feat: Amorçage des tests automatiques [#64]

2026-01-28 23:43:22 +00:00 · 2025-06-05 17:20:59 +02:00
parent 0064b8d35a
commit 0a2b23f260
5 changed files with 229 additions and 1 deletions
--- a/Back-End/test_auth_endpoints.py
+++ b/Back-End/test_auth_endpoints.py
@ -0,0 +1,124 @@
+"""
+Tests automatiques pour les endpoints Auth de l'API N3WT-SCHOOL.
+- Teste les endpoints GET, y compris dynamiques.
+- Teste l'authentification (login JWT) et l'accès aux endpoints protégés.
+- Vérifie la structure JSON des réponses principales.
+"""
+import pytest
+from django.urls import reverse
+from rest_framework.test import APIClient
+from Auth.models import Profile, ProfileRole
+from Establishment.models import Establishment
+from django.contrib.auth.hashers import make_password
+
+@pytest.mark.django_db
+class TestAuthEndpoints:
+    @pytest.fixture(autouse=True)
+    def setup(self, db):
+        self.client = APIClient()
+        # Création d'un établissement de test
+        self.establishment = Establishment.objects.create(
+            name="Etablissement Test",
+            address="1 rue du test",
+            total_capacity=100,
+            establishment_type=[1],
+            evaluation_frequency=1,
+            licence_code="LIC123",
+            is_active=True
+        )
+        # Création d'un utilisateur de test
+        self.test_email = 'testuser@example.com'
+        self.test_password = 'testpass123'
+        self.profile = Profile.objects.create(
+            email=self.test_email,
+            username=self.test_email,
+            password=make_password(self.test_password)
+        )
+        self.profile_role = ProfileRole.objects.create(
+            profile=self.profile,
+            role_type=1,  # ADMIN
+            establishment=self.establishment,
+            is_active=True
+        )
+
+    def test_csrf(self):
+        response = self.client.get('/Auth/csrf')
+        assert response.status_code == 200
+        assert 'csrfToken' in response.json()
+
+    def test_login(self):
+        response = self.client.post('/Auth/login', {
+            'email': self.test_email,
+            'password': self.test_password
+        }, format='json')
+        assert response.status_code in [200, 401]
+        if response.status_code == 200:
+            assert 'access' in response.json() or 'token' in response.json()
+
+    def test_profiles(self):
+        # GET /Auth/profiles
+        response = self.client.get(f'/Auth/profiles')
+        assert response.status_code in [200, 401, 403]
+        if response.status_code == 200:
+            # Vérifie que le profil de test existe dans la liste
+            emails = [p.get('email') for p in response.json() if isinstance(p, dict)]
+            assert self.test_email in emails
+
+    def test_profiles_id(self):
+        # GET /Auth/profiles/<id>
+        response = self.client.get(f'/Auth/profiles/{self.profile.id}')
+        assert response.status_code in [200, 401, 403, 404]
+        if response.status_code == 200:
+            data = response.json()
+            assert data.get('email') == self.test_email
+
+    def test_profile_roles(self):
+        # GET /Auth/profileRoles avec paramètres requis
+        params = {
+            'establishment_id': self.establishment.id,
+            'filter': 'school'
+        }
+        response = self.client.get('/Auth/profileRoles', params)
+        assert response.status_code in [200, 401, 403, 400]
+        if response.status_code == 200:
+            results = response.json()
+            # Adapter à la structure réelle de la réponse : clé 'profilesRoles'
+            if isinstance(results, dict) and 'profilesRoles' in results:
+                results = results['profilesRoles']
+            found = any(
+                r.get('profile') == self.profile.id and r.get('role_type') == 1
+                for r in results if isinstance(r, dict)
+            )
+            assert found
+
+    def test_profile_roles_id(self):
+        # GET /Auth/profileRoles/<id>
+        response = self.client.get(f'/Auth/profileRoles/{self.profile_role.id}')
+        assert response.status_code in [200, 401, 403, 404]
+        if response.status_code == 200:
+            data = response.json()
+            assert data.get('profile') == self.profile.id
+            assert data.get('role_type') == 1
+
+    def test_reset_password(self):
+        # POST /Auth/resetPassword/<code> (méthode attendue)
+        response = self.client.post('/Auth/resetPassword/ABCDEF', {
+            'password1': 'newpass123',
+            'password2': 'newpass123'
+        }, format='json')
+        assert response.status_code in [200, 400, 404]
+        # 400 attendu si le code est invalide ou expiré
+
+    def test_info_session(self):
+        # GET /Auth/infoSession (protégé)
+        login = self.client.post('/Auth/login', {
+            'email': self.test_email,
+            'password': self.test_password
+        }, format='json')
+        if login.status_code == 200 and ('access' in login.json() or 'token' in login.json()):
+            token = login.json().get('access') or login.json().get('token')
+            self.client.credentials(HTTP_AUTHORIZATION=f'Bearer {token}')
+            response = self.client.get('/Auth/infoSession')
+            assert response.status_code in [200, 401, 403]
+        else:
+            pytest.skip('Impossible de s’authentifier pour tester infoSession')