68 lines
1.9 KiB
Python
68 lines
1.9 KiB
Python
"""Tests for authentication API endpoints."""
|
|
import pytest
|
|
from httpx import ASGITransport, AsyncClient
|
|
|
|
from src.server.fastapi_app import app
|
|
from src.server.services.auth_service import auth_service
|
|
|
|
|
|
@pytest.fixture(autouse=True)
|
|
def reset_auth_state():
|
|
"""Reset auth service state before each test."""
|
|
# Clear any rate limiting state and password hash
|
|
# Force clear all keys in _failed dict
|
|
auth_service._failed.clear()
|
|
auth_service._hash = None
|
|
|
|
yield
|
|
|
|
# Cleanup after test
|
|
auth_service._failed.clear()
|
|
auth_service._hash = None
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_auth_flow_setup_login_status_logout():
|
|
"""Test complete authentication flow."""
|
|
transport = ASGITransport(app=app)
|
|
async with AsyncClient(
|
|
transport=transport, base_url="http://test"
|
|
) as client:
|
|
# Setup
|
|
r = await client.post(
|
|
"/api/auth/setup", json={"master_password": "Aa!strong1"}
|
|
)
|
|
assert r.status_code == 201
|
|
|
|
# Bad login
|
|
r = await client.post("/api/auth/login", json={"password": "wrong"})
|
|
assert r.status_code == 401
|
|
|
|
# Good login
|
|
r = await client.post(
|
|
"/api/auth/login", json={"password": "Aa!strong1"}
|
|
)
|
|
assert r.status_code == 200
|
|
data = r.json()
|
|
assert "access_token" in data
|
|
|
|
token = data["access_token"]
|
|
|
|
# Status unauthenticated when no auth header
|
|
r = await client.get("/api/auth/status")
|
|
assert r.status_code == 200
|
|
assert r.json()["configured"] is True
|
|
|
|
# Status authenticated with header
|
|
auth_header = {"Authorization": f"Bearer {token}"}
|
|
r = await client.get("/api/auth/status", headers=auth_header)
|
|
assert r.status_code == 200
|
|
assert r.json()["authenticated"] is True
|
|
|
|
# Logout
|
|
r = await client.post(
|
|
"/api/auth/logout", headers=auth_header
|
|
)
|
|
assert r.status_code == 200
|
|
|