backend/tests/test_auth.py

"""
用户认证API测试
"""
import pytest
from fastapi import status


@pytest.mark.unit
@pytest.mark.auth
class TestAuth:
    """认证相关测试"""
    
    def test_register_user(self, client, test_user_data):
        """测试用户注册"""
        response = client.post("/api/v1/auth/register", json=test_user_data)
        assert response.status_code == status.HTTP_201_CREATED
        data = response.json()
        assert "id" in data
        assert data["username"] == test_user_data["username"]
        assert data["email"] == test_user_data["email"]
        assert "password_hash" not in data  # 密码哈希不应该返回
    
    def test_register_duplicate_username(self, client, test_user_data):
        """测试重复用户名注册"""
        # 第一次注册
        response1 = client.post("/api/v1/auth/register", json=test_user_data)
        assert response1.status_code == status.HTTP_201_CREATED
        
        # 第二次注册相同用户名
        response2 = client.post("/api/v1/auth/register", json=test_user_data)
        assert response2.status_code == status.HTTP_400_BAD_REQUEST
    
    def test_register_duplicate_email(self, client, test_user_data):
        """测试重复邮箱注册"""
        # 第一次注册
        response1 = client.post("/api/v1/auth/register", json=test_user_data)
        assert response1.status_code == status.HTTP_201_CREATED
        
        # 使用相同邮箱但不同用户名
        duplicate_data = test_user_data.copy()
        duplicate_data["username"] = "another_user"
        response2 = client.post("/api/v1/auth/register", json=duplicate_data)
        assert response2.status_code == status.HTTP_400_BAD_REQUEST
    
    def test_login_success(self, client, test_user_data):
        """测试登录成功"""
        # 先注册
        client.post("/api/v1/auth/register", json=test_user_data)
        
        # 登录
        response = client.post(
            "/api/v1/auth/login",
            data={
                "username": test_user_data["username"],
                "password": test_user_data["password"]
            }
        )
        assert response.status_code == status.HTTP_200_OK
        data = response.json()
        assert "access_token" in data
        assert data["token_type"] == "bearer"
    
    def test_login_wrong_password(self, client, test_user_data):
        """测试错误密码登录"""
        # 先注册
        client.post("/api/v1/auth/register", json=test_user_data)
        
        # 使用错误密码登录
        response = client.post(
            "/api/v1/auth/login",
            data={
                "username": test_user_data["username"],
                "password": "wrongpassword"
            }
        )
        assert response.status_code == status.HTTP_401_UNAUTHORIZED
    
    def test_login_nonexistent_user(self, client):
        """测试不存在的用户登录"""
        response = client.post(
            "/api/v1/auth/login",
            data={
                "username": "nonexistent",
                "password": "password123"
            }
        )
        assert response.status_code == status.HTTP_401_UNAUTHORIZED
    
    def test_get_current_user(self, authenticated_client, test_user_data):
        """测试获取当前用户信息"""
        response = authenticated_client.get("/api/v1/auth/me")
        assert response.status_code == status.HTTP_200_OK
        data = response.json()
        assert data["username"] == test_user_data["username"]
        assert data["email"] == test_user_data["email"]
    
    def test_get_current_user_unauthorized(self, client):
        """测试未授权访问当前用户信息"""
        response = client.get("/api/v1/auth/me")
        assert response.status_code == status.HTTP_401_UNAUTHORIZED
第一次提交 2026-01-19 00:09:36 +08:00			`"""`
			`用户认证API测试`
			`"""`
			`import pytest`
			`from fastapi import status`


			`@pytest.mark.unit`
			`@pytest.mark.auth`
			`class TestAuth:`
			`"""认证相关测试"""`

			`def test_register_user(self, client, test_user_data):`
			`"""测试用户注册"""`
			`response = client.post("/api/v1/auth/register", json=test_user_data)`
			`assert response.status_code == status.HTTP_201_CREATED`
			`data = response.json()`
			`assert "id" in data`
			`assert data["username"] == test_user_data["username"]`
			`assert data["email"] == test_user_data["email"]`
			`assert "password_hash" not in data # 密码哈希不应该返回`

			`def test_register_duplicate_username(self, client, test_user_data):`
			`"""测试重复用户名注册"""`
			`# 第一次注册`
			`response1 = client.post("/api/v1/auth/register", json=test_user_data)`
			`assert response1.status_code == status.HTTP_201_CREATED`

			`# 第二次注册相同用户名`
			`response2 = client.post("/api/v1/auth/register", json=test_user_data)`
			`assert response2.status_code == status.HTTP_400_BAD_REQUEST`

			`def test_register_duplicate_email(self, client, test_user_data):`
			`"""测试重复邮箱注册"""`
			`# 第一次注册`
			`response1 = client.post("/api/v1/auth/register", json=test_user_data)`
			`assert response1.status_code == status.HTTP_201_CREATED`

			`# 使用相同邮箱但不同用户名`
			`duplicate_data = test_user_data.copy()`
			`duplicate_data["username"] = "another_user"`
			`response2 = client.post("/api/v1/auth/register", json=duplicate_data)`
			`assert response2.status_code == status.HTTP_400_BAD_REQUEST`

			`def test_login_success(self, client, test_user_data):`
			`"""测试登录成功"""`
			`# 先注册`
			`client.post("/api/v1/auth/register", json=test_user_data)`

			`# 登录`
			`response = client.post(`
			`"/api/v1/auth/login",`
			`data={`
			`"username": test_user_data["username"],`
			`"password": test_user_data["password"]`
			`}`
			`)`
			`assert response.status_code == status.HTTP_200_OK`
			`data = response.json()`
			`assert "access_token" in data`
			`assert data["token_type"] == "bearer"`

			`def test_login_wrong_password(self, client, test_user_data):`
			`"""测试错误密码登录"""`
			`# 先注册`
			`client.post("/api/v1/auth/register", json=test_user_data)`

			`# 使用错误密码登录`
			`response = client.post(`
			`"/api/v1/auth/login",`
			`data={`
			`"username": test_user_data["username"],`
			`"password": "wrongpassword"`
			`}`
			`)`
			`assert response.status_code == status.HTTP_401_UNAUTHORIZED`

			`def test_login_nonexistent_user(self, client):`
			`"""测试不存在的用户登录"""`
			`response = client.post(`
			`"/api/v1/auth/login",`
			`data={`
			`"username": "nonexistent",`
			`"password": "password123"`
			`}`
			`)`
			`assert response.status_code == status.HTTP_401_UNAUTHORIZED`

			`def test_get_current_user(self, authenticated_client, test_user_data):`
			`"""测试获取当前用户信息"""`
			`response = authenticated_client.get("/api/v1/auth/me")`
			`assert response.status_code == status.HTTP_200_OK`
			`data = response.json()`
			`assert data["username"] == test_user_data["username"]`
			`assert data["email"] == test_user_data["email"]`

			`def test_get_current_user_unauthorized(self, client):`
			`"""测试未授权访问当前用户信息"""`
			`response = client.get("/api/v1/auth/me")`
			`assert response.status_code == status.HTTP_401_UNAUTHORIZED`