File size: 3,936 Bytes
0e76632 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 | """Tests for /auth endpoints."""
import pytest
@pytest.mark.asyncio
async def test_login_success(client, test_user):
user, password = test_user
resp = await client.post("/api/v1/auth/login", json={
"roll_number": user.roll_number,
"password": password,
})
assert resp.status_code == 200
data = resp.json()
assert "access_token" in data
assert "refresh_token" in data
assert data["token_type"] == "bearer"
assert data["user"]["roll_number"] == "21CS045"
assert data["user"]["role"] == "student"
@pytest.mark.asyncio
async def test_login_wrong_password(client, test_user):
user, _ = test_user
resp = await client.post("/api/v1/auth/login", json={
"roll_number": user.roll_number,
"password": "wrongpassword",
})
assert resp.status_code == 401
@pytest.mark.asyncio
async def test_login_nonexistent_user(client):
resp = await client.post("/api/v1/auth/login", json={
"roll_number": "99XX999",
"password": "whatever123",
})
assert resp.status_code == 401
@pytest.mark.asyncio
async def test_me_with_token(client, auth_headers):
resp = await client.get("/api/v1/auth/me", headers=auth_headers)
assert resp.status_code == 200
data = resp.json()
assert data["roll_number"] == "21CS045"
assert "quota" in data
@pytest.mark.asyncio
async def test_me_without_token(client):
resp = await client.get("/api/v1/auth/me")
assert resp.status_code == 403 # No auth header
@pytest.mark.asyncio
async def test_me_with_api_key(client, test_user):
user, _ = test_user
resp = await client.get("/api/v1/auth/me", headers={
"Authorization": f"Bearer {user.api_key}",
})
assert resp.status_code == 200
assert resp.json()["roll_number"] == "21CS045"
@pytest.mark.asyncio
async def test_refresh_token(client, test_user):
user, password = test_user
# Login first
login_resp = await client.post("/api/v1/auth/login", json={
"roll_number": user.roll_number,
"password": password,
})
refresh_token = login_resp.json()["refresh_token"]
# Refresh
resp = await client.post("/api/v1/auth/refresh", json={
"refresh_token": refresh_token,
})
assert resp.status_code == 200
assert "access_token" in resp.json()
@pytest.mark.asyncio
async def test_logout(client, test_user):
user, password = test_user
# Login
login_resp = await client.post("/api/v1/auth/login", json={
"roll_number": user.roll_number,
"password": password,
})
token = login_resp.json()["access_token"]
refresh = login_resp.json()["refresh_token"]
# Logout
resp = await client.post("/api/v1/auth/logout", headers={"Authorization": f"Bearer {token}"})
assert resp.status_code == 200
# Refresh should now fail
resp = await client.post("/api/v1/auth/refresh", json={"refresh_token": refresh})
assert resp.status_code == 401
@pytest.mark.asyncio
async def test_change_password(client, auth_headers, test_user):
resp = await client.post("/api/v1/auth/change-password", headers=auth_headers, json={
"old_password": "password123",
"new_password": "newpassword456",
})
assert resp.status_code == 200
# Login with new password
user, _ = test_user
resp = await client.post("/api/v1/auth/login", json={
"roll_number": user.roll_number,
"password": "newpassword456",
})
assert resp.status_code == 200
@pytest.mark.asyncio
async def test_change_password_wrong_old(client, auth_headers):
resp = await client.post("/api/v1/auth/change-password", headers=auth_headers, json={
"old_password": "wrongoldpassword",
"new_password": "newpassword456",
})
assert resp.status_code == 401
|