# Part VII: Testing and Quality Assurance

## Chapter 15: Testing Strategies

Testing is not an afterthought—it is a fundamental practice that ensures your API behaves correctly, remains maintainable, and can be refactored with confidence. FastAPI's architecture, built on Starlette and Pydantic, provides excellent testability through dependency injection and the `TestClient`. This chapter covers comprehensive testing strategies from unit tests to integration tests, including authentication testing, dependency mocking, and async test patterns.

---

### 15.1 `TestClient`: Writing Unit Tests for Endpoints

The `TestClient` from Starlette (used by FastAPI) provides a synchronous interface for testing async applications. It handles the event loop internally, allowing you to write tests using standard pytest patterns.

#### Understanding TestClient Architecture

```
┌─────────────────────────────────────────────────────────────────┐
│                    TestClient Architecture                         │
├─────────────────────────────────────────────────────────────────┤
│                                                                  │
│  Traditional Async Testing (Complex):                           │
│  ┌─────────┐                                                    │
│  │  Test   │  async def test_endpoint():                       │
│  │         │      async with AsyncClient() as client:          │
│  │         │          response = await client.get("/")         │
│  │         │          assert response.status_code == 200        │
│  │         │      # Must manage event loop manually             │
│  └─────────┘                                                    │
│                                                                  │
│  TestClient (Simplified):                                        │
│  ┌─────────┐                                                    │
│  │  Test   │  def test_endpoint():                              │
│  │         │      client = TestClient(app)                     │
│  │         │      response = client.get("/")                   │
│  │         │      assert response.status_code == 200           │
│  │         │      # Event loop handled internally              │
│  └─────────┘                                                    │
│                                                                  │
│  How TestClient Works:                                           │
│  1. Creates ASGI application instance                           │
│  2. Runs event loop in background thread                        │
│  3. Converts sync calls to async operations                     │
│  4. Returns standard requests.Response object                   │
│                                                                  │
│  Limitations:                                                    │
│  - Cannot test actual async behavior (concurrency)              │
│  - Background tasks run synchronously                            │
│  - WebSocket testing requires different approach                 │
│                                                                  │
└─────────────────────────────────────────────────────────────────┘
```

#### Basic TestClient Setup

```python
# test_basic.py - Basic TestClient usage
import pytest
from fastapi.testclient import TestClient
from sqlalchemy import create_engine
from sqlalchemy.orm import sessionmaker
from sqlalchemy.pool import StaticPool

from app.main import app
from app.database import Base, get_db

# Create test database in memory
# SQLite in-memory database for fast tests
SQLALCHEMY_DATABASE_URL = "sqlite:///:memory:"

engine = create_engine(
    SQLALCHEMY_DATABASE_URL,
    connect_args={"check_same_thread": False},  # Required for SQLite
    poolclass=StaticPool,  # Use same connection for all
)
TestingSessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)


# Fixture to create tables once
@pytest.fixture(scope="session")
def db_engine():
    """Create database engine for all tests."""
    Base.metadata.create_all(bind=engine)
    yield engine
    Base.metadata.drop_all(bind=engine)


# Fixture for database session per test
@pytest.fixture(scope="function")
def db_session(db_engine):
    """
    Create fresh database session for each test.
    
    Rolls back after each test for isolation.
    """
    connection = db_engine.connect()
    transaction = connection.begin()
    session = TestingSessionLocal(bind=connection)
    
    yield session
    
    session.close()
    transaction.rollback()
    connection.close()


# Fixture for TestClient with overridden DB
@pytest.fixture(scope="function")
def client(db_session):
    """
    Create TestClient with database dependency overridden.
    
    All endpoints will use the test database session.
    """
    def override_get_db():
        try:
            yield db_session
        finally:
            pass
    
    # Override the dependency
    app.dependency_overrides[get_db] = override_get_db
    
    with TestClient(app) as test_client:
        yield test_client
    
    # Clear overrides after test
    app.dependency_overrides.clear()


# Basic tests
def test_read_main(client):
    """Test root endpoint."""
    response = client.get("/")
    assert response.status_code == 200
    assert response.json() == {"message": "Hello World"}


def test_create_user(client):
    """Test user creation."""
    response = client.post(
        "/auth/register",
        json={
            "username": "testuser",
            "email": "test@example.com",
            "password": "TestPass123!",
            "full_name": "Test User"
        }
    )
    assert response.status_code == 201
    data = response.json()
    assert data["username"] == "testuser"
    assert "id" in data
    assert "hashed_password" not in data  # Never return password


def test_create_user_duplicate(client):
    """Test duplicate user handling."""
    # Create first user
    client.post(
        "/auth/register",
        json={
            "username": "dupuser",
            "email": "dup@example.com",
            "password": "TestPass123!"
        }
    )
    
    # Try duplicate
    response = client.post(
        "/auth/register",
        json={
            "username": "dupuser",
            "email": "dup@example.com",
            "password": "TestPass123!"
        }
    )
    assert response.status_code == 400


def test_get_user_not_found(client):
    """Test 404 handling."""
    response = client.get("/users/nonexistent-id")
    assert response.status_code == 404
    assert response.json()["detail"] == "User not found"
```

