"""Auth endpoint tests.""" from unittest.mock import AsyncMock, MagicMock, patch from tests.conftest import SAMPLE_USER def _supabase_session(access_token="tok_access", refresh_token="tok_refresh"): session = MagicMock() session.access_token = access_token session.refresh_token = refresh_token session.expires_in = 3600 user = MagicMock() user.id = "11111111-1111-1111-1111-111111111111" result = MagicMock() result.session = session result.user = user return result async def test_login_success(anon_client): with patch("app.services.auth_service._client") as mock_client: mock_client.return_value.auth.sign_in_with_password.return_value = _supabase_session() r = await anon_client.post("/api/v1/auth/login", json={"email": "user@test.com", "password": "password123"}) assert r.status_code == 200 body = r.json() assert body["success"] is True assert "access_token" in body["data"] assert body["data"]["token_type"] == "bearer" async def test_login_invalid_credentials(anon_client): with patch("app.services.auth_service._client") as mock_client: mock_client.return_value.auth.sign_in_with_password.side_effect = Exception("Invalid login") r = await anon_client.post("/api/v1/auth/login", json={"email": "wrong@test.com", "password": "bad"}) assert r.status_code == 401 body = r.json() assert body["success"] is False assert body["error"]["code"] == "UNAUTHORIZED" async def test_register_with_name_field(anon_client, mock_db): """Frontend sends `name`, not `full_name` — both must be accepted.""" mock_db.execute = AsyncMock(return_value="INSERT 1") with patch("app.services.auth_service._client") as mock_client: mock_client.return_value.auth.sign_up.return_value = _supabase_session() r = await anon_client.post("/api/v1/auth/register", json={ "email": "new@test.com", "password": "password123", "name": "Jane Doe", }) assert r.status_code == 201 assert r.json()["success"] is True async def test_register_with_full_name_field(anon_client, mock_db): """full_name field also accepted.""" mock_db.execute = AsyncMock(return_value="INSERT 1") with patch("app.services.auth_service._client") as mock_client: mock_client.return_value.auth.sign_up.return_value = _supabase_session() r = await anon_client.post("/api/v1/auth/register", json={ "email": "new2@test.com", "password": "password123", "full_name": "Jane Doe", }) assert r.status_code == 201 async def test_register_password_too_short(anon_client): r = await anon_client.post("/api/v1/auth/register", json={ "email": "new@test.com", "password": "short", "name": "Jane", }) assert r.status_code == 422 body = r.json() assert body["success"] is False assert body["error"]["code"] == "VALIDATION_ERROR" async def test_get_me(auth_client): r = await auth_client.get("/api/v1/auth/me") assert r.status_code == 200 data = r.json()["data"] assert data["email"] == SAMPLE_USER["email"] assert data["role"] == "client" async def test_get_me_unauthenticated(anon_client): r = await anon_client.get("/api/v1/auth/me") assert r.status_code == 401 async def test_forgot_password_always_200(anon_client): """Never reveals whether email exists.""" with patch("app.services.auth_service._client"): r = await anon_client.post("/api/v1/auth/forgot-password", json={"email": "anyone@test.com"}) assert r.status_code == 200 assert r.json()["success"] is True async def test_update_profile(auth_client, mock_db): from tests.conftest import SAMPLE_USER updated = dict(SAMPLE_USER, full_name="Updated Name") mock_db.fetchrow = AsyncMock(return_value=updated) r = await auth_client.patch("/api/v1/auth/me", json={"full_name": "Updated Name"}) assert r.status_code == 200 assert r.json()["data"]["full_name"] == "Updated Name"