Phillip Tarrant
576d3bbb68
Remove all authentication (login, sessions, bcrypt, itsdangerous) since the app runs on a private homelab LAN. Replace with a profile picker landing page and cookie-based profile selection (1-year expiry). - Add Alembic migration to drop password_hash/is_admin columns - Delete auth service, auth routes, login template, and auth tests - Rewrite app/utils/auth.py with NoProfileSelectedError and require_active_profile dependency - Add profile creation flow (GET/POST /profiles/create) - Rewrite home page as profile picker with card layout - Update all route files to use profile dependency instead of admin auth - Remove bcrypt and itsdangerous from requirements - Remove admin_username/admin_password from config - Update all tests for new profile-based access model Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
106 lines
4.0 KiB
Python
106 lines
4.0 KiB
Python
"""Tests for profile-based access control and landing page."""
|
|
|
|
from sqlmodel import SQLModel, Session, create_engine
|
|
|
|
from app.models.user import User
|
|
from app.services.user_service import UserService
|
|
from tests.conftest import set_profile_cookie
|
|
|
|
|
|
class TestProfileAuth:
|
|
"""Tests for the profile cookie-based access flow."""
|
|
|
|
def test_no_profile_redirects_to_home(self, client) -> None:
|
|
"""Routes requiring a profile should redirect to / when no cookie set."""
|
|
response = client.get("/workouts", follow_redirects=False)
|
|
assert response.status_code == 302
|
|
assert response.headers["location"] == "/"
|
|
|
|
def test_invalid_profile_redirects_to_home(self, client) -> None:
|
|
"""An invalid profile_id cookie should redirect to /."""
|
|
client.cookies.set("active_profile_id", "99999")
|
|
response = client.get("/workouts", follow_redirects=False)
|
|
assert response.status_code == 302
|
|
assert response.headers["location"] == "/"
|
|
|
|
def test_valid_profile_allows_access(self, client) -> None:
|
|
"""A valid profile cookie should allow access to protected routes."""
|
|
# The seeded profiles exist; find one
|
|
response = client.get("/")
|
|
assert response.status_code == 200
|
|
|
|
# Get the first profile ID from the seeded data
|
|
set_profile_cookie(client, 1)
|
|
response = client.get("/workouts")
|
|
assert response.status_code == 200
|
|
|
|
|
|
class TestLandingPage:
|
|
"""Tests for the home page profile picker."""
|
|
|
|
def test_home_page_shows_profiles(self, client) -> None:
|
|
"""GET / should show seeded profile names."""
|
|
response = client.get("/")
|
|
assert response.status_code == 200
|
|
assert "Select Profile" in response.text
|
|
|
|
def test_home_page_accessible_without_cookie(self, client) -> None:
|
|
"""GET / should work without any profile cookie."""
|
|
response = client.get("/")
|
|
assert response.status_code == 200
|
|
assert "SneakySwole" in response.text
|
|
|
|
|
|
class TestProfileCreation:
|
|
"""Tests for the profile creation flow."""
|
|
|
|
def test_create_profile_form_renders(self, client) -> None:
|
|
"""GET /profiles/create should render the form."""
|
|
response = client.get("/profiles/create")
|
|
assert response.status_code == 200
|
|
assert "Display Name" in response.text
|
|
|
|
def test_create_profile_sets_cookie(self, client) -> None:
|
|
"""POST /profiles/create should create profile and set cookie."""
|
|
response = client.post(
|
|
"/profiles/create",
|
|
data={"display_name": "NewUser", "height": "5'10\"", "weight": "180 lbs"},
|
|
follow_redirects=False,
|
|
)
|
|
assert response.status_code == 303
|
|
assert response.headers["location"] == "/workouts"
|
|
assert "active_profile_id" in response.cookies
|
|
|
|
def test_create_profile_requires_name(self, client) -> None:
|
|
"""POST /profiles/create with empty name should show error."""
|
|
response = client.post(
|
|
"/profiles/create",
|
|
data={"display_name": "", "height": "", "weight": ""},
|
|
)
|
|
assert response.status_code == 200
|
|
assert "required" in response.text.lower()
|
|
|
|
|
|
class TestProfileSwitch:
|
|
"""Tests for the profile switch flow."""
|
|
|
|
def test_switch_profile_sets_cookie(self, client) -> None:
|
|
"""POST /profiles/switch should set cookie and redirect."""
|
|
response = client.post(
|
|
"/profiles/switch",
|
|
data={"profile_id": "1"},
|
|
follow_redirects=False,
|
|
)
|
|
assert response.status_code == 303
|
|
assert "active_profile_id" in response.cookies
|
|
|
|
def test_switch_invalid_profile_redirects_home(self, client) -> None:
|
|
"""POST /profiles/switch with invalid ID should redirect to /."""
|
|
response = client.post(
|
|
"/profiles/switch",
|
|
data={"profile_id": "99999"},
|
|
follow_redirects=False,
|
|
)
|
|
assert response.status_code == 303
|
|
assert response.headers["location"] == "/"
|