96 lines
3.1 KiB
Python
96 lines
3.1 KiB
Python
"""FluentGerman.ai — User management tests."""
|
|
|
|
import pytest
|
|
from httpx import AsyncClient
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_create_user(client: AsyncClient, admin_token: str):
|
|
"""Admin can create a new client."""
|
|
resp = await client.post(
|
|
"/api/users/",
|
|
json={"username": "alice", "email": "alice@test.com", "password": "pass123"},
|
|
headers={"Authorization": f"Bearer {admin_token}"},
|
|
)
|
|
assert resp.status_code == 201
|
|
data = resp.json()
|
|
assert data["username"] == "alice"
|
|
assert data["is_admin"] is False
|
|
assert data["is_active"] is True
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_create_duplicate_user(client: AsyncClient, admin_token: str):
|
|
"""Duplicate username/email returns 409."""
|
|
headers = {"Authorization": f"Bearer {admin_token}"}
|
|
await client.post(
|
|
"/api/users/",
|
|
json={"username": "bob", "email": "bob@test.com", "password": "pass"},
|
|
headers=headers,
|
|
)
|
|
resp = await client.post(
|
|
"/api/users/",
|
|
json={"username": "bob", "email": "bob2@test.com", "password": "pass"},
|
|
headers=headers,
|
|
)
|
|
assert resp.status_code == 409
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_list_users(client: AsyncClient, admin_token: str):
|
|
"""Admin can list all clients."""
|
|
headers = {"Authorization": f"Bearer {admin_token}"}
|
|
await client.post(
|
|
"/api/users/",
|
|
json={"username": "charlie", "email": "charlie@test.com", "password": "pass"},
|
|
headers=headers,
|
|
)
|
|
resp = await client.get("/api/users/", headers=headers)
|
|
assert resp.status_code == 200
|
|
users = resp.json()
|
|
assert len(users) >= 1
|
|
assert any(u["username"] == "charlie" for u in users)
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_update_user(client: AsyncClient, admin_token: str):
|
|
"""Admin can update a client."""
|
|
headers = {"Authorization": f"Bearer {admin_token}"}
|
|
create_resp = await client.post(
|
|
"/api/users/",
|
|
json={"username": "dave", "email": "dave@test.com", "password": "pass"},
|
|
headers=headers,
|
|
)
|
|
user_id = create_resp.json()["id"]
|
|
|
|
resp = await client.put(
|
|
f"/api/users/{user_id}",
|
|
json={"username": "dave_updated"},
|
|
headers=headers,
|
|
)
|
|
assert resp.status_code == 200
|
|
assert resp.json()["username"] == "dave_updated"
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_delete_user(client: AsyncClient, admin_token: str):
|
|
"""Admin can delete a client."""
|
|
headers = {"Authorization": f"Bearer {admin_token}"}
|
|
create_resp = await client.post(
|
|
"/api/users/",
|
|
json={"username": "eve", "email": "eve@test.com", "password": "pass"},
|
|
headers=headers,
|
|
)
|
|
user_id = create_resp.json()["id"]
|
|
|
|
resp = await client.delete(f"/api/users/{user_id}", headers=headers)
|
|
assert resp.status_code == 204
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_non_admin_cannot_manage_users(client: AsyncClient, user_token: str):
|
|
"""Regular user cannot access user management."""
|
|
headers = {"Authorization": f"Bearer {user_token}"}
|
|
resp = await client.get("/api/users/", headers=headers)
|
|
assert resp.status_code == 403
|