qzl/social-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dbd3f68dd45afcd90d733b5e3db305b1463d0fa8
social-app/backend/tests/integration/test_auth_routes.py
T

888 lines
28 KiB
Python
Raw Normal View History

refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
from __future__ import annotations
from typing import Callable
feat: complete auth/profile username migration and runtime safeguards
2026-02-25 10:20:43 +08:00
from uuid import UUID
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
import pytest
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
from fastapi import HTTPException
from fastapi.testclient import TestClient
from app import app
feat: complete auth/profile username migration and runtime safeguards
2026-02-25 10:20:43 +08:00
from core.auth.models import CurrentUser
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
from v1.auth.dependencies import get_auth_service
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
from v1.users.dependencies import get_current_user
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
from v1.auth.rate_limit import reset_rate_limit_state
fix: 恢复Celery配置 + 修复测试文件
2026-02-24 16:38:30 +08:00
from v1.auth.schemas import (
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
AuthUser,
feat: 实现密码重置功能与用户搜索API,优化注册登录流程
2026-02-27 15:22:42 +08:00
PasswordResetConfirmRequest,
PasswordResetRequest,
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
SessionCreateRequest,
SessionRefreshRequest,
SessionResponse,
UserByEmailResponse,
VerificationCreateRequest,
VerificationCreateResponse,
VerificationResendRequest,
VerificationVerifyRequest,
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
)
from v1.auth.service import AuthService
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
@pytest.fixture(autouse=True)
def reset_auth_rate_limit_state() -> None:
reset_rate_limit_state()
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
class FakeAuthService(AuthService):
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
def __init__(self, token_response: SessionResponse) -> None:
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
self._token_response = token_response
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
async def create_verification(
self, request: VerificationCreateRequest
) -> VerificationCreateResponse:
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
if request.email == "exists@example.com":
raise HTTPException(status_code=422, detail="Invalid signup request")
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
return VerificationCreateResponse(email=request.email)
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
async def verify_verification(
self, request: VerificationVerifyRequest
) -> SessionResponse:
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
if request.token == "000000":
raise HTTPException(status_code=401, detail="Invalid verification code")
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
return self._token_response
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
async def resend_verification(self, request: VerificationResendRequest) -> None:
return None
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
async def create_session(self, request: SessionCreateRequest) -> SessionResponse:
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
raise HTTPException(status_code=401, detail="Invalid credentials")
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
async def refresh_session(self, request: SessionRefreshRequest) -> SessionResponse:
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
raise HTTPException(status_code=401, detail="Invalid refresh token")
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
async def delete_session(self, refresh_token: str | None) -> None:
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
return None
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
async def get_user_by_email(self, email: str) -> UserByEmailResponse:
feat: complete auth/profile username migration and runtime safeguards
2026-02-25 10:20:43 +08:00
if email == "missing@example.com":
raise HTTPException(status_code=404, detail="User not found")
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
return UserByEmailResponse(
feat: complete auth/profile username migration and runtime safeguards
2026-02-25 10:20:43 +08:00
id="user-1",
email=email,
created_at="2026-02-24T00:00:00Z",
email_confirmed_at=None,
)
feat: 实现密码重置功能与用户搜索API,优化注册登录流程
2026-02-27 15:22:42 +08:00
async def request_password_reset(self, request: PasswordResetRequest) -> None:
return None
async def confirm_password_reset(
self, request: PasswordResetConfirmRequest
) -> None:
if request.token == "000000":
raise HTTPException(
status_code=401, detail="Invalid or expired verification code"
)
return None
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
def _override_auth_service(service: AuthService) -> Callable[[], AuthService]:
def _get_service() -> AuthService:
return service
return _get_service
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
def test_signup_start_returns_pending_response() -> None:
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
user = AuthUser(id="user-1", email="user@example.com")
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
token_response = SessionResponse(
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(token_response)
)
client = TestClient(app)
try:
response = client.post(
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
"/api/v1/auth/verifications",
