chore/backend/tests/test_reward_api.py

import pytest
from tests.conftest import TEST_SECRET_KEY, TEST_REFRESH_TOKEN_EXPIRY_DAYS
import os
from werkzeug.security import generate_password_hash

from flask import Flask
from api.reward_api import reward_api
from api.auth_api import auth_api
from db.db import reward_db, child_db, users_db
from tinydb import Query
from models.reward import Reward
import jwt


# Test user credentials
TEST_EMAIL = "testuser@example.com"
TEST_PASSWORD = "testpass"

def add_test_user():
    users_db.remove(Query().email == TEST_EMAIL)
    users_db.insert({
        "id": "testuserid",
        "first_name": "Test",
        "last_name": "User",
        "email": TEST_EMAIL,
        "password": generate_password_hash(TEST_PASSWORD),
        "verified": True,
        "image_id": "boy01"
    })

def login_and_set_cookie(client):
    resp = client.post('/auth/login', json={"email": TEST_EMAIL, "password": TEST_PASSWORD})
    assert resp.status_code == 200
    cookies = resp.headers.getlist("Set-Cookie")
    cookie_str = ' '.join(cookies)
    assert cookie_str and "access_token=" in cookie_str

@pytest.fixture
def client():
    app = Flask(__name__)
    app.register_blueprint(reward_api)
    app.register_blueprint(auth_api, url_prefix='/auth')
    app.config['TESTING'] = True
    app.config['SECRET_KEY'] = TEST_SECRET_KEY
    app.config['REFRESH_TOKEN_EXPIRY_DAYS'] = TEST_REFRESH_TOKEN_EXPIRY_DAYS
    with app.test_client() as client:
        add_test_user()
        login_and_set_cookie(client)
        yield client

@pytest.fixture(scope="session", autouse=True)
def cleanup_db():
    yield
    reward_db.close()
    if os.path.exists('rewards.json'):
        os.remove('rewards.json')

def test_add_reward(client):
    response = client.put('/reward/add', json={'name': 'Vacation', 'cost': 10, 'description': "A test reward"})
    assert response.status_code == 201
    assert b'Reward Vacation added.' in response.data
    # verify in database
    rewards = reward_db.all()
    assert any(reward.get('name') == 'Vacation' and reward.get('cost') == 10 and reward.get('description') == "A test reward" and reward.get('image_id') == '' for reward in rewards)

    response = client.put('/reward/add', json={'name': 'Ice Cream', 'cost': 4, 'description': "A test ice cream", 'image_id': 'ice_cream'})
    assert response.status_code == 201
    assert b'Reward Ice Cream added.' in response.data
    # verify in database
    rewards = reward_db.all()
    assert any(reward.get('name') == 'Ice Cream' and reward.get('cost') == 4 and reward.get('description') == "A test ice cream" and reward.get('image_id') == 'ice_cream' for reward in rewards)


def test_list_rewards(client):
    reward_db.truncate()
    reward_db.insert(Reward(name='Reward1', description='Desc1', cost=5).to_dict())
    reward_db.insert(Reward(name='Reward2', description='Desc2', cost=15, image_id='ice_cream').to_dict())
    response = client.get('/reward/list')
    assert response.status_code == 200
    assert b'rewards' in response.data
    data = response.json
    assert len(data['rewards']) == 2


def test_get_reward_not_found(client):
    response = client.get('/reward/nonexistent-id')
    assert response.status_code == 404
    assert b'Reward not found' in response.data

def test_delete_reward_not_found(client):
    response = client.delete('/reward/nonexistent-id')
    assert response.status_code == 404
    assert b'Reward not found' in response.data

def test_delete_assigned_reward_removes_from_child(client):
    # SYSTEM reward: should not be deletable (expect 403)
    reward_db.insert({'id': 'r_delete_assigned', 'name': 'Temp Task', 'cost': 5})
    child_db.insert({
        'id': 'child_for_reward_delete',
        'name': 'Frank',
        'age': 7,
        'points': 0,
        'rewards': ['r_delete_assigned'],
        'tasks': []
    })
    ChildQuery = Query()
    assert 'r_delete_assigned' in child_db.search(ChildQuery.id == 'child_for_reward_delete')[0].get('rewards', [])
    resp = client.delete('/reward/r_delete_assigned')
    assert resp.status_code == 403
    # USER reward: should be deletable (expect 200)
    reward_db.insert({'id': 'r_user_owned', 'name': 'User Reward', 'cost': 2, 'user_id': 'testuserid'})
    child_db.insert({
        'id': 'child_for_user_reward',
        'name': 'UserChild',
        'age': 8,
        'points': 0,
        'rewards': ['r_user_owned'],
        'tasks': []
    })
    # Fetch and update if needed
    child2 = child_db.search(ChildQuery.id == 'child_for_user_reward')[0]
    if 'r_user_owned' not in child2.get('rewards', []):
        child2['rewards'] = ['r_user_owned']
        child_db.update({'rewards': ['r_user_owned']}, ChildQuery.id == 'child_for_user_reward')
    assert 'r_user_owned' in child_db.search(ChildQuery.id == 'child_for_user_reward')[0].get('rewards', [])
    resp2 = client.delete('/reward/r_user_owned')
    assert resp2.status_code == 200
    child2 = child_db.search(ChildQuery.id == 'child_for_user_reward')[0]
    assert 'r_user_owned' not in child2.get('rewards', [])