---

### 15.2 Testing Authentication: Sending Tokens and Cookies in Test Requests

Testing authenticated endpoints requires simulating the authentication flow: obtaining tokens and including them in subsequent requests.

#### Authentication Testing Patterns

```python
# test_auth.py - Testing authenticated endpoints
import pytest
from fastapi.testclient import TestClient

# Fixtures for authentication

@pytest.fixture
def test_user(db_session):
    """Create a test user and return credentials."""
    from app.models import User
    from passlib.context import CryptContext
    
    pwd_context = CryptContext(schemes=["bcrypt"])
    
    user = User(
        username="testuser",
        email="test@example.com",
        hashed_password=pwd_context.hash("testpass123"),
        is_active=True
    )
    db_session.add(user)
    db_session.commit()
    db_session.refresh(user)
    
    return {
        "id": str(user.id),
        "username": "testuser",
        "password": "testpass123",
        "email": "test@example.com"
    }


@pytest.fixture
def auth_token(client, test_user):
    """Get authentication token for test user."""
    response = client.post(
        "/auth/token",
        data={
            "username": test_user["username"],
            "password": test_user["password"],
            "grant_type": "password"
        },
        headers={"Content-Type": "application/x-www-form-urlencoded"}
    )
    assert response.status_code == 200
    return response.json()["access_token"]


@pytest.fixture
def auth_headers(auth_token):
    """Create authorization headers with token."""
    return {"Authorization": f"Bearer {auth_token}"}


@pytest.fixture
def authenticated_client(client, auth_headers):
    """Client with default auth headers."""
    # Note: TestClient doesn't persist headers between requests easily
    # Better to use auth_headers fixture explicitly
    return client


# Tests for authenticated endpoints

def test_login_success(client, test_user):
    """Test successful login returns token."""
    response = client.post(
        "/auth/token",
        data={
            "username": test_user["username"],
            "password": test_user["password"]
        }
    )
    
    assert response.status_code == 200
    data = response.json()
    assert "access_token" in data
    assert data["token_type"] == "bearer"
    
    # Verify token is valid JWT (3 parts separated by dots)
    token = data["access_token"]
    assert len(token.split(".")) == 3


def test_login_wrong_password(client, test_user):
    """Test login with incorrect password."""
    response = client.post(
        "/auth/token",
        data={
            "username": test_user["username"],
            "password": "wrongpassword"
        }
    )
    
    assert response.status_code == 401
    assert response.json()["detail"] == "Incorrect username or password"


def test_login_inactive_user(client, db_session):
    """Test login with inactive user."""
    from app.models import User
    from passlib.context import CryptContext
    
    pwd_context = CryptContext(schemes=["bcrypt"])
    
    # Create inactive user
    inactive_user = User(
        username="inactive",
        email="inactive@example.com",
        hashed_password=pwd_context.hash("password"),
        is_active=False
    )
    db_session.add(inactive_user)
    db_session.commit()
    
    response = client.post(
        "/auth/token",
        data={"username": "inactive", "password": "password"}
    )
    
    assert response.status_code == 400
    assert "Inactive user" in response.json()["detail"]


def test_access_protected_endpoint_without_auth(client):
    """Test that protected endpoints reject unauthenticated requests."""
    response = client.get("/users/me")
    
    assert response.status_code == 401
    assert response.json()["detail"] == "Not authenticated"


def test_access_protected_endpoint_with_auth(client, auth_headers):
    """Test accessing protected endpoint with valid token."""
    response = client.get("/users/me", headers=auth_headers)
    
    assert response.status_code == 200
    data = response.json()
    assert data["username"] == "testuser"
    assert "id" in data


def test_token_expired(client, test_user):
    """Test that expired tokens are rejected."""
    from jose import jwt
    from datetime import datetime, timedelta
    
    # Create expired token manually
    expired_token = jwt.encode(
        {
            "sub": test_user["id"],
            "exp": datetime.utcnow() - timedelta(hours=1)  # Expired 1 hour ago
        },
        "secret-key",
        algorithm="HS256"
    )
    
    response = client.get(
        "/users/me",
        headers={"Authorization": f"Bearer {expired_token}"}
    )
    
    assert response.status_code == 401
    assert "expired" in response.json()["detail"].lower()


# Testing with cookies
def test_cookie_auth(client, test_user):
    """Test authentication via HTTP-only cookie."""
    # Login with cookie response
    response = client.post(
        "/auth/token/cookie",
        data={
            "username": test_user["username"],
            "password": test_user["password"]
        }
    )
    
    assert response.status_code == 200
    
    # Extract cookie
    cookie = response.cookies.get("access_token")
    assert cookie is not None
    
    # Make request with cookie
    client.cookies.set("access_token", cookie)
    response = client.get("/protected/cookie")
    
    assert response.status_code == 200
```

