nanoClaw/tests/test_auth.py

import pytest
import json
from backend.models import User


def test_auth_mode(client, session):
    """Test /api/auth/mode endpoint."""
    resp = client.get('/api/auth/mode')
    assert resp.status_code == 200
    data = json.loads(resp.data)
    assert 'code' in data
    assert 'data' in data
    # Default is single
    assert data['data']['mode'] == 'single'


def test_login_single_mode(client, session):
    """Test login in single-user mode."""
    # Ensure default user exists (should be created by auth middleware)
    user = User.query.filter_by(username='default').first()
    if not user:
        user = User(username='default')
        session.add(user)
        session.commit()
    
    resp = client.post('/api/auth/login', json={
        'username': 'default',
        'password': ''  # no password in single mode
    })
    assert resp.status_code == 200
    data = json.loads(resp.data)
    assert data['code'] == 0
    assert 'token' in data['data']
    assert 'user' in data['data']
    assert data['data']['user']['username'] == 'default'


def test_profile(client, session):
    """Test /api/auth/profile endpoint."""
    # In single mode, no token required
    resp = client.get('/api/auth/profile')
    assert resp.status_code == 200
    data = json.loads(resp.data)
    assert data['code'] == 0
    assert data['data']['username'] == 'default'


def test_profile_update(client, session):
    """Test updating profile."""
    resp = client.patch('/api/auth/profile', json={
        'email': 'default@example.com',
        'avatar': 'https://example.com/avatar.png'
    })
    assert resp.status_code == 200
    data = json.loads(resp.data)
    assert data['code'] == 0
    # Verify update
    user = User.query.filter_by(username='default').first()
    assert user.email == 'default@example.com'
    assert user.avatar == 'https://example.com/avatar.png'


def test_register_not_allowed_in_single_mode(client, session):
    """Registration should fail in single-user mode."""
    resp = client.post('/api/auth/register', json={
        'username': 'newuser',
        'password': 'password'
    })
    # Expect error (maybe 400 or 403)
    # The actual behavior may vary; we'll just ensure it's not a success
    data = json.loads(resp.data)
    assert data['code'] != 0


# Multi-user mode tests (requires switching config)
# We'll skip for now because it's more complex.


if __name__ == '__main__':
    pytest.main(['-v', __file__])