feat: complete auth/profile username migration and runtime safeguards
2026-02-25 10:20:43 +08:00
json={
"username": "demo",
"email": "user@example.com",
"password": "secret123",
},
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
)
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
assert response.status_code == 202
test: verify signup_start response only contains email
2026-02-26 14:12:39 +08:00
assert response.json() == {"email": "user@example.com"}
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
finally:
app.dependency_overrides = {}
def test_signup_verify_returns_token_response() -> None:
user = AuthUser(id="user-1", email="user@example.com")
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
token_response = SessionResponse(
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(token_response)
)
client = TestClient(app)
try:
response = client.post(
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
"/api/v1/auth/verifications/verify",
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
json={"email": "user@example.com", "token": "123456"},
)
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
assert response.status_code == 200
body = response.json()
assert body["access_token"] == "access"
assert body["refresh_token"] == "refresh"
assert body["user"]["email"] == "user@example.com"
finally:
app.dependency_overrides = {}
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
def test_signup_resend_returns_generic_message() -> None:
user = AuthUser(id="user-1", email="user@example.com")
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
token_response = SessionResponse(
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(token_response)
)
client = TestClient(app)
try:
response = client.post(
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
"/api/v1/auth/verifications/resend",
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
json={"email": "user@example.com"},
)
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
assert response.status_code == 204
assert response.content == b""
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
finally:
app.dependency_overrides = {}
def test_signup_verify_invalid_token_returns_problem_details() -> None:
user = AuthUser(id="user-1", email="user@example.com")
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
token_response = SessionResponse(
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(token_response)
)
client = TestClient(app)
try:
response = client.post(
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
"/api/v1/auth/verifications/verify",
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
json={"email": "user@example.com", "token": "000000"},
)
assert response.status_code == 401
assert response.headers["content-type"].startswith("application/problem+json")
body = response.json()
assert body["title"] == "Unauthorized"
assert body["status"] == 401
assert body["detail"] == "Invalid verification code"
finally:
app.dependency_overrides = {}
def test_signup_start_existing_email_returns_problem_details() -> None:
user = AuthUser(id="user-1", email="user@example.com")
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
token_response = SessionResponse(
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(token_response)
)
client = TestClient(app)
try:
response = client.post(
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
"/api/v1/auth/verifications",
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
json={
"username": "demo",
"email": "exists@example.com",
"password": "secret123",
},
)
assert response.status_code == 422
assert response.headers["content-type"].startswith("application/problem+json")
body = response.json()
assert body["title"] == "Unprocessable Content"
assert body["status"] == 422
assert body["detail"] == "Invalid signup request"
finally:
app.dependency_overrides = {}
def test_signup_verify_rate_limited_after_too_many_attempts() -> None:
user = AuthUser(id="user-1", email="user@example.com")
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
token_response = SessionResponse(
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(token_response)
)
client = TestClient(app)
try:
for _ in range(10):
ok = client.post(
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
"/api/v1/auth/verifications/verify",
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
json={"email": "user@example.com", "token": "123456"},
)
assert ok.status_code == 200
blocked = client.post(
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
"/api/v1/auth/verifications/verify",
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
json={"email": "user@example.com", "token": "123456"},
)
assert blocked.status_code == 429
assert blocked.headers["content-type"].startswith("application/problem+json")
finally:
app.dependency_overrides = {}
def test_signup_resend_rate_limited_after_too_many_attempts() -> None:
user = AuthUser(id="user-1", email="user@example.com")
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
token_response = SessionResponse(
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(token_response)
)
client = TestClient(app)
try:
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
for _ in range(5):
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
ok = client.post(
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
"/api/v1/auth/verifications/resend",
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
json={"email": "user@example.com"},
)
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
assert ok.status_code == 204
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
