maddin
54 lines
1.7 KiB
Python
54 lines
1.7 KiB
Python
from fastapi.testclient import TestClient
|
|
|
|
|
|
def test_login_and_tenant_isolation(app):
|
|
with TestClient(app) as client_a, TestClient(app) as client_b:
|
|
register_a = client_a.post(
|
|
"/auth/register",
|
|
json={"email": "a@example.com", "password": "strongpasswordA1"},
|
|
)
|
|
assert register_a.status_code == 200
|
|
csrf_a = register_a.json()["csrf_token"]
|
|
|
|
register_b = client_b.post(
|
|
"/auth/register",
|
|
json={"email": "b@example.com", "password": "strongpasswordB1"},
|
|
)
|
|
assert register_b.status_code == 200
|
|
csrf_b = register_b.json()["csrf_token"]
|
|
|
|
create_a = client_a.post(
|
|
"/time-entries",
|
|
headers={"x-csrf-token": csrf_a},
|
|
json={
|
|
"date": "2026-02-24",
|
|
"start_time": "08:30",
|
|
"end_time": "15:00",
|
|
"break_minutes": 30,
|
|
},
|
|
)
|
|
assert create_a.status_code == 200
|
|
entry_id = create_a.json()["id"]
|
|
|
|
list_b = client_b.get("/time-entries")
|
|
assert list_b.status_code == 200
|
|
assert list_b.json()["items"] == []
|
|
|
|
patch_b = client_b.patch(
|
|
f"/time-entries/{entry_id}",
|
|
headers={"x-csrf-token": csrf_b},
|
|
json={"break_minutes": 15},
|
|
)
|
|
assert patch_b.status_code == 404
|
|
|
|
client_a.post("/auth/logout", headers={"x-csrf-token": csrf_a})
|
|
login_a = client_a.post(
|
|
"/auth/login",
|
|
json={"email": "a@example.com", "password": "strongpasswordA1"},
|
|
)
|
|
assert login_a.status_code == 200
|
|
|
|
me_a = client_a.get("/me")
|
|
assert me_a.status_code == 200
|
|
assert me_a.json()["email"] == "a@example.com"
|