2ND

2025-09-02 13:11:48 +08:00
parent a60d965317
commit b11a8272c4
76 changed files with 15321 additions and 200 deletions
--- a/tests/test_auth_api.py
+++ b/tests/test_auth_api.py
@@ -0,0 +1,206 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+"""
+認證 API 測試
+
+Author: PANJIT IT Team
+Created: 2024-01-28
+Modified: 2024-01-28
+"""
+
+import pytest
+from unittest.mock import patch, MagicMock
+from app.models.user import User
+
+
+class TestAuthAPI:
+    """認證 API 測試類別"""
+    
+    def test_login_success(self, client, mock_ldap_response):
+        """測試成功登入"""
+        with patch('app.utils.ldap_auth.LDAPAuthService.authenticate_user') as mock_auth:
+            mock_auth.return_value = mock_ldap_response
+            
+            response = client.post('/api/v1/auth/login', json={
+                'username': 'testuser@panjit.com.tw',
+                'password': 'password123'
+            })
+            
+            assert response.status_code == 200
+            data = response.get_json()
+            assert data['success'] is True
+            assert 'user' in data['data']
+            assert data['data']['user']['username'] == 'testuser'
+    
+    def test_login_invalid_credentials(self, client):
+        """測試無效憑證登入"""
+        with patch('app.utils.ldap_auth.LDAPAuthService.authenticate_user') as mock_auth:
+            mock_auth.side_effect = Exception("認證失敗")
+            
+            response = client.post('/api/v1/auth/login', json={
+                'username': 'testuser@panjit.com.tw',
+                'password': 'wrong_password'
+            })
+            
+            assert response.status_code == 401
+            data = response.get_json()
+            assert data['success'] is False
+            assert data['error'] == 'INVALID_CREDENTIALS'
+    
+    def test_login_missing_fields(self, client):
+        """測試缺少必要欄位"""
+        response = client.post('/api/v1/auth/login', json={
+            'username': 'testuser@panjit.com.tw'
+            # 缺少 password
+        })
+        
+        assert response.status_code == 400
+        data = response.get_json()
+        assert data['success'] is False
+        assert 'MISSING_FIELDS' in data['error']
+    
+    def test_login_empty_credentials(self, client):
+        """測試空的認證資訊"""
+        response = client.post('/api/v1/auth/login', json={
+            'username': '',
+            'password': ''
+        })
+        
+        assert response.status_code == 400
+        data = response.get_json()
+        assert data['success'] is False
+        assert data['error'] == 'INVALID_INPUT'
+    
+    def test_logout_success(self, authenticated_client):
+        """測試成功登出"""
+        response = authenticated_client.post('/api/v1/auth/logout')
+        
+        assert response.status_code == 200
+        data = response.get_json()
+        assert data['success'] is True
+        assert data['message'] == '登出成功'
+    
+    def test_logout_without_login(self, client):
+        """測試未登入時登出"""
+        response = client.post('/api/v1/auth/logout')
+        
+        assert response.status_code == 401
+        data = response.get_json()
+        assert data['success'] is False
+        assert data['error'] == 'AUTHENTICATION_REQUIRED'
+    
+    def test_get_current_user_success(self, authenticated_client, auth_user):
+        """測試取得當前使用者資訊"""
+        response = authenticated_client.get('/api/v1/auth/me')
+        
+        assert response.status_code == 200
+        data = response.get_json()
+        assert data['success'] is True
+        assert 'user' in data['data']
+        assert data['data']['user']['id'] == auth_user.id
+    
+    def test_get_current_user_without_login(self, client):
+        """測試未登入時取得使用者資訊"""
+        response = client.get('/api/v1/auth/me')
+        
+        assert response.status_code == 401
+        data = response.get_json()
+        assert data['success'] is False
+        assert data['error'] == 'AUTHENTICATION_REQUIRED'
+    
+    def test_check_auth_valid(self, authenticated_client, auth_user):
+        """測試檢查有效認證狀態"""
+        response = authenticated_client.get('/api/v1/auth/check')
+        
+        assert response.status_code == 200
+        data = response.get_json()
+        assert data['success'] is True
+        assert data['authenticated'] is True
+    
+    def test_check_auth_invalid(self, client):
+        """測試檢查無效認證狀態"""
+        response = client.get('/api/v1/auth/check')
+        
+        assert response.status_code == 401
+        data = response.get_json()
+        assert data['success'] is False
+        assert data['authenticated'] is False
+    
+    def test_refresh_session_success(self, authenticated_client, auth_user):
+        """測試刷新 Session"""
+        response = authenticated_client.post('/api/v1/auth/refresh')
+        
+        assert response.status_code == 200
+        data = response.get_json()
+        assert data['success'] is True
+        assert data['data']['session_refreshed'] is True
+    
+    def test_refresh_session_without_login(self, client):
+        """測試未登入時刷新 Session"""
+        response = client.post('/api/v1/auth/refresh')
+        
+        assert response.status_code == 401
+        data = response.get_json()
+        assert data['success'] is False
+        assert data['error'] == 'AUTHENTICATION_REQUIRED'
+    
+    def test_search_users_success(self, authenticated_client):
+        """測試搜尋使用者"""
+        with patch('app.utils.ldap_auth.LDAPAuthService.search_users') as mock_search:
+            mock_search.return_value = [
+                {
+                    'username': 'user1',
+                    'display_name': 'User One',
+                    'email': 'user1@panjit.com.tw',
+                    'department': 'IT'
+                },
+                {
+                    'username': 'user2',
+                    'display_name': 'User Two',
+                    'email': 'user2@panjit.com.tw',
+                    'department': 'HR'
+                }
+            ]
+            
+            response = authenticated_client.get('/api/v1/auth/search-users?q=user')
+            
+            assert response.status_code == 200
+            data = response.get_json()
+            assert data['success'] is True
+            assert len(data['data']['users']) == 2
+    
+    def test_search_users_short_term(self, authenticated_client):
+        """測試搜尋關鍵字太短"""
+        response = authenticated_client.get('/api/v1/auth/search-users?q=u')
+        
+        assert response.status_code == 400
+        data = response.get_json()
+        assert data['success'] is False
+        assert data['error'] == 'INVALID_SEARCH_TERM'
+    
+    def test_search_users_without_login(self, client):
+        """測試未登入時搜尋使用者"""
+        response = client.get('/api/v1/auth/search-users?q=user')
+        
+        assert response.status_code == 401
+        data = response.get_json()
+        assert data['success'] is False
+        assert data['error'] == 'AUTHENTICATION_REQUIRED'
+    
+    def test_admin_access_with_admin(self, admin_client, admin_user):
+        """測試管理員存取管理功能"""
+        response = admin_client.get('/api/v1/admin/stats')
+        
+        # 這個測試會因為沒有實際資料而可能失敗，但應該通過認證檢查
+        # 狀態碼應該是 200 或其他非認證錯誤
+        assert response.status_code != 401
+        assert response.status_code != 403
+    
+    def test_admin_access_without_permission(self, authenticated_client):
+        """測試一般使用者存取管理功能"""
+        response = authenticated_client.get('/api/v1/admin/stats')
+        
+        assert response.status_code == 403
+        data = response.get_json()
+        assert data['success'] is False
+        assert data['error'] == 'PERMISSION_DENIED'