Samir Boulahtit
d9fc52d47a
Some checks failed
- Add EmailVerificationToken and UserPasswordResetToken models with migration - Add email verification flow: verify-email page route, resend-verification API - Block login for unverified users (EmailNotVerifiedException in auth_service) - Add forgot-password/reset-password endpoints for merchant and store auth - Add "Forgot Password?" links to merchant and store login pages - Send welcome email with verification link on merchant creation - Seed email_verification and merchant_password_reset email templates - Fix db-reset Makefile to run all init-prod seed scripts - Add UserAuthService to satisfy architecture validation rules - Add 52 new tests (unit + integration) with full coverage Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
223 lines
6.7 KiB
Python
223 lines
6.7 KiB
Python
# tests/fixtures/auth_fixtures.py
|
|
"""
|
|
Authentication-related test fixtures.
|
|
|
|
Note: Fixtures should NOT use db.expunge() as it breaks lazy loading.
|
|
See tests/conftest.py for details on fixture best practices.
|
|
"""
|
|
|
|
import uuid
|
|
|
|
import pytest
|
|
|
|
from app.modules.tenancy.models import User
|
|
from middleware.auth import AuthManager
|
|
|
|
|
|
@pytest.fixture(scope="session")
|
|
def auth_manager():
|
|
"""Create auth manager instance (session scope since it's stateless)."""
|
|
return AuthManager()
|
|
|
|
|
|
@pytest.fixture
|
|
def test_user(db, auth_manager):
|
|
"""Create a test user with unique username."""
|
|
unique_id = str(uuid.uuid4())[:8]
|
|
hashed_password = auth_manager.hash_password("testpass123")
|
|
user = User(
|
|
email=f"test_{unique_id}@example.com",
|
|
username=f"testuser_{unique_id}",
|
|
hashed_password=hashed_password,
|
|
role="user",
|
|
is_active=True,
|
|
is_email_verified=True,
|
|
)
|
|
db.add(user)
|
|
db.commit()
|
|
db.refresh(user)
|
|
return user
|
|
|
|
|
|
@pytest.fixture
|
|
def test_admin(db, auth_manager):
|
|
"""Create a test admin user with unique username (super admin by default)."""
|
|
unique_id = str(uuid.uuid4())[:8]
|
|
hashed_password = auth_manager.hash_password("adminpass123")
|
|
admin = User(
|
|
email=f"admin_{unique_id}@example.com",
|
|
username=f"admin_{unique_id}",
|
|
hashed_password=hashed_password,
|
|
role="admin",
|
|
is_active=True,
|
|
is_email_verified=True,
|
|
is_super_admin=True, # Full platform access
|
|
)
|
|
db.add(admin)
|
|
db.commit()
|
|
db.refresh(admin)
|
|
return admin
|
|
|
|
|
|
@pytest.fixture
|
|
def test_super_admin(db, auth_manager):
|
|
"""Create a test super admin user with unique username."""
|
|
unique_id = str(uuid.uuid4())[:8]
|
|
hashed_password = auth_manager.hash_password("superadminpass123")
|
|
admin = User(
|
|
email=f"superadmin_{unique_id}@example.com",
|
|
username=f"superadmin_{unique_id}",
|
|
hashed_password=hashed_password,
|
|
role="admin",
|
|
is_active=True,
|
|
is_email_verified=True,
|
|
is_super_admin=True,
|
|
)
|
|
db.add(admin)
|
|
db.commit()
|
|
db.refresh(admin)
|
|
return admin
|
|
|
|
|
|
@pytest.fixture
|
|
def test_platform_admin(db, auth_manager):
|
|
"""Create a test platform admin user (not super admin)."""
|
|
unique_id = str(uuid.uuid4())[:8]
|
|
hashed_password = auth_manager.hash_password("platformadminpass123")
|
|
admin = User(
|
|
email=f"platformadmin_{unique_id}@example.com",
|
|
username=f"platformadmin_{unique_id}",
|
|
hashed_password=hashed_password,
|
|
role="admin",
|
|
is_active=True,
|
|
is_email_verified=True,
|
|
is_super_admin=False, # Platform admin, not super admin
|
|
)
|
|
db.add(admin)
|
|
db.commit()
|
|
db.refresh(admin)
|
|
return admin
|
|
|
|
|
|
@pytest.fixture
|
|
def super_admin_headers(client, test_super_admin):
|
|
"""Get authentication headers for super admin user."""
