feat: replace admin auth with cookie-based profile picker

Remove all authentication (login, sessions, bcrypt, itsdangerous) since the app runs on a private homelab LAN. Replace with a profile picker landing page and cookie-based profile selection (1-year expiry). - Add Alembic migration to drop password_hash/is_admin columns - Delete auth service, auth routes, login template, and auth tests - Rewrite app/utils/auth.py with NoProfileSelectedError and require_active_profile dependency - Add profile creation flow (GET/POST /profiles/create) - Rewrite home page as profile picker with card layout - Update all route files to use profile dependency instead of admin auth - Remove bcrypt and itsdangerous from requirements - Remove admin_username/admin_password from config - Update all tests for new profile-based access model Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-13 12:40:54 -05:00
parent 3dc0171639
commit 576d3bbb68
44 changed files with 523 additions and 1024 deletions
--- a/tests/test_profile_auth.py
+++ b/tests/test_profile_auth.py
@@ -0,0 +1,105 @@
+"""Tests for profile-based access control and landing page."""
+
+from sqlmodel import SQLModel, Session, create_engine
+
+from app.models.user import User
+from app.services.user_service import UserService
+from tests.conftest import set_profile_cookie
+
+
+class TestProfileAuth:
+    """Tests for the profile cookie-based access flow."""
+
+    def test_no_profile_redirects_to_home(self, client) -> None:
+        """Routes requiring a profile should redirect to / when no cookie set."""
+        response = client.get("/workouts", follow_redirects=False)
+        assert response.status_code == 302
+        assert response.headers["location"] == "/"
+
+    def test_invalid_profile_redirects_to_home(self, client) -> None:
+        """An invalid profile_id cookie should redirect to /."""
+        client.cookies.set("active_profile_id", "99999")
+        response = client.get("/workouts", follow_redirects=False)
+        assert response.status_code == 302
+        assert response.headers["location"] == "/"
+
+    def test_valid_profile_allows_access(self, client) -> None:
+        """A valid profile cookie should allow access to protected routes."""
+        # The seeded profiles exist; find one
+        response = client.get("/")
+        assert response.status_code == 200
+
+        # Get the first profile ID from the seeded data
+        set_profile_cookie(client, 1)
+        response = client.get("/workouts")
+        assert response.status_code == 200
+
+
+class TestLandingPage:
+    """Tests for the home page profile picker."""
+
+    def test_home_page_shows_profiles(self, client) -> None:
+        """GET / should show seeded profile names."""
+        response = client.get("/")
+        assert response.status_code == 200
+        assert "Select Profile" in response.text
+
+    def test_home_page_accessible_without_cookie(self, client) -> None:
+        """GET / should work without any profile cookie."""
+        response = client.get("/")
+        assert response.status_code == 200
+        assert "SneakySwole" in response.text
+
+
+class TestProfileCreation:
+    """Tests for the profile creation flow."""
+
+    def test_create_profile_form_renders(self, client) -> None:
+        """GET /profiles/create should render the form."""
+        response = client.get("/profiles/create")
+        assert response.status_code == 200
+        assert "Display Name" in response.text
+
+    def test_create_profile_sets_cookie(self, client) -> None:
+        """POST /profiles/create should create profile and set cookie."""
+        response = client.post(
+            "/profiles/create",
+            data={"display_name": "NewUser", "height": "5'10\"", "weight": "180 lbs"},
+            follow_redirects=False,
+        )
+        assert response.status_code == 303
+        assert response.headers["location"] == "/workouts"
+        assert "active_profile_id" in response.cookies
+
+    def test_create_profile_requires_name(self, client) -> None:
+        """POST /profiles/create with empty name should show error."""
+        response = client.post(
+            "/profiles/create",
+            data={"display_name": "", "height": "", "weight": ""},
+        )
+        assert response.status_code == 200
+        assert "required" in response.text.lower()
+
+
+class TestProfileSwitch:
+    """Tests for the profile switch flow."""
+
+    def test_switch_profile_sets_cookie(self, client) -> None:
+        """POST /profiles/switch should set cookie and redirect."""
+        response = client.post(
+            "/profiles/switch",
+            data={"profile_id": "1"},
+            follow_redirects=False,
+        )
+        assert response.status_code == 303
+        assert "active_profile_id" in response.cookies
+
+    def test_switch_invalid_profile_redirects_home(self, client) -> None:
+        """POST /profiles/switch with invalid ID should redirect to /."""
+        response = client.post(
+            "/profiles/switch",
+            data={"profile_id": "99999"},
+            follow_redirects=False,
+        )
+        assert response.status_code == 303
+        assert response.headers["location"] == "/"