kanban-app/backend/tests/test_routes.py

"""Test API routes"""
import pytest


class TestAuthRoutes:
    """Test authentication routes"""

    @pytest.mark.auth
    def test_register_success(self, client):
        """Test successful user registration"""
        response = client.post(
            "/api/auth/register",
            json={
                "email": "newuser@example.com",
                "password": "password123",
                "username": "newuser",
                "first_name": "New",
                "last_name": "User",
            },
        )

        assert response.status_code == 201
        data = response.get_json()
        assert data["email"] == "newuser@example.com"
        assert data["username"] == "newuser"
        assert "password" not in data
        assert "password_hash" not in data

    @pytest.mark.auth
    def test_register_missing_fields(self, client):
        """Test registration with missing required fields"""
        response = client.post(
            "/api/auth/register", json={"email": "newuser@example.com"}
        )

        assert response.status_code == 400
        data = response.get_json()
        assert "error" in data

    @pytest.mark.auth
    def test_register_duplicate_email(self, client, regular_user):
        """Test registration with duplicate email"""
        response = client.post(
            "/api/auth/register",
            json={"email": regular_user.email, "password": "password123"},
        )

        assert response.status_code == 400
        data = response.get_json()
        assert "already exists" in data["error"].lower()

    @pytest.mark.auth
    def test_login_success(self, client, regular_user):
        """Test successful login"""
        response = client.post(
            "/api/auth/login",
            json={"email": regular_user.email, "password": "password123"},
        )

        assert response.status_code == 200
        data = response.get_json()
        assert "access_token" in data
        assert "refresh_token" in data
        assert data["user"]["email"] == regular_user.email

    @pytest.mark.auth
    @pytest.mark.parametrize(
        "email,password,expected_status",
        [
            ("wrong@example.com", "password123", 401),
            ("user@example.com", "wrongpassword", 401),
            (None, "password123", 400),
            ("user@example.com", None, 400),
        ],
    )
    def test_login_validation(
        self, client, regular_user, email, password, expected_status
    ):
        """Test login with various invalid inputs"""
        login_data = {}
        if email is not None:
            login_data["email"] = email
        if password is not None:
            login_data["password"] = password

        response = client.post("/api/auth/login", json=login_data)
        assert response.status_code == expected_status

    @pytest.mark.auth
    def test_login_inactive_user(self, client, inactive_user):
        """Test login with inactive user"""
        response = client.post(
            "/api/auth/login",
            json={"email": inactive_user.email, "password": "password123"},
        )

        assert response.status_code == 401
        data = response.get_json()
        assert "inactive" in data["error"].lower()

    @pytest.mark.auth
    def test_get_current_user(self, client, auth_headers, regular_user):
        """Test getting current user"""
        response = client.get("/api/users/me", headers=auth_headers)

        assert response.status_code == 200
        data = response.get_json()
        assert data["email"] == regular_user.email

    @pytest.mark.auth
    def test_get_current_user_unauthorized(self, client):
        """Test getting current user without authentication"""
        response = client.get("/api/users/me")
        assert response.status_code == 401
add pytest 2026-02-24 14:36:31 +00:00			`"""Test API routes"""`
			`import pytest`


