coming together

2025-08-13 18:53:35 -05:00
parent acc5155bf7
commit 5111079149
51 changed files with 14457 additions and 588 deletions
--- a/tests/test_settings_api.py
+++ b/tests/test_settings_api.py
@@ -0,0 +1,85 @@
+import os
+
+import pytest
+from fastapi.testclient import TestClient
+
+# Ensure required env vars for app import/config
+os.environ.setdefault("SECRET_KEY", "x" * 32)
+os.environ.setdefault("DATABASE_URL", "sqlite:////tmp/delphi_test.sqlite")
+
+from app.main import app  # noqa: E402
+from app.auth.security import get_current_user, get_admin_user  # noqa: E402
+from tests.helpers import assert_validation_error, assert_http_error  # noqa: E402
+
+
+class _User:
+    def __init__(self, is_admin: bool):
+        self.id = 1 if is_admin else 2
+        self.username = "admin" if is_admin else "user"
+        self.is_admin = is_admin
+        self.is_active = True
+        self.first_name = "Test"
+        self.last_name = "User"
+
+
+@pytest.fixture()
+def client_admin():
+    app.dependency_overrides[get_current_user] = lambda: _User(True)
+    app.dependency_overrides[get_admin_user] = lambda: _User(True)
+    try:
+        yield TestClient(app)
+    finally:
+        app.dependency_overrides.pop(get_current_user, None)
+        app.dependency_overrides.pop(get_admin_user, None)
+
+
+@pytest.fixture()
+def client_user():
+    app.dependency_overrides[get_current_user] = lambda: _User(False)
+    try:
+        yield TestClient(app)
+    finally:
+        app.dependency_overrides.pop(get_current_user, None)
+
+
+def test_get_inactivity_warning_minutes_requires_auth_and_returns_shape(client_user: TestClient):
+    # Unauthenticated should 401 envelope
+    app.dependency_overrides.pop(get_current_user, None)
+    c = TestClient(app)
+    resp = c.get("/api/settings/inactivity_warning_minutes")
+    assert_http_error(resp, 403, "Not authenticated")
+
+    # Authenticated returns minutes field
+    app.dependency_overrides[get_current_user] = lambda: _User(False)
+    resp = c.get("/api/settings/inactivity_warning_minutes")
+    assert resp.status_code == 200
+    data = resp.json()
+    assert set(data.keys()) == {"minutes"}
+    assert isinstance(data["minutes"], int)
+
+
+def test_update_theme_preference_validation_and_auth(client_user: TestClient):
+    # Invalid theme value
+    resp = client_user.post("/api/auth/theme-preference", json={"theme_preference": "blue"})
+    assert_http_error(resp, 400, "Theme preference must be 'light' or 'dark'")
+
+    # Valid update
+    resp = client_user.post("/api/auth/theme-preference", json={"theme_preference": "dark"})
+    assert resp.status_code == 200
+    body = resp.json()
+    assert body == {"message": "Theme preference updated successfully", "theme": "dark"}
+
+    # Unauthenticated should 401
+    app.dependency_overrides.pop(get_current_user, None)
+    c = TestClient(app)
+    resp = c.post("/api/auth/theme-preference", json={"theme_preference": "light"})
+    assert_http_error(resp, 403, "Not authenticated")
+
+
+# If there are admin-only settings updates later, assert 403 for non-admin.
+# Placeholder: demonstrate 403 behavior using a known admin-only endpoint (/api/auth/users)
+def test_non_admin_forbidden_on_admin_endpoints(client_user: TestClient):
+    resp = client_user.get("/api/auth/users")
+    assert_http_error(resp, 403, "Not enough permissions")
+
+