fix(tests): update all test routes to use /api prefix

All API routes were moved under /api prefix as part of the unified deployment architecture. Updated test files to reflect this change: - basics.rs: Update root and auth/providers routes - health.rs: Update health endpoint routes - oauth.rs: Update all OAuth and auth callback routes, plus redirect locations - sessions.rs: Update profile and logout routes This fixes 9 failing tests that were expecting routes without the /api prefix.
2025-12-06 01:15:42 -06:00 · 2025-11-02 19:51:52 -06:00
parent 45e6131121
commit 8f8f82630f
4 changed files with 16 additions and 16 deletions
--- a/pacman-server/tests/basics.rs
+++ b/pacman-server/tests/basics.rs
@@ -7,7 +7,7 @@ use crate::common::{test_context, TestContext};
 // A basic test of all the server's routes that aren't covered by other tests.
 #[tokio::test]
 async fn test_basic_routes() {
-    let routes = vec!["/", "/auth/providers"];
+    let routes = vec!["/api/", "/api/auth/providers"];

    for route in routes {
        let TestContext { server, .. } = test_context().use_database(false).call().await;
--- a/pacman-server/tests/health.rs
+++ b/pacman-server/tests/health.rs
@@ -10,7 +10,7 @@ async fn test_health_endpoint() {
    let TestContext { server, container, .. } = test_context().use_database(true).call().await;

    // First, verify health endpoint works when database is healthy
-    let response = server.get("/health").await;
+    let response = server.get("/api/health").await;
    assert_eq!(response.status_code(), 200);
    let health_json: serde_json::Value = response.json();
    assert_eq!(health_json["ok"], true);
@@ -19,7 +19,7 @@ async fn test_health_endpoint() {
    drop(container);

    // Now verify health endpoint reports bad health
-    let response = server.get("/health?force").await;
+    let response = server.get("/api/health?force").await;
    assert_eq!(response.status_code(), 503); // SERVICE_UNAVAILABLE
    let health_json: serde_json::Value = response.json();
    assert_eq!(health_json["ok"], false);
--- a/pacman-server/tests/oauth.rs
+++ b/pacman-server/tests/oauth.rs
@@ -32,7 +32,7 @@ async fn test_oauth_authorization_redirect() {

    let TestContext { server, app_state, .. } = test_context().auth_registry(mock_registry).call().await;

-    let response = server.get("/auth/mock").await;
+    let response = server.get("/api/auth/mock").await;
    assert_eq!(response.status_code(), 303);
    assert_eq!(response.headers().get("location").unwrap(), "https://example.com/auth");

@@ -63,9 +63,9 @@ async fn test_new_user_registration() {

    let context = test_context().use_database(true).auth_registry(mock_registry).call().await;

-    let response = context.server.get("/auth/mock/callback?code=a&state=b").await;
+    let response = context.server.get("/api/auth/mock/callback?code=a&state=b").await;
    assert_eq!(response.status_code(), 302);
-    assert_eq!(response.headers().get("location").unwrap(), "/profile");
+    assert_eq!(response.headers().get("location").unwrap(), "/api/profile");

    // Verify user and oauth_account were created
    let user = user_repo::find_user_by_email(&context.app_state.db, "new@example.com")
@@ -119,9 +119,9 @@ async fn test_existing_user_signin() {
    .await
    .unwrap();

-    let response = context.server.get("/auth/mock/callback?code=a&state=b").await;
+    let response = context.server.get("/api/auth/mock/callback?code=a&state=b").await;
    assert_eq!(response.status_code(), 302, "Should sign in successfully");
-    assert_eq!(response.headers().get("location").unwrap(), "/profile");
+    assert_eq!(response.headers().get("location").unwrap(), "/api/profile");

    // Verify no new user was created
    let users = sqlx::query("SELECT * FROM users")
@@ -169,7 +169,7 @@ async fn test_implicit_account_linking() {
    let context = test_context().use_database(true).auth_registry(mock_registry).call().await;

    // Action 1: Sign in with provider-a, creating the initial user
-    let response1 = context.server.get("/auth/provider-a/callback?code=a&state=b").await;
+    let response1 = context.server.get("/api/auth/provider-a/callback?code=a&state=b").await;
    assert_eq!(response1.status_code(), 302);

    let user = user_repo::find_user_by_email(&context.app_state.db, "shared@example.com")
@@ -181,7 +181,7 @@ async fn test_implicit_account_linking() {
    assert_eq!(providers1[0].provider, "provider-a");

    // Action 2: Sign in with provider-b
-    let response2 = context.server.get("/auth/provider-b/callback?code=a&state=b").await;
+    let response2 = context.server.get("/api/auth/provider-b/callback?code=a&state=b").await;
    assert_eq!(response2.status_code(), 302);

    // Assertions: No new user, but a new provider link
@@ -224,7 +224,7 @@ async fn test_unverified_email_creates_new_account() {
        .await
        .unwrap();

-    let response = context.server.get("/auth/mock/callback?code=a&state=b").await;
+    let response = context.server.get("/api/auth/mock/callback?code=a&state=b").await;
    assert_eq!(response.status_code(), 302);

    // Should create a second user because the email wasn't trusted for linking
@@ -257,11 +257,11 @@ async fn test_logout_functionality() {
    let context = test_context().use_database(true).auth_registry(mock_registry).call().await;

    // Sign in to establish a session
-    let response = context.server.get("/auth/mock/callback?code=a&state=b").await;
+    let response = context.server.get("/api/auth/mock/callback?code=a&state=b").await;
    assert_eq!(response.status_code(), 302);

    // Test that the logout handler clears the session cookie and redirects
-    let response = context.server.get("/logout").await;
+    let response = context.server.get("/api/logout").await;

    assert_eq!(response.status_code(), 302);
    assert!(response.headers().contains_key("location"));
--- a/pacman-server/tests/sessions.rs
+++ b/pacman-server/tests/sessions.rs
@@ -40,16 +40,16 @@ async fn test_session_management() {
    // 3. Make a request to the protected route WITH the session, expect success
    let response = context
        .server
-        .get("/profile")
+        .get("/api/profile")
        .add_cookie(Cookie::new(session::SESSION_COOKIE_NAME, token))
        .await;
    assert_eq!(response.status_code(), 200);

    // 4. Sign out
-    let response = context.server.get("/logout").await;
+    let response = context.server.get("/api/logout").await;
    assert_eq!(response.status_code(), 302); // Redirect after logout

    // 5. Make a request to the protected route without a session, expect failure
-    let response = context.server.get("/profile").await;
+    let response = context.server.get("/api/profile").await;
    assert_eq!(response.status_code(), 401); // Unauthorized without session
 }