"""Tests for POST /auth/validate-password endpoint.""" from flask import Flask class TestValidatePasswordEndpoint: """Tests for the validate-password API endpoint.""" def _make_app(self): app = Flask(__name__) app.secret_key = "test" app.config["WTF_CSRF_ENABLED"] = False from local_deep_research.web.auth.routes import auth_bp app.register_blueprint(auth_bp) return app def test_strong_password_returns_valid(self): """Endpoint returns valid=true for a strong password.""" app = self._make_app() with app.test_client() as client: response = client.post( "/auth/validate-password", data={"password": "strongp4ss"}, ) assert response.status_code == 200 data = response.get_json() assert data["valid"] is True assert data["errors"] == [] def test_weak_password_returns_errors(self): """Endpoint returns valid=false with error list for a weak password.""" app = self._make_app() with app.test_client() as client: response = client.post( "/auth/validate-password", data={"password": "abc"}, ) assert response.status_code == 200 data = response.get_json() assert data["valid"] is False assert len(data["errors"]) > 0 def test_empty_password_returns_all_errors(self): """Endpoint returns all errors for an empty password.""" app = self._make_app() with app.test_client() as client: response = client.post( "/auth/validate-password", data={"password": ""}, ) data = response.get_json() assert data["valid"] is False # Should have errors for length, lowercase, digit assert len(data["errors"]) == 3 def test_missing_password_field(self): """Endpoint treats missing password field as empty string.""" app = self._make_app() with app.test_client() as client: response = client.post( "/auth/validate-password", data={}, ) data = response.get_json() assert data["valid"] is False assert len(data["errors"]) == 3