feat: add Phase 3 Workout UI — auth, profiles, workout viewer, exercise browser

Build the core user-facing experience with admin login (bcrypt + signed session cookies), profile switcher, workout day viewer with warmups and exercise cards, and HTMX-powered exercise browser with search/filter. - AuthService with bcrypt password verification and itsdangerous session tokens - Auth dependency redirects to /login (303) for unauthenticated requests - NavContextMiddleware injects admin/profiles/active_profile into all templates - Profile management (list, switch, edit) with cookie-based active profile - Workout day viewer shows warmups + exercises + per-user programming targets - Exercise browser with HTMX filter dropdowns (no page reloads) - Flash message partial for success/error feedback - 12 new tests (66 total passing) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-24 11:14:52 -06:00
parent 1f47103480
commit 23754ea239
29 changed files with 1267 additions and 11 deletions
--- a/tests/test_profile_routes.py
+++ b/tests/test_profile_routes.py
@@ -0,0 +1,26 @@
+"""Tests for profile management routes."""
+
+from fastapi.testclient import TestClient
+
+
+class TestProfileSwitcher:
+    """Tests for POST /profiles/switch."""
+
+    def test_switch_profile_requires_auth(self, client: TestClient) -> None:
+        """POST /profiles/switch should require admin login."""
+        response = client.post(
+            "/profiles/switch",
+            data={"profile_id": "1"},
+            follow_redirects=False,
+        )
+        # Should redirect to login or return 401
+        assert response.status_code in (401, 303)
+
+
+class TestProfileList:
+    """Tests for GET /profiles."""
+
+    def test_profiles_page_requires_auth(self, client: TestClient) -> None:
+        """GET /profiles should require admin login."""
+        response = client.get("/profiles", follow_redirects=False)
+        assert response.status_code in (401, 303)