jamesp/ppr-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a3f1a10bf525bc32d8b0d0484835059ed480b1fa
ppr-ng/backend/tests/test_auth_api.py
T
jamesp fc394b8555 Flash out API test suite
2026-06-20 04:01:24 -04:00

81 lines
2.6 KiB
Python
Raw Blame History

from app.crud.crud_user import user as crud_user
from app.models.ppr import UserRole
from app.schemas.ppr import UserCreate
def test_login_rejects_invalid_credentials(client):
response = client.post(
"/api/v1/auth/login",
data={"username": "missing", "password": "wrong"},
)
assert response.status_code == 401
assert response.json()["detail"] == "Incorrect username or password"
def test_login_returns_bearer_token_for_valid_user(client, db):
crud_user.create(
db,
UserCreate(username="tower", password="secret-password", role=UserRole.OPERATOR),
admin_user="test",
)
response = client.post(
"/api/v1/auth/login",
data={"username": "tower", "password": "secret-password"},
)
assert response.status_code == 200
body = response.json()
assert body["access_token"]
assert body["token_type"] == "bearer"
assert body["expires_in"] > 0
def test_admin_user_crud_endpoints(auth_client):
create_response = auth_client.post(
"/api/v1/auth/users",
json={"username": "operator-one", "password": "secret-password", "role": "OPERATOR"},
)
assert create_response.status_code == 200
created = create_response.json()
assert created["username"] == "operator-one"
assert created["role"] == "OPERATOR"
duplicate_response = auth_client.post(
"/api/v1/auth/users",
json={"username": "operator-one", "password": "secret-password", "role": "OPERATOR"},
)
assert duplicate_response.status_code == 400
list_response = auth_client.get("/api/v1/auth/users")
assert list_response.status_code == 200
assert [user["username"] for user in list_response.json()] == ["operator-one"]
update_response = auth_client.put(
f"/api/v1/auth/users/{created['id']}",
json={"role": "READ_ONLY"},
)
assert update_response.status_code == 200
assert update_response.json()["role"] == "READ_ONLY"
password_response = auth_client.post(
f"/api/v1/auth/users/{created['id']}/change-password",
json={"password": "new-secret-password"},
)
assert password_response.status_code == 200
def test_admin_user_endpoints_return_not_found(auth_client):
assert auth_client.get("/api/v1/auth/users/404").status_code == 404
assert auth_client.put("/api/v1/auth/users/404", json={"role": "OPERATOR"}).status_code == 404
assert (
auth_client.post(
"/api/v1/auth/users/404/change-password",
json={"password": "new-secret-password"},
).status_code
== 404
)
Reference in New Issue View Git Blame Copy Permalink