---

### 15.3 Dependency Overriding: Testing with Mocked Dependencies

Dependency overriding allows you to replace real dependencies (databases, external APIs) with test doubles during testing.

#### Mocking Dependencies

```python
# test_dependencies.py - Dependency overriding
import pytest
from fastapi.testclient import TestClient
from unittest.mock import Mock, patch, AsyncMock
from app.main import app
from app.dependencies import get_db, get_external_api_client

# Store original overrides to restore later
_original_overrides = {}

@pytest.fixture
def override_dependencies():
    """
    Fixture to manage dependency overrides.
    
    Automatically clears overrides after each test.
    """
    # Store original state
    _original_overrides.update(app.dependency_overrides)
    
    yield
    
    # Restore original overrides
    app.dependency_overrides.clear()
    app.dependency_overrides.update(_original_overrides)


# Mock database dependency
@pytest.fixture
def mock_db():
    """Create mock database session."""
    mock_session = AsyncMock()
    
    # Configure common methods
    mock_session.add = AsyncMock()
    mock_session.commit = AsyncMock()
    mock_session.refresh = AsyncMock()
    mock_session.rollback = AsyncMock()
    mock_session.close = AsyncMock()
    
    # Mock execute to return empty results by default
    mock_result = Mock()
    mock_result.scalar_one_or_none.return_value = None
    mock_result.scalars.return_value.all.return_value = []
    mock_session.execute = AsyncMock(return_value=mock_result)
    
    return mock_session


@pytest.fixture
def client_with_mock_db(mock_db, override_dependencies):
    """TestClient with mocked database."""
    async def override_get_db():
        yield mock_db
    
    app.dependency_overrides[get_db] = override_get_db
    
    with TestClient(app) as client:
        yield client
    
    # Cleanup handled by override_dependencies fixture


def test_create_user_with_mock_db(client_with_mock_db, mock_db):
    """Test user creation with mocked database."""
    # Configure mock for this specific test
    mock_user = Mock()
    mock_user.id = "test-uuid"
    mock_user.username = "newuser"
    mock_user.email = "new@example.com"
    
    # Setup execute to return our mock user on refresh
    def side_effect(*args, **kwargs):
        mock_result = Mock()
        mock_result.scalar_one_or_none.return_value = None  # For existence check
        return mock_result
    
    mock_db.execute.side_effect = side_effect
    
    # Make request
    response = client_with_mock_db.post(
        "/auth/register",
        json={
            "username": "newuser",
            "email": "new@example.com",
            "password": "TestPass123!"
        }
    )
    
    # Assertions
    assert response.status_code == 201
    
