feat: add authentication routes with session login, WebAuthn, and credential management

Implement Phase 4 auth routes: password login/logout, WebAuthn
registration and authentication, magic link registration, and
credential management pages with HTMX. Includes session middleware,
Jinja2 templates, vendored HTMX, and last-credential guardrails.

120 tests passing.
This commit is contained in:
Johan Lundberg 2026-02-16 11:39:50 +01:00
parent f7ed2cf54d
commit e15dcc4745
No known key found for this signature in database
GPG key ID: A6C152738D03C7D1
23 changed files with 1440 additions and 2 deletions

View file

@ -0,0 +1,19 @@
from httpx import AsyncClient
async def test_get_login_page_contains_form(client: AsyncClient) -> None:
res = await client.get("/login")
assert res.status_code == 200
assert "<form" in res.text
assert 'name="username"' in res.text
async def test_login_page_has_skip_link(client: AsyncClient) -> None:
res = await client.get("/login")
assert "Skip to content" in res.text
async def test_static_css_served(client: AsyncClient) -> None:
res = await client.get("/static/style.css")
assert res.status_code == 200
assert "--bg" in res.text