Samir Boulahtit
9d28210cf1
Unit tests (test_admin_service.py): - Vendor creation without platforms - Vendor creation with single platform - Vendor creation with multiple platforms - Vendor creation with invalid platform ID (ignored) - Vendor creation with duplicate code/subdomain (fails) - Vendor creation with invalid company ID (fails) Integration tests (test_vendors.py): - Create vendor via API without platforms - Create vendor via API with platforms - Create vendor with duplicate code fails (409) - Non-admin cannot create vendors (403) Auth tests (test_auth.py): - Super admin login includes is_super_admin=true - Platform admin login includes is_super_admin=false - Get current super admin info includes is_super_admin Total: 69 admin platform tests passing Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
223 lines
7.7 KiB
Python
223 lines
7.7 KiB
Python
# tests/integration/api/v1/admin/test_auth.py
|
|
"""Integration tests for admin authentication endpoints.
|
|
|
|
Tests the /api/v1/admin/auth/* endpoints.
|
|
"""
|
|
|
|
from datetime import UTC, datetime, timedelta
|
|
|
|
import pytest
|
|
from jose import jwt
|
|
|
|
|
|
@pytest.mark.integration
|
|
@pytest.mark.api
|
|
@pytest.mark.auth
|
|
class TestAdminAuthAPI:
|
|
"""Test admin authentication endpoints at /api/v1/admin/auth/*."""
|
|
|
|
def test_login_success(self, client, test_admin):
|
|
"""Test successful admin login."""
|
|
response = client.post(
|
|
"/api/v1/admin/auth/login",
|
|
json={"email_or_username": test_admin.username, "password": "adminpass123"},
|
|
)
|
|
|
|
assert response.status_code == 200
|
|
data = response.json()
|
|
assert "access_token" in data
|
|
assert data["token_type"] == "bearer"
|
|
assert "expires_in" in data
|
|
assert data["user"]["username"] == test_admin.username
|
|
assert data["user"]["email"] == test_admin.email
|
|
|
|
def test_login_with_email(self, client, test_admin):
|
|
"""Test admin login with email instead of username."""
|
|
response = client.post(
|
|
"/api/v1/admin/auth/login",
|
|
json={"email_or_username": test_admin.email, "password": "adminpass123"},
|
|
)
|
|
|
|
assert response.status_code == 200
|
|
data = response.json()
|
|
assert "access_token" in data
|
|
assert data["user"]["email"] == test_admin.email
|
|
|
|
def test_login_wrong_password(self, client, test_admin):
|
|
"""Test login with wrong password."""
|
|
response = client.post(
|
|
"/api/v1/admin/auth/login",
|
|
json={
|
|
"email_or_username": test_admin.username,
|
|
"password": "wrongpassword",
|
|
},
|
|
)
|
|
|
|
assert response.status_code == 401
|
|
data = response.json()
|
|
assert data["error_code"] == "INVALID_CREDENTIALS"
|
|
|
|
def test_login_nonexistent_user(self, client):
|
|
"""Test login with nonexistent user."""
|
|
response = client.post(
|
|
"/api/v1/admin/auth/login",
|
|
json={"email_or_username": "nonexistent", "password": "password123"},
|
|
)
|
|
|
|
assert response.status_code == 401
|
|
data = response.json()
|
|
assert data["error_code"] == "INVALID_CREDENTIALS"
|
|
|
|
def test_login_inactive_user(self, client, db, test_admin):
|
|
"""Test login with inactive admin account."""
|
|
original_status = test_admin.is_active
|
|
test_admin.is_active = False
|
|
db.commit()
|
|
|
|
try:
|
|
response = client.post(
|
|
"/api/v1/admin/auth/login",
|
|
json={
|
|
"email_or_username": test_admin.username,
|
|
"password": "adminpass123",
|
|
},
|
|
)
|
|
|
|
assert response.status_code == 403
|
|
data = response.json()
|
|
assert data["error_code"] == "USER_NOT_ACTIVE"
|
|
|
|
finally:
|
|
test_admin.is_active = original_status
|
|
db.commit()
|
|
|
|
def test_login_non_admin_user_rejected(self, client, test_user):
|
|
"""Test that non-admin users cannot use admin login."""
|
|
response = client.post(
|
|
"/api/v1/admin/auth/login",
|
|
json={"email_or_username": test_user.username, "password": "testpass123"},
|
|
)
|
|
|
|
assert response.status_code == 401
|
|
data = response.json()
|
|
assert data["error_code"] == "INVALID_CREDENTIALS"
|
|
|
|
def test_login_validation_error(self, client):
|
|
"""Test login with invalid request format."""
