2026-02-05 15:13:06 +08:00
|
|
|
from __future__ import annotations
|
|
|
|
|
|
|
|
|
|
import pytest
|
|
|
|
|
|
2026-02-25 10:20:43 +08:00
|
|
|
import v1.auth.gateway as auth_gateway_module
|
2026-02-24 16:38:30 +08:00
|
|
|
from v1.auth.schemas import (
|
2026-02-05 15:13:06 +08:00
|
|
|
AuthUser,
|
2026-03-07 14:55:00 +08:00
|
|
|
PasswordResetConfirmRequest,
|
|
|
|
|
PasswordResetRequest,
|
2026-02-26 14:08:10 +08:00
|
|
|
SessionCreateRequest,
|
|
|
|
|
SessionRefreshRequest,
|
|
|
|
|
SessionResponse,
|
|
|
|
|
UserByEmailResponse,
|
|
|
|
|
VerificationCreateRequest,
|
|
|
|
|
VerificationCreateResponse,
|
|
|
|
|
VerificationResendRequest,
|
|
|
|
|
VerificationVerifyRequest,
|
2026-02-05 15:13:06 +08:00
|
|
|
)
|
|
|
|
|
from v1.auth.service import AuthService, AuthServiceGateway
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class FakeGateway(AuthServiceGateway):
|
2026-02-26 14:08:10 +08:00
|
|
|
def __init__(self, response: SessionResponse) -> None:
|
2026-02-05 15:13:06 +08:00
|
|
|
self._response = response
|
2026-03-12 16:41:45 +08:00
|
|
|
self.last_create_verification_request: VerificationCreateRequest | None = None
|
2026-02-05 15:13:06 +08:00
|
|
|
|
2026-02-26 14:08:10 +08:00
|
|
|
async def create_verification(
|
|
|
|
|
self, request: VerificationCreateRequest
|
|
|
|
|
) -> VerificationCreateResponse:
|
2026-03-12 16:41:45 +08:00
|
|
|
self.last_create_verification_request = request
|
2026-02-26 14:08:10 +08:00
|
|
|
return VerificationCreateResponse(email=request.email)
|
2026-02-25 13:34:02 +08:00
|
|
|
|
2026-02-26 14:08:10 +08:00
|
|
|
async def verify_verification(
|
|
|
|
|
self, request: VerificationVerifyRequest
|
|
|
|
|
) -> SessionResponse:
|
2026-02-05 15:13:06 +08:00
|
|
|
return self._response
|
|
|
|
|
|
2026-02-26 14:08:10 +08:00
|
|
|
async def resend_verification(self, request: VerificationResendRequest) -> None:
|
|
|
|
|
return None
|
2026-02-25 13:34:02 +08:00
|
|
|
|
2026-02-26 14:08:10 +08:00
|
|
|
async def create_session(self, request: SessionCreateRequest) -> SessionResponse:
|
2026-02-05 15:13:06 +08:00
|
|
|
return self._response
|
|
|
|
|
|
2026-02-26 14:08:10 +08:00
|
|
|
async def refresh_session(self, request: SessionRefreshRequest) -> SessionResponse:
|
2026-02-05 15:13:06 +08:00
|
|
|
return self._response
|
|
|
|
|
|
2026-02-26 14:08:10 +08:00
|
|
|
async def delete_session(self, refresh_token: str | None) -> None:
|
2026-02-05 15:13:06 +08:00
|
|
|
return None
|
|
|
|
|
|
2026-02-26 14:08:10 +08:00
|
|
|
async def get_user_by_email(self, email: str) -> UserByEmailResponse:
|
2026-03-07 14:55:00 +08:00
|
|
|
raise NotImplementedError
|
2026-02-25 13:34:02 +08:00
|
|
|
|
2026-03-07 14:55:00 +08:00
|
|
|
async def request_password_reset(self, request: PasswordResetRequest) -> None:
|
|
|
|
|
raise NotImplementedError
|
2026-02-05 15:13:06 +08:00
|
|
|
|
2026-03-07 14:55:00 +08:00
|
|
|
async def confirm_password_reset(
|
|
|
|
|
self, request: PasswordResetConfirmRequest
|
|
|
|
|
) -> None:
|
|
|
|
|
raise NotImplementedError
|
2026-02-05 15:13:06 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
class LogoutAssertingGateway(AuthServiceGateway):
|
|
|
|
|
def __init__(self, expected_refresh_token: str) -> None:
