""" Contract test for POST /tenants endpoint. This test MUST fail before implementation. """ import pytest from django.test import TestCase from django.urls import reverse from rest_framework.test import APIClient from rest_framework import status import json class TenantsPostContractTest(TestCase): def setUp(self): self.client = APIClient() self.tenants_url = '/api/v1/tenants/' # Admin authentication header self.admin_auth = {'HTTP_AUTHORIZATION': 'Bearer admin_token'} # Valid tenant data self.tenant_data = { 'name': 'Test Business Sdn Bhd', 'email': 'business@test.com', 'phone': '+60123456789', 'address': { 'street': '123 Business Street', 'city': 'Kuala Lumpur', 'state': 'Wilayah Persekutuan', 'postal_code': '50000', 'country': 'Malaysia' }, 'business_type': 'RETAIL', 'subscription_plan': 'STARTER', 'pricing_model': 'SUBSCRIPTION' } def test_create_tenant_success(self): """Test successful tenant creation.""" response = self.client.post( self.tenants_url, data=json.dumps(self.tenant_data), content_type='application/json', **self.admin_auth ) # This should fail before implementation assert response.status_code == status.HTTP_201_CREATED data = response.json() assert 'id' in data assert data['name'] == self.tenant_data['name'] assert data['email'] == self.tenant_data['email'] assert data['business_type'] == self.tenant_data['business_type'] assert data['subscription_plan'] == self.tenant_data['subscription_plan'] assert data['pricing_model'] == self.tenant_data['pricing_model'] assert data['status'] == 'PENDING' # Default status # Should have generated slug assert 'slug' in data assert data['slug'] == 'test-business-sdn-bhd' # Should have timestamps assert 'created_at' in data assert 'updated_at' in data def test_create_tenant_unauthorized(self): """Test tenant creation without authentication.""" response = self.client.post( self.tenants_url, data=json.dumps(self.tenant_data), content_type='application/json' ) assert response.status_code == status.HTTP_401_UNAUTHORIZED def test_create_tenant_forbidden(self): """Test tenant creation by non-admin user.""" non_admin_auth = {'HTTP_AUTHORIZATION': 'Bearer user_token'} response = self.client.post( self.tenants_url, data=json.dumps(self.tenant_data), content_type='application/json', **non_admin_auth ) assert response.status_code == status.HTTP_403_FORBIDDEN def test_create_tenant_missing_required_fields(self): """Test tenant creation with missing required fields.""" incomplete_data = self.tenant_data.copy() del incomplete_data['name'] response = self.client.post( self.tenants_url, data=json.dumps(incomplete_data), content_type='application/json', **self.admin_auth ) assert response.status_code == status.HTTP_400_BAD_REQUEST data = response.json() assert 'name' in data.get('errors', {}) def test_create_tenant_invalid_email(self): """Test tenant creation with invalid email format.""" invalid_data = self.tenant_data.copy() invalid_data['email'] = 'invalid-email' response = self.client.post( self.tenants_url, data=json.dumps(invalid_data), content_type='application/json', **self.admin_auth ) assert response.status_code == status.HTTP_400_BAD_REQUEST def test_create_tenant_invalid_business_type(self): """Test tenant creation with invalid business type.""" invalid_data = self.tenant_data.copy() invalid_data['business_type'] = 'INVALID_TYPE' response = self.client.post( self.tenants_url, data=json.dumps(invalid_data), content_type='application/json', **self.admin_auth ) assert response.status_code == status.HTTP_400_BAD_REQUEST def test_create_tenant_duplicate_email(self): """Test tenant creation with duplicate email.""" # First request should succeed (if implemented) first_response = self.client.post( self.tenants_url, data=json.dumps(self.tenant_data), content_type='application/json', **self.admin_auth ) if first_response.status_code == status.HTTP_201_CREATED: # Second request with same email should fail second_response = self.client.post( self.tenants_url, data=json.dumps(self.tenant_data), content_type='application/json', **self.admin_auth ) assert second_response.status_code == status.HTTP_400_BAD_REQUEST def test_create_tenant_invalid_address(self): """Test tenant creation with invalid address format.""" invalid_data = self.tenant_data.copy() invalid_data['address'] = 'invalid address format' response = self.client.post( self.tenants_url, data=json.dumps(invalid_data), content_type='application/json', **self.admin_auth ) assert response.status_code == status.HTTP_400_BAD_REQUEST def test_create_tenant_malformed_address(self): """Test tenant creation with malformed address JSON.""" invalid_data = self.tenant_data.copy() invalid_data['address'] = {'street': '123 Street'} # Missing required fields response = self.client.post( self.tenants_url, data=json.dumps(invalid_data), content_type='application/json', **self.admin_auth ) assert response.status_code == status.HTTP_400_BAD_REQUEST