import pytest from src.models import UserCreate def test_registration_and_login_flow(client): # Register response = client.post( "/api/auth/register", json={"email": "api_test@example.com", "password": "password123"} ) if response.status_code != 200: print(f"Registration failed: {response.json()}") assert response.status_code == 200 data = response.json() assert data["email"] == "api_test@example.com" # Login response = client.post( "/api/auth/login", json={"email": "api_test@example.com", "password": "password123"} ) assert response.status_code == 200 token_data = response.json() assert "access_token" in token_data token = token_data["access_token"] # Authorized access headers = {"Authorization": f"Bearer {token}"} response = client.get("/api/tasks/", headers=headers) assert response.status_code == 200 assert response.json() == [] def test_task_api_crud(client): # Register & Login client.post( "/api/auth/register", json={"email": "crud_test@example.com", "password": "password123"} ) login_resp = client.post( "/api/auth/login", json={"email": "crud_test@example.com", "password": "password123"} ) token = login_resp.json()["access_token"] headers = {"Authorization": f"Bearer {token}"} # Create response = client.post( "/api/tasks/", json={"title": "API Task", "description": "API Desc"}, headers=headers ) assert response.status_code == 200 data = response.json() task_id = data["id"] # Read response = client.get(f"/api/tasks/{task_id}", headers=headers) assert response.status_code == 200 assert response.json()["title"] == "API Task" # Update response = client.put( f"/api/tasks/{task_id}", json={"title": "Updated API Task", "completed": True}, headers=headers ) assert response.status_code == 200 assert response.json()["title"] == "Updated API Task" # Toggle response = client.patch(f"/api/tasks/{task_id}/complete", headers=headers) assert response.status_code == 200 assert response.json()["completed"] is False # Delete response = client.delete(f"/api/tasks/{task_id}", headers=headers) assert response.status_code == 200 # Verify deletion response = client.get(f"/api/tasks/{task_id}", headers=headers) assert response.status_code == 404 def test_multi_user_isolation(client): # User 1 client.post("/api/auth/register", json={"email": "u1@test.com", "password": "p1"}) login1 = client.post("/api/auth/login", json={"email": "u1@test.com", "password": "p1"}) token1 = login1.json()["access_token"] # User 2 client.post("/api/auth/register", json={"email": "u2@test.com", "password": "p2"}) login2 = client.post("/api/auth/login", json={"email": "u2@test.com", "password": "p2"}) token2 = login2.json()["access_token"] # User 1 creates a task res = client.post("/api/tasks/", json={"title": "U1 Task"}, headers={"Authorization": f"Bearer {token1}"}) assert res.status_code == 200 task_id = res.json()["id"] # User 2 tries to access User 1's task res = client.get(f"/api/tasks/{task_id}", headers={"Authorization": f"Bearer {token2}"}) assert res.status_code == 404 # User 2 tries to delete User 1's task res = client.delete(f"/api/tasks/{task_id}", headers={"Authorization": f"Bearer {token2}"}) assert res.status_code == 404