|
|
response = client.post(
|
|
"/api/v1/admin/auth/login",
|
|
json={"email_or_username": test_super_admin.username, "password": "superadminpass123"},
|
|
)
|
|
assert response.status_code == 200, f"Super admin login failed: {response.text}"
|
|
token = response.json()["access_token"]
|
|
return {"Authorization": f"Bearer {token}"}
|
|
|
|
|
|
@pytest.fixture
|
|
def platform_admin_headers(client, test_platform_admin):
|
|
"""Get authentication headers for platform admin user (no platform context yet)."""
|
|
response = client.post(
|
|
"/api/v1/admin/auth/login",
|
|
json={"email_or_username": test_platform_admin.username, "password": "platformadminpass123"},
|
|
)
|
|
assert response.status_code == 200, f"Platform admin login failed: {response.text}"
|
|
token = response.json()["access_token"]
|
|
return {"Authorization": f"Bearer {token}"}
|
|
|
|
|
|
@pytest.fixture
|
|
def another_admin(db, auth_manager):
|
|
"""Create another test admin user for testing admin-to-admin interactions."""
|
|
unique_id = str(uuid.uuid4())[:8]
|
|
hashed_password = auth_manager.hash_password("anotheradminpass123")
|
|
admin = User(
|
|
email=f"another_admin_{unique_id}@example.com",
|
|
username=f"another_admin_{unique_id}",
|
|
hashed_password=hashed_password,
|
|
role="admin",
|
|
is_active=True,
|
|
is_email_verified=True,
|
|
is_super_admin=True, # Full platform access
|
|
)
|
|
db.add(admin)
|
|
db.commit()
|
|
db.refresh(admin)
|
|
return admin
|
|
|
|
|
|
@pytest.fixture
|
|
def other_user(db, auth_manager):
|
|
"""Create a different user for testing access controls."""
|
|
unique_id = str(uuid.uuid4())[:8]
|
|
hashed_password = auth_manager.hash_password("otherpass123")
|
|
user = User(
|
|
email=f"other_{unique_id}@example.com",
|
|
username=f"otheruser_{unique_id}",
|
|
hashed_password=hashed_password,
|
|
role="user",
|
|
is_active=True,
|
|
is_email_verified=True,
|
|
)
|
|
db.add(user)
|
|
db.commit()
|
|
db.refresh(user)
|
|
return user
|
|
|
|
|
|
@pytest.fixture
|
|
def auth_headers(test_user, auth_manager):
|
|
"""Get authentication headers for test user (non-admin).
|
|
|
|
Uses direct JWT generation to avoid store context requirement of shop login.
|
|
This is used for testing non-admin access to admin endpoints.
|
|
"""
|
|
token_data = auth_manager.create_access_token(user=test_user)
|
|
return {"Authorization": f"Bearer {token_data['access_token']}"}
|
|
|
|
|
|
@pytest.fixture
|
|
def admin_headers(client, test_admin):
|
|
"""Get authentication headers for admin user"""
|
|
response = client.post(
|
|
"/api/v1/admin/auth/login",
|
|
json={"email_or_username": test_admin.username, "password": "adminpass123"},
|
|
)
|
|
assert response.status_code == 200, f"Admin login failed: {response.text}"
|
|
token = response.json()["access_token"]
|
|
return {"Authorization": f"Bearer {token}"}
|
|
|
|
|
|
@pytest.fixture
|
|
def test_store_user(db, auth_manager):
|
|
"""Create a test store user with unique username."""
|
|
unique_id = str(uuid.uuid4())[:8]
|
|
hashed_password = auth_manager.hash_password("storepass123")
|
|
user = User(
|
|
email=f"store_{unique_id}@example.com",
|
|
username=f"storeuser_{unique_id}",
|
|
hashed_password=hashed_password,
|
|
role="store",
|
|
is_active=True,
|
|
is_email_verified=True,
|
|
)
|
|
db.add(user)
|
|
db.commit()
|
|
db.refresh(user)
|
|
return user
|
|
|
|
|
|
@pytest.fixture
|
|
def store_user_headers(client, test_store_user, test_store_with_store_user):
|
|
"""Get authentication headers for store user (uses get_current_store_api).
|
|
|
|
Depends on test_store_with_store_user to ensure StoreUser association exists.
|
|
"""
|
|
response = client.post(
|
|
"/api/v1/store/auth/login",
|
|
json={
|
|
"email_or_username": test_store_user.username,
|
|
"password": "storepass123",
|
|
},
|
|
)
|
|
assert response.status_code == 200, f"Store login failed: {response.text}"
|
|
token = response.json()["access_token"]
|
|
return {"Authorization": f"Bearer {token}"}
|