blocked = client.post(
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
"/api/v1/auth/verifications/resend",
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
json={"email": "user@example.com"},
)
assert blocked.status_code == 429
assert blocked.headers["content-type"].startswith("application/problem+json")
finally:
app.dependency_overrides = {}
def test_signup_start_rate_limited_after_too_many_attempts() -> None:
user = AuthUser(id="user-1", email="user@example.com")
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
token_response = SessionResponse(
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(token_response)
)
client = TestClient(app)
try:
for _ in range(5):
ok = client.post(
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
"/api/v1/auth/verifications",
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
json={
"username": "demo",
"email": "user@example.com",
"password": "secret123",
},
)
assert ok.status_code == 202
blocked = client.post(
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
"/api/v1/auth/verifications",
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
json={
"username": "demo",
"email": "user@example.com",
"password": "secret123",
},
)
assert blocked.status_code == 429
assert blocked.headers["content-type"].startswith("application/problem+json")
finally:
app.dependency_overrides = {}
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
def test_login_invalid_returns_problem_details() -> None:
user = AuthUser(id="user-1", email="user@example.com")
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
token_response = SessionResponse(
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(token_response)
)
client = TestClient(app)
try:
response = client.post(
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
"/api/v1/auth/sessions",
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
json={"email": "user@example.com", "password": "wrongpw"},
)
assert response.status_code == 401
assert response.headers["content-type"].startswith("application/problem+json")
body = response.json()
assert body["title"] == "Unauthorized"
assert body["status"] == 401
assert body["detail"] == "Invalid credentials"
finally:
app.dependency_overrides = {}
def test_refresh_invalid_returns_problem_details() -> None:
user = AuthUser(id="user-1", email="user@example.com")
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
token_response = SessionResponse(
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(token_response)
)
client = TestClient(app)
try:
response = client.post(
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
"/api/v1/auth/sessions/refresh",
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
json={"refresh_token": "invalid"},
)
assert response.status_code == 401
assert response.headers["content-type"].startswith("application/problem+json")
body = response.json()
assert body["title"] == "Unauthorized"
assert body["status"] == 401
assert body["detail"] == "Invalid refresh token"
finally:
app.dependency_overrides = {}
def test_logout_returns_no_content() -> None:
user = AuthUser(id="user-1", email="user@example.com")
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
token_response = SessionResponse(
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(token_response)
)
client = TestClient(app)
try:
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
response = client.request(
"DELETE",
"/api/v1/auth/sessions",
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
json={"refresh_token": "refresh"},
)
assert response.status_code == 204
assert response.content == b""
finally:
app.dependency_overrides = {}
feat(agent-chat): complete core workflow and strengthen auth rate limiting
2026-02-25 16:51:12 +08:00
def test_login_rate_limited_after_too_many_attempts() -> None:
user = AuthUser(id="user-1", email="user@example.com")
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
token_response = SessionResponse(
feat(agent-chat): complete core workflow and strengthen auth rate limiting
2026-02-25 16:51:12 +08:00
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(token_response)
)
client = TestClient(app)
try:
for _ in range(10):
blocked = client.post(
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
"/api/v1/auth/sessions",
feat(agent-chat): complete core workflow and strengthen auth rate limiting
2026-02-25 16:51:12 +08:00
json={"email": "user@example.com", "password": "wrongpw"},
)
assert blocked.status_code == 401
blocked = client.post(
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
"/api/v1/auth/sessions",
feat(agent-chat): complete core workflow and strengthen auth rate limiting
2026-02-25 16:51:12 +08:00
json={"email": "user@example.com", "password": "wrongpw"},
)
assert blocked.status_code == 429
assert blocked.headers["content-type"].startswith("application/problem+json")
body = blocked.json()
assert body["detail"] == "Too many requests"
finally:
app.dependency_overrides = {}
def test_refresh_rate_limited_after_too_many_attempts() -> None:
user = AuthUser(id="user-1", email="user@example.com")
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
token_response = SessionResponse(
feat(agent-chat): complete core workflow and strengthen auth rate limiting
2026-02-25 16:51:12 +08:00
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(token_response)
)
client = TestClient(app)
try:
for _ in range(10):
blocked = client.post(
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
"/api/v1/auth/sessions/refresh",
feat(agent-chat): complete core workflow and strengthen auth rate limiting