    # Verify database was called correctly
    mock_db.add.assert_called_once()
    mock_db.commit.assert_called_once()
    mock_db.refresh.assert_called_once()


# Mocking external APIs
@pytest.fixture
def mock_external_api():
    """Mock external API client."""
    mock_client = AsyncMock()
    mock_client.get_data = AsyncMock(return_value={"data": "mocked"})
    mock_client.send_webhook = AsyncMock(return_value=True)
    return mock_client


@pytest.fixture
def client_with_mock_api(mock_external_api, override_dependencies):
    """Client with mocked external API."""
    def override_get_external_api():
        return mock_external_api
    
    app.dependency_overrides[get_external_api_client] = override_get_external_api
    
    with TestClient(app) as client:
        yield client


def test_endpoint_with_external_api(client_with_mock_api, mock_external_api):
    """Test endpoint that calls external API."""
    response = client_with_mock_api.get("/api/data")
    
    assert response.status_code == 200
    assert response.json() == {"data": "mocked"}
    
    # Verify external API was called
    mock_external_api.get_data.assert_called_once()


# Patching specific functions
def test_with_patched_function():
    """Test using patch decorator."""
    with patch('app.services.send_email') as mock_send:
        mock_send.return_value = True
        
        # Run code that calls send_email
        result = client.post("/notify", json={"email": "test@example.com"})
        
        assert result.status_code == 200
        mock_send.assert_called_with("test@example.com", mock.ANY)


# Environment variable patching
@pytest.fixture
def mock_env_vars(monkeypatch):
    """Fixture to set environment variables for tests."""
    monkeypatch.setenv("SECRET_KEY", "test-secret-key")
    monkeypatch.setenv("DATABASE_URL", "sqlite:///./test.db")
    monkeypatch.setenv("DEBUG", "true")


# Testing with real database (integration test)
@pytest.fixture(scope="function")
def real_db():
    """Create real test database."""
    from sqlalchemy import create_engine
    from sqlalchemy.orm import sessionmaker
    
    # Use file-based SQLite for persistence during test
    engine = create_engine(
        "sqlite:///./test_temp.db",
        connect_args={"check_same_thread": False}
    )
    
    # Create tables
    Base.metadata.create_all(bind=engine)
    
    SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
    db = SessionLocal()
    
    yield db
    
    db.close()
    # Cleanup
    Base.metadata.drop_all(bind=engine)
    import os
    os.remove("./test_temp.db")
```

---

### 15.4 Async Testing: Using `pytest-asyncio` with Async Endpoints

While `TestClient` handles the event loop for HTTP requests, testing async database operations, background tasks, or direct async functions requires `pytest-asyncio`.

