第一次提交

backend/tests/test_auth.py

@@ -0,0 +1,100 @@
+"""
+用户认证API测试
+"""
+import pytest
+from fastapi import status
+
+
+@pytest.mark.unit
+@pytest.mark.auth
+class TestAuth:
+    """认证相关测试"""
+    
+    def test_register_user(self, client, test_user_data):
+        """测试用户注册"""
+        response = client.post("/api/v1/auth/register", json=test_user_data)
+        assert response.status_code == status.HTTP_201_CREATED
+        data = response.json()
+        assert "id" in data
+        assert data["username"] == test_user_data["username"]
+        assert data["email"] == test_user_data["email"]
+        assert "password_hash" not in data  # 密码哈希不应该返回
+    
+    def test_register_duplicate_username(self, client, test_user_data):
+        """测试重复用户名注册"""
+        # 第一次注册
+        response1 = client.post("/api/v1/auth/register", json=test_user_data)
+        assert response1.status_code == status.HTTP_201_CREATED
+        
+        # 第二次注册相同用户名
+        response2 = client.post("/api/v1/auth/register", json=test_user_data)
+        assert response2.status_code == status.HTTP_400_BAD_REQUEST
+    
+    def test_register_duplicate_email(self, client, test_user_data):
+        """测试重复邮箱注册"""
+        # 第一次注册
+        response1 = client.post("/api/v1/auth/register", json=test_user_data)
+        assert response1.status_code == status.HTTP_201_CREATED
+        
+        # 使用相同邮箱但不同用户名
+        duplicate_data = test_user_data.copy()
+        duplicate_data["username"] = "another_user"
+        response2 = client.post("/api/v1/auth/register", json=duplicate_data)
+        assert response2.status_code == status.HTTP_400_BAD_REQUEST
+    
+    def test_login_success(self, client, test_user_data):
+        """测试登录成功"""
+        # 先注册
+        client.post("/api/v1/auth/register", json=test_user_data)
+        
+        # 登录
+        response = client.post(
+            "/api/v1/auth/login",
+            data={
+                "username": test_user_data["username"],
+                "password": test_user_data["password"]
+            }
+        )
+        assert response.status_code == status.HTTP_200_OK
+        data = response.json()
+        assert "access_token" in data
+        assert data["token_type"] == "bearer"
+    
+    def test_login_wrong_password(self, client, test_user_data):
+        """测试错误密码登录"""
+        # 先注册
+        client.post("/api/v1/auth/register", json=test_user_data)
+        
+        # 使用错误密码登录
+        response = client.post(
+            "/api/v1/auth/login",
+            data={
+                "username": test_user_data["username"],
+                "password": "wrongpassword"
+            }
+        )
+        assert response.status_code == status.HTTP_401_UNAUTHORIZED
+    
+    def test_login_nonexistent_user(self, client):
+        """测试不存在的用户登录"""
+        response = client.post(
+            "/api/v1/auth/login",
+            data={
+                "username": "nonexistent",
+                "password": "password123"
+            }
+        )
+        assert response.status_code == status.HTTP_401_UNAUTHORIZED
+    
+    def test_get_current_user(self, authenticated_client, test_user_data):
+        """测试获取当前用户信息"""
+        response = authenticated_client.get("/api/v1/auth/me")
+        assert response.status_code == status.HTTP_200_OK
+        data = response.json()
+        assert data["username"] == test_user_data["username"]
+        assert data["email"] == test_user_data["email"]
+    
+    def test_get_current_user_unauthorized(self, client):
+        """测试未授权访问当前用户信息"""
+        response = client.get("/api/v1/auth/me")
+        assert response.status_code == status.HTTP_401_UNAUTHORIZED