fix(tests): align auth tests with NotAuthenticatedError and 302 redirect
The auth dependency raises NotAuthenticatedError (not HTTPException), and the exception handler returns a 302 redirect. Updated the unit test to expect NotAuthenticatedError, and all route auth tests to accept 302 alongside 401/303.
This commit is contained in:
@@ -3,25 +3,27 @@
|
|||||||
from unittest.mock import MagicMock
|
from unittest.mock import MagicMock
|
||||||
|
|
||||||
import pytest
|
import pytest
|
||||||
from fastapi import HTTPException
|
|
||||||
|
|
||||||
from app.utils.auth import get_current_admin_user, get_active_profile_id
|
from app.utils.auth import (
|
||||||
|
NotAuthenticatedError,
|
||||||
|
get_current_admin_user,
|
||||||
|
get_active_profile_id,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
class TestAuthDependency:
|
class TestAuthDependency:
|
||||||
"""Tests for the require_admin dependency."""
|
"""Tests for the require_admin dependency."""
|
||||||
|
|
||||||
def test_redirects_when_no_session_cookie(self) -> None:
|
def test_redirects_when_no_session_cookie(self) -> None:
|
||||||
"""Should redirect to /login (303) when no session cookie is present."""
|
"""Should raise NotAuthenticatedError when no session cookie is present."""
|
||||||
request = MagicMock()
|
request = MagicMock()
|
||||||
request.cookies = {}
|
request.cookies = {}
|
||||||
|
|
||||||
with pytest.raises(HTTPException) as exc_info:
|
with pytest.raises(NotAuthenticatedError):
|
||||||
get_current_admin_user(request=request, session=MagicMock())
|
get_current_admin_user(request=request, session=MagicMock())
|
||||||
assert exc_info.value.status_code == 303
|
|
||||||
|
|
||||||
def test_redirects_when_invalid_token(self) -> None:
|
def test_redirects_when_invalid_token(self) -> None:
|
||||||
"""Should redirect to /login (303) when session cookie has invalid token."""
|
"""Should raise NotAuthenticatedError when session cookie has invalid token."""
|
||||||
request = MagicMock()
|
request = MagicMock()
|
||||||
request.cookies = {"session": "invalid-token"}
|
request.cookies = {"session": "invalid-token"}
|
||||||
request.app.state.secret_key = "test-secret"
|
request.app.state.secret_key = "test-secret"
|
||||||
@@ -29,9 +31,8 @@ class TestAuthDependency:
|
|||||||
mock_session = MagicMock()
|
mock_session = MagicMock()
|
||||||
mock_session.get.return_value = None
|
mock_session.get.return_value = None
|
||||||
|
|
||||||
with pytest.raises(HTTPException) as exc_info:
|
with pytest.raises(NotAuthenticatedError):
|
||||||
get_current_admin_user(request=request, session=mock_session)
|
get_current_admin_user(request=request, session=mock_session)
|
||||||
assert exc_info.value.status_code == 303
|
|
||||||
|
|
||||||
|
|
||||||
class TestGetActiveProfileId:
|
class TestGetActiveProfileId:
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ class TestDashboard:
|
|||||||
def test_dashboard_requires_auth(self, client: TestClient) -> None:
|
def test_dashboard_requires_auth(self, client: TestClient) -> None:
|
||||||
"""GET /dashboard should require admin login."""
|
"""GET /dashboard should require admin login."""
|
||||||
response = client.get("/dashboard", follow_redirects=False)
|
response = client.get("/dashboard", follow_redirects=False)
|
||||||
assert response.status_code in (401, 303)
|
assert response.status_code in (401, 302, 303)
|
||||||
|
|
||||||
|
|
||||||
class TestExerciseProgress:
|
class TestExerciseProgress:
|
||||||
@@ -18,4 +18,4 @@ class TestExerciseProgress:
|
|||||||
def test_exercise_progress_requires_auth(self, client: TestClient) -> None:
|
def test_exercise_progress_requires_auth(self, client: TestClient) -> None:
|
||||||
"""GET /dashboard/exercise/1 should require admin login."""
|
"""GET /dashboard/exercise/1 should require admin login."""
|
||||||
response = client.get("/dashboard/exercise/1", follow_redirects=False)
|
response = client.get("/dashboard/exercise/1", follow_redirects=False)
|
||||||
assert response.status_code in (401, 303)
|
assert response.status_code in (401, 302, 303)
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ class TestExerciseBrowser:
|
|||||||
def test_exercise_browser_requires_auth(self, client: TestClient) -> None:
|
def test_exercise_browser_requires_auth(self, client: TestClient) -> None:
|
||||||
"""GET /exercises should require admin login."""
|
"""GET /exercises should require admin login."""
|
||||||
response = client.get("/exercises", follow_redirects=False)
|
response = client.get("/exercises", follow_redirects=False)
|
||||||
assert response.status_code in (401, 303)
|
assert response.status_code in (401, 302, 303)
|
||||||
|
|
||||||
|
|
||||||
class TestExerciseSearch:
|
class TestExerciseSearch:
|
||||||
@@ -21,4 +21,4 @@ class TestExerciseSearch:
|
|||||||
"/exercises/search?workout_day=Push",
|
"/exercises/search?workout_day=Push",
|
||||||
follow_redirects=False,
|
follow_redirects=False,
|
||||||
)
|
)
|
||||||
assert response.status_code in (401, 303)
|
assert response.status_code in (401, 302, 303)
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ class TestLogHistory:
|
|||||||
def test_history_requires_auth(self, client: TestClient) -> None:
|
def test_history_requires_auth(self, client: TestClient) -> None:
|
||||||
"""GET /history should require admin login."""
