iaun
/
work-statistics


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121
							"""Test authentication API routes."""
import pytest
from flask_bcrypt import Bcrypt
from app import db
from app.models.admin import Admin


@pytest.fixture
def bcrypt_instance(app):
    """Create bcrypt instance for testing."""
    bcrypt = Bcrypt(app)
    return bcrypt


@pytest.fixture
def test_admin(app, db_session, bcrypt_instance):
    """Create a test admin for authentication tests."""
    with app.app_context():
        password_hash = bcrypt_instance.generate_password_hash('testpassword123').decode('utf-8')
        admin = Admin(
            username='testadmin',
            password_hash=password_hash
        )
        db.session.add(admin)
        db.session.commit()
        yield admin


def test_login_success(client, test_admin):
    """Test successful login returns JWT token."""
    response = client.post('/api/auth/login', json={
        'username': 'testadmin',
        'password': 'testpassword123'
    })
    
    assert response.status_code == 200
    data = response.get_json()
    assert data['success'] is True
    assert 'token' in data['data']
    assert data['data']['admin']['username'] == 'testadmin'


def test_login_invalid_username(client, test_admin):
    """Test login with invalid username returns 401."""
    response = client.post('/api/auth/login', json={
        'username': 'wronguser',
        'password': 'testpassword123'
    })
    
    assert response.status_code == 401
    data = response.get_json()
    assert data['success'] is False
    assert data['code'] == 'AUTH_ERROR'


def test_login_invalid_password(client, test_admin):
    """Test login with invalid password returns 401."""
    response = client.post('/api/auth/login', json={
        'username': 'testadmin',
        'password': 'wrongpassword'
    })
    
    assert response.status_code == 401
    data = response.get_json()
    assert data['success'] is False
    assert data['code'] == 'AUTH_ERROR'


def test_login_missing_credentials(client, test_admin):
    """Test login with missing credentials returns 400."""
    response = client.post('/api/auth/login', json={
        'username': '',
        'password': ''
    })
    
    assert response.status_code == 400
    data = response.get_json()
    assert data['success'] is False
    assert data['code'] == 'VALIDATION_ERROR'


def test_me_with_valid_token(client, test_admin):
    """Test /me endpoint with valid token returns admin info."""
    # First login to get token
    login_response = client.post('/api/auth/login', json={
        'username': 'testadmin',
        'password': 'testpassword123'
    })
    token = login_response.get_json()['data']['token']
    
    # Then call /me with token
    response = client.get('/api/auth/me', headers={
        'Authorization': f'Bearer {token}'
    })
    
    assert response.status_code == 200
    data = response.get_json()
    assert data['success'] is True
    assert data['data']['username'] == 'testadmin'


def test_me_without_token(client, test_admin):
    """Test /me endpoint without token returns 401."""
    response = client.get('/api/auth/me')
    
    assert response.status_code == 401
    data = response.get_json()
    assert data['success'] is False
    assert data['code'] == 'UNAUTHORIZED'


def test_me_with_invalid_token(client, test_admin):
    """Test /me endpoint with invalid token returns 401."""
    response = client.get('/api/auth/me', headers={
        'Authorization': 'Bearer invalid_token_here'
    })
    
    assert response.status_code == 401
    data = response.get_json()
    assert data['success'] is False
    assert data['code'] == 'INVALID_TOKEN'