Phase 1 MVP - Complete implementation

- Auth: register, login, JWT with refresh tokens, blocklist - Projects/Folders/Documents CRUD with soft deletes - Tags CRUD and assignment - FTS5 search with highlights and tag filtering - ADR-001, ADR-002, ADR-003 compliant - Security fixes applied (JWT_SECRET_KEY, exception handler, cookie secure) - 25 tests passing
2026-03-30 15:17:27 +00:00
parent 33f19e02f8
commit 7f3e8a8f53
41 changed files with 2858 additions and 0 deletions
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@@ -0,0 +1,70 @@
+import pytest
+
+
+@pytest.mark.asyncio
+async def test_register(client):
+    response = await client.post(
+        "/api/v1/auth/register",
+        json={"username": "testuser", "password": "testpass123"}
+    )
+    assert response.status_code == 201
+    data = response.json()
+    assert data["username"] == "testuser"
+    assert data["role"] == "agent"
+    assert "id" in data
+
+
+@pytest.mark.asyncio
+async def test_register_duplicate(client):
+    await client.post("/api/v1/auth/register", json={"username": "dup", "password": "pass123"})
+    response = await client.post(
+        "/api/v1/auth/register",
+        json={"username": "dup", "password": "pass123"}
+    )
+    assert response.status_code == 400
+
+
+@pytest.mark.asyncio
+async def test_login(client):
+    await client.post("/api/v1/auth/register", json={"username": "loginuser", "password": "pass123"})
+    response = await client.post(
+        "/api/v1/auth/login",
+        json={"username": "loginuser", "password": "pass123"}
+    )
+    assert response.status_code == 200
+    data = response.json()
+    assert "access_token" in data
+    assert data["token_type"] == "bearer"
+
+
+@pytest.mark.asyncio
+async def test_login_invalid_password(client):
+    await client.post("/api/v1/auth/register", json={"username": "user1", "password": "pass123"})
+    response = await client.post(
+        "/api/v1/auth/login",
+        json={"username": "user1", "password": "wrongpass"}
+    )
+    assert response.status_code == 401
+
+
+@pytest.mark.asyncio
+async def test_me(client):
+    await client.post("/api/v1/auth/register", json={"username": "meuser", "password": "pass123"})
+    login_resp = await client.post(
+        "/api/v1/auth/login",
+        json={"username": "meuser", "password": "pass123"}
+    )
+    token = login_resp.json()["access_token"]
+
+    response = await client.get(
+        "/api/v1/auth/me",
+        headers={"Authorization": f"Bearer {token}"}
+    )
+    assert response.status_code == 200
+    assert response.json()["username"] == "meuser"
+
+
+@pytest.mark.asyncio
+async def test_me_unauthorized(client):
+    response = await client.get("/api/v1/auth/me")
+    assert response.status_code == 401