			`class TestAuthRoutes:`
			`"""Test authentication routes"""`

			`@pytest.mark.auth`
			`def test_register_success(self, client):`
			`"""Test successful user registration"""`
update actions config, fix lint errors 2026-02-24 16:19:15 +00:00			`response = client.post(`
			`"/api/auth/register",`
			`json={`
			`"email": "newuser@example.com",`
			`"password": "password123",`
			`"username": "newuser",`
			`"first_name": "New",`
			`"last_name": "User",`
			`},`
			`)`
add pytest 2026-02-24 14:36:31 +00:00
			`assert response.status_code == 201`
			`data = response.get_json()`
update actions config, fix lint errors 2026-02-24 16:19:15 +00:00			`assert data["email"] == "newuser@example.com"`
			`assert data["username"] == "newuser"`
			`assert "password" not in data`
			`assert "password_hash" not in data`
add pytest 2026-02-24 14:36:31 +00:00
			`@pytest.mark.auth`
			`def test_register_missing_fields(self, client):`
			`"""Test registration with missing required fields"""`
update actions config, fix lint errors 2026-02-24 16:19:15 +00:00			`response = client.post(`
			`"/api/auth/register", json={"email": "newuser@example.com"}`
			`)`
add pytest 2026-02-24 14:36:31 +00:00
			`assert response.status_code == 400`
			`data = response.get_json()`
update actions config, fix lint errors 2026-02-24 16:19:15 +00:00			`assert "error" in data`
add pytest 2026-02-24 14:36:31 +00:00
			`@pytest.mark.auth`
			`def test_register_duplicate_email(self, client, regular_user):`
			`"""Test registration with duplicate email"""`
update actions config, fix lint errors 2026-02-24 16:19:15 +00:00			`response = client.post(`
			`"/api/auth/register",`
			`json={"email": regular_user.email, "password": "password123"},`
			`)`
add pytest 2026-02-24 14:36:31 +00:00
			`assert response.status_code == 400`
			`data = response.get_json()`
update actions config, fix lint errors 2026-02-24 16:19:15 +00:00			`assert "already exists" in data["error"].lower()`
add pytest 2026-02-24 14:36:31 +00:00
			`@pytest.mark.auth`
			`def test_login_success(self, client, regular_user):`
			`"""Test successful login"""`
update actions config, fix lint errors 2026-02-24 16:19:15 +00:00			`response = client.post(`
			`"/api/auth/login",`
			`json={"email": regular_user.email, "password": "password123"},`
			`)`
add pytest 2026-02-24 14:36:31 +00:00
			`assert response.status_code == 200`
			`data = response.get_json()`
update actions config, fix lint errors 2026-02-24 16:19:15 +00:00			`assert "access_token" in data`
			`assert "refresh_token" in data`
			`assert data["user"]["email"] == regular_user.email`
add pytest 2026-02-24 14:36:31 +00:00
			`@pytest.mark.auth`
update actions config, fix lint errors 2026-02-24 16:19:15 +00:00			`@pytest.mark.parametrize(`
			`"email,password,expected_status",`
			`[`
			`("wrong@example.com", "password123", 401),`
			`("user@example.com", "wrongpassword", 401),`
			`(None, "password123", 400),`
			`("user@example.com", None, 400),`
			`],`
			`)`
			`def test_login_validation(`
			`self, client, regular_user, email, password, expected_status`
			`):`
add pytest 2026-02-24 14:36:31 +00:00			`"""Test login with various invalid inputs"""`
			`login_data = {}`
			`if email is not None:`
update actions config, fix lint errors 2026-02-24 16:19:15 +00:00			`login_data["email"] = email`
add pytest 2026-02-24 14:36:31 +00:00			`if password is not None:`
update actions config, fix lint errors 2026-02-24 16:19:15 +00:00			`login_data["password"] = password`
add pytest 2026-02-24 14:36:31 +00:00
update actions config, fix lint errors 2026-02-24 16:19:15 +00:00			`response = client.post("/api/auth/login", json=login_data)`
add pytest 2026-02-24 14:36:31 +00:00			`assert response.status_code == expected_status`

			`@pytest.mark.auth`
			`def test_login_inactive_user(self, client, inactive_user):`
			`"""Test login with inactive user"""`
update actions config, fix lint errors 2026-02-24 16:19:15 +00:00			`response = client.post(`
			`"/api/auth/login",`
			`json={"email": inactive_user.email, "password": "password123"},`
			`)`
add pytest 2026-02-24 14:36:31 +00:00
			`assert response.status_code == 401`
			`data = response.get_json()`
update actions config, fix lint errors 2026-02-24 16:19:15 +00:00			`assert "inactive" in data["error"].lower()`
add pytest 2026-02-24 14:36:31 +00:00
			`@pytest.mark.auth`
			`def test_get_current_user(self, client, auth_headers, regular_user):`
			`"""Test getting current user"""`
update actions config, fix lint errors 2026-02-24 16:19:15 +00:00			`response = client.get("/api/users/me", headers=auth_headers)`
add pytest 2026-02-24 14:36:31 +00:00
			`assert response.status_code == 200`
			`data = response.get_json()`
update actions config, fix lint errors 2026-02-24 16:19:15 +00:00			`assert data["email"] == regular_user.email`
add pytest 2026-02-24 14:36:31 +00:00
			`@pytest.mark.auth`
			`def test_get_current_user_unauthorized(self, client):`
			`"""Test getting current user without authentication"""`
update actions config, fix lint errors 2026-02-24 16:19:15 +00:00			`response = client.get("/api/users/me")`
add pytest 2026-02-24 14:36:31 +00:00			`assert response.status_code == 401`