Phase 1 MVP - Complete implementation

- Auth: register, login, JWT with refresh tokens, blocklist - Projects/Folders/Documents CRUD with soft deletes - Tags CRUD and assignment - FTS5 search with highlights and tag filtering - ADR-001, ADR-002, ADR-003 compliant - Security fixes applied (JWT_SECRET_KEY, exception handler, cookie secure) - 25 tests passing
2026-03-30 15:17:27 +00:00
parent 33f19e02f8
commit 7f3e8a8f53
41 changed files with 2858 additions and 0 deletions
--- a/tests/test_documents.py
+++ b/tests/test_documents.py
@@ -0,0 +1,136 @@
+import pytest
+
+
+async def setup_project_and_get_token(client):
+    await client.post("/api/v1/auth/register", json={"username": "docuser", "password": "pass123"})
+    login = await client.post("/api/v1/auth/login", json={"username": "docuser", "password": "pass123"})
+    token = login.json()["access_token"]
+    proj_resp = await client.post(
+        "/api/v1/projects",
+        json={"name": "Doc Test Project"},
+        headers={"Authorization": f"Bearer {token}"}
+    )
+    return token, proj_resp.json()["id"]
+
+
+@pytest.mark.asyncio
+async def test_create_document(client):
+    token, proj_id = await setup_project_and_get_token(client)
+    response = await client.post(
+        f"/api/v1/projects/{proj_id}/documents",
+        json={"title": "My Document", "content": "# Hello\n\nWorld"},
+        headers={"Authorization": f"Bearer {token}"}
+    )
+    assert response.status_code == 201
+    data = response.json()
+    assert data["title"] == "My Document"
+    assert data["content"] == "# Hello\n\nWorld"
+    assert data["project_id"] == proj_id
+
+
+@pytest.mark.asyncio
+async def test_get_document(client):
+    token, proj_id = await setup_project_and_get_token(client)
+    create_resp = await client.post(
+        f"/api/v1/projects/{proj_id}/documents",
+        json={"title": "Get Doc Test"},
+        headers={"Authorization": f"Bearer {token}"}
+    )
+    doc_id = create_resp.json()["id"]
+    response = await client.get(
+        f"/api/v1/documents/{doc_id}",
+        headers={"Authorization": f"Bearer {token}"}
+    )
+    assert response.status_code == 200
+    assert response.json()["title"] == "Get Doc Test"
+
+
+@pytest.mark.asyncio
+async def test_update_document_content(client):
+    token, proj_id = await setup_project_and_get_token(client)
+    create_resp = await client.post(
+        f"/api/v1/projects/{proj_id}/documents",
+        json={"title": "Original Title", "content": "Original Content"},
+        headers={"Authorization": f"Bearer {token}"}
+    )
+    doc_id = create_resp.json()["id"]
+    response = await client.put(
+        f"/api/v1/documents/{doc_id}/content",
+        json={"content": "Updated Content"},
+        headers={"Authorization": f"Bearer {token}"}
+    )
+    assert response.status_code == 200
+    assert response.json()["content"] == "Updated Content"
+
+
+@pytest.mark.asyncio
+async def test_soft_delete_document(client):
+    token, proj_id = await setup_project_and_get_token(client)
+    create_resp = await client.post(
+        f"/api/v1/projects/{proj_id}/documents",
+        json={"title": "To Delete"},
+        headers={"Authorization": f"Bearer {token}"}
+    )
+    doc_id = create_resp.json()["id"]
+    del_resp = await client.delete(
+        f"/api/v1/documents/{doc_id}",
+        headers={"Authorization": f"Bearer {token}"}
+    )
+    assert del_resp.status_code == 204
+
+
+@pytest.mark.asyncio
+async def test_assign_tag(client):
+    token, proj_id = await setup_project_and_get_token(client)
+    doc_resp = await client.post(
+        f"/api/v1/projects/{proj_id}/documents",
+        json={"title": "Tagged Doc"},
+        headers={"Authorization": f"Bearer {token}"}
+    )
+    doc_id = doc_resp.json()["id"]
+    tag_resp = await client.post(
+        "/api/v1/tags",
+        json={"name": "important", "color": "#ff0000"},
+        headers={"Authorization": f"Bearer {token}"}
+    )
+    tag_id = tag_resp.json()["id"]
+    assign_resp = await client.post(
+        f"/api/v1/documents/{doc_id}/tags",
+        json={"tag_ids": [tag_id]},
+        headers={"Authorization": f"Bearer {token}"}
+    )
+    assert assign_resp.status_code == 204
+
+    get_resp = await client.get(
+        f"/api/v1/documents/{doc_id}",
+        headers={"Authorization": f"Bearer {token}"}
+    )
+    assert len(get_resp.json()["tags"]) == 1
+    assert get_resp.json()["tags"][0]["name"] == "important"
+
+
+@pytest.mark.asyncio
+async def test_remove_tag(client):
+    token, proj_id = await setup_project_and_get_token(client)
+    doc_resp = await client.post(
+        f"/api/v1/projects/{proj_id}/documents",
+        json={"title": "Tagged Doc 2"},
+        headers={"Authorization": f"Bearer {token}"}
+    )
+    doc_id = doc_resp.json()["id"]
+    tag_resp = await client.post(
+        "/api/v1/tags",
+        json={"name": "temp", "color": "#00ff00"},
+        headers={"Authorization": f"Bearer {token}"}
+    )
+    tag_id = tag_resp.json()["id"]
+    await client.post(
+        f"/api/v1/documents/{doc_id}/tags",
+        json={"tag_ids": [tag_id]},
+        headers={"Authorization": f"Bearer {token}"}
+    )
+    remove_resp = await client.delete(
+        f"/api/v1/documents/{doc_id}/tags/{tag_id}",
+        headers={"Authorization": f"Bearer {token}"}
+    )
+    assert remove_resp.status_code == 204