feat(phase-9): implement MVP polishing and closure

T-032: User management admin panel - backend users router with CRUD, frontend UsersPage with modals T-033: Audit log viewer - backend audit router with filters/pagination, frontend AuditLogPage T-034: Global error handling - ErrorBoundary, LoadingSpinner, ErrorMessage, Toast components T-035: Backend tests - pytest setup with SQLite, tests for health/auth/techniques/tests T-036: Documentation - Updated README with testing section, created docs/API.md
2026-02-06 16:30:35 +01:00
parent cb447f3803
commit 174919da4e
27 changed files with 2539 additions and 17 deletions
--- a/backend/tests/test_auth.py
+++ b/backend/tests/test_auth.py
@@ -0,0 +1,81 @@
+"""Tests for authentication endpoints."""
+
+import pytest
+
+
+def test_login_success(client, admin_user):
+    """Test successful login returns a token."""
+    response = client.post(
+        "/api/v1/auth/login",
+        data={"username": "admin", "password": "admin123"},
+    )
+    assert response.status_code == 200
+    data = response.json()
+    assert "access_token" in data
+    assert data["token_type"] == "bearer"
+
+
+def test_login_wrong_password(client, admin_user):
+    """Test login with wrong password returns 400."""
+    response = client.post(
+        "/api/v1/auth/login",
+        data={"username": "admin", "password": "wrongpassword"},
+    )
+    assert response.status_code == 400
+
+
+def test_login_nonexistent_user(client):
+    """Test login with non-existent user returns 400."""
+    response = client.post(
+        "/api/v1/auth/login",
+        data={"username": "nobody", "password": "password"},
+    )
+    assert response.status_code == 400
+
+
+def test_login_inactive_user(client, db):
+    """Test login with inactive user returns 400."""
+    from app.auth import hash_password
+    from app.models.user import User
+    
+    user = User(
+        username="inactive",
+        hashed_password=hash_password("password"),
+        role="viewer",
+        is_active=False,
+    )
+    db.add(user)
+    db.commit()
+    
+    response = client.post(
+        "/api/v1/auth/login",
+        data={"username": "inactive", "password": "password"},
+    )
+    assert response.status_code == 400
+
+
+def test_get_me_with_token(client, admin_user, admin_token):
+    """Test /auth/me returns current user with valid token."""
+    response = client.get(
+        "/api/v1/auth/me",
+        headers={"Authorization": f"Bearer {admin_token}"},
+    )
+    assert response.status_code == 200
+    data = response.json()
+    assert data["username"] == "admin"
+    assert data["role"] == "admin"
+
+
+def test_get_me_without_token(client):
+    """Test /auth/me returns 401 without token."""
+    response = client.get("/api/v1/auth/me")
+    assert response.status_code == 401
+
+
+def test_get_me_invalid_token(client):
+    """Test /auth/me returns 401 with invalid token."""
+    response = client.get(
+        "/api/v1/auth/me",
+        headers={"Authorization": "Bearer invalidtoken"},
+    )
+    assert response.status_code == 401