
|
|
# Register a user first
|
|
await client.post(
|
|
REGISTER_URL,
|
|
json={"email": "loginuser@example.com", "password": "mypassword"},
|
|
)
|
|
# Login with correct password
|
|
response = await client.post(
|
|
LOGIN_URL,
|
|
json={"email": "loginuser@example.com", "password": "mypassword"},
|
|
)
|
|
assert response.status_code == 200
|
|
data = response.json()
|
|
assert "access_token" in data
|
|
assert data["token_type"] == "bearer"
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_login_wrong_password(client):
|
|
"""Should return 401 when logging in with wrong password."""
|
|
# Register a user first
|
|
await client.post(
|
|
REGISTER_URL,
|
|
json={"email": "wrongpw@example.com", "password": "correctpassword"},
|
|
)
|
|
# Login with wrong password
|
|
response = await client.post(
|
|
LOGIN_URL,
|
|
json={"email": "wrongpw@example.com", "password": "wrongpassword"},
|
|
)
|
|
assert response.status_code == 401
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_me_with_valid_token(client):
|
|
"""Should return 200 with user profile when using a valid JWT token."""
|
|
# Register a user and get token
|
|
reg_response = await client.post(
|
|
REGISTER_URL,
|
|
json={"email": "meuser@example.com", "password": "password123"},
|
|
)
|
|
token = reg_response.json()["access_token"]
|
|
|
|
# Get profile with valid token
|
|
response = await client.get(
|
|
ME_URL,
|
|
headers={"Authorization": f"Bearer {token}"},
|
|
)
|
|
assert response.status_code == 200
|
|
data = response.json()
|
|
assert data["email"] == "meuser@example.com"
|
|
assert "id" in data
|
|
assert data["is_email_verified"] is False
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_me_without_token(client):
|
|
"""Should return 401 when accessing /me without a token."""
|
|
response = await client.get(ME_URL)
|
|
assert response.status_code in (401, 403) |