From 6c7fc2802dedd0bfce90afea23ac80612577e8f9 Mon Sep 17 00:00:00 2001
From: Yunxiao Xu <xuyunxiao2001@gmail.com>
Date: Tue, 10 Feb 2026 12:14:40 -0800
Subject: [PATCH] test(api): Add failing authentication tests

---
 tests/api/test_auth.py | 76 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 76 insertions(+)
 create mode 100644 tests/api/test_auth.py

diff --git a/tests/api/test_auth.py b/tests/api/test_auth.py
new file mode 100644
index 0000000..80b836b
--- /dev/null
+++ b/tests/api/test_auth.py
@@ -0,0 +1,76 @@
+import pytest
+from fastapi.testclient import TestClient
+from unittest.mock import MagicMock, patch
+from ea_chatbot.api.main import app
+from ea_chatbot.history.models import User
+
+# We will need to mock HistoryManager and get_db dependencies later
+# For now, we define the expected behavior of the auth endpoints.
+
+client = TestClient(app)
+
+@pytest.fixture
+def mock_user():
+    return User(
+        id="user-123",
+        username="test@example.com",
+        display_name="Test User",
+        password_hash="hashed_password"
+    )
+
+def test_register_user_success():
+    """Test successful user registration."""
+    # We'll need to mock history_manager.get_user and create_user
+    with patch("ea_chatbot.api.routers.auth.history_manager") as mock_hm:
+        mock_hm.get_user.return_value = None
+        mock_hm.create_user.return_value = User(id="1", username="new@example.com", display_name="New")
+        
+        response = client.post(
+            "/auth/register",
+            json={"email": "new@example.com", "password": "password123", "display_name": "New"}
+        )
+        
+        # This will fail now because the router doesn't exist
+        assert response.status_code == 201
+        assert response.json()["email"] == "new@example.com"
+
+def test_login_success():
+    """Test successful login and JWT return."""
+    with patch("ea_chatbot.api.routers.auth.history_manager") as mock_hm:
+        mock_hm.authenticate_user.return_value = User(id="1", username="test@example.com")
+        
+        response = client.post(
+            "/auth/login",
+            data={"username": "test@example.com", "password": "password123"}
+        )
+        
+        assert response.status_code == 200
+        assert "access_token" in response.json()
+        assert response.json()["token_type"] == "bearer"
+
+def test_login_invalid_credentials():
+    """Test login with wrong password."""
+    with patch("ea_chatbot.api.routers.auth.history_manager") as mock_hm:
+        mock_hm.authenticate_user.return_value = None
+        
+        response = client.post(
+            "/auth/login",
+            data={"username": "test@example.com", "password": "wrongpassword"}
+        )
+        
+        assert response.status_code == 401
+        assert "detail" in response.json()
+
+def test_protected_route_without_token():
+    """Test that protected routes require a token."""
+    response = client.get("/auth/me")
+    assert response.status_code == 401
+
+def test_oidc_login_redirect():
+    """Test that OIDC login returns a redirect URL."""
+    with patch("ea_chatbot.api.routers.auth.oidc_client") as mock_oidc:
+        mock_oidc.get_login_url.return_value = "https://oidc-provider.com/auth"
+        
+        response = client.get("/auth/oidc/login")
+        assert response.status_code == 200
+        assert response.json()["url"] == "https://oidc-provider.com/auth"