counterweight/arbret
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
arbret/backend/tests/test_auth.py

290 lines
8.4 KiB
Python
Raw Blame History

import pytest
import uuid
from auth import COOKIE_NAME
def unique_email(prefix: str = "test") -> str:
"""Generate a unique email for tests sharing the same database."""
return f"{prefix}-{uuid.uuid4().hex[:8]}@example.com"
# Registration tests
@pytest.mark.asyncio
async def test_register_success(client):
email = unique_email("register")
response = await client.post(
"/api/auth/register",
json={"email": email, "password": "password123"},
)
assert response.status_code == 200
data = response.json()
assert data["email"] == email
assert "id" in data
# Cookie should be set
assert COOKIE_NAME in response.cookies
@pytest.mark.asyncio
async def test_register_duplicate_email(client):
email = unique_email("duplicate")
await client.post(
"/api/auth/register",
json={"email": email, "password": "password123"},
)
response = await client.post(
"/api/auth/register",
json={"email": email, "password": "differentpass"},
)
assert response.status_code == 400
assert response.json()["detail"] == "Email already registered"
@pytest.mark.asyncio
async def test_register_invalid_email(client):
response = await client.post(
"/api/auth/register",
json={"email": "notanemail", "password": "password123"},
)
assert response.status_code == 422
@pytest.mark.asyncio
async def test_register_missing_password(client):
response = await client.post(
"/api/auth/register",
json={"email": unique_email()},
)
assert response.status_code == 422
@pytest.mark.asyncio
async def test_register_missing_email(client):
response = await client.post(
"/api/auth/register",
json={"password": "password123"},
)
assert response.status_code == 422
@pytest.mark.asyncio
async def test_register_empty_body(client):
response = await client.post("/api/auth/register", json={})
assert response.status_code == 422
# Login tests
@pytest.mark.asyncio
async def test_login_success(client):
email = unique_email("login")
await client.post(
"/api/auth/register",
json={"email": email, "password": "password123"},
)
response = await client.post(
"/api/auth/login",
json={"email": email, "password": "password123"},
)
assert response.status_code == 200
data = response.json()
assert data["email"] == email
assert COOKIE_NAME in response.cookies
@pytest.mark.asyncio
async def test_login_wrong_password(client):
email = unique_email("wrongpass")
await client.post(
"/api/auth/register",
json={"email": email, "password": "correctpassword"},
)
response = await client.post(
"/api/auth/login",
json={"email": email, "password": "wrongpassword"},
)
assert response.status_code == 401
assert response.json()["detail"] == "Incorrect email or password"
@pytest.mark.asyncio
async def test_login_nonexistent_user(client):
response = await client.post(
"/api/auth/login",
json={"email": unique_email("nonexistent"), "password": "password123"},
)
assert response.status_code == 401
assert response.json()["detail"] == "Incorrect email or password"
@pytest.mark.asyncio
async def test_login_invalid_email_format(client):
response = await client.post(
"/api/auth/login",
json={"email": "invalidemail", "password": "password123"},
)
assert response.status_code == 422
@pytest.mark.asyncio
async def test_login_missing_fields(client):
response = await client.post("/api/auth/login", json={})
assert response.status_code == 422
# Get current user tests
@pytest.mark.asyncio
async def test_get_me_success(client_factory):
email = unique_email("me")
# Register and get cookies
reg_response = await client_factory.post(
"/api/auth/register",
json={"email": email, "password": "password123"},
)
cookies = dict(reg_response.cookies)
# Use authenticated client
async with client_factory.create(cookies=cookies) as authed:
response = await authed.get("/api/auth/me")
assert response.status_code == 200
data = response.json()
assert data["email"] == email
assert "id" in data
@pytest.mark.asyncio
async def test_get_me_no_cookie(client):
response = await client.get("/api/auth/me")
assert response.status_code == 401
@pytest.mark.asyncio
async def test_get_me_invalid_cookie(client_factory):
async with client_factory.create(cookies={COOKIE_NAME: "invalidtoken123"}) as authed:
response = await authed.get("/api/auth/me")
assert response.status_code == 401
assert response.json()["detail"] == "Invalid authentication credentials"
@pytest.mark.asyncio
async def test_get_me_expired_token(client_factory):
bad_token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOjEsImV4cCI6MH0.invalid"
async with client_factory.create(cookies={COOKIE_NAME: bad_token}) as authed:
response = await authed.get("/api/auth/me")
assert response.status_code == 401
# Cookie validation tests
@pytest.mark.asyncio
async def test_cookie_from_register_works_for_me(client_factory):
email = unique_email("tokentest")
reg_response = await client_factory.post(
"/api/auth/register",
json={"email": email, "password": "password123"},
)
cookies = dict(reg_response.cookies)
async with client_factory.create(cookies=cookies) as authed:
me_response = await authed.get("/api/auth/me")
assert me_response.status_code == 200
assert me_response.json()["email"] == email
@pytest.mark.asyncio
async def test_cookie_from_login_works_for_me(client_factory):
email = unique_email("logintoken")
await client_factory.post(
"/api/auth/register",
json={"email": email, "password": "password123"},
)
login_response = await client_factory.post(
"/api/auth/login",
json={"email": email, "password": "password123"},
)
cookies = dict(login_response.cookies)
async with client_factory.create(cookies=cookies) as authed:
me_response = await authed.get("/api/auth/me")
assert me_response.status_code == 200
assert me_response.json()["email"] == email
# Multiple users tests
@pytest.mark.asyncio
async def test_multiple_users_isolated(client_factory):
email1 = unique_email("user1")
email2 = unique_email("user2")
resp1 = await client_factory.post(
"/api/auth/register",
json={"email": email1, "password": "password1"},
)
resp2 = await client_factory.post(
"/api/auth/register",
json={"email": email2, "password": "password2"},
)
cookies1 = dict(resp1.cookies)
cookies2 = dict(resp2.cookies)
async with client_factory.create(cookies=cookies1) as user1:
me1 = await user1.get("/api/auth/me")
async with client_factory.create(cookies=cookies2) as user2:
me2 = await user2.get("/api/auth/me")
assert me1.json()["email"] == email1
assert me2.json()["email"] == email2
assert me1.json()["id"] != me2.json()["id"]
# Password tests
@pytest.mark.asyncio
async def test_password_is_hashed(client):
email = unique_email("hashtest")
await client.post(
"/api/auth/register",
json={"email": email, "password": "mySecurePassword123"},
)
response = await client.post(
"/api/auth/login",
json={"email": email, "password": "mySecurePassword123"},
)
assert response.status_code == 200
@pytest.mark.asyncio
async def test_case_sensitive_password(client):
email = unique_email("casetest")
await client.post(
"/api/auth/register",
json={"email": email, "password": "Password123"},
)
response = await client.post(
"/api/auth/login",
json={"email": email, "password": "password123"},
)
assert response.status_code == 401
# Logout tests
@pytest.mark.asyncio
async def test_logout_success(client_factory):
email = unique_email("logout")
reg_response = await client_factory.post(
"/api/auth/register",
json={"email": email, "password": "password123"},
)
cookies = dict(reg_response.cookies)
async with client_factory.create(cookies=cookies) as authed:
logout_response = await authed.post("/api/auth/logout")
assert logout_response.status_code == 200
assert logout_response.json() == {"ok": True}
Reference in a new issue View git blame Copy permalink