import os
import httpx
import pytest
BASE_URL = os.getenv("SYNC_TEST_BASE_URL", "http://127.0.0.1:8002/api/v1")
ADMIN_EMAIL = os.getenv("SUPER_ADMINS", "admin@jerxie.com").split(',')[0]
ADMIN_PASSWORD = os.getenv("CORTEX_ADMIN_PASSWORD", "admin")
def get_auth_headers():
"""Helper to log in and get auth headers."""
login_data = {
"email": ADMIN_EMAIL,
"password": ADMIN_PASSWORD
}
with httpx.Client(timeout=10.0) as client:
r = client.post(f"{BASE_URL}/users/login/local", json=login_data)
assert r.status_code == 200, f"Login failed: {r.text}"
json_data = r.json()
user_id = json_data.get("user_id")
assert user_id, "No user_id returned in login response"
return {"X-User-ID": user_id}
def test_get_user_profile_success():
"""
Tests that a logged-in user can retrieve their profile.
"""
headers = get_auth_headers()
with httpx.Client(timeout=10.0) as client:
r = client.get(f"{BASE_URL}/users/me/profile", headers=headers)
assert r.status_code == 200, f"Expected 200 OK, got {r.status_code}: {r.text}"
json_data = r.json()
assert "email" in json_data, "Response missing 'email'"
assert json_data["email"] == ADMIN_EMAIL, "Response email does not match admin email"
assert "role" in json_data, "Response missing 'role'"
assert json_data["role"] == "admin", "Expected role to be 'admin'"
def test_update_user_profile_success():
"""
Tests that a logged-in user can update their profile.
"""
headers = get_auth_headers()
update_data = {
"full_name": "Updated Test Admin",
"username": "updated_admin"
}
with httpx.Client(timeout=10.0) as client:
# Perform update
r = client.put(f"{BASE_URL}/users/me/profile", headers=headers, json=update_data)
assert r.status_code == 200, f"Expected 200 OK, got {r.status_code}: {r.text}"
json_data = r.json()
assert json_data["full_name"] == "Updated Test Admin", "Full name was not updated"
assert json_data["username"] == "updated_admin", "Username was not updated"
# Verify update by getting profile again
r = client.get(f"{BASE_URL}/users/me/profile", headers=headers)
assert r.status_code == 200
json_data = r.json()
assert json_data["full_name"] == "Updated Test Admin"
assert json_data["username"] == "updated_admin"
def test_get_user_profile_unauthorized():
"""
Tests that accessing the profile without authentication fails.
"""
with httpx.Client(timeout=10.0) as client:
r = client.get(f"{BASE_URL}/users/me/profile")
# Since get_current_user_id defaults to "anonymous" and looks for it in DB,
# it will likely return 404 if "anonymous" user doesn't exist, or 401 if it rejects it.
# Let's accept both for now or see what happens.
# Based on code, if not user: raise HTTPException(status_code=404, detail="User not found")
# So we expect 404 if "anonymous" is not in DB.
assert r.status_code in [401, 404], f"Expected 401 or 404, got {r.status_code}: {r.text}"
def test_get_user_status_authenticated():
"""
Tests GET /users/me with authentication.
"""
headers = get_auth_headers()
with httpx.Client(timeout=10.0) as client:
r = client.get(f"{BASE_URL}/users/me", headers=headers)
assert r.status_code == 200, f"Expected 200 OK, got {r.status_code}: {r.text}"
json_data = r.json()
assert json_data["is_logged_in"] is True
assert json_data["email"] == ADMIN_EMAIL
def test_get_user_status_anonymous():
"""
Tests GET /users/me without authentication.
"""
with httpx.Client(timeout=10.0) as client:
r = client.get(f"{BASE_URL}/users/me")
assert r.status_code == 200, f"Expected 200 OK, got {r.status_code}: {r.text}"
json_data = r.json()
assert json_data["is_logged_in"] is False
assert json_data["email"] == "anonymous"
def test_get_auth_config():
"""
Tests GET /users/config.
"""
with httpx.Client(timeout=10.0) as client:
r = client.get(f"{BASE_URL}/users/config")
assert r.status_code == 200, f"Expected 200 OK, got {r.status_code}: {r.text}"
json_data = r.json()
assert "oidc_configured" in json_data
assert "allow_password_login" in json_data