#### Setting Up Async Tests

```python
# test_async.py - Async testing patterns
import pytest
import pytest_asyncio
from sqlalchemy.ext.asyncio import create_async_engine, AsyncSession
from sqlalchemy.orm import sessionmaker
from httpx import AsyncClient  # For async HTTP testing

from app.main import app
from app.database import Base, get_db

# Configure pytest-asyncio
pytest_plugins = ('pytest_asyncio',)

# Mark all tests as async
pytestmark = pytest.mark.asyncio


@pytest_asyncio.fixture(scope="session")
async def async_engine():
    """Create async engine for testing."""
    engine = create_async_engine(
        "postgresql+asyncpg://user:pass@localhost/test_db",
        echo=False,
    )
    
    # Create tables
    async with engine.begin() as conn:
        await conn.run_sync(Base.metadata.create_all)
    
    yield engine
    
    # Cleanup
    async with engine.begin() as conn:
        await conn.run_sync(Base.metadata.drop_all)
    await engine.dispose()


@pytest_asyncio.fixture
async def async_session(async_engine):
    """Create async session for each test."""
    async with AsyncSession(async_engine) as session:
        yield session
        # Rollback after test
        await session.rollback()


@pytest_asyncio.fixture
async def async_client(async_session):
    """Create async HTTP client with overridden DB."""
    async def override_get_db():
        yield async_session
    
    app.dependency_overrides[get_db] = override_get_db
    
    # Use AsyncClient for true async testing
    async with AsyncClient(app=app, base_url="http://test") as client:
        yield client
    
    app.dependency_overrides.clear()


# Async tests
async def test_create_user_async(async_client: AsyncClient):
    """Test user creation with async client."""
    response = await async_client.post(
        "/auth/register",
        json={
            "username": "asyncuser",
            "email": "async@example.com",
            "password": "TestPass123!"
        }
    )
    
    assert response.status_code == 201
    data = response.json()
    assert data["username"] == "asyncuser"


async def test_database_operations(async_session: AsyncSession):
    """Test direct database operations."""
    from app.models import User
    
    # Create user directly in DB
    user = User(
        username="dbuser",
        email="db@example.com",
        hashed_password="hashed"
    )
    async_session.add(user)
    await async_session.commit()
    
    # Query
    result = await async_session.execute(
        select(User).where(User.username == "dbuser")
    )
    found = result.scalar_one()
    
    assert found.username == "dbuser"
    assert found.email == "db@example.com"


async def test_concurrent_requests(async_client: AsyncClient):
    """Test concurrent async requests."""
    import asyncio
    
    # Create multiple requests concurrently
    tasks = [
        async_client.get("/items/"),
        async_client.get("/users/"),
        async_client.get("/health")
    ]
    
    responses = await asyncio.gather(*tasks)
    
    assert all(r.status_code == 200 for r in responses)


# Testing background tasks
async def test_background_tasks(async_client: AsyncClient, async_session):
    """Test endpoints with background tasks."""
    # Mock the background task function
    with patch("app.services.send_email") as mock_email:
        mock_email.return_value = None
        
        response = await async_client.post(
            "/users/",
            json={
                "username": "bguser",
                "email": "bg@example.com",
                "password": "TestPass123!"
            }
        )
        
        assert response.status_code == 201
        
        # Background tasks run after response in TestClient
        # In real async tests, you might need to wait or check effects
        await asyncio.sleep(0.1)  # Give background task time
        
        mock_email.assert_called_once()


# Testing WebSockets (async only)
async def test_websocket(async_client: AsyncClient):
    """Test WebSocket endpoint."""
    with async_client.websocket_connect("/ws/chat") as websocket:
        # Send message
        websocket.send_json({"message": "Hello"})
        
        # Receive response
        data = websocket.receive_json()
        assert data["type"] == "message"
        assert "Hello" in data["content"]
```

---

### 15.3 Dependency Overriding: Mocking Databases and External Services

Dependency overriding is FastAPI's powerful mechanism for replacing real dependencies with test doubles. This enables testing in isolation without external services.

