""" 認證 API 測試 """ import pytest from fastapi.testclient import TestClient from sqlalchemy.orm import Session from app.core.security import get_password_hash from tests.factories import EmployeeFactory class TestAuthAPI: """認證 API 測試""" def test_login_success(self, client: TestClient, db: Session): """測試:登入成功""" # Arrange employee = EmployeeFactory.create(db) # Act response = client.post( "/api/auth/login", json={ "employee_no": employee.employee_no, "password": "password123", }, ) # Assert assert response.status_code == 200 data = response.json() assert "access_token" in data assert "refresh_token" in data assert data["token_type"] == "bearer" def test_login_wrong_password(self, client: TestClient, db: Session): """測試:密碼錯誤""" # Arrange employee = EmployeeFactory.create(db) # Act response = client.post( "/api/auth/login", json={ "employee_no": employee.employee_no, "password": "wrong_password", }, ) # Assert assert response.status_code == 401 def test_login_user_not_found(self, client: TestClient): """測試:使用者不存在""" response = client.post( "/api/auth/login", json={ "employee_no": "NOTEXIST", "password": "password123", }, ) assert response.status_code == 401 def test_login_inactive_user(self, client: TestClient, db: Session): """測試:帳號停用""" # Arrange employee = EmployeeFactory.create(db, status="inactive") # Act response = client.post( "/api/auth/login", json={ "employee_no": employee.employee_no, "password": "password123", }, ) # Assert assert response.status_code == 401 def test_get_me_success( self, client: TestClient, auth_headers: dict, test_employee ): """測試:取得當前使用者""" response = client.get("/api/auth/me", headers=auth_headers) assert response.status_code == 200 data = response.json() assert data["id"] == test_employee.id assert data["employee_no"] == test_employee.employee_no def test_get_me_unauthorized(self, client: TestClient): """測試:未認證""" response = client.get("/api/auth/me") assert response.status_code == 403