n3wt-school/Back-End/test_auth_endpoints.py

"""
Tests automatiques pour les endpoints Auth de l'API N3WT-SCHOOL.
- Teste les endpoints GET, y compris dynamiques.
- Teste l'authentification (login JWT) et l'accès aux endpoints protégés.
- Vérifie la structure JSON des réponses principales.
"""
import pytest
from django.urls import reverse
from rest_framework.test import APIClient
from Auth.models import Profile, ProfileRole
from Establishment.models import Establishment
from django.contrib.auth.hashers import make_password

@pytest.mark.django_db
class TestAuthEndpoints:
    @pytest.fixture(autouse=True)
    def setup(self, db):
        self.client = APIClient()
        # Création d'un établissement de test
        self.establishment = Establishment.objects.create(
            name="Etablissement Test",
            address="1 rue du test",
            total_capacity=100,
            establishment_type=[1],
            evaluation_frequency=1,
            licence_code="LIC123",
            is_active=True
        )
        # Création d'un utilisateur de test
        self.test_email = 'testuser@example.com'
        self.test_password = 'testpass123'
        self.profile = Profile.objects.create(
            email=self.test_email,
            username=self.test_email,
            password=make_password(self.test_password)
        )
        self.profile_role = ProfileRole.objects.create(
            profile=self.profile,
            role_type=1,  # ADMIN
            establishment=self.establishment,
            is_active=True
        )

    def test_csrf(self):
        response = self.client.get('/Auth/csrf')
        assert response.status_code == 200
        assert 'csrfToken' in response.json()

    def test_login(self):
        response = self.client.post('/Auth/login', {
            'email': self.test_email,
            'password': self.test_password
        }, format='json')
        assert response.status_code in [200, 401]
        if response.status_code == 200:
            assert 'access' in response.json() or 'token' in response.json()

    def test_profiles(self):
        # GET /Auth/profiles
        response = self.client.get(f'/Auth/profiles')
        assert response.status_code in [200, 401, 403]
        if response.status_code == 200:
            # Vérifie que le profil de test existe dans la liste
            emails = [p.get('email') for p in response.json() if isinstance(p, dict)]
            assert self.test_email in emails

    def test_profiles_id(self):
        # GET /Auth/profiles/<id>
        response = self.client.get(f'/Auth/profiles/{self.profile.id}')
        assert response.status_code in [200, 401, 403, 404]
        if response.status_code == 200:
            data = response.json()
            assert data.get('email') == self.test_email

    def test_profile_roles(self):
        # GET /Auth/profileRoles avec paramètres requis
        params = {
            'establishment_id': self.establishment.id,
            'filter': 'school'
        }
        response = self.client.get('/Auth/profileRoles', params)
        assert response.status_code in [200, 401, 403, 400]
        if response.status_code == 200:
            results = response.json()
            # Adapter à la structure réelle de la réponse : clé 'profilesRoles'
            if isinstance(results, dict) and 'profilesRoles' in results:
                results = results['profilesRoles']
            found = any(
                r.get('profile') == self.profile.id and r.get('role_type') == 1
                for r in results if isinstance(r, dict)
            )
            assert found

    def test_profile_roles_id(self):
        # GET /Auth/profileRoles/<id>
        response = self.client.get(f'/Auth/profileRoles/{self.profile_role.id}')
        assert response.status_code in [200, 401, 403, 404]
        if response.status_code == 200:
            data = response.json()
            assert data.get('profile') == self.profile.id
            assert data.get('role_type') == 1

    def test_reset_password(self):
        # POST /Auth/resetPassword/<code> (méthode attendue)
        response = self.client.post('/Auth/resetPassword/ABCDEF', {
            'password1': 'newpass123',
            'password2': 'newpass123'
        }, format='json')
        assert response.status_code in [200, 400, 404]
        # 400 attendu si le code est invalide ou expiré

    def test_info_session(self):
        # GET /Auth/infoSession (protégé)
        login = self.client.post('/Auth/login', {
            'email': self.test_email,
            'password': self.test_password
        }, format='json')
        if login.status_code == 200 and ('access' in login.json() or 'token' in login.json()):
            token = login.json().get('access') or login.json().get('token')
            self.client.credentials(HTTP_AUTHORIZATION=f'Bearer {token}')
            response = self.client.get('/Auth/infoSession')
            assert response.status_code in [200, 401, 403]
        else:
            pytest.skip('Impossible de s’authentifier pour tester infoSession')