""" E2E tests for authentication flow. """ import hashlib import pytest from fastapi.testclient import TestClient def _sha256(password: str) -> str: """SHA-256 hash to match client-side hashing.""" return hashlib.sha256(password.encode()).hexdigest() def test_health_check(client: TestClient): """Test health check endpoint.""" response = client.get("/health") assert response.status_code == 200 assert response.json() == {"status": "healthy"} def test_login_success(client: TestClient, test_user): """Test successful login.""" response = client.post( "/api/auth/login", json={ "username": "testuser", "password": _sha256("testpassword"), }, ) assert response.status_code == 200 data = response.json() assert "access_token" in data assert data["token_type"] == "bearer" def test_login_wrong_password(client: TestClient, test_user): """Test login with wrong password.""" response = client.post( "/api/auth/login", json={ "username": "testuser", "password": _sha256("wrongpassword"), }, ) assert response.status_code == 401 def test_login_nonexistent_user(client: TestClient): """Test login with nonexistent user.""" response = client.post( "/api/auth/login", json={ "username": "nonexistent", "password": _sha256("password"), }, ) assert response.status_code == 401 def test_get_current_user(client: TestClient, auth_headers): """Test getting current user info.""" response = client.get("/api/auth/me", headers=auth_headers) assert response.status_code == 200 data = response.json() assert data["username"] == "testuser" assert data["email"] == "test@example.com" def test_get_current_user_no_token(client: TestClient): """Test getting current user without token.""" response = client.get("/api/auth/me") assert response.status_code == 401 def test_get_current_user_invalid_token(client: TestClient): """Test getting current user with invalid token.""" response = client.get( "/api/auth/me", headers={"Authorization": "Bearer invalid_token"}, ) assert response.status_code == 401