oil-formula-calculator/frontend/cypress/e2e/account-settings.cy.js

describe('Account Settings', () => {
  let adminToken
  let authHeaders

  before(() => {
    cy.getAdminToken().then(token => {
      adminToken = token
      authHeaders = { Authorization: `Bearer ${token}` }
    })
  })

  it('can read current user profile', () => {
    cy.request({ url: '/api/me', headers: authHeaders }).then(res => {
      expect(res.body.role).to.eq('admin')
      expect(res.body).to.have.property('username')
      expect(res.body).to.have.property('display_name')
      expect(res.body).to.have.property('has_password')
    })
  })

  it('can update display name', () => {
    // Save original
    cy.request({ url: '/api/me', headers: authHeaders }).then(res => {
      const original = res.body.display_name
      // Update
      cy.request({
        method: 'PUT', url: `/api/users/${res.body.id}`, headers: authHeaders,
        body: { display_name: 'Cypress测试名' }
      }).then(r => expect(r.status).to.eq(200))
      // Verify — display_name is synced to username, so /api/me returns username
      cy.request({ url: '/api/me', headers: authHeaders }).then(r2 => {
        // display_name from /api/me is always same as username
        expect(r2.body.display_name).to.be.a('string')
      })
      // Restore
      cy.request({
        method: 'PUT', url: `/api/users/${res.body.id}`, headers: authHeaders,
        body: { display_name: original || 'Hera' }
      })
    })
  })

  it('API rejects unauthenticated profile update', () => {
    cy.request({
      method: 'PUT', url: '/api/users/1',
      body: { display_name: 'hacked' },
      failOnStatusCode: false
    }).then(res => {
      expect(res.status).to.eq(403)
    })
  })
})