import pytest from fastapi.testclient import TestClient import uuid from sqlalchemy.orm import Session from app.main import app from app.db.models import User from app.utils.security import get_password_hash client = TestClient(app) def test_create_user(): """Test user creation endpoint.""" user_data = { "email": f"test_{uuid.uuid4()}@example.com", "password": "testpassword", "first_name": "Test", "last_name": "User" } response = client.post("/api/users/", json=user_data) assert response.status_code == 201 data = response.json() assert data["email"] == user_data["email"] assert "id" in data assert "hashed_password" not in data # Clean up - delete the user # This would require a separate delete endpoint or direct DB access def test_login_with_email(): """Test login with email endpoint.""" # Create a test user user_email = f"test_{uuid.uuid4()}@example.com" user_password = "testpassword" user_data = { "email": user_email, "password": user_password, "first_name": "Test", "last_name": "User" } # Create user client.post("/api/users/", json=user_data) # Login login_data = { "email": user_email, "password": user_password } response = client.post("/api/auth/login/email", json=login_data) assert response.status_code == 200 data = response.json() assert "access_token" in data assert data["token_type"] == "bearer" # Test with invalid password login_data["password"] = "wrongpassword" response = client.post("/api/auth/login/email", json=login_data) assert response.status_code == 401 def test_login_oauth2(): """Test OAuth2 login endpoint.""" # Create a test user user_email = f"test_{uuid.uuid4()}@example.com" user_password = "testpassword" user_data = { "email": user_email, "password": user_password, "first_name": "Test", "last_name": "User" } # Create user client.post("/api/users/", json=user_data) # Login with OAuth2 login_data = { "username": user_email, # OAuth2 uses username for email "password": user_password } response = client.post("/api/auth/login", data=login_data) assert response.status_code == 200 data = response.json() assert "access_token" in data assert data["token_type"] == "bearer" def test_protected_endpoint(): """Test accessing a protected endpoint.""" # Create a test user user_email = f"test_{uuid.uuid4()}@example.com" user_password = "testpassword" user_data = { "email": user_email, "password": user_password, "first_name": "Test", "last_name": "User" } # Create user response = client.post("/api/users/", json=user_data) user_id = response.json()["id"] # Login login_data = { "username": user_email, "password": user_password } response = client.post("/api/auth/login", data=login_data) token = response.json()["access_token"] # Access protected endpoint headers = {"Authorization": f"Bearer {token}"} # Test /me endpoint response = client.get("/api/users/me", headers=headers) assert response.status_code == 200 data = response.json() assert data["email"] == user_email # Test user by ID endpoint response = client.get(f"/api/users/{user_id}", headers=headers) assert response.status_code == 200 data = response.json() assert data["email"] == user_email # Test without token response = client.get("/api/users/me") assert response.status_code == 401