|
|
|
|
|
self._expected_refresh_token = expected_refresh_token
|
|
|
|
|
|
2026-02-26 14:08:10 +08:00
|
|
|
async def create_verification(
|
|
|
|
|
self, request: VerificationCreateRequest
|
|
|
|
|
) -> VerificationCreateResponse:
|
2026-02-25 13:34:02 +08:00
|
|
|
raise NotImplementedError
|
|
|
|
|
|
2026-02-26 14:08:10 +08:00
|
|
|
async def verify_verification(
|
|
|
|
|
self, request: VerificationVerifyRequest
|
|
|
|
|
) -> SessionResponse:
|
2026-02-25 13:34:02 +08:00
|
|
|
raise NotImplementedError
|
|
|
|
|
|
2026-02-26 14:08:10 +08:00
|
|
|
async def resend_verification(self, request: VerificationResendRequest) -> None:
|
2026-02-05 15:13:06 +08:00
|
|
|
raise NotImplementedError
|
|
|
|
|
|
2026-02-26 14:08:10 +08:00
|
|
|
async def create_session(self, request: SessionCreateRequest) -> SessionResponse:
|
2026-02-05 15:13:06 +08:00
|
|
|
raise NotImplementedError
|
|
|
|
|
|
2026-02-26 14:08:10 +08:00
|
|
|
async def refresh_session(self, request: SessionRefreshRequest) -> SessionResponse:
|
2026-02-05 15:13:06 +08:00
|
|
|
raise NotImplementedError
|
|
|
|
|
|
2026-02-26 14:08:10 +08:00
|
|
|
async def delete_session(self, refresh_token: str | None) -> None:
|
2026-02-05 15:13:06 +08:00
|
|
|
assert refresh_token == self._expected_refresh_token
|
|
|
|
|
|
2026-02-26 14:08:10 +08:00
|
|
|
async def get_user_by_email(self, email: str) -> UserByEmailResponse:
|
2026-02-25 10:20:43 +08:00
|
|
|
raise NotImplementedError
|
|
|
|
|
|
2026-03-07 14:55:00 +08:00
|
|
|
async def request_password_reset(self, request: PasswordResetRequest) -> None:
|
|
|
|
|
raise NotImplementedError
|
|
|
|
|
|
|
|
|
|
async def confirm_password_reset(
|
|
|
|
|
self, request: PasswordResetConfirmRequest
|
|
|
|
|
) -> None:
|
|
|
|
|
raise NotImplementedError
|
|
|
|
|
|
2026-02-05 15:13:06 +08:00
|
|
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
|
|
|
async def test_logout_forwards_refresh_token() -> None:
|
|
|
|
|
service = AuthService(gateway=LogoutAssertingGateway("refresh-token"))
|
|
|
|
|
|
2026-02-26 14:08:10 +08:00
|
|
|
await service.delete_session("refresh-token")
|
2026-02-25 10:20:43 +08:00
|
|
|
|
|
|
|
|
|
2026-02-25 13:34:02 +08:00
|
|
|
@pytest.mark.asyncio
|
2026-02-26 14:08:10 +08:00
|
|
|
async def test_signup_resend_returns_none() -> None:
|
2026-02-25 13:34:02 +08:00
|
|
|
user = AuthUser(id="user-1", email="user@example.com")
|
2026-02-26 14:08:10 +08:00
|
|
|
token_response = SessionResponse(
|
2026-02-25 13:34:02 +08:00
|
|
|
access_token="access",
|
|
|
|
|
refresh_token="refresh",
|
|
|
|
|
expires_in=3600,
|
|
|
|
|
token_type="bearer",
|
|
|
|
|
user=user,
|
|
|
|
|
)
|
|
|
|
|
service = AuthService(gateway=FakeGateway(token_response))
|
|
|
|
|
|
2026-02-26 14:08:10 +08:00
|
|
|
result = await service.resend_verification(
|
|
|
|
|
VerificationResendRequest(email="user@example.com")
|
|
|
|
|
)
|
2026-02-25 13:34:02 +08:00
|
|
|
|
2026-02-26 14:08:10 +08:00
|
|
|
assert result is None
|
2026-02-25 13:34:02 +08:00
|
|
|
|
|
|
|
|
|
2026-03-12 16:41:45 +08:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
|
async def test_create_verification_ignores_invalid_invite_code() -> None:
|
|
|
|
|
