This commit is contained in:
maddin
@@ -0,0 +1,53 @@
|
||||
from fastapi.testclient import TestClient
|
||||
|
||||
|
||||
def test_login_and_tenant_isolation(app):
|
||||
with TestClient(app) as client_a, TestClient(app) as client_b:
|
||||
register_a = client_a.post(
|
||||
"/auth/register",
|
||||
json={"email": "a@example.com", "password": "strongpasswordA1"},
|
||||
)
|
||||
assert register_a.status_code == 200
|
||||
csrf_a = register_a.json()["csrf_token"]
|
||||
|
||||
register_b = client_b.post(
|
||||
"/auth/register",
|
||||
json={"email": "b@example.com", "password": "strongpasswordB1"},
|
||||
)
|
||||
assert register_b.status_code == 200
|
||||
csrf_b = register_b.json()["csrf_token"]
|
||||
|
||||
create_a = client_a.post(
|
||||
"/time-entries",
|
||||
headers={"x-csrf-token": csrf_a},
|
||||
json={
|
||||
"date": "2026-02-24",
|
||||
"start_time": "08:30",
|
||||
"end_time": "15:00",
|
||||
"break_minutes": 30,
|
||||
},
|
||||
)
|
||||
assert create_a.status_code == 200
|
||||
entry_id = create_a.json()["id"]
|
||||
|
||||
list_b = client_b.get("/time-entries")
|
||||
assert list_b.status_code == 200
|
||||
assert list_b.json()["items"] == []
|
||||
|
||||
patch_b = client_b.patch(
|
||||
f"/time-entries/{entry_id}",
|
||||
headers={"x-csrf-token": csrf_b},
|
||||
json={"break_minutes": 15},
|
||||
)
|
||||
assert patch_b.status_code == 404
|
||||
|
||||
client_a.post("/auth/logout", headers={"x-csrf-token": csrf_a})
|
||||
login_a = client_a.post(
|
||||
"/auth/login",
|
||||
json={"email": "a@example.com", "password": "strongpasswordA1"},
|
||||
)
|
||||
assert login_a.status_code == 200
|
||||
|
||||
me_a = client_a.get("/me")
|
||||
assert me_a.status_code == 200
|
||||
assert me_a.json()["email"] == "a@example.com"
|
||||
Reference in New Issue
Block a user