From 7b535bef6e33a83684161e937ed60ac44978e0c7 Mon Sep 17 00:00:00 2001
From: Phillip Tarrant <ptarrant@gmail.com>
Date: Tue, 24 Feb 2026 15:47:36 -0600
Subject: [PATCH] fix(tests): align auth tests with NotAuthenticatedError and
 302 redirect

The auth dependency raises NotAuthenticatedError (not HTTPException),
and the exception handler returns a 302 redirect. Updated the unit test
to expect NotAuthenticatedError, and all route auth tests to accept 302
alongside 401/303.
---
 tests/test_auth_dependency.py  | 17 +++++++++--------
 tests/test_dashboard_routes.py |  4 ++--
 tests/test_exercise_routes.py  |  4 ++--
 tests/test_history_routes.py   |  4 ++--
 tests/test_logging_routes.py   |  6 +++---
 tests/test_profile_routes.py   |  4 ++--
 tests/test_schedule_routes.py  |  2 +-
 tests/test_workout_routes.py   |  4 ++--
 8 files changed, 23 insertions(+), 22 deletions(-)

diff --git a/tests/test_auth_dependency.py b/tests/test_auth_dependency.py
index 31ea86c..c75a190 100644
--- a/tests/test_auth_dependency.py
+++ b/tests/test_auth_dependency.py
@@ -3,25 +3,27 @@
 from unittest.mock import MagicMock
 
 import pytest
-from fastapi import HTTPException
 
-from app.utils.auth import get_current_admin_user, get_active_profile_id
+from app.utils.auth import (
+    NotAuthenticatedError,
+    get_current_admin_user,
+    get_active_profile_id,
+)
 
 
 class TestAuthDependency:
     """Tests for the require_admin dependency."""
 
     def test_redirects_when_no_session_cookie(self) -> None:
-        """Should redirect to /login (303) when no session cookie is present."""
+        """Should raise NotAuthenticatedError when no session cookie is present."""
         request = MagicMock()
         request.cookies = {}
 
-        with pytest.raises(HTTPException) as exc_info:
+        with pytest.raises(NotAuthenticatedError):
             get_current_admin_user(request=request, session=MagicMock())
-        assert exc_info.value.status_code == 303
 
     def test_redirects_when_invalid_token(self) -> None:
-        """Should redirect to /login (303) when session cookie has invalid token."""
+        """Should raise NotAuthenticatedError when session cookie has invalid token."""
         request = MagicMock()
         request.cookies = {"session": "invalid-token"}
         request.app.state.secret_key = "test-secret"
@@ -29,9 +31,8 @@ class TestAuthDependency:
         mock_session = MagicMock()
         mock_session.get.return_value = None
 
-        with pytest.raises(HTTPException) as exc_info:
+        with pytest.raises(NotAuthenticatedError):
             get_current_admin_user(request=request, session=mock_session)
-        assert exc_info.value.status_code == 303
 
 
 class TestGetActiveProfileId:
diff --git a/tests/test_dashboard_routes.py b/tests/test_dashboard_routes.py
index 07819cc..a66bbb1 100644
--- a/tests/test_dashboard_routes.py
+++ b/tests/test_dashboard_routes.py
@@ -9,7 +9,7 @@ class TestDashboard:
     def test_dashboard_requires_auth(self, client: TestClient) -> None:
         """GET /dashboard should require admin login."""
         response = client.get("/dashboard", follow_redirects=False)
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)
 
 
 class TestExerciseProgress:
@@ -18,4 +18,4 @@ class TestExerciseProgress:
     def test_exercise_progress_requires_auth(self, client: TestClient) -> None:
         """GET /dashboard/exercise/1 should require admin login."""
         response = client.get("/dashboard/exercise/1", follow_redirects=False)
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)
diff --git a/tests/test_exercise_routes.py b/tests/test_exercise_routes.py
index d837fef..b70f5df 100644
--- a/tests/test_exercise_routes.py
+++ b/tests/test_exercise_routes.py
@@ -9,7 +9,7 @@ class TestExerciseBrowser:
     def test_exercise_browser_requires_auth(self, client: TestClient) -> None:
         """GET /exercises should require admin login."""
         response = client.get("/exercises", follow_redirects=False)
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)
 
 
 class TestExerciseSearch:
@@ -21,4 +21,4 @@ class TestExerciseSearch:
             "/exercises/search?workout_day=Push",
             follow_redirects=False,
         )
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)
diff --git a/tests/test_history_routes.py b/tests/test_history_routes.py
index d123100..a424abb 100644
--- a/tests/test_history_routes.py
+++ b/tests/test_history_routes.py
@@ -9,7 +9,7 @@ class TestLogHistory:
     def test_history_requires_auth(self, client: TestClient) -> None:
         """GET /history should require admin login."""
         response = client.get("/history", follow_redirects=False)
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)
 
 
 class TestSessionDetail:
@@ -18,4 +18,4 @@ class TestSessionDetail:
     def test_session_detail_requires_auth(self, client: TestClient) -> None:
         """GET /history/1 should require admin login."""
         response = client.get("/history/1", follow_redirects=False)
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)
diff --git a/tests/test_logging_routes.py b/tests/test_logging_routes.py
index 8def686..e00fe39 100644
--- a/tests/test_logging_routes.py
+++ b/tests/test_logging_routes.py
@@ -19,7 +19,7 @@ class TestLogSet:
             },
             follow_redirects=False,
         )
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)
 
 
 class TestLogEdit:
@@ -32,7 +32,7 @@ class TestLogEdit:
             data={"reps": "10", "weight": "35 lbs"},
             follow_redirects=False,
         )
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)
 
 
 class TestLogDelete:
@@ -41,4 +41,4 @@ class TestLogDelete:
     def test_delete_log_requires_auth(self, client: TestClient) -> None:
         """POST /log/1/delete should require admin login."""
         response = client.post("/log/1/delete", follow_redirects=False)
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)
diff --git a/tests/test_profile_routes.py b/tests/test_profile_routes.py
index c66180c..855d572 100644
--- a/tests/test_profile_routes.py
+++ b/tests/test_profile_routes.py
@@ -14,7 +14,7 @@ class TestProfileSwitcher:
             follow_redirects=False,
         )
         # Should redirect to login or return 401
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)
 
 
 class TestProfileList:
@@ -23,4 +23,4 @@ class TestProfileList:
     def test_profiles_page_requires_auth(self, client: TestClient) -> None:
         """GET /profiles should require admin login."""
         response = client.get("/profiles", follow_redirects=False)
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)
diff --git a/tests/test_schedule_routes.py b/tests/test_schedule_routes.py
index 142d518..92dc50f 100644
--- a/tests/test_schedule_routes.py
+++ b/tests/test_schedule_routes.py
@@ -9,4 +9,4 @@ class TestSchedule:
     def test_schedule_requires_auth(self, client: TestClient) -> None:
         """GET /schedule should require admin login."""
         response = client.get("/schedule", follow_redirects=False)
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)
diff --git a/tests/test_workout_routes.py b/tests/test_workout_routes.py
index 750cf9b..618fb1e 100644
--- a/tests/test_workout_routes.py
+++ b/tests/test_workout_routes.py
@@ -9,9 +9,9 @@ class TestWorkoutDayViewer:
     def test_workout_day_requires_auth(self, client: TestClient) -> None:
         """GET /workouts/push should require admin login."""
         response = client.get("/workouts/push", follow_redirects=False)
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)
 
     def test_workout_days_list_requires_auth(self, client: TestClient) -> None:
         """GET /workouts should require admin login."""
         response = client.get("/workouts", follow_redirects=False)
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)