"""Tests for the auth dependency (require_admin).""" from unittest.mock import MagicMock import pytest from fastapi import HTTPException from app.utils.auth import get_current_admin_user, get_active_profile_id class TestAuthDependency: """Tests for the require_admin dependency.""" def test_redirects_when_no_session_cookie(self) -> None: """Should redirect to /login (303) when no session cookie is present.""" request = MagicMock() request.cookies = {} with pytest.raises(HTTPException) as exc_info: get_current_admin_user(request=request, session=MagicMock()) assert exc_info.value.status_code == 303 def test_redirects_when_invalid_token(self) -> None: """Should redirect to /login (303) when session cookie has invalid token.""" request = MagicMock() request.cookies = {"session": "invalid-token"} request.app.state.secret_key = "test-secret" mock_session = MagicMock() mock_session.get.return_value = None with pytest.raises(HTTPException) as exc_info: get_current_admin_user(request=request, session=mock_session) assert exc_info.value.status_code == 303 class TestGetActiveProfileId: """Tests for the get_active_profile_id dependency.""" def test_returns_profile_id_from_cookie(self) -> None: """Should return the integer profile ID from cookie.""" request = MagicMock() request.cookies = {"active_profile_id": "5"} assert get_active_profile_id(request) == 5 def test_returns_none_when_no_cookie(self) -> None: """Should return None when no active_profile_id cookie is set.""" request = MagicMock() request.cookies = {} assert get_active_profile_id(request) is None def test_returns_none_for_non_numeric(self) -> None: """Should return None for non-numeric cookie values.""" request = MagicMock() request.cookies = {"active_profile_id": "abc"} assert get_active_profile_id(request) is None