Fix auth tests to not invalidate integration_client session

Password change tests were using the admin account, which invalidated all admin sessions including the shared integration_client. Now all password change tests create and use dedicated test users, keeping the admin session intact for other tests. Tests updated: - test_change_password_success - test_change_password_wrong_current - test_password_too_short_on_change
2026-01-16 21:28:30 +00:00
parent 28b434b944
commit 1f923ae71d
1 changed files with 48 additions and 14 deletions
--- a/backend/tests/integration/test_auth_api.py
+++ b/backend/tests/integration/test_auth_api.py
@@ -107,21 +107,37 @@ class TestAuthMe:


 class TestAuthChangePassword:
-    """Tests for change password endpoint."""
+    """Tests for change password endpoint.
+
+    Note: These tests use dedicated test users instead of admin to avoid
+    invalidating the integration_client session (which uses admin).
+    """

    @pytest.mark.integration
    def test_change_password_success(self, auth_client):
        """Test successful password change."""
-        # Login first
+        # Login as admin to create a test user
        auth_client.post(
            "/api/v1/auth/login",
            json={"username": "admin", "password": "changeme123"},
        )
+        test_username = f"pwchange_{uuid4().hex[:8]}"
+        auth_client.post(
+            "/api/v1/admin/users",
+            json={"username": test_username, "password": "oldpassword123"},
+        )
+
+        # Login as test user
+        auth_client.cookies.clear()
+        auth_client.post(
+            "/api/v1/auth/login",
+            json={"username": test_username, "password": "oldpassword123"},
+        )

        # Change password
        response = auth_client.post(
            "/api/v1/auth/change-password",
-            json={"current_password": "changeme123", "new_password": "newpassword123"},
+            json={"current_password": "oldpassword123", "new_password": "newpassword123"},
        )
        assert response.status_code == 200

@@ -129,32 +145,37 @@ class TestAuthChangePassword:
        auth_client.cookies.clear()
        response = auth_client.post(
            "/api/v1/auth/login",
-            json={"username": "admin", "password": "changeme123"},
+            json={"username": test_username, "password": "oldpassword123"},
        )
        assert response.status_code == 401

        # Verify new password works
        response = auth_client.post(
            "/api/v1/auth/login",
-            json={"username": "admin", "password": "newpassword123"},
+            json={"username": test_username, "password": "newpassword123"},
        )
        assert response.status_code == 200

-        # Reset password back to original for other tests
-        reset_response = auth_client.post(
-            "/api/v1/auth/change-password",
-            json={"current_password": "newpassword123", "new_password": "changeme123"},
-        )
-        assert reset_response.status_code == 200, "Failed to reset admin password back to default"
-
    @pytest.mark.integration
    def test_change_password_wrong_current(self, auth_client):
        """Test password change with wrong current password."""
-        # Login first
+        # Login as admin to create a test user
        auth_client.post(
            "/api/v1/auth/login",
            json={"username": "admin", "password": "changeme123"},
        )
+        test_username = f"pwwrong_{uuid4().hex[:8]}"
+        auth_client.post(
+            "/api/v1/admin/users",
+            json={"username": test_username, "password": "password123"},
+        )
+
+        # Login as test user
+        auth_client.cookies.clear()
+        auth_client.post(
+            "/api/v1/auth/login",
+            json={"username": test_username, "password": "password123"},
+        )

        response = auth_client.post(
            "/api/v1/auth/change-password",
@@ -443,14 +464,27 @@ class TestSecurityEdgeCases:
    @pytest.mark.integration
    def test_password_too_short_on_change(self, auth_client):
        """Test that short passwords are rejected when changing password."""
+        # Create test user
        auth_client.post(
            "/api/v1/auth/login",
            json={"username": "admin", "password": "changeme123"},
        )
+        test_username = f"shortchange_{uuid4().hex[:8]}"
+        auth_client.post(
+            "/api/v1/admin/users",
+            json={"username": test_username, "password": "password123"},
+        )
+
+        # Login as test user
+        auth_client.cookies.clear()
+        auth_client.post(
+            "/api/v1/auth/login",
+            json={"username": test_username, "password": "password123"},
+        )

        response = auth_client.post(
            "/api/v1/auth/change-password",
-            json={"current_password": "changeme123", "new_password": "short"},
+            json={"current_password": "password123", "new_password": "short"},
        )
        assert response.status_code == 400
        assert "at least 8 characters" in response.json()["detail"]