# tests/fixtures/auth_fixtures.py """ Authentication-related test fixtures. Note: Fixtures should NOT use db.expunge() as it breaks lazy loading. See tests/conftest.py for details on fixture best practices. """ import uuid import pytest from app.modules.tenancy.models import User from middleware.auth import AuthManager @pytest.fixture(scope="session") def auth_manager(): """Create auth manager instance (session scope since it's stateless).""" return AuthManager() @pytest.fixture def test_user(db, auth_manager): """Create a test user with unique username.""" unique_id = str(uuid.uuid4())[:8] hashed_password = auth_manager.hash_password("testpass123") user = User( email=f"test_{unique_id}@example.com", username=f"testuser_{unique_id}", hashed_password=hashed_password, role="store_member", is_active=True, is_email_verified=True, ) db.add(user) db.commit() db.refresh(user) return user @pytest.fixture def test_admin(db, auth_manager): """Create a test admin user with unique username (super admin by default).""" unique_id = str(uuid.uuid4())[:8] hashed_password = auth_manager.hash_password("adminpass123") admin = User( email=f"admin_{unique_id}@example.com", username=f"admin_{unique_id}", hashed_password=hashed_password, role="super_admin", is_active=True, is_email_verified=True, ) db.add(admin) db.commit() db.refresh(admin) return admin @pytest.fixture def test_super_admin(db, auth_manager): """Create a test super admin user with unique username.""" unique_id = str(uuid.uuid4())[:8] hashed_password = auth_manager.hash_password("superadminpass123") admin = User( email=f"superadmin_{unique_id}@example.com", username=f"superadmin_{unique_id}", hashed_password=hashed_password, role="super_admin", is_active=True, is_email_verified=True, ) db.add(admin) db.commit() db.refresh(admin) return admin @pytest.fixture def test_platform_admin(db, auth_manager): """Create a test platform admin user (not super admin).""" unique_id = str(uuid.uuid4())[:8] hashed_password = auth_manager.hash_password("platformadminpass123") admin = User( email=f"platformadmin_{unique_id}@example.com", username=f"platformadmin_{unique_id}", hashed_password=hashed_password, role="platform_admin", is_active=True, is_email_verified=True, ) db.add(admin) db.commit() db.refresh(admin) return admin @pytest.fixture def super_admin_headers(client, test_super_admin): """Get authentication headers for super admin user.""" response = client.post( "/api/v1/admin/auth/login", json={"email_or_username": test_super_admin.username, "password": "superadminpass123"}, ) assert response.status_code == 200, f"Super admin login failed: {response.text}" token = response.json()["access_token"] return {"Authorization": f"Bearer {token}"} @pytest.fixture def platform_admin_headers(client, test_platform_admin): """Get authentication headers for platform admin user (no platform context yet).""" response = client.post( "/api/v1/admin/auth/login", json={"email_or_username": test_platform_admin.username, "password": "platformadminpass123"}, ) assert response.status_code == 200, f"Platform admin login failed: {response.text}" token = response.json()["access_token"] return {"Authorization": f"Bearer {token}"} @pytest.fixture def another_admin(db, auth_manager): """Create another test admin user for testing admin-to-admin interactions.""" unique_id = str(uuid.uuid4())[:8] hashed_password = auth_manager.hash_password("anotheradminpass123") admin = User( email=f"another_admin_{unique_id}@example.com", username=f"another_admin_{unique_id}", hashed_password=hashed_password, role="super_admin", is_active=True, is_email_verified=True, ) db.add(admin) db.commit() db.refresh(admin) return admin @pytest.fixture def other_user(db, auth_manager): """Create a different user for testing access controls.""" unique_id = str(uuid.uuid4())[:8] hashed_password = auth_manager.hash_password("otherpass123") user = User( email=f"other_{unique_id}@example.com", username=f"otheruser_{unique_id}", hashed_password=hashed_password, role="store_member", is_active=True, is_email_verified=True, ) db.add(user) db.commit() db.refresh(user) return user @pytest.fixture def auth_headers(test_user, auth_manager): """Get authentication headers for test user (non-admin). Uses direct JWT generation to avoid store context requirement of shop login. This is used for testing non-admin access to admin endpoints. """ token_data = auth_manager.create_access_token(user=test_user) return {"Authorization": f"Bearer {token_data['access_token']}"} @pytest.fixture def admin_headers(client, test_admin): """Get authentication headers for admin user""" response = client.post( "/api/v1/admin/auth/login", json={"email_or_username": test_admin.username, "password": "adminpass123"}, ) assert response.status_code == 200, f"Admin login failed: {response.text}" token = response.json()["access_token"] return {"Authorization": f"Bearer {token}"} @pytest.fixture def test_store_user(db, auth_manager): """Create a test store user with unique username.""" unique_id = str(uuid.uuid4())[:8] hashed_password = auth_manager.hash_password("storepass123") user = User( email=f"store_{unique_id}@example.com", username=f"storeuser_{unique_id}", hashed_password=hashed_password, role="merchant_owner", is_active=True, is_email_verified=True, ) db.add(user) db.commit() db.refresh(user) return user @pytest.fixture def store_user_headers(client, test_store_user, test_store_with_store_user): """Get authentication headers for store user (uses get_current_store_api). Depends on test_store_with_store_user to ensure StoreUser association exists. """ response = client.post( "/api/v1/store/auth/login", json={ "email_or_username": test_store_user.username, "password": "storepass123", }, ) assert response.status_code == 200, f"Store login failed: {response.text}" token = response.json()["access_token"] return {"Authorization": f"Bearer {token}"}