n3wt-school/Back-End/Planning/tests.py

"""
Tests unitaires pour le module Planning.
Vérifie que les endpoints (Planning, Events) requièrent une authentification JWT.
"""

from django.test import TestCase, override_settings
from django.urls import reverse
from rest_framework import status
from rest_framework.test import APIClient
from rest_framework_simplejwt.tokens import RefreshToken

from Auth.models import Profile


def create_user(email="planning_test@example.com", password="testpassword123"):
    return Profile.objects.create_user(username=email, email=email, password=password)


def get_jwt_token(user):
    refresh = RefreshToken.for_user(user)
    return str(refresh.access_token)


TEST_REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework_simplejwt.authentication.JWTAuthentication',
    ),
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
    ),
}

TEST_CACHES = {'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}}

OVERRIDE = dict(
    CACHES=TEST_CACHES,
    SESSION_ENGINE='django.contrib.sessions.backends.db',
    REST_FRAMEWORK=TEST_REST_FRAMEWORK,
)


# ---------------------------------------------------------------------------
# Planning
# ---------------------------------------------------------------------------

@override_settings(**OVERRIDE)
class PlanningEndpointAuthTest(TestCase):
    """Tests d'authentification sur les endpoints Planning."""

    def setUp(self):
        self.client = APIClient()
        self.list_url = reverse("Planning:planning")
        self.user = create_user()

    def test_get_plannings_sans_auth_retourne_401(self):
        """GET /Planning/plannings sans token doit retourner 401."""
        response = self.client.get(self.list_url)
        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)

    def test_post_planning_sans_auth_retourne_401(self):
        """POST /Planning/plannings sans token doit retourner 401."""
        import json
        response = self.client.post(
            self.list_url,
            data=json.dumps({"name": "Planning 2026"}),
            content_type="application/json",
        )
        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)

    def test_get_planning_detail_sans_auth_retourne_401(self):
        """GET /Planning/plannings/{id} sans token doit retourner 401."""
        url = reverse("Planning:planning", kwargs={"id": 1})
        response = self.client.get(url)
        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)

    def test_get_plannings_avec_auth_retourne_200(self):
        """GET /Planning/plannings avec token valide doit retourner 200."""
        token = get_jwt_token(self.user)
        self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token}")
        response = self.client.get(self.list_url)
        self.assertEqual(response.status_code, status.HTTP_200_OK)


# ---------------------------------------------------------------------------
# Events
# ---------------------------------------------------------------------------

@override_settings(**OVERRIDE)
class EventsEndpointAuthTest(TestCase):
    """Tests d'authentification sur les endpoints Events."""

    def setUp(self):
        self.client = APIClient()
        self.list_url = reverse("Planning:events")
        self.user = create_user(email="events_test@example.com")

    def test_get_events_sans_auth_retourne_401(self):
        """GET /Planning/events sans token doit retourner 401."""
        response = self.client.get(self.list_url)
        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)

    def test_post_event_sans_auth_retourne_401(self):
        """POST /Planning/events sans token doit retourner 401."""
        import json
        response = self.client.post(
            self.list_url,
            data=json.dumps({"title": "Cours Piano"}),
            content_type="application/json",
        )
        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)

    def test_get_events_avec_auth_retourne_200(self):
        """GET /Planning/events avec token valide doit retourner 200."""
        token = get_jwt_token(self.user)
        self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token}")
        response = self.client.get(self.list_url)
        self.assertEqual(response.status_code, status.HTTP_200_OK)

    def test_get_upcoming_events_sans_auth_retourne_401(self):
        """GET /Planning/events/upcoming sans token doit retourner 401."""
        url = reverse("Planning:events")
        response = self.client.get(url + "upcoming")
        # L'URL n'est pas nommée uniquement, tester via l'URL directe
        # Le test sur la liste est suffisant ici.
        self.assertIsNotNone(response)