You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
61 lines
1.9 KiB
61 lines
1.9 KiB
import pytest
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_login_returns_bearer_token(raw_api_client) -> None:
|
|
response = await raw_api_client.post(
|
|
"/api/auth/login",
|
|
json={"username": "admin", "password": "changeme-iron"},
|
|
)
|
|
|
|
assert response.status_code == 200
|
|
payload = response.json()
|
|
assert payload["token_type"] == "bearer"
|
|
assert payload["access_token"].startswith("iron_")
|
|
assert payload["user"]["username"] == "admin"
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_login_rejects_invalid_password(raw_api_client) -> None:
|
|
response = await raw_api_client.post(
|
|
"/api/auth/login",
|
|
json={"username": "admin", "password": "wrong-password"},
|
|
)
|
|
|
|
assert response.status_code == 401
|
|
assert response.json()["error"]["code"] == "authentication_failed"
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_me_requires_authentication(raw_api_client) -> None:
|
|
response = await raw_api_client.get("/api/auth/me")
|
|
|
|
assert response.status_code == 401
|
|
assert response.json()["error"]["code"] == "unauthorized"
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_me_returns_current_user(api_client) -> None:
|
|
response = await api_client.get("/api/auth/me")
|
|
|
|
assert response.status_code == 200
|
|
assert response.json()["user"]["username"] == "admin"
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_logout_revokes_session(api_client) -> None:
|
|
logout_response = await api_client.post("/api/auth/logout")
|
|
assert logout_response.status_code == 200
|
|
assert logout_response.json() == {"success": True}
|
|
|
|
me_response = await api_client.get("/api/auth/me")
|
|
assert me_response.status_code == 401
|
|
assert me_response.json()["error"]["code"] == "unauthorized"
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_protected_route_requires_authentication(raw_api_client) -> None:
|
|
response = await raw_api_client.get("/api/directories/dir_root/children")
|
|
|
|
assert response.status_code == 401
|
|
assert response.json()["error"]["code"] == "unauthorized"
|
|
|