""" Тесты аутентификации - логин и проверка JWT токена """ import pytest import httpx from conftest import assert_uuid @pytest.mark.asyncio async def test_login_success(base_url: str): """Test successful admin login and JWT token validation""" async with httpx.AsyncClient() as client: response = await client.post(f"{base_url}/auth/login", json={ "login": "admin", "password": "teamboard" }) assert response.status_code == 200 data = response.json() # Проверяем структуру ответа assert "token" in data assert "member_id" in data assert "slug" in data assert "role" in data # Проверяем валидность данных assert_uuid(data["member_id"]) assert data["slug"] == "admin" assert data["role"] == "owner" assert isinstance(data["token"], str) assert len(data["token"]) > 10 # JWT должен быть длинным @pytest.mark.asyncio async def test_login_with_slug(base_url: str): """Test login using slug instead of name""" async with httpx.AsyncClient() as client: response = await client.post(f"{base_url}/auth/login", json={ "login": "admin", # используем slug "password": "teamboard" }) assert response.status_code == 200 data = response.json() assert data["slug"] == "admin" @pytest.mark.asyncio async def test_login_invalid_credentials(base_url: str): """Test login with invalid credentials returns 401""" async with httpx.AsyncClient() as client: response = await client.post(f"{base_url}/auth/login", json={ "login": "admin", "password": "wrong_password" }) assert response.status_code == 401 @pytest.mark.asyncio async def test_login_missing_fields(base_url: str): """Test login with missing required fields""" async with httpx.AsyncClient() as client: # Без пароля response = await client.post(f"{base_url}/auth/login", json={ "login": "admin" }) assert response.status_code == 422 # Без логина response = await client.post(f"{base_url}/auth/login", json={ "password": "teamboard" }) assert response.status_code == 422 @pytest.mark.asyncio async def test_protected_endpoint_without_auth(base_url: str): """Test that protected endpoints require authentication""" async with httpx.AsyncClient() as client: response = await client.get(f"{base_url}/members") assert response.status_code == 401 @pytest.mark.asyncio async def test_protected_endpoint_with_invalid_token(base_url: str): """Test protected endpoint with invalid JWT token""" headers = {"Authorization": "Bearer invalid_token"} async with httpx.AsyncClient() as client: response = await client.get(f"{base_url}/members", headers=headers) assert response.status_code == 401 @pytest.mark.asyncio async def test_protected_endpoint_with_valid_token(http_client: httpx.AsyncClient): """Test that valid JWT token allows access to protected endpoints""" response = await http_client.get("/members") assert response.status_code == 200 assert isinstance(response.json(), list) @pytest.mark.asyncio async def test_agent_token_authentication(agent_client: httpx.AsyncClient): """Test that agent token works for API access""" response = await agent_client.get("/members") assert response.status_code == 200 assert isinstance(response.json(), list) @pytest.mark.asyncio async def test_token_query_parameter(base_url: str, admin_token: str): """Test authentication using token query parameter""" async with httpx.AsyncClient() as client: response = await client.get(f"{base_url}/members?token={admin_token}") assert response.status_code == 200 assert isinstance(response.json(), list)