"""Tests for authentication endpoints.""" import pytest @pytest.mark.asyncio class TestAuth: async def test_login_page(self, client): resp = await client.get("/login") assert resp.status_code == 200 assert "text/html" in resp.headers["content-type"] async def test_login_success(self, client, admin_user): resp = await client.post("/api/login", json={ "username": "admin", "password": "admin123", }) assert resp.status_code == 200 data = resp.json() assert data["ok"] is True assert "token" in resp.cookies async def test_login_wrong_password(self, client, admin_user): resp = await client.post("/api/login", json={ "username": "admin", "password": "forkert", }) assert resp.status_code == 401 async def test_login_unknown_user(self, client): resp = await client.post("/api/login", json={ "username": "findes_ikke", "password": "test123", }) assert resp.status_code == 401 async def test_logout(self, client, admin_token): client.cookies.set("token", admin_token) resp = await client.post("/api/logout") assert resp.status_code == 200 # Cookie should be deleted set_cookie = resp.headers.get("set-cookie", "") assert "token=;" in set_cookie or "Max-Age=0" in set_cookie async def test_index_redirect_when_not_logged_in(self, client): resp = await client.get("/", follow_redirects=False) assert resp.status_code == 303 # Redirect to /login async def test_index_when_logged_in(self, client, admin_token): client.cookies.set("token", admin_token) resp = await client.get("/") assert resp.status_code == 200