test: update integration tests for RESTful routes

backend/tests/unit/v1/auth/test_auth_models.py

@@ -4,51 +4,53 @@ import pytest
 from pydantic import ValidationError
 
 from v1.auth.schemas import (
-    AuthTokenResponse,
     AuthUser,
-    LoginRequest,
-    RefreshRequest,
-    SignupStartRequest,
-    SignupVerifyRequest,
-    SignupResendRequest,
+    SessionCreateRequest,
+    SessionRefreshRequest,
+    SessionResponse,
+    VerificationCreateRequest,
+    VerificationVerifyRequest,
+    VerificationResendRequest,
 )
 
 
 def test_signup_requires_valid_email() -> None:
     with pytest.raises(ValidationError):
-        SignupStartRequest(username="demo", email="not-an-email", password="secret123")
+        VerificationCreateRequest(
+            username="demo", email="not-an-email", password="secret123"
+        )
 
 
 def test_signup_requires_username() -> None:
     with pytest.raises(ValidationError):
-        SignupStartRequest.model_validate(
+        VerificationCreateRequest.model_validate(
             {"email": "user@example.com", "password": "secret123"}
         )
 
 
 def test_signup_verify_requires_six_digit_token() -> None:
     with pytest.raises(ValidationError):
-        SignupVerifyRequest(email="user@example.com", token="abc123")
+        VerificationVerifyRequest(email="user@example.com", token="abc123")
 
 
 def test_signup_resend_requires_valid_email() -> None:
     with pytest.raises(ValidationError):
-        SignupResendRequest(email="invalid")
+        VerificationResendRequest(email="invalid")
 
 
 def test_login_requires_valid_email() -> None:
     with pytest.raises(ValidationError):
-        LoginRequest(email="invalid", password="secret123")
+        SessionCreateRequest(email="invalid", password="secret123")
 
 
 def test_refresh_requires_token() -> None:
     with pytest.raises(ValidationError):
-        RefreshRequest(refresh_token="")
+        SessionRefreshRequest(refresh_token="")
 
 
-def test_auth_token_response_maps_user() -> None:
+def test_session_response_maps_user() -> None:
     user = AuthUser(id="user-1", email="user@example.com")
-    response = AuthTokenResponse(
+    response = SessionResponse(
         access_token="access",
         refresh_token="refresh",
         expires_in=3600,

backend/tests/unit/v1/auth/test_auth_service.py

@@ -4,48 +4,47 @@ import pytest
 
 import v1.auth.gateway as auth_gateway_module
 from v1.auth.schemas import (
-    AuthTokenResponse,
-    AuthResendCodeResponse,
-    AuthSignupStartResponse,
-    AuthUserByEmailResponse,
     AuthUser,
-    LoginRequest,
-    RefreshRequest,
-    SignupResendRequest,
-    SignupStartRequest,
-    SignupVerifyRequest,
+    SessionCreateRequest,
+    SessionRefreshRequest,
+    SessionResponse,
+    UserByEmailResponse,
+    VerificationCreateRequest,
+    VerificationCreateResponse,
+    VerificationResendRequest,
+    VerificationVerifyRequest,
 )
 from v1.auth.service import AuthService, AuthServiceGateway
 
 
 class FakeGateway(AuthServiceGateway):
-    def __init__(self, response: AuthTokenResponse) -> None:
+    def __init__(self, response: SessionResponse) -> None:
         self._response = response
 
-    async def signup_start(
-        self, request: SignupStartRequest
-    ) -> AuthSignupStartResponse:
-        return AuthSignupStartResponse(email=request.email)
+    async def create_verification(
+        self, request: VerificationCreateRequest
+    ) -> VerificationCreateResponse:
+        return VerificationCreateResponse(email=request.email)
 
-    async def signup_verify(self, request: SignupVerifyRequest) -> AuthTokenResponse:
+    async def verify_verification(
+        self, request: VerificationVerifyRequest
+    ) -> SessionResponse:
         return self._response
 
-    async def signup_resend(
-        self, request: SignupResendRequest
-    ) -> AuthResendCodeResponse:
-        return AuthResendCodeResponse()
-
-    async def login(self, request: LoginRequest) -> AuthTokenResponse:
-        return self._response
-
-    async def refresh(self, request: RefreshRequest) -> AuthTokenResponse:
-        return self._response
-
-    async def logout(self, refresh_token: str | None) -> None:
+    async def resend_verification(self, request: VerificationResendRequest) -> None:
         return None
 
