initial commit

2026-02-12 18:45:10 +01:00
commit be7bbba456
42 changed files with 3767 additions and 0 deletions
--- a/backend/tests/test_users.py
+++ b/backend/tests/test_users.py
@@ -0,0 +1,95 @@
+"""FluentGerman.ai — User management tests."""
+
+import pytest
+from httpx import AsyncClient
+
+
+@pytest.mark.asyncio
+async def test_create_user(client: AsyncClient, admin_token: str):
+    """Admin can create a new client."""
+    resp = await client.post(
+        "/api/users/",
+        json={"username": "alice", "email": "alice@test.com", "password": "pass123"},
+        headers={"Authorization": f"Bearer {admin_token}"},
+    )
+    assert resp.status_code == 201
+    data = resp.json()
+    assert data["username"] == "alice"
+    assert data["is_admin"] is False
+    assert data["is_active"] is True
+
+
+@pytest.mark.asyncio
+async def test_create_duplicate_user(client: AsyncClient, admin_token: str):
+    """Duplicate username/email returns 409."""
+    headers = {"Authorization": f"Bearer {admin_token}"}
+    await client.post(
+        "/api/users/",
+        json={"username": "bob", "email": "bob@test.com", "password": "pass"},
+        headers=headers,
+    )
+    resp = await client.post(
+        "/api/users/",
+        json={"username": "bob", "email": "bob2@test.com", "password": "pass"},
+        headers=headers,
+    )
+    assert resp.status_code == 409
+
+
+@pytest.mark.asyncio
+async def test_list_users(client: AsyncClient, admin_token: str):
+    """Admin can list all clients."""
+    headers = {"Authorization": f"Bearer {admin_token}"}
+    await client.post(
+        "/api/users/",
+        json={"username": "charlie", "email": "charlie@test.com", "password": "pass"},
+        headers=headers,
+    )
+    resp = await client.get("/api/users/", headers=headers)
+    assert resp.status_code == 200
+    users = resp.json()
+    assert len(users) >= 1
+    assert any(u["username"] == "charlie" for u in users)
+
+
+@pytest.mark.asyncio
+async def test_update_user(client: AsyncClient, admin_token: str):
+    """Admin can update a client."""
+    headers = {"Authorization": f"Bearer {admin_token}"}
+    create_resp = await client.post(
+        "/api/users/",
+        json={"username": "dave", "email": "dave@test.com", "password": "pass"},
+        headers=headers,
+    )
+    user_id = create_resp.json()["id"]
+
+    resp = await client.put(
+        f"/api/users/{user_id}",
+        json={"username": "dave_updated"},
+        headers=headers,
+    )
+    assert resp.status_code == 200
+    assert resp.json()["username"] == "dave_updated"
+
+
+@pytest.mark.asyncio
+async def test_delete_user(client: AsyncClient, admin_token: str):
+    """Admin can delete a client."""
+    headers = {"Authorization": f"Bearer {admin_token}"}
+    create_resp = await client.post(
+        "/api/users/",
+        json={"username": "eve", "email": "eve@test.com", "password": "pass"},
+        headers=headers,
+    )
+    user_id = create_resp.json()["id"]
+
+    resp = await client.delete(f"/api/users/{user_id}", headers=headers)
+    assert resp.status_code == 204
+
+
+@pytest.mark.asyncio
+async def test_non_admin_cannot_manage_users(client: AsyncClient, user_token: str):
+    """Regular user cannot access user management."""
+    headers = {"Authorization": f"Bearer {user_token}"}
+    resp = await client.get("/api/users/", headers=headers)
+    assert resp.status_code == 403