fix(tests): align auth tests with NotAuthenticatedError and 302 redirect

The auth dependency raises NotAuthenticatedError (not HTTPException), and the exception handler returns a 302 redirect. Updated the unit test to expect NotAuthenticatedError, and all route auth tests to accept 302 alongside 401/303.
2026-02-24 15:47:36 -06:00
parent 272563060c
commit 7b535bef6e
8 changed files with 23 additions and 22 deletions
--- a/tests/test_auth_dependency.py
+++ b/tests/test_auth_dependency.py
@@ -3,25 +3,27 @@
 from unittest.mock import MagicMock

 import pytest
-from fastapi import HTTPException

-from app.utils.auth import get_current_admin_user, get_active_profile_id
+from app.utils.auth import (
+    NotAuthenticatedError,
+    get_current_admin_user,
+    get_active_profile_id,
+)


 class TestAuthDependency:
    """Tests for the require_admin dependency."""

    def test_redirects_when_no_session_cookie(self) -> None:
-        """Should redirect to /login (303) when no session cookie is present."""
+        """Should raise NotAuthenticatedError when no session cookie is present."""
        request = MagicMock()
        request.cookies = {}

-        with pytest.raises(HTTPException) as exc_info:
+        with pytest.raises(NotAuthenticatedError):
            get_current_admin_user(request=request, session=MagicMock())
-        assert exc_info.value.status_code == 303

    def test_redirects_when_invalid_token(self) -> None:
-        """Should redirect to /login (303) when session cookie has invalid token."""
+        """Should raise NotAuthenticatedError when session cookie has invalid token."""
        request = MagicMock()
        request.cookies = {"session": "invalid-token"}
        request.app.state.secret_key = "test-secret"
@@ -29,9 +31,8 @@ class TestAuthDependency:
        mock_session = MagicMock()
        mock_session.get.return_value = None

-        with pytest.raises(HTTPException) as exc_info:
+        with pytest.raises(NotAuthenticatedError):
            get_current_admin_user(request=request, session=mock_session)
-        assert exc_info.value.status_code == 303


 class TestGetActiveProfileId:
--- a/tests/test_dashboard_routes.py
+++ b/tests/test_dashboard_routes.py
@@ -9,7 +9,7 @@ class TestDashboard:
    def test_dashboard_requires_auth(self, client: TestClient) -> None:
        """GET /dashboard should require admin login."""
        response = client.get("/dashboard", follow_redirects=False)
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)


 class TestExerciseProgress:
@@ -18,4 +18,4 @@ class TestExerciseProgress:
    def test_exercise_progress_requires_auth(self, client: TestClient) -> None:
        """GET /dashboard/exercise/1 should require admin login."""
        response = client.get("/dashboard/exercise/1", follow_redirects=False)
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)
--- a/tests/test_exercise_routes.py
+++ b/tests/test_exercise_routes.py
@@ -9,7 +9,7 @@ class TestExerciseBrowser:
    def test_exercise_browser_requires_auth(self, client: TestClient) -> None:
        """GET /exercises should require admin login."""
        response = client.get("/exercises", follow_redirects=False)
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)


 class TestExerciseSearch:
@@ -21,4 +21,4 @@ class TestExerciseSearch:
            "/exercises/search?workout_day=Push",
            follow_redirects=False,
        )
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)
--- a/tests/test_history_routes.py
+++ b/tests/test_history_routes.py
@@ -9,7 +9,7 @@ class TestLogHistory:
    def test_history_requires_auth(self, client: TestClient) -> None:
        """GET /history should require admin login."""
        response = client.get("/history", follow_redirects=False)
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)


 class TestSessionDetail:
@@ -18,4 +18,4 @@ class TestSessionDetail:
    def test_session_detail_requires_auth(self, client: TestClient) -> None:
        """GET /history/1 should require admin login."""
        response = client.get("/history/1", follow_redirects=False)
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)
--- a/tests/test_logging_routes.py
+++ b/tests/test_logging_routes.py
@@ -19,7 +19,7 @@ class TestLogSet:
            },
            follow_redirects=False,
        )
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)


 class TestLogEdit:
@@ -32,7 +32,7 @@ class TestLogEdit:
            data={"reps": "10", "weight": "35 lbs"},
            follow_redirects=False,
        )
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)


 class TestLogDelete:
@@ -41,4 +41,4 @@ class TestLogDelete:
    def test_delete_log_requires_auth(self, client: TestClient) -> None:
        """POST /log/1/delete should require admin login."""
        response = client.post("/log/1/delete", follow_redirects=False)
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)
--- a/tests/test_profile_routes.py
+++ b/tests/test_profile_routes.py
@@ -14,7 +14,7 @@ class TestProfileSwitcher:
            follow_redirects=False,
        )
        # Should redirect to login or return 401
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)


 class TestProfileList:
@@ -23,4 +23,4 @@ class TestProfileList:
    def test_profiles_page_requires_auth(self, client: TestClient) -> None:
        """GET /profiles should require admin login."""
        response = client.get("/profiles", follow_redirects=False)
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)
--- a/tests/test_schedule_routes.py
+++ b/tests/test_schedule_routes.py
@@ -9,4 +9,4 @@ class TestSchedule:
    def test_schedule_requires_auth(self, client: TestClient) -> None:
        """GET /schedule should require admin login."""
        response = client.get("/schedule", follow_redirects=False)
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)
--- a/tests/test_workout_routes.py
+++ b/tests/test_workout_routes.py
@@ -9,9 +9,9 @@ class TestWorkoutDayViewer:
    def test_workout_day_requires_auth(self, client: TestClient) -> None:
        """GET /workouts/push should require admin login."""
        response = client.get("/workouts/push", follow_redirects=False)
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)

    def test_workout_days_list_requires_auth(self, client: TestClient) -> None:
        """GET /workouts should require admin login."""
        response = client.get("/workouts", follow_redirects=False)
-        assert response.status_code in (401, 303)
+        assert response.status_code in (401, 302, 303)