multitenetsaas/backend/tests/contract/test_auth_login.py

"""
Contract test for POST /auth/login endpoint.
This test MUST fail before implementation.
"""

import pytest
from django.test import TestCase
from django.urls import reverse
from django.contrib.auth import get_user_model
from rest_framework.test import APIClient
from rest_framework import status
import json

User = get_user_model()


class AuthLoginContractTest(TestCase):
    def setUp(self):
        self.client = APIClient()
        self.login_url = '/api/v1/auth/login/'

        # Create test user
        self.user_data = {
            'email': 'test@example.com',
            'password': 'testpass123',
            'first_name': 'Test',
            'last_name': 'User'
        }

    def test_login_success(self):
        """Test successful login with valid credentials."""
        response = self.client.post(
            self.login_url,
            data=json.dumps(self.user_data),
            content_type='application/json'
        )

        # This should fail before implementation
        assert response.status_code == status.HTTP_200_OK

        data = response.json()
        assert 'access_token' in data
        assert 'refresh_token' in data
        assert 'user' in data

        user_data = data['user']
        assert user_data['email'] == self.user_data['email']
        assert user_data['first_name'] == self.user_data['first_name']
        assert user_data['last_name'] == self.user_data['last_name']

    def test_login_invalid_credentials(self):
        """Test login failure with invalid credentials."""
        invalid_data = self.user_data.copy()
        invalid_data['password'] = 'wrongpassword'

        response = self.client.post(
            self.login_url,
            data=json.dumps(invalid_data),
            content_type='application/json'
        )

        assert response.status_code == status.HTTP_401_UNAUTHORIZED

    def test_login_missing_email(self):
        """Test login failure with missing email."""
        incomplete_data = {
            'password': self.user_data['password']
        }

        response = self.client.post(
            self.login_url,
            data=json.dumps(incomplete_data),
            content_type='application/json'
        )

        assert response.status_code == status.HTTP_400_BAD_REQUEST

    def test_login_missing_password(self):
        """Test login failure with missing password."""
        incomplete_data = {
            'email': self.user_data['email']
        }

        response = self.client.post(
            self.login_url,
            data=json.dumps(incomplete_data),
            content_type='application/json'
        )

        assert response.status_code == status.HTTP_400_BAD_REQUEST

    def test_login_invalid_content_type(self):
        """Test login failure with invalid content type."""
        response = self.client.post(
            self.login_url,
            data=json.dumps(self.user_data)
        )

        assert response.status_code == status.HTTP_415_UNSUPPORTED_MEDIA_TYPE

    def test_login_tenant_specific(self):
        """Test login with tenant-specific URL."""
        # This test will check multi-tenant authentication
        tenant_login_url = '/api/v1/auth/login/'

        response = self.client.post(
            tenant_login_url,
            data=json.dumps(self.user_data),
            content_type='application/json'
        )

        # Should return tenant-specific information
        if response.status_code == status.HTTP_200_OK:
            data = response.json()
            assert 'tenant' in data