feat: complete auth/profile username migration and runtime safeguards

backend/tests/integration/test_profile_routes.py

@@ -29,11 +29,10 @@ class FakeProfileService:
             raise HTTPException(status_code=404, detail="Profile not found")
         return ProfileResponse(
             id=self._profile.id,
-            username=self._profile.username,
-            display_name=(
-                update.display_name
-                if update.display_name is not None
-                else self._profile.display_name
+            username=(
+                update.username
+                if update.username is not None
+                else self._profile.username
             ),
             avatar_url=(
                 update.avatar_url
@@ -70,7 +69,6 @@ def test_get_me_returns_profile() -> None:
     profile = ProfileResponse(
         id=str(user_id),
         username="demo",
-        display_name="Demo User",
         avatar_url=None,
         bio=None,
     )
@@ -94,7 +92,6 @@ def test_patch_me_updates_profile() -> None:
     profile = ProfileResponse(
         id=str(user_id),
         username="demo",
-        display_name="Demo User",
         avatar_url=None,
         bio=None,
     )
@@ -107,11 +104,11 @@ def test_patch_me_updates_profile() -> None:
     try:
         response = client.patch(
             "/api/v1/profile/me",
-            json={"display_name": "Updated"},
+            json={"username": "updated"},
         )
         assert response.status_code == 200
         body = response.json()
-        assert body["display_name"] == "Updated"
+        assert body["username"] == "updated"
     finally:
         app.dependency_overrides = {}
 
@@ -120,7 +117,6 @@ def test_get_profile_by_username() -> None:
     profile = ProfileResponse(
         id="00000000-0000-0000-0000-000000000001",
         username="demo",
-        display_name="Demo User",
         avatar_url=None,
         bio=None,
     )
@@ -142,7 +138,6 @@ def test_profile_not_found_returns_problem_details() -> None:
     profile = ProfileResponse(
         id="00000000-0000-0000-0000-000000000001",
         username="demo",
-        display_name="Demo User",
         avatar_url=None,
         bio=None,
     )
@@ -167,7 +162,6 @@ def test_patch_me_validation_error_returns_problem_details() -> None:
     profile = ProfileResponse(
         id=str(user_id),
         username="demo",
-        display_name="Demo User",
         avatar_url=None,
         bio=None,
     )
@@ -186,3 +180,25 @@ def test_patch_me_validation_error_returns_problem_details() -> None:
         assert body["status"] == 422
     finally:
         app.dependency_overrides = {}
+
+
+def test_patch_me_rejects_display_name_field() -> None:
+    user_id = UUID("00000000-0000-0000-0000-000000000001")
+    profile = ProfileResponse(
+        id=str(user_id),
+        username="demo",
+        avatar_url=None,
+        bio=None,
+    )
+    app.dependency_overrides[get_profile_service] = _override_profile_service(
+        FakeProfileService(profile)
+    )
+    app.dependency_overrides[get_current_user] = _override_current_user(user_id)
+
+    client = TestClient(app)
+    try:
+        response = client.patch("/api/v1/profile/me", json={"display_name": "x"})
+        assert response.status_code == 422
+        assert response.headers["content-type"].startswith("application/problem+json")
+    finally:
+        app.dependency_overrides = {}