import pytest @pytest.mark.anyio async def test_login_returns_bearer_token(raw_api_client) -> None: response = await raw_api_client.post( "/api/auth/login", json={"username": "admin", "password": "changeme-iron"}, ) assert response.status_code == 200 payload = response.json() assert payload["token_type"] == "bearer" assert payload["access_token"].startswith("iron_") assert payload["user"]["username"] == "admin" @pytest.mark.anyio async def test_login_rejects_invalid_password(raw_api_client) -> None: response = await raw_api_client.post( "/api/auth/login", json={"username": "admin", "password": "wrong-password"}, ) assert response.status_code == 401 assert response.json()["error"]["code"] == "authentication_failed" @pytest.mark.anyio async def test_me_requires_authentication(raw_api_client) -> None: response = await raw_api_client.get("/api/auth/me") assert response.status_code == 401 assert response.json()["error"]["code"] == "unauthorized" @pytest.mark.anyio async def test_me_returns_current_user(api_client) -> None: response = await api_client.get("/api/auth/me") assert response.status_code == 200 assert response.json()["user"]["username"] == "admin" @pytest.mark.anyio async def test_logout_revokes_session(api_client) -> None: logout_response = await api_client.post("/api/auth/logout") assert logout_response.status_code == 200 assert logout_response.json() == {"success": True} me_response = await api_client.get("/api/auth/me") assert me_response.status_code == 401 assert me_response.json()["error"]["code"] == "unauthorized" @pytest.mark.anyio async def test_protected_route_requires_authentication(raw_api_client) -> None: response = await raw_api_client.get("/api/directories/dir_root/children") assert response.status_code == 401 assert response.json()["error"]["code"] == "unauthorized"