"""Test authentication API routes.""" import pytest from flask_bcrypt import Bcrypt from app import db from app.models.admin import Admin @pytest.fixture def bcrypt_instance(app): """Create bcrypt instance for testing.""" bcrypt = Bcrypt(app) return bcrypt @pytest.fixture def test_admin(app, db_session, bcrypt_instance): """Create a test admin for authentication tests.""" with app.app_context(): password_hash = bcrypt_instance.generate_password_hash('testpassword123').decode('utf-8') admin = Admin( username='testadmin', password_hash=password_hash ) db.session.add(admin) db.session.commit() yield admin def test_login_success(client, test_admin): """Test successful login returns JWT token.""" response = client.post('/api/auth/login', json={ 'username': 'testadmin', 'password': 'testpassword123' }) assert response.status_code == 200 data = response.get_json() assert data['success'] is True assert 'token' in data['data'] assert data['data']['admin']['username'] == 'testadmin' def test_login_invalid_username(client, test_admin): """Test login with invalid username returns 401.""" response = client.post('/api/auth/login', json={ 'username': 'wronguser', 'password': 'testpassword123' }) assert response.status_code == 401 data = response.get_json() assert data['success'] is False assert data['code'] == 'AUTH_ERROR' def test_login_invalid_password(client, test_admin): """Test login with invalid password returns 401.""" response = client.post('/api/auth/login', json={ 'username': 'testadmin', 'password': 'wrongpassword' }) assert response.status_code == 401 data = response.get_json() assert data['success'] is False assert data['code'] == 'AUTH_ERROR' def test_login_missing_credentials(client, test_admin): """Test login with missing credentials returns 400.""" response = client.post('/api/auth/login', json={ 'username': '', 'password': '' }) assert response.status_code == 400 data = response.get_json() assert data['success'] is False assert data['code'] == 'VALIDATION_ERROR' def test_me_with_valid_token(client, test_admin): """Test /me endpoint with valid token returns admin info.""" # First login to get token login_response = client.post('/api/auth/login', json={ 'username': 'testadmin', 'password': 'testpassword123' }) token = login_response.get_json()['data']['token'] # Then call /me with token response = client.get('/api/auth/me', headers={ 'Authorization': f'Bearer {token}' }) assert response.status_code == 200 data = response.get_json() assert data['success'] is True assert data['data']['username'] == 'testadmin' def test_me_without_token(client, test_admin): """Test /me endpoint without token returns 401.""" response = client.get('/api/auth/me') assert response.status_code == 401 data = response.get_json() assert data['success'] is False assert data['code'] == 'UNAUTHORIZED' def test_me_with_invalid_token(client, test_admin): """Test /me endpoint with invalid token returns 401.""" response = client.get('/api/auth/me', headers={ 'Authorization': 'Bearer invalid_token_here' }) assert response.status_code == 401 data = response.get_json() assert data['success'] is False assert data['code'] == 'INVALID_TOKEN'