""" Tests automatiques pour les endpoints Auth de l'API N3WT-SCHOOL. - Teste les endpoints GET, y compris dynamiques. - Teste l'authentification (login JWT) et l'accès aux endpoints protégés. - Vérifie la structure JSON des réponses principales. """ import pytest from django.urls import reverse from rest_framework.test import APIClient from Auth.models import Profile, ProfileRole from Establishment.models import Establishment from django.contrib.auth.hashers import make_password @pytest.mark.django_db class TestAuthEndpoints: @pytest.fixture(autouse=True) def setup(self, db): self.client = APIClient() # Création d'un établissement de test self.establishment = Establishment.objects.create( name="Etablissement Test", address="1 rue du test", total_capacity=100, establishment_type=[1], evaluation_frequency=1, licence_code="LIC123", is_active=True ) # Création d'un utilisateur de test self.test_email = 'testuser@example.com' self.test_password = 'testpass123' self.profile = Profile.objects.create( email=self.test_email, username=self.test_email, password=make_password(self.test_password) ) self.profile_role = ProfileRole.objects.create( profile=self.profile, role_type=1, # ADMIN establishment=self.establishment, is_active=True ) def test_csrf(self): response = self.client.get('/Auth/csrf') assert response.status_code == 200 assert 'csrfToken' in response.json() def test_login(self): response = self.client.post('/Auth/login', { 'email': self.test_email, 'password': self.test_password }, format='json') assert response.status_code in [200, 401] if response.status_code == 200: assert 'access' in response.json() or 'token' in response.json() def test_profiles(self): # GET /Auth/profiles response = self.client.get(f'/Auth/profiles') assert response.status_code in [200, 401, 403] if response.status_code == 200: # Vérifie que le profil de test existe dans la liste emails = [p.get('email') for p in response.json() if isinstance(p, dict)] assert self.test_email in emails def test_profiles_id(self): # GET /Auth/profiles/ response = self.client.get(f'/Auth/profiles/{self.profile.id}') assert response.status_code in [200, 401, 403, 404] if response.status_code == 200: data = response.json() assert data.get('email') == self.test_email def test_profile_roles(self): # GET /Auth/profileRoles avec paramètres requis params = { 'establishment_id': self.establishment.id, 'filter': 'school' } response = self.client.get('/Auth/profileRoles', params) assert response.status_code in [200, 401, 403, 400] if response.status_code == 200: results = response.json() # Adapter à la structure réelle de la réponse : clé 'profilesRoles' if isinstance(results, dict) and 'profilesRoles' in results: results = results['profilesRoles'] found = any( r.get('profile') == self.profile.id and r.get('role_type') == 1 for r in results if isinstance(r, dict) ) assert found def test_profile_roles_id(self): # GET /Auth/profileRoles/ response = self.client.get(f'/Auth/profileRoles/{self.profile_role.id}') assert response.status_code in [200, 401, 403, 404] if response.status_code == 200: data = response.json() assert data.get('profile') == self.profile.id assert data.get('role_type') == 1 def test_reset_password(self): # POST /Auth/resetPassword/ (méthode attendue) response = self.client.post('/Auth/resetPassword/ABCDEF', { 'password1': 'newpass123', 'password2': 'newpass123' }, format='json') assert response.status_code in [200, 400, 404] # 400 attendu si le code est invalide ou expiré def test_info_session(self): # GET /Auth/infoSession (protégé) login = self.client.post('/Auth/login', { 'email': self.test_email, 'password': self.test_password }, format='json') if login.status_code == 200 and ('access' in login.json() or 'token' in login.json()): token = login.json().get('access') or login.json().get('token') self.client.credentials(HTTP_AUTHORIZATION=f'Bearer {token}') response = self.client.get('/Auth/infoSession') assert response.status_code in [200, 401, 403] else: pytest.skip('Impossible de s’authentifier pour tester infoSession')