-    async def get_user_by_email(self, email: str) -> AuthUserByEmailResponse:
-        return AuthUserByEmailResponse(
+    async def create_session(self, request: SessionCreateRequest) -> SessionResponse:
+        return self._response
+
+    async def refresh_session(self, request: SessionRefreshRequest) -> SessionResponse:
+        return self._response
+
+    async def delete_session(self, refresh_token: str | None) -> None:
+        return None
+
+    async def get_user_by_email(self, email: str) -> UserByEmailResponse:
+        return UserByEmailResponse(
             id="user-1",
             email=email,
             created_at="2026-02-24T00:00:00Z",
@@ -56,7 +55,7 @@ class FakeGateway(AuthServiceGateway):
 @pytest.mark.asyncio
 async def test_signup_maps_response() -> None:
     user = AuthUser(id="user-1", email="user@example.com")
-    token_response = AuthTokenResponse(
+    token_response = SessionResponse(
         access_token="access",
         refresh_token="refresh",
         expires_in=3600,
@@ -65,16 +64,15 @@ async def test_signup_maps_response() -> None:
     )
     service = AuthService(gateway=FakeGateway(token_response))
 
-    start_result = await service.signup_start(
-        SignupStartRequest(
+    start_result = await service.create_verification(
+        VerificationCreateRequest(
             username="demo", email="user@example.com", password="secret123"
         )
     )
-    assert start_result.status == "pending_verification"
     assert start_result.email == "user@example.com"
 
-    result = await service.signup_verify(
-        SignupVerifyRequest(email="user@example.com", token="123456")
+    result = await service.verify_verification(
+        VerificationVerifyRequest(email="user@example.com", token="123456")
     )
 
     assert result.access_token == "access"
@@ -86,29 +84,29 @@ class LogoutAssertingGateway(AuthServiceGateway):
     def __init__(self, expected_refresh_token: str) -> None:
         self._expected_refresh_token = expected_refresh_token
 
-    async def signup_start(
-        self, request: SignupStartRequest
-    ) -> AuthSignupStartResponse:
+    async def create_verification(
+        self, request: VerificationCreateRequest
+    ) -> VerificationCreateResponse:
         raise NotImplementedError
 
-    async def signup_verify(self, request: SignupVerifyRequest) -> AuthTokenResponse:
+    async def verify_verification(
+        self, request: VerificationVerifyRequest
+    ) -> SessionResponse:
         raise NotImplementedError
 
-    async def signup_resend(
-        self, request: SignupResendRequest
-    ) -> AuthResendCodeResponse:
+    async def resend_verification(self, request: VerificationResendRequest) -> None:
         raise NotImplementedError
 
-    async def login(self, request: LoginRequest) -> AuthTokenResponse:
+    async def create_session(self, request: SessionCreateRequest) -> SessionResponse:
         raise NotImplementedError
 
-    async def refresh(self, request: RefreshRequest) -> AuthTokenResponse:
+    async def refresh_session(self, request: SessionRefreshRequest) -> SessionResponse:
         raise NotImplementedError
 
-    async def logout(self, refresh_token: str | None) -> None:
+    async def delete_session(self, refresh_token: str | None) -> None:
         assert refresh_token == self._expected_refresh_token
 
-    async def get_user_by_email(self, email: str) -> AuthUserByEmailResponse:
+    async def get_user_by_email(self, email: str) -> UserByEmailResponse:
         raise NotImplementedError
 
 
@@ -116,13 +114,13 @@ class LogoutAssertingGateway(AuthServiceGateway):
 async def test_logout_forwards_refresh_token() -> None:
     service = AuthService(gateway=LogoutAssertingGateway("refresh-token"))
 
-    await service.logout("refresh-token")
+    await service.delete_session("refresh-token")
 
 
 @pytest.mark.asyncio
 async def test_get_user_by_email_forwards_to_gateway() -> None:
     user = AuthUser(id="user-1", email="user@example.com")
-    token_response = AuthTokenResponse(
+    token_response = SessionResponse(
         access_token="access",
         refresh_token="refresh",
         expires_in=3600,
@@ -137,9 +135,9 @@ async def test_get_user_by_email_forwards_to_gateway() -> None:
 
 
 @pytest.mark.asyncio
-async def test_signup_resend_returns_generic_message() -> None:
+async def test_signup_resend_returns_none() -> None:
     user = AuthUser(id="user-1", email="user@example.com")
-    token_response = AuthTokenResponse(
+    token_response = SessionResponse(
         access_token="access",
         refresh_token="refresh",
         expires_in=3600,
@@ -148,9 +146,11 @@ async def test_signup_resend_returns_generic_message() -> None:
     )
     service = AuthService(gateway=FakeGateway(token_response))
 
-    result = await service.signup_resend(SignupResendRequest(email="user@example.com"))
+    result = await service.resend_verification(
+        VerificationResendRequest(email="user@example.com")
+    )
 
-    assert result.message == "If the email exists, a verification code has been sent"
+    assert result is None
 
 
 @pytest.mark.asyncio
@@ -185,8 +185,8 @@ async def test_supabase_signup_passes_username_in_metadata(
     monkeypatch.setattr(auth_gateway_module, "create_client", lambda *_: FakeClient())
 
     gateway = auth_gateway_module.SupabaseAuthGateway()
-    await gateway.signup_start(
-        SignupStartRequest(
+    await gateway.create_verification(
+        VerificationCreateRequest(
             username="demo",
             email="user@example.com",
             password="secret123",