behavior_backend/tests/test_auth.py

import pytest
from fastapi.testclient import TestClient
import uuid
from sqlalchemy.orm import Session

from app.main import app
from app.db.models import User
from app.utils.security import get_password_hash

client = TestClient(app)

def test_create_user():
    """Test user creation endpoint."""
    user_data = {
        "email": f"test_{uuid.uuid4()}@example.com",
        "password": "testpassword",
        "first_name": "Test",
        "last_name": "User"
    }
    
    response = client.post("/api/users/", json=user_data)
    assert response.status_code == 201
    data = response.json()
    assert data["email"] == user_data["email"]
    assert "id" in data
    assert "hashed_password" not in data
    
    # Clean up - delete the user
    # This would require a separate delete endpoint or direct DB access

def test_login_with_email():
    """Test login with email endpoint."""
    # Create a test user
    user_email = f"test_{uuid.uuid4()}@example.com"
    user_password = "testpassword"
    
    user_data = {
        "email": user_email,
        "password": user_password,
        "first_name": "Test",
        "last_name": "User"
    }
    
    # Create user
    client.post("/api/users/", json=user_data)
    
    # Login
    login_data = {
        "email": user_email,
        "password": user_password
    }
    
    response = client.post("/api/auth/login/email", json=login_data)
    assert response.status_code == 200
    data = response.json()
    assert "access_token" in data
    assert data["token_type"] == "bearer"
    
    # Test with invalid password
    login_data["password"] = "wrongpassword"
    response = client.post("/api/auth/login/email", json=login_data)
    assert response.status_code == 401

def test_login_oauth2():
    """Test OAuth2 login endpoint."""
    # Create a test user
    user_email = f"test_{uuid.uuid4()}@example.com"
    user_password = "testpassword"
    
    user_data = {
        "email": user_email,
        "password": user_password,
        "first_name": "Test",
        "last_name": "User"
    }
    
    # Create user
    client.post("/api/users/", json=user_data)
    
    # Login with OAuth2
    login_data = {
        "username": user_email,  # OAuth2 uses username for email
        "password": user_password
    }
    
    response = client.post("/api/auth/login", data=login_data)
    assert response.status_code == 200
    data = response.json()
    assert "access_token" in data
    assert data["token_type"] == "bearer"

def test_protected_endpoint():
    """Test accessing a protected endpoint."""
    # Create a test user
    user_email = f"test_{uuid.uuid4()}@example.com"
    user_password = "testpassword"
    
    user_data = {
        "email": user_email,
        "password": user_password,
        "first_name": "Test",
        "last_name": "User"
    }
    
    # Create user
    response = client.post("/api/users/", json=user_data)
    user_id = response.json()["id"]
    
    # Login
    login_data = {
        "username": user_email,
        "password": user_password
    }
    
    response = client.post("/api/auth/login", data=login_data)
    token = response.json()["access_token"]
    
    # Access protected endpoint
    headers = {"Authorization": f"Bearer {token}"}
    
    # Test /me endpoint
    response = client.get("/api/users/me", headers=headers)
    assert response.status_code == 200
    data = response.json()
    assert data["email"] == user_email
    
    # Test user by ID endpoint
    response = client.get(f"/api/users/{user_id}", headers=headers)
    assert response.status_code == 200
    data = response.json()
    assert data["email"] == user_email
    
    # Test without token
    response = client.get("/api/users/me")
    assert response.status_code == 401