fix: Change auth blueprint prefix from /admin to /auth (v0.9.2)

The auth routes were registered under /admin/* but the IndieAuth redirect_uri was configured as /auth/callback, causing 404 errors when providers redirected back after authentication. - Change auth blueprint url_prefix from "/admin" to "/auth" - Update test expectations for new auth route paths - Add ADR-022 documenting the architectural decision 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-22 18:22:08 -07:00
parent 78165ad3be
commit 44a97e4ffa
8 changed files with 308 additions and 11 deletions
--- a/tests/test_routes_admin.py
+++ b/tests/test_routes_admin.py
@@ -76,7 +76,7 @@ class TestAuthenticationRequirement:
        """Test /admin requires authentication"""
        response = client.get("/admin/", follow_redirects=False)
        assert response.status_code == 302
-        assert "/admin/login" in response.location
+        assert "/auth/login" in response.location

    def test_new_note_form_requires_auth(self, client):
        """Test /admin/new requires authentication"""
--- a/tests/test_routes_dev_auth.py
+++ b/tests/test_routes_dev_auth.py
@@ -255,7 +255,7 @@ class TestDevModeWarnings:
    def test_dev_login_page_shows_link(self, dev_app):
        """Test login page shows dev login link when DEV_MODE enabled"""
        client = dev_app.test_client()
-        response = client.get("/admin/login")
+        response = client.get("/auth/login")
        assert response.status_code == 200

        # Should have link to dev login
@@ -264,7 +264,7 @@ class TestDevModeWarnings:
    def test_production_login_no_dev_link(self, prod_app):
        """Test login page doesn't show dev link in production"""
        client = prod_app.test_client()
-        response = client.get("/admin/login")
+        response = client.get("/auth/login")
        assert response.status_code == 200

        # Should NOT have dev login link
@@ -335,7 +335,7 @@ class TestIntegrationFlow:
        # Step 1: Access admin without auth (should redirect to login)
        response = client.get("/admin/", follow_redirects=False)
        assert response.status_code == 302
-        assert "/admin/login" in response.location
+        assert "/auth/login" in response.location

        # Step 2: Use dev login
        response = client.get("/dev/login", follow_redirects=True)
@@ -358,7 +358,7 @@ class TestIntegrationFlow:
        assert response.status_code == 200

        # Step 5: Logout
-        response = client.post("/admin/logout", follow_redirects=True)
+        response = client.post("/auth/logout", follow_redirects=True)
        assert response.status_code == 200

        # Step 6: Verify can't access admin anymore
--- a/tests/test_templates.py
+++ b/tests/test_templates.py
@@ -208,19 +208,19 @@ class TestAdminTemplates:

    def test_login_template_has_form(self, client):
        """Test login page has form"""
-        response = client.get("/admin/login")
+        response = client.get("/auth/login")
        assert response.status_code == 200
        assert b"<form" in response.data

    def test_login_has_me_input(self, client):
        """Test login form has 'me' URL input"""
-        response = client.get("/admin/login")
+        response = client.get("/auth/login")
        assert response.status_code == 200
        assert b'name="me"' in response.data or b'id="me"' in response.data

    def test_login_has_submit_button(self, client):
        """Test login form has submit button"""
-        response = client.get("/admin/login")
+        response = client.get("/auth/login")
        assert response.status_code == 200
        assert b'type="submit"' in response.data or b"<button" in response.data