87 lines
2.8 KiB
Python
87 lines
2.8 KiB
Python
"""Integration tests for authentication endpoints."""
|
|
|
|
import pytest
|
|
|
|
|
|
@pytest.mark.integration
|
|
class TestAuthIntegration:
|
|
"""Integration tests for authentication flow."""
|
|
|
|
def test_login_success(self, client, test_login):
|
|
"""Test successful login with real DB API."""
|
|
response = client.post(
|
|
"/api/v1/auth/login",
|
|
params={"login": test_login}
|
|
)
|
|
|
|
assert response.status_code == 200
|
|
|
|
data = response.json()
|
|
assert "access_token" in data
|
|
assert data["token_type"] == "bearer"
|
|
assert "user" in data
|
|
|
|
user = data["user"]
|
|
assert user["login"] == test_login
|
|
assert "user_id" in user
|
|
assert "created_at" in user
|
|
assert "last_login_at" in user
|
|
|
|
def test_login_invalid_format(self, client):
|
|
"""Test login with invalid format."""
|
|
response = client.post(
|
|
"/api/v1/auth/login",
|
|
params={"login": "123"} # Too short
|
|
)
|
|
|
|
assert response.status_code == 422 # Validation error
|
|
|
|
def test_login_nonexistent_user(self, client):
|
|
"""Test login with non-existent user."""
|
|
response = client.post(
|
|
"/api/v1/auth/login",
|
|
params={"login": "00000000"} # Likely doesn't exist
|
|
)
|
|
|
|
# Should return 404 if user doesn't exist in DB API
|
|
# Or create user if DB API auto-creates
|
|
assert response.status_code in [200, 404]
|
|
|
|
def test_token_contains_user_info(self, client, test_login):
|
|
"""Test that JWT token contains user information."""
|
|
from app.utils.security import decode_access_token
|
|
|
|
response = client.post(
|
|
"/api/v1/auth/login",
|
|
params={"login": test_login}
|
|
)
|
|
|
|
assert response.status_code == 200
|
|
token = response.json()["access_token"]
|
|
|
|
# Decode token
|
|
payload = decode_access_token(token)
|
|
assert payload["login"] == test_login
|
|
assert "user_id" in payload
|
|
assert "exp" in payload
|
|
|
|
def test_protected_endpoint_without_token(self, client):
|
|
"""Test accessing protected endpoint without token."""
|
|
response = client.get("/api/v1/settings")
|
|
|
|
assert response.status_code == 401
|
|
|
|
def test_protected_endpoint_with_token(self, client, auth_headers):
|
|
"""Test accessing protected endpoint with valid token."""
|
|
response = client.get("/api/v1/settings", headers=auth_headers)
|
|
|
|
# Should return 200 (or 404 if no settings yet)
|
|
assert response.status_code in [200, 404]
|
|
|
|
def test_protected_endpoint_with_invalid_token(self, client):
|
|
"""Test accessing protected endpoint with invalid token."""
|
|
headers = {"Authorization": "Bearer invalid_token_here"}
|
|
response = client.get("/api/v1/settings", headers=headers)
|
|
|
|
assert response.status_code == 401
|