from services.security import get_password_hash, verify_password def test_password_hashing(): password = "testpassword" hashed_password = get_password_hash(password) assert verify_password(password, hashed_password) assert not verify_password("wrongpassword", hashed_password) def test_register_user(api_client): response = api_client.post( "/users/register", json={ "username": "testuser", "email": "test@example.com", "password": "testpassword", }, ) assert response.status_code == 201 data = response.json() assert data["username"] == "testuser" assert data["email"] == "test@example.com" assert "id" in data assert "role_id" in data response = api_client.post( "/users/register", json={ "username": "testuser", "email": "another@example.com", "password": "testpassword", }, ) assert response.status_code == 400 assert response.json() == {"detail": "Username already registered"} response = api_client.post( "/users/register", json={ "username": "anotheruser", "email": "test@example.com", "password": "testpassword", }, ) assert response.status_code == 400 assert response.json() == {"detail": "Email already registered"} def test_login_user(api_client): # Register a user first api_client.post( "/users/register", json={ "username": "loginuser", "email": "login@example.com", "password": "loginpassword", }, ) response = api_client.post( "/users/login", json={"username": "loginuser", "password": "loginpassword"}, ) assert response.status_code == 200 data = response.json() assert "access_token" in data assert data["token_type"] == "bearer" response = api_client.post( "/users/login", json={"username": "loginuser", "password": "wrongpassword"}, ) assert response.status_code == 401 assert response.json() == {"detail": "Incorrect username or password"} response = api_client.post( "/users/login", json={"username": "nonexistent", "password": "password"}, ) assert response.status_code == 401 assert response.json() == {"detail": "Incorrect username or password"} def test_read_users_me(api_client): # Register a user first api_client.post( "/users/register", json={ "username": "profileuser", "email": "profile@example.com", "password": "profilepassword", }, ) # Login to get a token login_response = api_client.post( "/users/login", json={"username": "profileuser", "password": "profilepassword"}, ) token = login_response.json()["access_token"] response = api_client.get( "/users/me", headers={"Authorization": f"Bearer {token}"} ) assert response.status_code == 200 data = response.json() assert data["username"] == "profileuser" assert data["email"] == "profile@example.com" def test_update_users_me(api_client): # Register a user first api_client.post( "/users/register", json={ "username": "updateuser", "email": "update@example.com", "password": "updatepassword", }, ) # Login to get a token login_response = api_client.post( "/users/login", json={"username": "updateuser", "password": "updatepassword"}, ) token = login_response.json()["access_token"] response = api_client.put( "/users/me", headers={"Authorization": f"Bearer {token}"}, json={ "username": "updateduser", "email": "updated@example.com", "password": "newpassword", }, ) assert response.status_code == 200 data = response.json() assert data["username"] == "updateduser" assert data["email"] == "updated@example.com" # Verify password change response = api_client.post( "/users/login", json={"username": "updateduser", "password": "newpassword"}, ) assert response.status_code == 200 token = response.json()["access_token"] # Test username already taken api_client.post( "/users/register", json={ "username": "anotherupdateuser", "email": "anotherupdate@example.com", "password": "password", }, ) response = api_client.put( "/users/me", headers={"Authorization": f"Bearer {token}"}, json={ "username": "anotherupdateuser", }, ) assert response.status_code == 400 assert response.json() == {"detail": "Username already taken"} # Test email already registered api_client.post( "/users/register", json={ "username": "yetanotheruser", "email": "yetanother@example.com", "password": "password", }, ) response = api_client.put( "/users/me", headers={"Authorization": f"Bearer {token}"}, json={ "email": "yetanother@example.com", }, ) assert response.status_code == 400 assert response.json() == {"detail": "Email already registered"} def test_forgot_password(api_client): response = api_client.post( "/users/forgot-password", json={"email": "nonexistent@example.com"} ) assert response.status_code == 200 assert response.json() == { "message": "Password reset email sent (not really)"} def test_reset_password(api_client): # Register a user first api_client.post( "/users/register", json={ "username": "resetuser", "email": "reset@example.com", "password": "oldpassword", }, ) response = api_client.post( "/users/reset-password", json={ "token": "resetuser", # Use username as token for test "new_password": "newpassword", }, ) assert response.status_code == 200 assert response.json() == { "message": "Password has been reset successfully"} # Verify password change response = api_client.post( "/users/login", json={"username": "resetuser", "password": "newpassword"}, ) assert response.status_code == 200 response = api_client.post( "/users/login", json={"username": "resetuser", "password": "oldpassword"}, ) assert response.status_code == 401