project initialization

backend/tests/contract/test_auth_login.py

@@ -0,0 +1,115 @@
+"""
+Contract test for POST /auth/login endpoint.
+This test MUST fail before implementation.
+"""
+
+import pytest
+from django.test import TestCase
+from django.urls import reverse
+from django.contrib.auth import get_user_model
+from rest_framework.test import APIClient
+from rest_framework import status
+import json
+
+User = get_user_model()
+
+
+class AuthLoginContractTest(TestCase):
+    def setUp(self):
+        self.client = APIClient()
+        self.login_url = '/api/v1/auth/login/'
+
+        # Create test user
+        self.user_data = {
+            'email': 'test@example.com',
+            'password': 'testpass123',
+            'first_name': 'Test',
+            'last_name': 'User'
+        }
+
+    def test_login_success(self):
+        """Test successful login with valid credentials."""
+        response = self.client.post(
+            self.login_url,
+            data=json.dumps(self.user_data),
+            content_type='application/json'
+        )
+
+        # This should fail before implementation
+        assert response.status_code == status.HTTP_200_OK
+
+        data = response.json()
+        assert 'access_token' in data
+        assert 'refresh_token' in data
+        assert 'user' in data
+
+        user_data = data['user']
+        assert user_data['email'] == self.user_data['email']
+        assert user_data['first_name'] == self.user_data['first_name']
+        assert user_data['last_name'] == self.user_data['last_name']
+
+    def test_login_invalid_credentials(self):
+        """Test login failure with invalid credentials."""
+        invalid_data = self.user_data.copy()
+        invalid_data['password'] = 'wrongpassword'
+
+        response = self.client.post(
+            self.login_url,
+            data=json.dumps(invalid_data),
+            content_type='application/json'
+        )
+
+        assert response.status_code == status.HTTP_401_UNAUTHORIZED
+
+    def test_login_missing_email(self):
+        """Test login failure with missing email."""
+        incomplete_data = {
+            'password': self.user_data['password']
+        }
+
+        response = self.client.post(
+            self.login_url,
+            data=json.dumps(incomplete_data),
+            content_type='application/json'
+        )
+
+        assert response.status_code == status.HTTP_400_BAD_REQUEST
+
+    def test_login_missing_password(self):
+        """Test login failure with missing password."""
+        incomplete_data = {
+            'email': self.user_data['email']
+        }
+
+        response = self.client.post(
+            self.login_url,
+            data=json.dumps(incomplete_data),
+            content_type='application/json'
+        )
+
+        assert response.status_code == status.HTTP_400_BAD_REQUEST
+
+    def test_login_invalid_content_type(self):
+        """Test login failure with invalid content type."""
+        response = self.client.post(
+            self.login_url,
+            data=json.dumps(self.user_data)
+        )
+
+        assert response.status_code == status.HTTP_415_UNSUPPORTED_MEDIA_TYPE
+
+    def test_login_tenant_specific(self):
+        """Test login with tenant-specific URL."""
+        # This test will check multi-tenant authentication
+        tenant_login_url = '/api/v1/auth/login/'
+
+        response = self.client.post(
+            tenant_login_url,
+            data=json.dumps(self.user_data),
+            content_type='application/json'
+        )
+
+        # Should return tenant-specific information
+        if response.status_code == status.HTTP_200_OK:
+            data = response.json()
+            assert 'tenant' in data