d15c823da2
- Add DISABLE_REGISTRATION setting (default False) in app/config.py - Return 403 when registration is disabled in POST /auth/register - Add test_register_disabled test
84 lines
2.5 KiB
Python
84 lines
2.5 KiB
Python
import pytest
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_register(client):
|
|
response = await client.post(
|
|
"/api/v1/auth/register",
|
|
json={"username": "testuser", "password": "testpass123"}
|
|
)
|
|
assert response.status_code == 201
|
|
data = response.json()
|
|
assert data["username"] == "testuser"
|
|
assert data["role"] == "agent"
|
|
assert "id" in data
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_register_duplicate(client):
|
|
await client.post("/api/v1/auth/register", json={"username": "dup", "password": "pass123"})
|
|
response = await client.post(
|
|
"/api/v1/auth/register",
|
|
json={"username": "dup", "password": "pass123"}
|
|
)
|
|
assert response.status_code == 400
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_login(client):
|
|
await client.post("/api/v1/auth/register", json={"username": "loginuser", "password": "pass123"})
|
|
response = await client.post(
|
|
"/api/v1/auth/login",
|
|
json={"username": "loginuser", "password": "pass123"}
|
|
)
|
|
assert response.status_code == 200
|
|
data = response.json()
|
|
assert "access_token" in data
|
|
assert data["token_type"] == "bearer"
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_login_invalid_password(client):
|
|
await client.post("/api/v1/auth/register", json={"username": "user1", "password": "pass123"})
|
|
response = await client.post(
|
|
"/api/v1/auth/login",
|
|
json={"username": "user1", "password": "wrongpass"}
|
|
)
|
|
assert response.status_code == 401
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_me(client):
|
|
await client.post("/api/v1/auth/register", json={"username": "meuser", "password": "pass123"})
|
|
login_resp = await client.post(
|
|
"/api/v1/auth/login",
|
|
json={"username": "meuser", "password": "pass123"}
|
|
)
|
|
token = login_resp.json()["access_token"]
|
|
|
|
response = await client.get(
|
|
"/api/v1/auth/me",
|
|
headers={"Authorization": f"Bearer {token}"}
|
|
)
|
|
assert response.status_code == 200
|
|
assert response.json()["username"] == "meuser"
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_me_unauthorized(client):
|
|
response = await client.get("/api/v1/auth/me")
|
|
assert response.status_code == 401
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_register_disabled(client, monkeypatch):
|
|
from app.config import settings
|
|
monkeypatch.setattr(settings, "DISABLE_REGISTRATION", True)
|
|
|
|
response = await client.post(
|
|
"/api/v1/auth/register",
|
|
json={"username": "shouldfail", "password": "testpass123"}
|
|
)
|
|
assert response.status_code == 403
|
|
assert response.json()["detail"] == "Registration is disabled"
|