2026-02-25 16:51:12 +08:00
json={"refresh_token": "invalid"},
)
assert blocked.status_code == 401
blocked = client.post(
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
"/api/v1/auth/sessions/refresh",
feat(agent-chat): complete core workflow and strengthen auth rate limiting
2026-02-25 16:51:12 +08:00
json={"refresh_token": "invalid"},
)
assert blocked.status_code == 429
assert blocked.headers["content-type"].startswith("application/problem+json")
body = blocked.json()
assert body["detail"] == "Too many requests"
finally:
app.dependency_overrides = {}
def test_logout_rate_limited_after_too_many_attempts() -> None:
user = AuthUser(id="user-1", email="user@example.com")
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
token_response = SessionResponse(
feat(agent-chat): complete core workflow and strengthen auth rate limiting
2026-02-25 16:51:12 +08:00
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(token_response)
)
client = TestClient(app)
try:
for _ in range(10):
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
ok = client.request(
"DELETE",
"/api/v1/auth/sessions",
feat(agent-chat): complete core workflow and strengthen auth rate limiting
2026-02-25 16:51:12 +08:00
json={"refresh_token": "refresh"},
)
assert ok.status_code == 204
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
blocked = client.request(
"DELETE",
"/api/v1/auth/sessions",
feat(agent-chat): complete core workflow and strengthen auth rate limiting
2026-02-25 16:51:12 +08:00
json={"refresh_token": "refresh"},
)
assert blocked.status_code == 429
assert blocked.headers["content-type"].startswith("application/problem+json")
body = blocked.json()
assert body["detail"] == "Too many requests"
finally:
app.dependency_overrides = {}
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
def test_signup_start_validation_error_returns_problem_details() -> None:
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
user = AuthUser(id="user-1", email="user@example.com")
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
token_response = SessionResponse(
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(token_response)
)
client = TestClient(app)
try:
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
response = client.post("/api/v1/auth/verifications", json={})
refactor: align backend layout and supabase infra
2026-02-05 15:13:06 +08:00
assert response.status_code == 422
assert response.headers["content-type"].startswith("application/problem+json")
body = response.json()
assert body["title"] == "Unprocessable Content"
assert body["status"] == 422
assert body["detail"] == "Invalid request"
finally:
app.dependency_overrides = {}
feat: complete auth/profile username migration and runtime safeguards
2026-02-25 10:20:43 +08:00
feat(auth): switch signup to OTP verification flow
2026-02-25 13:34:02 +08:00
def test_signup_start_missing_username_returns_problem_details() -> None:
feat: complete auth/profile username migration and runtime safeguards
2026-02-25 10:20:43 +08:00
user = AuthUser(id="user-1", email="user@example.com")
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
token_response = SessionResponse(
feat: complete auth/profile username migration and runtime safeguards
2026-02-25 10:20:43 +08:00
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(token_response)
)
client = TestClient(app)
try:
response = client.post(
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
"/api/v1/auth/verifications",
feat: complete auth/profile username migration and runtime safeguards
2026-02-25 10:20:43 +08:00
json={"email": "user@example.com", "password": "secret123"},
)
assert response.status_code == 422
assert response.headers["content-type"].startswith("application/problem+json")
body = response.json()
assert body["title"] == "Unprocessable Content"
assert body["status"] == 422
assert body["detail"] == "Invalid request"
finally:
app.dependency_overrides = {}
def test_get_user_by_email_returns_user() -> None:
user = AuthUser(id="user-1", email="user@example.com")
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
token_response = SessionResponse(
feat: complete auth/profile username migration and runtime safeguards
2026-02-25 10:20:43 +08:00
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(token_response)
)
app.dependency_overrides[get_current_user] = lambda: CurrentUser(
id=UUID("00000000-0000-0000-0000-000000000001"),
email="user@example.com",
)
client = TestClient(app)
try:
response = client.get(
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
"/api/v1/auth/users",
feat: complete auth/profile username migration and runtime safeguards
2026-02-25 10:20:43 +08:00
params={"email": "user@example.com"},
)
assert response.status_code == 200
body = response.json()
assert body["email"] == "user@example.com"
assert body["id"] == "user-1"
finally:
app.dependency_overrides = {}
def test_get_user_by_email_not_found_returns_problem_details() -> None:
user = AuthUser(id="user-1", email="user@example.com")
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
token_response = SessionResponse(
feat: complete auth/profile username migration and runtime safeguards
2026-02-25 10:20:43 +08:00
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(token_response)
)
app.dependency_overrides[get_current_user] = lambda: CurrentUser(
id=UUID("00000000-0000-0000-0000-000000000001"),
email="missing@example.com",
)
client = TestClient(app)
try:
response = client.get(
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
"/api/v1/auth/users",