|
"""GET /history should require admin login."""
|
||||||
response = client.get("/history", follow_redirects=False)
|
response = client.get("/history", follow_redirects=False)
|
||||||
assert response.status_code in (401, 303)
|
assert response.status_code in (401, 302, 303)
|
||||||
|
|
||||||
|
|
||||||
class TestSessionDetail:
|
class TestSessionDetail:
|
||||||
@@ -18,4 +18,4 @@ class TestSessionDetail:
|
|||||||
def test_session_detail_requires_auth(self, client: TestClient) -> None:
|
def test_session_detail_requires_auth(self, client: TestClient) -> None:
|
||||||
"""GET /history/1 should require admin login."""
|
"""GET /history/1 should require admin login."""
|
||||||
response = client.get("/history/1", follow_redirects=False)
|
response = client.get("/history/1", follow_redirects=False)
|
||||||
assert response.status_code in (401, 303)
|
assert response.status_code in (401, 302, 303)
|
||||||
|
|||||||
@@ -19,7 +19,7 @@ class TestLogSet:
|
|||||||
},
|
},
|
||||||
follow_redirects=False,
|
follow_redirects=False,
|
||||||
)
|
)
|
||||||
assert response.status_code in (401, 303)
|
assert response.status_code in (401, 302, 303)
|
||||||
|
|
||||||
|
|
||||||
class TestLogEdit:
|
class TestLogEdit:
|
||||||
@@ -32,7 +32,7 @@ class TestLogEdit:
|
|||||||
data={"reps": "10", "weight": "35 lbs"},
|
data={"reps": "10", "weight": "35 lbs"},
|
||||||
follow_redirects=False,
|
follow_redirects=False,
|
||||||
)
|
)
|
||||||
assert response.status_code in (401, 303)
|
assert response.status_code in (401, 302, 303)
|
||||||
|
|
||||||
|
|
||||||
class TestLogDelete:
|
class TestLogDelete:
|
||||||
@@ -41,4 +41,4 @@ class TestLogDelete:
|
|||||||
def test_delete_log_requires_auth(self, client: TestClient) -> None:
|
def test_delete_log_requires_auth(self, client: TestClient) -> None:
|
||||||
"""POST /log/1/delete should require admin login."""
|
"""POST /log/1/delete should require admin login."""
|
||||||
response = client.post("/log/1/delete", follow_redirects=False)
|
response = client.post("/log/1/delete", follow_redirects=False)
|
||||||
assert response.status_code in (401, 303)
|
assert response.status_code in (401, 302, 303)
|
||||||
|
|||||||
@@ -14,7 +14,7 @@ class TestProfileSwitcher:
|
|||||||
follow_redirects=False,
|
follow_redirects=False,
|
||||||
)
|
)
|
||||||
# Should redirect to login or return 401
|
# Should redirect to login or return 401
|
||||||
assert response.status_code in (401, 303)
|
assert response.status_code in (401, 302, 303)
|
||||||
|
|
||||||
|
|
||||||
class TestProfileList:
|
class TestProfileList:
|
||||||
@@ -23,4 +23,4 @@ class TestProfileList:
|
|||||||
def test_profiles_page_requires_auth(self, client: TestClient) -> None:
|
def test_profiles_page_requires_auth(self, client: TestClient) -> None:
|
||||||
"""GET /profiles should require admin login."""
|
"""GET /profiles should require admin login."""
|
||||||
response = client.get("/profiles", follow_redirects=False)
|
response = client.get("/profiles", follow_redirects=False)
|
||||||
assert response.status_code in (401, 303)
|
assert response.status_code in (401, 302, 303)
|
||||||
|
|||||||
@@ -9,4 +9,4 @@ class TestSchedule:
|
|||||||
def test_schedule_requires_auth(self, client: TestClient) -> None:
|
def test_schedule_requires_auth(self, client: TestClient) -> None:
|
||||||
"""GET /schedule should require admin login."""
|
"""GET /schedule should require admin login."""
|
||||||
response = client.get("/schedule", follow_redirects=False)
|
response = client.get("/schedule", follow_redirects=False)
|
||||||
assert response.status_code in (401, 303)
|
assert response.status_code in (401, 302, 303)
|
||||||
|
|||||||
@@ -9,9 +9,9 @@ class TestWorkoutDayViewer:
|
|||||||
def test_workout_day_requires_auth(self, client: TestClient) -> None:
|
def test_workout_day_requires_auth(self, client: TestClient) -> None:
|
||||||
"""GET /workouts/push should require admin login."""
|
"""GET /workouts/push should require admin login."""
|
||||||
response = client.get("/workouts/push", follow_redirects=False)
|
response = client.get("/workouts/push", follow_redirects=False)
|
||||||
assert response.status_code in (401, 303)
|
assert response.status_code in (401, 302, 303)
|
||||||
|
|
||||||
def test_workout_days_list_requires_auth(self, client: TestClient) -> None:
|
def test_workout_days_list_requires_auth(self, client: TestClient) -> None:
|
||||||
"""GET /workouts should require admin login."""
|
"""GET /workouts should require admin login."""
|
||||||
response = client.get("/workouts", follow_redirects=False)
|
response = client.get("/workouts", follow_redirects=False)
|
||||||
assert response.status_code in (401, 303)
|
assert response.status_code in (401, 302, 303)
|
||||||
|
|||||||
Reference in New Issue
Block a user