#### Complete Mocking Strategy

```python
# test_mocking.py - Comprehensive dependency mocking
import pytest
from fastapi.testclient import TestClient
from unittest.mock import Mock, patch, MagicMock
from app.main import app
from app.dependencies import get_db, get_redis, get_email_service

# Store original dependencies
_original_dependencies = {}

def store_original_deps():
    """Store original dependencies before test."""
    _original_dependencies.update(app.dependency_overrides)

def restore_original_deps():
    """Restore original dependencies after test."""
    app.dependency_overrides.clear()
    app.dependency_overrides.update(_original_dependencies)


# Fixture for complete app mocking
@pytest.fixture
def mocked_app():
    """Provide app with all external dependencies mocked."""
    store_original_deps()
    
    # Mock database
    mock_db = Mock()
    mock_db.query.return_value.filter.return_value.first.return_value = None
    mock_db.add = Mock()
    mock_db.commit = Mock()
    mock_db.refresh = Mock()
    
    def override_db():
        yield mock_db
    
    # Mock Redis
    mock_redis = Mock()
    mock_redis.get.return_value = None
    mock_redis.set = Mock(return_value=True)
    mock_redis.delete = Mock(return_value=1)
    
    def override_redis():
        return mock_redis
    
    # Mock email service
    mock_email = Mock()
    mock_email.send = Mock(return_value=True)
    
    def override_email():
        return mock_email
    
    # Apply overrides
    app.dependency_overrides[get_db] = override_db
    app.dependency_overrides[get_redis] = override_redis
    app.dependency_overrides[get_email_service] = override_email
    
    yield {
        "app": app,
        "db": mock_db,
        "redis": mock_redis,
        "email": mock_email
    }
    
    restore_original_deps()


# Tests with fully mocked dependencies
def test_create_user_mocked(mocked_app):
    """Test user creation with all dependencies mocked."""
    client = TestClient(mocked_app["app"])
    mock_db = mocked_app["db"]
    
    # Configure mock to return None (user doesn't exist)
    mock_db.query.return_value.filter.return_value.first.return_value = None
    
    response = client.post(
        "/users/",
        json={
            "username": "mockuser",
            "email": "mock@example.com",
            "password": "TestPass123!"
        }
    )
    
    assert response.status_code == 201
    
    # Verify database was called
    mock_db.add.assert_called_once()
    mock_db.commit.assert_called_once()


def test_cached_endpoint(mocked_app):
    """Test endpoint that uses Redis caching."""
    client = TestClient(mocked_app["app"])
    mock_redis = mocked_app["redis"]
    
    # Test cache miss
    mock_redis.get.return_value = None
    
    response = client.get("/expensive-query")
    assert response.status_code == 200
    
    # Verify cache was set
    mock_redis.set.assert_called_once()
    
    # Test cache hit
    mock_redis.get.return_value = '{"cached": "data"}'
    
    response = client.get("/expensive-query")
    assert response.status_code == 200
    assert response.json() == {"cached": "data"}


# Selective mocking (mock only specific functions)
def test_with_patched_function():
    """Test using patch decorator."""
    with patch('app.services.process_payment') as mock_payment:
        mock_payment.return_value = {"status": "success", "id": "pay_123"}
        
        client = TestClient(app)
        response = client.post(
            "/payments/",
            json={"amount": 100, "currency": "USD"}
        )
        
        assert response.status_code == 200
        mock_payment.assert_called_once_with(amount=100, currency="USD")


# Mocking time-dependent functions
def test_with_frozen_time():
    """Test time-sensitive operations."""
    from freezegun import freeze_time
    
    with freeze_time("2024-01-15 12:00:00"):
        client = TestClient(app)
        response = client.post("/events/", json={"name": "Test Event"})
        
        data = response.json()
        assert data["created_at"] == "2024-01-15T12:00:00"
```

---

### 15.4 Async Testing: Using `pytest-asyncio` for Async Code

While `TestClient` handles HTTP testing, testing async functions directly (database operations, background tasks, utility functions) requires `pytest-asyncio`.

