193 lines
5.8 KiB
Python
193 lines
5.8 KiB
Python
"""Tests for self-hosted authentication system.
|
|
|
|
This module tests the JWT-based authentication with OAuth2 Password Flow.
|
|
"""
|
|
|
|
import pytest
|
|
from fastapi.testclient import TestClient
|
|
from sqlalchemy import select
|
|
from sqlmodel.ext.asyncio.session import AsyncSession
|
|
|
|
from app.core.security import create_access_token, get_password_hash, verify_password
|
|
from app.main import app
|
|
from app.models import User
|
|
from app.schemas.user import UserCreate
|
|
|
|
client = TestClient(app)
|
|
|
|
|
|
class TestSecurityUtilities:
|
|
"""Test cases for security utilities."""
|
|
|
|
def test_password_hashing(self):
|
|
"""Test password hashing and verification."""
|
|
password = "testpassword123"
|
|
hashed = get_password_hash(password)
|
|
|
|
# Hash should be different from plain password
|
|
assert hashed != password
|
|
# Verification should succeed
|
|
assert verify_password(password, hashed) is True
|
|
# Wrong password should fail
|
|
assert verify_password("wrongpassword", hashed) is False
|
|
|
|
def test_create_access_token(self):
|
|
"""Test JWT token creation."""
|
|
data = {"sub": "123e4567-e89b-12d3-a456-426614174000"}
|
|
token = create_access_token(data)
|
|
|
|
assert token is not None
|
|
assert isinstance(token, str)
|
|
# JWT tokens have 3 parts separated by dots
|
|
assert len(token.split(".")) == 3
|
|
|
|
|
|
class TestAuthEndpoints:
|
|
"""Test cases for authentication endpoints."""
|
|
|
|
def test_register_success(self):
|
|
"""Test successful user registration."""
|
|
response = client.post(
|
|
"/api/v1/auth/register",
|
|
json={
|
|
"email": "test@wealthwise.app",
|
|
"password": "testpassword123",
|
|
},
|
|
)
|
|
|
|
assert response.status_code == 201
|
|
data = response.json()
|
|
assert data["email"] == "test@wealthwise.app"
|
|
assert "id" in data
|
|
assert "hashed_password" not in data
|
|
assert data["is_active"] is True
|
|
|
|
def test_register_duplicate_email(self):
|
|
"""Test registration with duplicate email."""
|
|
# First registration
|
|
client.post(
|
|
"/api/v1/auth/register",
|
|
json={
|
|
"email": "duplicate@wealthwise.app",
|
|
"password": "testpassword123",
|
|
},
|
|
)
|
|
|
|
# Second registration with same email
|
|
response = client.post(
|
|
"/api/v1/auth/register",
|
|
json={
|
|
"email": "duplicate@wealthwise.app",
|
|
"password": "testpassword123",
|
|
},
|
|
)
|
|
|
|
assert response.status_code == 400
|
|
assert "email already registered" in response.json()["detail"].lower()
|
|
|
|
def test_login_success(self):
|
|
"""Test successful login."""
|
|
# Register first
|
|
client.post(
|
|
"/api/v1/auth/register",
|
|
json={
|
|
"email": "login@wealthwise.app",
|
|
"password": "testpassword123",
|
|
},
|
|
)
|
|
|
|
# Login
|
|
response = client.post(
|
|
"/api/v1/auth/token",
|
|
data={
|
|
"username": "login@wealthwise.app",
|
|
"password": "testpassword123",
|
|
},
|
|
)
|
|
|
|
assert response.status_code == 200
|
|
data = response.json()
|
|
assert "access_token" in data
|
|
assert data["token_type"] == "bearer"
|
|
|
|
def test_login_invalid_credentials(self):
|
|
"""Test login with invalid credentials."""
|
|
response = client.post(
|
|
"/api/v1/auth/token",
|
|
data={
|
|
"username": "nonexistent@wealthwise.app",
|
|
"password": "wrongpassword",
|
|
},
|
|
)
|
|
|
|
assert response.status_code == 401
|
|
|
|
def test_login_wrong_password(self):
|
|
"""Test login with wrong password."""
|
|
# Register first
|
|
client.post(
|
|
"/api/v1/auth/register",
|
|
json={
|
|
"email": "wrongpass@wealthwise.app",
|
|
"password": "testpassword123",
|
|
},
|
|
)
|
|
|
|
# Login with wrong password
|
|
response = client.post(
|
|
"/api/v1/auth/token",
|
|
data={
|
|
"username": "wrongpass@wealthwise.app",
|
|
"password": "wrongpassword",
|
|
},
|
|
)
|
|
|
|
assert response.status_code == 401
|
|
|
|
|
|
class TestProtectedEndpoints:
|
|
"""Test cases for protected endpoints."""
|
|
|
|
def test_me_without_auth(self):
|
|
"""Test accessing /me without authentication."""
|
|
response = client.get("/api/v1/users/me")
|
|
assert response.status_code == 401
|
|
|
|
def test_me_with_valid_token(self):
|
|
"""Test accessing /me with valid token."""
|
|
# Register and login
|
|
register_response = client.post(
|
|
"/api/v1/auth/register",
|
|
json={
|
|
"email": "protected@wealthwise.app",
|
|
"password": "testpassword123",
|
|
},
|
|
)
|
|
|
|
login_response = client.post(
|
|
"/api/v1/auth/token",
|
|
data={
|
|
"username": "protected@wealthwise.app",
|
|
"password": "testpassword123",
|
|
},
|
|
)
|
|
|
|
token = login_response.json()["access_token"]
|
|
|
|
# Access protected endpoint
|
|
response = client.get(
|
|
"/api/v1/users/me",
|
|
headers={"Authorization": f"Bearer {token}"},
|
|
)
|
|
|
|
assert response.status_code == 200
|
|
data = response.json()
|
|
assert data["email"] == "protected@wealthwise.app"
|
|
|
|
def test_me_with_invalid_token(self):
|
|
"""Test accessing /me with invalid token."""
|
|
response = client.get(
|
|
"/api/v1/users/me",
|
|
headers={"Authorization": "Bearer invalid-token"},
|
|
)
|
|
assert response.status_code == 401 |