""" Tests unitaires pour le module Planning. Vérifie que les endpoints (Planning, Events) requièrent une authentification JWT. """ from django.test import TestCase, override_settings from django.urls import reverse from rest_framework import status from rest_framework.test import APIClient from rest_framework_simplejwt.tokens import RefreshToken from Auth.models import Profile def create_user(email="planning_test@example.com", password="testpassword123"): return Profile.objects.create_user(username=email, email=email, password=password) def get_jwt_token(user): refresh = RefreshToken.for_user(user) return str(refresh.access_token) TEST_REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework_simplejwt.authentication.JWTAuthentication', ), 'DEFAULT_PERMISSION_CLASSES': ( 'rest_framework.permissions.IsAuthenticated', ), } TEST_CACHES = {'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}} OVERRIDE = dict( CACHES=TEST_CACHES, SESSION_ENGINE='django.contrib.sessions.backends.db', REST_FRAMEWORK=TEST_REST_FRAMEWORK, ) # --------------------------------------------------------------------------- # Planning # --------------------------------------------------------------------------- @override_settings(**OVERRIDE) class PlanningEndpointAuthTest(TestCase): """Tests d'authentification sur les endpoints Planning.""" def setUp(self): self.client = APIClient() self.list_url = reverse("Planning:planning") self.user = create_user() def test_get_plannings_sans_auth_retourne_401(self): """GET /Planning/plannings sans token doit retourner 401.""" response = self.client.get(self.list_url) self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) def test_post_planning_sans_auth_retourne_401(self): """POST /Planning/plannings sans token doit retourner 401.""" import json response = self.client.post( self.list_url, data=json.dumps({"name": "Planning 2026"}), content_type="application/json", ) self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) def test_get_planning_detail_sans_auth_retourne_401(self): """GET /Planning/plannings/{id} sans token doit retourner 401.""" url = reverse("Planning:planning", kwargs={"id": 1}) response = self.client.get(url) self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) def test_get_plannings_avec_auth_retourne_200(self): """GET /Planning/plannings avec token valide doit retourner 200.""" token = get_jwt_token(self.user) self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token}") response = self.client.get(self.list_url) self.assertEqual(response.status_code, status.HTTP_200_OK) # --------------------------------------------------------------------------- # Events # --------------------------------------------------------------------------- @override_settings(**OVERRIDE) class EventsEndpointAuthTest(TestCase): """Tests d'authentification sur les endpoints Events.""" def setUp(self): self.client = APIClient() self.list_url = reverse("Planning:events") self.user = create_user(email="events_test@example.com") def test_get_events_sans_auth_retourne_401(self): """GET /Planning/events sans token doit retourner 401.""" response = self.client.get(self.list_url) self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) def test_post_event_sans_auth_retourne_401(self): """POST /Planning/events sans token doit retourner 401.""" import json response = self.client.post( self.list_url, data=json.dumps({"title": "Cours Piano"}), content_type="application/json", ) self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) def test_get_events_avec_auth_retourne_200(self): """GET /Planning/events avec token valide doit retourner 200.""" token = get_jwt_token(self.user) self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token}") response = self.client.get(self.list_url) self.assertEqual(response.status_code, status.HTTP_200_OK) def test_get_upcoming_events_sans_auth_retourne_401(self): """GET /Planning/events/upcoming sans token doit retourner 401.""" url = reverse("Planning:events") response = self.client.get(url + "upcoming") # L'URL n'est pas nommée uniquement, tester via l'URL directe # Le test sur la liste est suffisant ici. self.assertIsNotNone(response)