feat: complete auth/profile username migration and runtime safeguards
2026-02-25 10:20:43 +08:00
params={"email": "missing@example.com"},
)
assert response.status_code == 404
assert response.headers["content-type"].startswith("application/problem+json")
body = response.json()
assert body["title"] == "Not Found"
assert body["status"] == 404
assert body["detail"] == "User not found"
finally:
app.dependency_overrides = {}
def test_get_user_by_email_forbidden_when_querying_other_user() -> None:
user = AuthUser(id="user-1", email="user@example.com")
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
token_response = SessionResponse(
feat: complete auth/profile username migration and runtime safeguards
2026-02-25 10:20:43 +08:00
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(token_response)
)
app.dependency_overrides[get_current_user] = lambda: CurrentUser(
id=UUID("00000000-0000-0000-0000-000000000001"),
email="self@example.com",
)
client = TestClient(app)
try:
response = client.get(
test: update integration tests for RESTful routes
2026-02-26 14:08:10 +08:00
"/api/v1/auth/users",
feat: complete auth/profile username migration and runtime safeguards
2026-02-25 10:20:43 +08:00
params={"email": "target@example.com"},
)
assert response.status_code == 403
assert response.headers["content-type"].startswith("application/problem+json")
body = response.json()
assert body["title"] == "Forbidden"
assert body["status"] == 403
assert body["detail"] == "Forbidden"
finally:
app.dependency_overrides = {}
feat: 实现密码重置功能与用户搜索API,优化注册登录流程
2026-02-27 15:22:42 +08:00
def test_password_reset_request_returns_204() -> None:
user = AuthUser(id="user-1", email="user@example.com")
token_response = SessionResponse(
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(token_response)
)
client = TestClient(app)
try:
response = client.post(
"/api/v1/auth/password-reset",
json={"email": "user@example.com"},
)
assert response.status_code == 204
finally:
app.dependency_overrides = {}
def test_password_reset_confirm_returns_204() -> None:
user = AuthUser(id="user-1", email="user@example.com")
token_response = SessionResponse(
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(token_response)
)
client = TestClient(app)
try:
response = client.post(
"/api/v1/auth/password-reset/confirm",
json={
"email": "user@example.com",
"token": "123456",
"new_password": "newpassword123",
},
)
assert response.status_code == 204
finally:
app.dependency_overrides = {}
def test_password_reset_confirm_invalid_token_returns_401() -> None:
user = AuthUser(id="user-1", email="user@example.com")
token_response = SessionResponse(
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(token_response)
)
client = TestClient(app)
try:
response = client.post(
"/api/v1/auth/password-reset/confirm",
json={
"email": "user@example.com",
"token": "000000",
"new_password": "newpassword123",
},
)
assert response.status_code == 401
assert response.headers["content-type"].startswith("application/problem+json")
body = response.json()
assert body["title"] == "Unauthorized"
assert body["status"] == 401
finally:
app.dependency_overrides = {}
def test_password_reset_confirm_weak_password_returns_422() -> None:
user = AuthUser(id="user-1", email="user@example.com")
token_response = SessionResponse(
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(token_response)
)
client = TestClient(app)
try:
response = client.post(
"/api/v1/auth/password-reset/confirm",
json={
"email": "user@example.com",
"token": "123456",
"new_password": "123",
},
)
assert response.status_code == 422
assert response.headers["content-type"].startswith("application/problem+json")
finally:
app.dependency_overrides = {}
test: add invite code validation tests and fix migration rollback
2026-02-28 10:56:09 +08:00
class TestInviteCodeSignup:
def test_signup_with_valid_invite_code_returns_202(self) -> None:
user = AuthUser(id="user-1", email="user@example.com")
token_response = SessionResponse(
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(token_response)
)
client = TestClient(app)
try:
response = client.post(
"/api/v1/auth/verifications",
json={
"username": "demo",
"email": "user@example.com",
"password": "secret123",
"invite_code": "A2B3C4D5",
},
)
assert response.status_code == 202
assert response.json() == {"email": "user@example.com"}
finally:
app.dependency_overrides = {}
def test_signup_with_invalid_invite_code_length_returns_422(self) -> None:
user = AuthUser(id="user-1", email="user@example.com")
token_response = SessionResponse(
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(token_response)
)
client = TestClient(app)
try:
response = client.post(
"/api/v1/auth/verifications",
json={
"username": "demo",
"email": "user@example.com",
"password": "secret123",
"invite_code": "ABC123",
},
)
assert response.status_code == 422
assert response.headers["content-type"].startswith(
"application/problem+json"
)
finally:
app.dependency_overrides = {}
def test_signup_with_invalid_invite_code_chars_returns_422(self) -> None:
user = AuthUser(id="user-1", email="user@example.com")
token_response = SessionResponse(
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(token_response)
)
client = TestClient(app)
try:
response = client.post(
"/api/v1/auth/verifications",
json={
"username": "demo",
"email": "user@example.com",
"password": "secret123",
"invite_code": "ABCD1234",
},
)
assert response.status_code == 422
assert response.headers["content-type"].startswith(
"application/problem+json"
)
finally:
app.dependency_overrides = {}
Reference in New Issue Copy Permalink