#### Async Test Patterns

```python
# test_async_functions.py - Testing async code directly
import pytest
import pytest_asyncio
import asyncio
from unittest.mock import AsyncMock, patch

# Mark all tests in this file as async
pytestmark = pytest.mark.asyncio


# Testing async database operations
async def test_async_db_operations(async_session):
    """Test database operations directly without HTTP."""
    from app.models import User
    from sqlalchemy import select
    
    # Create user
    user = User(
        username="directtest",
        email="direct@test.com",
        hashed_password="hashed"
    )
    async_session.add(user)
    await async_session.commit()
    
    # Query
    result = await async_session.execute(
        select(User).where(User.username == "directtest")
    )
    found = result.scalar_one()
    
    assert found.email == "direct@test.com"


# Testing async services
async def test_email_service():
    """Test async email sending service."""
    from app.services import send_email
    
    with patch('app.services.aiohttp.ClientSession.post') as mock_post:
        mock_post.return_value.__aenter__.return_value.status = 200
        mock_post.return_value.__aenter__.return_value.json = AsyncMock(
            return_value={"status": "sent"}
        )
        
        result = await send_email(
            to="user@example.com",
            subject="Test",
            body="Hello"
        )
        
        assert result is True
        mock_post.assert_called_once()


# Testing concurrent operations
async def test_concurrent_updates(async_session):
    """Test handling of concurrent database operations."""
    from app.models import Counter
    
    counter = Counter(value=0)
    async_session.add(counter)
    await async_session.commit()
    
    # Simulate concurrent increments
    async def increment():
        # In real scenario, this would be separate requests
        result = await async_session.execute(
            select(Counter).where(Counter.id == counter.id)
        )
        c = result.scalar_one()
        c.value += 1
        await async_session.commit()
    
    # Run concurrently
    await asyncio.gather(increment(), increment(), increment())
    
    # Verify (note: this might show race conditions in real code)
    result = await async_session.execute(
        select(Counter).where(Counter.id == counter.id)
    )
    final = result.scalar_one()
    assert final.value == 3


# Testing background tasks
async def test_background_task_execution():
    """Test that background tasks are properly queued."""
    from fastapi import BackgroundTasks
    
    tasks_executed = []
    
    async def background_task(item_id: str):
        tasks_executed.append(item_id)
    
    # Note: BackgroundTasks in FastAPI need to be tested via TestClient
    # or by extracting the task function and testing directly
    await background_task("item-123")
    
    assert "item-123" in tasks_executed


# Testing WebSocket connections (async)
async def test_websocket():
    """Test WebSocket endpoint."""
    from starlette.testclient import TestClient
    from app.main import app
    
    client = TestClient(app)
    
    with client.websocket_connect("/ws/chat") as websocket:
        # Send message
        websocket.send_json({"message": "Hello"})
        
        # Receive response
        data = websocket.receive_json()
        assert data["type"] == "message"
        assert "Hello" in data["content"]


# Testing with timeouts
async def test_with_timeout():
    """Test async operations with timeout."""
    from asyncio import wait_for, TimeoutError
    
    async def slow_operation():
        await asyncio.sleep(10)
        return "completed"
    
    # Should timeout
    with pytest.raises(TimeoutError):
        await wait_for(slow_operation(), timeout=1.0)


# Parametrized async tests
@pytest.mark.parametrize("username,expected", [
    ("alice", True),
    ("bob", True),
    ("charlie", False),
])
async def test_user_exists_parametrized(username, expected, async_session):
    """Test with multiple parameters."""
    from app.models import User
    
    result = await async_session.execute(
        select(User).where(User.username == username)
    )
    user = result.scalar_one_or_none()
    
    assert (user is not None) == expected
```

---

### 15.5 Test Database Management: Isolated Test Databases

For true integration tests, you need a real database that rolls back changes after each test to ensure isolation.

