aiagent/backend/tests/test_auth.py

"""
用户认证API测试
"""
import pytest
from fastapi import status


@pytest.mark.unit
@pytest.mark.auth
class TestAuth:
    """认证相关测试"""
    
    def test_register_user(self, client, test_user_data):
        """测试用户注册"""
        response = client.post("/api/v1/auth/register", json=test_user_data)
        assert response.status_code == status.HTTP_201_CREATED
        data = response.json()
        assert "id" in data
        assert data["username"] == test_user_data["username"]
        assert data["email"] == test_user_data["email"]
        assert "password_hash" not in data  # 密码哈希不应该返回
    
    def test_register_duplicate_username(self, client, test_user_data):
        """测试重复用户名注册"""
        # 第一次注册
        response1 = client.post("/api/v1/auth/register", json=test_user_data)
        assert response1.status_code == status.HTTP_201_CREATED
        
        # 第二次注册相同用户名
        response2 = client.post("/api/v1/auth/register", json=test_user_data)
        assert response2.status_code == status.HTTP_400_BAD_REQUEST
    
    def test_register_duplicate_email(self, client, test_user_data):
        """测试重复邮箱注册"""
        # 第一次注册
        response1 = client.post("/api/v1/auth/register", json=test_user_data)
        assert response1.status_code == status.HTTP_201_CREATED
        
        # 使用相同邮箱但不同用户名
        duplicate_data = test_user_data.copy()
        duplicate_data["username"] = "another_user"
        response2 = client.post("/api/v1/auth/register", json=duplicate_data)
        assert response2.status_code == status.HTTP_400_BAD_REQUEST
    
    def test_login_success(self, client, test_user_data):
        """测试登录成功"""
        # 先注册
        client.post("/api/v1/auth/register", json=test_user_data)
        
        # 登录
        response = client.post(
            "/api/v1/auth/login",
            data={
                "username": test_user_data["username"],
                "password": test_user_data["password"]
            }
        )
        assert response.status_code == status.HTTP_200_OK
        data = response.json()
        assert "access_token" in data
        assert data["token_type"] == "bearer"
    
    def test_login_wrong_password(self, client, test_user_data):
        """测试错误密码登录"""
        # 先注册
        client.post("/api/v1/auth/register", json=test_user_data)
        
        # 使用错误密码登录
        response = client.post(
            "/api/v1/auth/login",
            data={
                "username": test_user_data["username"],
                "password": "wrongpassword"
            }
        )
        assert response.status_code == status.HTTP_401_UNAUTHORIZED
    
    def test_login_nonexistent_user(self, client):
        """测试不存在的用户登录"""
        response = client.post(
            "/api/v1/auth/login",
            data={
                "username": "nonexistent",
                "password": "password123"
            }
        )
        assert response.status_code == status.HTTP_401_UNAUTHORIZED
    
    def test_get_current_user(self, authenticated_client, test_user_data):
        """测试获取当前用户信息"""
        response = authenticated_client.get("/api/v1/auth/me")
        assert response.status_code == status.HTTP_200_OK
        data = response.json()
        assert data["username"] == test_user_data["username"]
        assert data["email"] == test_user_data["email"]
    
    def test_get_current_user_unauthorized(self, client):
        """测试未授权访问当前用户信息"""
        response = client.get("/api/v1/auth/me")
        assert response.status_code == status.HTTP_401_UNAUTHORIZED