feat: 实现密码重置功能与用户搜索API，优化注册登录流程

- 新增忘记密码页面与重置密码确认流程（前端+后端） - 修复注册验证码页登录跳转路由 - 新增用户搜索API（按邮箱查询） - 简化infra脚本，统一为app.sh - 补充密码重置与用户API测试覆盖 - 更新runtime文档与AGENTS配置
2026-02-27 15:22:42 +08:00
parent 0d4811fee5
commit e4e995854d
37 changed files with 2101 additions and 222 deletions
@@ -14,6 +14,8 @@ from v1.users.dependencies import get_current_user
 from v1.auth.rate_limit import reset_rate_limit_state
 from v1.auth.schemas import (
    AuthUser,
+    PasswordResetConfirmRequest,
+    PasswordResetRequest,
    SessionCreateRequest,
    SessionRefreshRequest,
    SessionResponse,
@@ -71,6 +73,18 @@ class FakeAuthService(AuthService):
            email_confirmed_at=None,
        )

+    async def request_password_reset(self, request: PasswordResetRequest) -> None:
+        return None
+
+    async def confirm_password_reset(
+        self, request: PasswordResetConfirmRequest
+    ) -> None:
+        if request.token == "000000":
+            raise HTTPException(
+                status_code=401, detail="Invalid or expired verification code"
+            )
+        return None
+

 def _override_auth_service(service: AuthService) -> Callable[[], AuthService]:
    def _get_service() -> AuthService:
@@ -665,3 +679,116 @@ def test_get_user_by_email_forbidden_when_querying_other_user() -> None:
        assert body["detail"] == "Forbidden"
    finally:
        app.dependency_overrides = {}
+
+
+def test_password_reset_request_returns_204() -> None:
+    user = AuthUser(id="user-1", email="user@example.com")
+    token_response = SessionResponse(
+        access_token="access",
+        refresh_token="refresh",
+        expires_in=3600,
+        token_type="bearer",
+        user=user,
+    )
+    app.dependency_overrides[get_auth_service] = _override_auth_service(
+        FakeAuthService(token_response)
+    )
+
+    client = TestClient(app)
+    try:
+        response = client.post(
+            "/api/v1/auth/password-reset",
+            json={"email": "user@example.com"},
+        )
+        assert response.status_code == 204
+    finally:
+        app.dependency_overrides = {}
+
+
+def test_password_reset_confirm_returns_204() -> None:
+    user = AuthUser(id="user-1", email="user@example.com")
+    token_response = SessionResponse(
+        access_token="access",
+        refresh_token="refresh",
+        expires_in=3600,
+        token_type="bearer",
+        user=user,
+    )
+    app.dependency_overrides[get_auth_service] = _override_auth_service(
+        FakeAuthService(token_response)
+    )
+
+    client = TestClient(app)
+    try:
+        response = client.post(
+            "/api/v1/auth/password-reset/confirm",
+            json={
+                "email": "user@example.com",
+                "token": "123456",
+                "new_password": "newpassword123",
+            },
+        )
+        assert response.status_code == 204
+    finally:
+        app.dependency_overrides = {}
+
+
+def test_password_reset_confirm_invalid_token_returns_401() -> None:
+    user = AuthUser(id="user-1", email="user@example.com")
+    token_response = SessionResponse(
+        access_token="access",
+        refresh_token="refresh",
+        expires_in=3600,
+        token_type="bearer",
+        user=user,
+    )
+    app.dependency_overrides[get_auth_service] = _override_auth_service(
+        FakeAuthService(token_response)
+    )
+
+    client = TestClient(app)
+    try:
+        response = client.post(
+            "/api/v1/auth/password-reset/confirm",
+            json={
+                "email": "user@example.com",
+                "token": "000000",
+                "new_password": "newpassword123",
+            },
+        )
+        assert response.status_code == 401
+        assert response.headers["content-type"].startswith("application/problem+json")
+        body = response.json()
+        assert body["title"] == "Unauthorized"
+        assert body["status"] == 401
+    finally:
+        app.dependency_overrides = {}
+
+
+def test_password_reset_confirm_weak_password_returns_422() -> None:
+    user = AuthUser(id="user-1", email="user@example.com")
+    token_response = SessionResponse(
+        access_token="access",
+        refresh_token="refresh",
+        expires_in=3600,
+        token_type="bearer",
+        user=user,
+    )
+    app.dependency_overrides[get_auth_service] = _override_auth_service(
+        FakeAuthService(token_response)
+    )
+
+    client = TestClient(app)
+    try:
+        response = client.post(
+            "/api/v1/auth/password-reset/confirm",
+            json={
+                "email": "user@example.com",
+                "token": "123456",
+                "new_password": "123",
+            },
+        )
+        assert response.status_code == 422
+        assert response.headers["content-type"].startswith("application/problem+json")
+    finally:
+        app.dependency_overrides = {}