# tests/test_auth.py import pytest from fastapi import HTTPException class TestAuthenticationAPI: def test_register_user_success(self, client, db): """Test successful user registration""" response = client.post("/api/v1/auth/register", json={ "email": "newuser@example.com", "username": "newuser", "password": "securepass123" }) assert response.status_code == 200 data = response.json() assert data["email"] == "newuser@example.com" assert data["username"] == "newuser" assert data["role"] == "user" assert data["is_active"] is True assert "hashed_password" not in data def test_register_user_duplicate_email(self, client, test_user): """Test registration with duplicate email""" response = client.post("/api/v1/auth/register", json={ "email": test_user.email, # Same as test_user "username": "newuser", "password": "securepass123" }) assert response.status_code == 400 assert "Email already registered" in response.json()["detail"] def test_register_user_duplicate_username(self, client, test_user): """Test registration with duplicate username""" response = client.post("/api/v1/auth/register", json={ "email": "new@example.com", "username": test_user.username, # Same as test_user "password": "securepass123" }) assert response.status_code == 400 assert "Username already taken" in response.json()["detail"] def test_login_success(self, client, test_user): """Test successful login""" response = client.post("/api/v1/auth/login", json={ "username": test_user.username, "password": "testpass123" }) assert response.status_code == 200 data = response.json() assert "access_token" in data assert data["token_type"] == "bearer" assert "expires_in" in data assert data["user"]["username"] == test_user.username def test_login_wrong_password(self, client, test_user): """Test login with wrong password""" response = client.post("/api/v1/auth/login", json={ "username": "testuser", "password": "wrongpassword" }) assert response.status_code == 401 assert "Incorrect username or password" in response.json()["detail"] def test_login_nonexistent_user(self, client, db): # Added db fixture """Test login with nonexistent user""" response = client.post("/api/v1/auth/login", json={ "username": "nonexistent", "password": "password123" }) assert response.status_code == 401 def test_get_current_user_info(self, client, auth_headers, test_user): """Test getting current user info""" response = client.get("/api/v1/auth/me", headers=auth_headers) assert response.status_code == 200 data = response.json() assert data["username"] == test_user.username assert data["email"] == test_user.email def test_get_current_user_without_auth(self, client): """Test getting current user without authentication""" response = client.get("/api/v1/auth/me") assert response.status_code == 401 # No authorization header class TestAuthManager: def test_hash_password(self, auth_manager): """Test password hashing""" password = "testpassword123" hashed = auth_manager.hash_password(password) assert hashed != password assert len(hashed) > 20 # bcrypt hashes are long def test_verify_password(self, auth_manager): """Test password verification""" password = "testpassword123" hashed = auth_manager.hash_password(password) assert auth_manager.verify_password(password, hashed) is True assert auth_manager.verify_password("wrongpassword", hashed) is False def test_create_access_token(self, auth_manager, test_user): """Test JWT token creation""" token_data = auth_manager.create_access_token(test_user) assert "access_token" in token_data assert token_data["token_type"] == "bearer" assert "expires_in" in token_data assert isinstance(token_data["expires_in"], int)