Flash out API test suite

backend/tests/test_auth_api.py

@@ -0,0 +1,80 @@
+from app.crud.crud_user import user as crud_user
+from app.models.ppr import UserRole
+from app.schemas.ppr import UserCreate
+
+
+def test_login_rejects_invalid_credentials(client):
+    response = client.post(
+        "/api/v1/auth/login",
+        data={"username": "missing", "password": "wrong"},
+    )
+
+    assert response.status_code == 401
+    assert response.json()["detail"] == "Incorrect username or password"
+
+
+def test_login_returns_bearer_token_for_valid_user(client, db):
+    crud_user.create(
+        db,
+        UserCreate(username="tower", password="secret-password", role=UserRole.OPERATOR),
+        admin_user="test",
+    )
+
+    response = client.post(
+        "/api/v1/auth/login",
+        data={"username": "tower", "password": "secret-password"},
+    )
+
+    assert response.status_code == 200
+    body = response.json()
+    assert body["access_token"]
+    assert body["token_type"] == "bearer"
+    assert body["expires_in"] > 0
+
+
+def test_admin_user_crud_endpoints(auth_client):
+    create_response = auth_client.post(
+        "/api/v1/auth/users",
+        json={"username": "operator-one", "password": "secret-password", "role": "OPERATOR"},
+    )
+
+    assert create_response.status_code == 200
+    created = create_response.json()
+    assert created["username"] == "operator-one"
+    assert created["role"] == "OPERATOR"
+
+    duplicate_response = auth_client.post(
+        "/api/v1/auth/users",
+        json={"username": "operator-one", "password": "secret-password", "role": "OPERATOR"},
+    )
+
+    assert duplicate_response.status_code == 400
+
+    list_response = auth_client.get("/api/v1/auth/users")
+    assert list_response.status_code == 200
+    assert [user["username"] for user in list_response.json()] == ["operator-one"]
+
+    update_response = auth_client.put(
+        f"/api/v1/auth/users/{created['id']}",
+        json={"role": "READ_ONLY"},
+    )
+    assert update_response.status_code == 200
+    assert update_response.json()["role"] == "READ_ONLY"
+
+    password_response = auth_client.post(
+        f"/api/v1/auth/users/{created['id']}/change-password",
+        json={"password": "new-secret-password"},
+    )
+    assert password_response.status_code == 200
+
+
+def test_admin_user_endpoints_return_not_found(auth_client):
+    assert auth_client.get("/api/v1/auth/users/404").status_code == 404
+    assert auth_client.put("/api/v1/auth/users/404", json={"role": "OPERATOR"}).status_code == 404
+    assert (
+        auth_client.post(
+            "/api/v1/auth/users/404/change-password",
+            json={"password": "new-secret-password"},
+        ).status_code
+        == 404
+    )