#### Transaction Rollback Pattern

```python
# conftest.py - Pytest configuration and shared fixtures
import pytest
import pytest_asyncio
from sqlalchemy.ext.asyncio import create_async_engine, AsyncSession, async_sessionmaker
from sqlalchemy import event
from typing import AsyncGenerator

from app.database import Base, get_db
from app.main import app

# Test database URL (separate from dev/production)
TEST_DATABASE_URL = "postgresql+asyncpg://user:pass@localhost:5432/test_db"

@pytest_asyncio.fixture(scope="session")
async def engine():
    """
    Create engine for entire test session.
    
    Creates test database if it doesn't exist.
    """
    # Create engine
    engine = create_async_engine(
        TEST_DATABASE_URL,
        echo=False,
        future=True,
    )
    
    # Create all tables
    async with engine.begin() as conn:
        await conn.run_sync(Base.metadata.create_all)
    
    yield engine
    
    # Cleanup: Drop all tables
    async with engine.begin() as conn:
        await conn.run_sync(Base.metadata.drop_all)
    
    await engine.dispose()


@pytest_asyncio.fixture
async def db_session(engine) -> AsyncGenerator[AsyncSession, None]:
    """
    Create transaction-scoped session.
    
    This is the key pattern for test isolation:
    1. Begin nested transaction (savepoint)
    2. Yield session for test
    3. Rollback savepoint (undo all changes)
    4. No data persists between tests!
    """
    # Connect to engine
    async with engine.connect() as connection:
        # Begin nested transaction (savepoint)
        # This allows rollback without affecting other connections
        async with connection.begin_nested() as transaction:
            # Create session bound to this connection
            session = AsyncSession(
                bind=connection,
                expire_on_commit=False,
                autocommit=False,
                autoflush=False,
            )
            
            # Begin session transaction
            await session.begin()
            
            yield session
            
            # Cleanup: Rollback everything
            await session.rollback()
            await transaction.rollback()
            
            # Close session
            await session.close()


@pytest.fixture
def client(db_session):
    """
    TestClient with database session overridden.
    
    Uses the transaction-scoped session from db_session fixture.
    """
    async def override_get_db():
        yield db_session
    
    app.dependency_overrides[get_db] = override_get_db
    
    with TestClient(app) as test_client:
        yield test_client
    
    app.dependency_overrides.clear()


# Usage in tests
def test_user_creation_isolated(client, db_session):
    """
    Test that demonstrates transaction isolation.
    
    Even though we commit in the endpoint, the test transaction
    rolls back, leaving no trace in the database.
    """
    # Create user
    response = client.post(
        "/auth/register",
        json={
            "username": "isolated",
            "email": "isolated@example.com",
            "password": "TestPass123!"
        }
    )
    assert response.status_code == 201
    
    # Verify user exists in current session
    result = await db_session.execute(
        select(User).where(User.username == "isolated")
    )
    user = result.scalar_one_or_none()
    assert user is not None
    
    # After test completes, transaction rolls back
    # User does not exist in database for next test
```

---

### Summary

In this chapter, you mastered testing strategies for FastAPI applications:

1. **`TestClient`**: Used Starlette's `TestClient` for synchronous testing of async applications, handling the event loop internally while providing a familiar requests-like interface.

2. **Authentication Testing**: Implemented fixtures for test users, token generation, and cookie-based auth. Tested both successful authentication flows and security failures (wrong passwords, expired tokens, missing credentials).

3. **Dependency Overriding**: Replaced real database connections and external APIs with mocks using `app.dependency_overrides`, enabling isolated unit tests without external dependencies.

4. **Async Testing**: Used `pytest-asyncio` for testing async functions directly, including database operations, concurrent execution, WebSocket connections, and timeout handling.

5. **Test Database Management**: Implemented the transaction rollback pattern with nested savepoints, ensuring test isolation where each test runs in a transaction that rolls back, leaving no persistent changes.

**Testing Best Practices:**
- Use `TestClient` for HTTP endpoint testing
- Mock external dependencies to avoid network calls
- Use transaction rollback for database isolation
- Test both success and failure paths
- Test authentication and authorization explicitly
- Keep tests fast (avoid real network calls, use in-memory or test DBs)

---

### What's Next?

**Chapter 16: Code Quality** will cover:
- **Linting and Formatting**: Using `ruff` for fast Python linting and `black` for consistent code formatting, integrated with pre-commit hooks
- **Type Checking**: Integrating `mypy` with FastAPI to catch type errors before runtime, including Pydantic model validation and SQLAlchemy type stubs
- **Pre-commit Hooks**: Automating quality checks before code is committed using the pre-commit framework
- **CI/CD Integration**: Setting up GitHub Actions workflows to run tests, linting, and type checking on pull requests

This next chapter ensures your codebase maintains professional standards through automated quality assurance.