Phase 1 MVP - Complete implementation

- Auth: register, login, JWT with refresh tokens, blocklist - Projects/Folders/Documents CRUD with soft deletes - Tags CRUD and assignment - FTS5 search with highlights and tag filtering - ADR-001, ADR-002, ADR-003 compliant - Security fixes applied (JWT_SECRET_KEY, exception handler, cookie secure) - 25 tests passing
2026-03-30 15:17:27 +00:00
parent 33f19e02f8
commit 7f3e8a8f53
41 changed files with 2858 additions and 0 deletions
--- a/tests/test_folders.py
+++ b/tests/test_folders.py
@@ -0,0 +1,90 @@
+import pytest
+
+
+async def setup_project(client, token):
+    resp = await client.post(
+        "/api/v1/projects",
+        json={"name": "Test Project"},
+        headers={"Authorization": f"Bearer {token}"}
+    )
+    return resp.json()["id"]
+
+
+async def get_token(client):
+    await client.post("/api/v1/auth/register", json={"username": "folderuser", "password": "pass123"})
+    login = await client.post("/api/v1/auth/login", json={"username": "folderuser", "password": "pass123"})
+    return login.json()["access_token"]
+
+
+@pytest.mark.asyncio
+async def test_create_folder(client):
+    token = await get_token(client)
+    proj_id = await setup_project(client, token)
+    response = await client.post(
+        f"/api/v1/projects/{proj_id}/folders",
+        json={"name": "Architecture"},
+        headers={"Authorization": f"Bearer {token}"}
+    )
+    assert response.status_code == 201
+    data = response.json()
+    assert data["name"] == "Architecture"
+    assert data["project_id"] == proj_id
+    assert data["parent_id"] is None
+
+
+@pytest.mark.asyncio
+async def test_create_subfolder(client):
+    token = await get_token(client)
+    proj_id = await setup_project(client, token)
+    parent_resp = await client.post(
+        f"/api/v1/projects/{proj_id}/folders",
+        json={"name": "Parent"},
+        headers={"Authorization": f"Bearer {token}"}
+    )
+    parent_id = parent_resp.json()["id"]
+    child_resp = await client.post(
+        f"/api/v1/projects/{proj_id}/folders",
+        json={"name": "Child", "parent_id": parent_id},
+        headers={"Authorization": f"Bearer {token}"}
+    )
+    assert child_resp.status_code == 201
+    assert child_resp.json()["parent_id"] == parent_id
+
+
+@pytest.mark.asyncio
+async def test_list_folders(client):
+    token = await get_token(client)
+    proj_id = await setup_project(client, token)
+    await client.post(
+        f"/api/v1/projects/{proj_id}/folders",
+        json={"name": "Folder 1"},
+        headers={"Authorization": f"Bearer {token}"}
+    )
+    await client.post(
+        f"/api/v1/projects/{proj_id}/folders",
+        json={"name": "Folder 2"},
+        headers={"Authorization": f"Bearer {token}"}
+    )
+    response = await client.get(
+        f"/api/v1/projects/{proj_id}/folders",
+        headers={"Authorization": f"Bearer {token}"}
+    )
+    assert response.status_code == 200
+    assert len(response.json()["folders"]) == 2
+
+
+@pytest.mark.asyncio
+async def test_soft_delete_folder(client):
+    token = await get_token(client)
+    proj_id = await setup_project(client, token)
+    folder_resp = await client.post(
+        f"/api/v1/projects/{proj_id}/folders",
+        json={"name": "To Delete"},
+        headers={"Authorization": f"Bearer {token}"}
+    )
+    folder_id = folder_resp.json()["id"]
+    del_resp = await client.delete(
+        f"/api/v1/folders/{folder_id}",
+        headers={"Authorization": f"Bearer {token}"}
+    )
+    assert del_resp.status_code == 204