|
|
response = client.post(
|
|
"/api/v1/admin/auth/login",
|
|
json={
|
|
"email_or_username": "", # Empty
|
|
},
|
|
)
|
|
|
|
assert response.status_code == 422
|
|
data = response.json()
|
|
assert data["error_code"] == "VALIDATION_ERROR"
|
|
|
|
def test_get_current_admin_info(self, client, admin_headers, test_admin):
|
|
"""Test getting current admin user info."""
|
|
response = client.get("/api/v1/admin/auth/me", headers=admin_headers)
|
|
|
|
assert response.status_code == 200
|
|
data = response.json()
|
|
assert data["username"] == test_admin.username
|
|
assert data["email"] == test_admin.email
|
|
assert data["role"] == "admin"
|
|
assert data["is_active"] is True
|
|
|
|
def test_get_current_admin_without_auth(self, client):
|
|
"""Test getting current admin without authentication."""
|
|
response = client.get("/api/v1/admin/auth/me")
|
|
|
|
assert response.status_code == 401
|
|
data = response.json()
|
|
assert data["error_code"] == "INVALID_TOKEN"
|
|
|
|
def test_get_current_admin_invalid_token(self, client):
|
|
"""Test getting current admin with invalid token."""
|
|
response = client.get(
|
|
"/api/v1/admin/auth/me", headers={"Authorization": "Bearer invalid_token"}
|
|
)
|
|
|
|
assert response.status_code == 401
|
|
data = response.json()
|
|
assert data["error_code"] == "INVALID_TOKEN"
|
|
|
|
def test_get_current_admin_expired_token(self, client, test_admin, auth_manager):
|
|
"""Test getting current admin with expired token."""
|
|
expired_payload = {
|
|
"sub": str(test_admin.id),
|
|
"username": test_admin.username,
|
|
"email": test_admin.email,
|
|
"role": test_admin.role,
|
|
"exp": datetime.now(UTC) - timedelta(hours=1),
|
|
"iat": datetime.now(UTC) - timedelta(hours=2),
|
|
}
|
|
|
|
expired_token = jwt.encode(
|
|
expired_payload, auth_manager.secret_key, algorithm=auth_manager.algorithm
|
|
)
|
|
|
|
response = client.get(
|
|
"/api/v1/admin/auth/me",
|
|
headers={"Authorization": f"Bearer {expired_token}"},
|
|
)
|
|
|
|
assert response.status_code == 401
|
|
data = response.json()
|
|
assert data["error_code"] == "TOKEN_EXPIRED"
|
|
|
|
def test_logout(self, client, admin_headers):
|
|
"""Test admin logout."""
|
|
response = client.post("/api/v1/admin/auth/logout", headers=admin_headers)
|
|
|
|
assert response.status_code == 200
|
|
data = response.json()
|
|
assert data["message"] == "Logged out successfully"
|
|
|
|
def test_super_admin_login_includes_is_super_admin(
|
|
self, client, test_super_admin
|
|
):
|
|
"""Test super admin login includes is_super_admin in response."""
|
|
response = client.post(
|
|
"/api/v1/admin/auth/login",
|
|
json={
|
|
"email_or_username": test_super_admin.username,
|
|
"password": "superadminpass123",
|
|
},
|
|
)
|
|
|
|
assert response.status_code == 200
|
|
data = response.json()
|
|
assert "user" in data
|
|
assert "is_super_admin" in data["user"]
|
|
assert data["user"]["is_super_admin"] is True
|
|
|
|
def test_platform_admin_login_includes_is_super_admin(
|
|
self, client, test_platform_admin
|
|
):
|
|
"""Test platform admin login includes is_super_admin=False in response."""
|
|
response = client.post(
|
|
"/api/v1/admin/auth/login",
|
|
json={
|
|
"email_or_username": test_platform_admin.username,
|
|
"password": "platformadminpass123",
|
|
},
|
|
)
|
|
|
|
assert response.status_code == 200
|
|
data = response.json()
|
|
assert "user" in data
|
|
assert "is_super_admin" in data["user"]
|
|
assert data["user"]["is_super_admin"] is False
|
|
|
|
def test_get_current_super_admin_info(self, client, super_admin_headers, test_super_admin):
|
|
"""Test getting current super admin user info includes is_super_admin."""
|
|
response = client.get("/api/v1/admin/auth/me", headers=super_admin_headers)
|
|
|
|
assert response.status_code == 200
|
|
data = response.json()
|
|
assert data["username"] == test_super_admin.username
|
|
assert data["is_super_admin"] is True
|