user = AuthUser(id="user-1", email="user@example.com")
|
|
|
|
|
token_response = SessionResponse(
|
|
|
|
|
access_token="access",
|
|
|
|
|
refresh_token="refresh",
|
|
|
|
|
expires_in=3600,
|
|
|
|
|
token_type="bearer",
|
|
|
|
|
user=user,
|
|
|
|
|
)
|
|
|
|
|
gateway = FakeGateway(token_response)
|
|
|
|
|
service = AuthService(gateway=gateway)
|
|
|
|
|
|
|
|
|
|
await service.create_verification(
|
|
|
|
|
VerificationCreateRequest(
|
|
|
|
|
username="demo",
|
|
|
|
|
email="user@example.com",
|
|
|
|
|
password="secret123",
|
|
|
|
|
invite_code="bad-code",
|
|
|
|
|
)
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
assert gateway.last_create_verification_request is not None
|
|
|
|
|
assert gateway.last_create_verification_request.invite_code is None
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
|
|
|
async def test_create_verification_normalizes_valid_invite_code() -> None:
|
|
|
|
|
user = AuthUser(id="user-1", email="user@example.com")
|
|
|
|
|
token_response = SessionResponse(
|
|
|
|
|
access_token="access",
|
|
|
|
|
refresh_token="refresh",
|
|
|
|
|
expires_in=3600,
|
|
|
|
|
token_type="bearer",
|
|
|
|
|
user=user,
|
|
|
|
|
)
|
|
|
|
|
gateway = FakeGateway(token_response)
|
|
|
|
|
service = AuthService(gateway=gateway)
|
|
|
|
|
|
|
|
|
|
await service.create_verification(
|
|
|
|
|
VerificationCreateRequest(
|
|
|
|
|
username="demo",
|
|
|
|
|
email="user@example.com",
|
|
|
|
|
password="secret123",
|
|
|
|
|
invite_code="a2b3",
|
|
|
|
|
)
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
assert gateway.last_create_verification_request is not None
|
|
|
|
|
assert gateway.last_create_verification_request.invite_code == "A2B3"
|
|
|
|
|
|
|
|
|
|
|
2026-02-25 10:20:43 +08:00
|
|
|
@pytest.mark.asyncio
|
|
|
|
|
async def test_supabase_signup_passes_username_in_metadata(
|
|
|
|
|
monkeypatch: pytest.MonkeyPatch,
|
|
|
|
|
) -> None:
|
|
|
|
|
captured_payload: dict[str, object] = {}
|
|
|
|
|
|
|
|
|
|
class FakeSupabaseAuth:
|
|
|
|
|
def sign_up(self, payload: dict[str, object]) -> object:
|
|
|
|
|
captured_payload.update(payload)
|
|
|
|
|
|
|
|
|
|
class _User:
|
|
|
|
|
id = "user-1"
|
|
|
|
|
email = "user@example.com"
|
|
|
|
|
|
|
|
|
|
class _Session:
|
|
|
|
|
access_token = "access"
|
|
|
|
|
refresh_token = "refresh"
|
|
|
|
|
expires_in = 3600
|
|
|
|
|
token_type = "bearer"
|
|
|
|
|
|
|
|
|
|
class _Response:
|
|
|
|
|
user = _User()
|
2026-02-25 13:34:02 +08:00
|
|
|
session = None
|
2026-02-25 10:20:43 +08:00
|
|
|
|
|
|
|
|
return _Response()
|
|
|
|
|
|
|
|
|
|
class FakeClient:
|
|
|
|
|
auth = FakeSupabaseAuth()
|
|
|
|
|
|
2026-03-07 14:55:00 +08:00
|
|
|
monkeypatch.setattr(
|
|
|
|
|
auth_gateway_module.supabase_service, "get_client", lambda: FakeClient()
|
|
|
|
|
)
|
2026-02-25 10:20:43 +08:00
|
|
|
|
|
|
|
|
gateway = auth_gateway_module.SupabaseAuthGateway()
|
2026-02-26 14:08:10 +08:00
|
|
|
await gateway.create_verification(
|
|
|
|
|
VerificationCreateRequest(
|
2026-02-25 10:20:43 +08:00
|
|
|
username="demo",
|
|
|
|
|
email="user@example.com",
|
|
|
|
|
password="secret123",
|
|
|
|
|
)
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
assert captured_payload["data"] == {"username": "demo"}
|
