import pytest from auth import COOKIE_NAME from tests.helpers import unique_email # Registration tests @pytest.mark.asyncio async def test_register_success(client): email = unique_email("register") response = await client.post( "/api/auth/register", json={"email": email, "password": "password123"}, ) assert response.status_code == 200 data = response.json() assert data["email"] == email assert "id" in data assert "roles" in data assert "permissions" in data # New users get regular role by default assert "regular" in data["roles"] # Cookie should be set assert COOKIE_NAME in response.cookies @pytest.mark.asyncio async def test_register_duplicate_email(client): email = unique_email("duplicate") await client.post( "/api/auth/register", json={"email": email, "password": "password123"}, ) response = await client.post( "/api/auth/register", json={"email": email, "password": "differentpass"}, ) assert response.status_code == 400 assert response.json()["detail"] == "Email already registered" @pytest.mark.asyncio async def test_register_invalid_email(client): response = await client.post( "/api/auth/register", json={"email": "notanemail", "password": "password123"}, ) assert response.status_code == 422 @pytest.mark.asyncio async def test_register_missing_password(client): response = await client.post( "/api/auth/register", json={"email": unique_email()}, ) assert response.status_code == 422 @pytest.mark.asyncio async def test_register_missing_email(client): response = await client.post( "/api/auth/register", json={"password": "password123"}, ) assert response.status_code == 422 @pytest.mark.asyncio async def test_register_empty_body(client): response = await client.post("/api/auth/register", json={}) assert response.status_code == 422 # Login tests @pytest.mark.asyncio async def test_login_success(client): email = unique_email("login") await client.post( "/api/auth/register", json={"email": email, "password": "password123"}, ) response = await client.post( "/api/auth/login", json={"email": email, "password": "password123"}, ) assert response.status_code == 200 data = response.json() assert data["email"] == email assert "roles" in data assert "permissions" in data assert COOKIE_NAME in response.cookies @pytest.mark.asyncio async def test_login_wrong_password(client): email = unique_email("wrongpass") await client.post( "/api/auth/register", json={"email": email, "password": "correctpassword"}, ) response = await client.post( "/api/auth/login", json={"email": email, "password": "wrongpassword"}, ) assert response.status_code == 401 assert response.json()["detail"] == "Incorrect email or password" @pytest.mark.asyncio async def test_login_nonexistent_user(client): response = await client.post( "/api/auth/login", json={"email": unique_email("nonexistent"), "password": "password123"}, ) assert response.status_code == 401 assert response.json()["detail"] == "Incorrect email or password" @pytest.mark.asyncio async def test_login_invalid_email_format(client): response = await client.post( "/api/auth/login", json={"email": "invalidemail", "password": "password123"}, ) assert response.status_code == 422 @pytest.mark.asyncio async def test_login_missing_fields(client): response = await client.post("/api/auth/login", json={}) assert response.status_code == 422 # Get current user tests @pytest.mark.asyncio async def test_get_me_success(client_factory): email = unique_email("me") # Register and get cookies reg_response = await client_factory.post( "/api/auth/register", json={"email": email, "password": "password123"}, ) cookies = dict(reg_response.cookies) # Use authenticated client async with client_factory.create(cookies=cookies) as authed: response = await authed.get("/api/auth/me") assert response.status_code == 200 data = response.json() assert data["email"] == email assert "id" in data assert "roles" in data assert "permissions" in data @pytest.mark.asyncio async def test_get_me_no_cookie(client): response = await client.get("/api/auth/me") assert response.status_code == 401 @pytest.mark.asyncio async def test_get_me_invalid_cookie(client_factory): async with client_factory.create(cookies={COOKIE_NAME: "invalidtoken123"}) as authed: response = await authed.get("/api/auth/me") assert response.status_code == 401 assert response.json()["detail"] == "Invalid authentication credentials" @pytest.mark.asyncio async def test_get_me_expired_token(client_factory): bad_token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOjEsImV4cCI6MH0.invalid" async with client_factory.create(cookies={COOKIE_NAME: bad_token}) as authed: response = await authed.get("/api/auth/me") assert response.status_code == 401 # Cookie validation tests @pytest.mark.asyncio async def test_cookie_from_register_works_for_me(client_factory): email = unique_email("tokentest") reg_response = await client_factory.post( "/api/auth/register", json={"email": email, "password": "password123"}, ) cookies = dict(reg_response.cookies) async with client_factory.create(cookies=cookies) as authed: me_response = await authed.get("/api/auth/me") assert me_response.status_code == 200 assert me_response.json()["email"] == email @pytest.mark.asyncio async def test_cookie_from_login_works_for_me(client_factory): email = unique_email("logintoken") await client_factory.post( "/api/auth/register", json={"email": email, "password": "password123"}, ) login_response = await client_factory.post( "/api/auth/login", json={"email": email, "password": "password123"}, ) cookies = dict(login_response.cookies) async with client_factory.create(cookies=cookies) as authed: me_response = await authed.get("/api/auth/me") assert me_response.status_code == 200 assert me_response.json()["email"] == email # Multiple users tests @pytest.mark.asyncio async def test_multiple_users_isolated(client_factory): email1 = unique_email("user1") email2 = unique_email("user2") resp1 = await client_factory.post( "/api/auth/register", json={"email": email1, "password": "password1"}, ) resp2 = await client_factory.post( "/api/auth/register", json={"email": email2, "password": "password2"}, ) cookies1 = dict(resp1.cookies) cookies2 = dict(resp2.cookies) async with client_factory.create(cookies=cookies1) as user1: me1 = await user1.get("/api/auth/me") async with client_factory.create(cookies=cookies2) as user2: me2 = await user2.get("/api/auth/me") assert me1.json()["email"] == email1 assert me2.json()["email"] == email2 assert me1.json()["id"] != me2.json()["id"] # Password tests @pytest.mark.asyncio async def test_password_is_hashed(client): email = unique_email("hashtest") await client.post( "/api/auth/register", json={"email": email, "password": "mySecurePassword123"}, ) response = await client.post( "/api/auth/login", json={"email": email, "password": "mySecurePassword123"}, ) assert response.status_code == 200 @pytest.mark.asyncio async def test_case_sensitive_password(client): email = unique_email("casetest") await client.post( "/api/auth/register", json={"email": email, "password": "Password123"}, ) response = await client.post( "/api/auth/login", json={"email": email, "password": "password123"}, ) assert response.status_code == 401 # Logout tests @pytest.mark.asyncio async def test_logout_success(client_factory): email = unique_email("logout") reg_response = await client_factory.post( "/api/auth/register", json={"email": email, "password": "password123"}, ) cookies = dict(reg_response.cookies) async with client_factory.create(cookies=cookies) as authed: logout_response = await authed.post("/api/auth/logout") assert logout_response.status_code == 200 assert logout_response.json() == {"ok": True}