feat: 实现密码重置功能与用户搜索API，优化注册登录流程

- 新增忘记密码页面与重置密码确认流程（前端+后端） - 修复注册验证码页登录跳转路由 - 新增用户搜索API（按邮箱查询） - 简化infra脚本，统一为app.sh - 补充密码重置与用户API测试覆盖 - 更新runtime文档与AGENTS配置
2026-02-27 15:22:42 +08:00
parent 0d4811fee5
commit e4e995854d
37 changed files with 2101 additions and 222 deletions
@@ -0,0 +1,155 @@
+from __future__ import annotations
+
+from types import SimpleNamespace
+from unittest.mock import MagicMock, patch
+
+import pytest
+from fastapi import HTTPException
+
+from v1.auth.gateway import SupabaseAuthGateway
+from v1.auth.schemas import PasswordResetConfirmRequest, PasswordResetRequest
+
+
+class TestSupabaseAuthGateway:
+    @pytest.fixture
+    def gateway(self) -> SupabaseAuthGateway:
+        with patch("v1.auth.gateway.create_client") as mock_create:
+            mock_client = MagicMock()
+            mock_admin_client = MagicMock()
+            mock_create.side_effect = [mock_client, mock_admin_client]
+            return SupabaseAuthGateway()
+
+    @pytest.mark.asyncio
+    async def test_request_password_reset_calls_email_with_string(
+        self, gateway: SupabaseAuthGateway
+    ) -> None:
+        mock_reset_email = MagicMock()
+        gateway._client.auth.reset_password_email = mock_reset_email
+
+        request = PasswordResetRequest(email="test@example.com")
+        await gateway.request_password_reset(request)
+
+        mock_reset_email.assert_called_once_with("test@example.com")
+
+    @pytest.mark.asyncio
+    async def test_request_password_reset_with_redirect(
+        self, gateway: SupabaseAuthGateway
+    ) -> None:
+        mock_reset_email = MagicMock()
+        gateway._client.auth.reset_password_email = mock_reset_email
+
+        request = PasswordResetRequest(
+            email="test@example.com",
+            redirect_to="http://localhost:3000/reset-password",
+        )
+        await gateway.request_password_reset(request)
+
+        mock_reset_email.assert_called_once_with(
+            "test@example.com",
+            options={"redirect_to": "http://localhost:3000/reset-password"},
+        )
+
+    @pytest.mark.asyncio
+    async def test_request_password_reset_swallows_auth_error(
+        self, gateway: SupabaseAuthGateway
+    ) -> None:
+        from supabase import AuthError
+
+        mock_reset_email = MagicMock(side_effect=AuthError("rate limit exceeded", None))
+        gateway._client.auth.reset_password_email = mock_reset_email
+
+        request = PasswordResetRequest(email="test@example.com")
+
+        result = await gateway.request_password_reset(request)
+
+        mock_reset_email.assert_called_once()
+        assert result is None
+
+    @pytest.mark.asyncio
+    async def test_request_password_reset_extracts_email_from_mapping(
+        self, gateway: SupabaseAuthGateway
+    ) -> None:
+        mock_reset_email = MagicMock()
+        gateway._client.auth.reset_password_email = mock_reset_email
+
+        request = PasswordResetRequest.model_construct(
+            email={"email": "test@example.com"},
+            redirect_to=None,
+        )
+
+        await gateway.request_password_reset(request)
+
+        mock_reset_email.assert_called_once_with("test@example.com")
+
+    @pytest.mark.asyncio
+    async def test_request_password_reset_rejects_invalid_email_shape(
+        self, gateway: SupabaseAuthGateway
+    ) -> None:
+        request = PasswordResetRequest.model_construct(
+            email={"unexpected": "value"},
+            redirect_to=None,
+        )
+
+        with pytest.raises(HTTPException) as exc_info:
+            await gateway.request_password_reset(request)
+
+        assert exc_info.value.status_code == 422
+        assert exc_info.value.detail == "Invalid email"
+
+    @pytest.mark.asyncio
+    async def test_confirm_password_reset_updates_password_by_user_id(
+        self, gateway: SupabaseAuthGateway
+    ) -> None:
+        verify_response = SimpleNamespace(
+            session=SimpleNamespace(access_token="access"),
+            user=SimpleNamespace(id="user-1"),
+        )
+        mock_verify_otp = MagicMock(return_value=verify_response)
+        gateway._client.auth.verify_otp = mock_verify_otp
+
+        mock_update_user_by_id = MagicMock()
+        gateway._admin_client.auth.admin = SimpleNamespace(
+            update_user_by_id=mock_update_user_by_id
+        )
+
+        request = PasswordResetConfirmRequest(
+            email="test@example.com",
+            token="123456",
+            new_password="newpassword123",
+        )
+
+        await gateway.confirm_password_reset(request)
+
+        mock_verify_otp.assert_called_once_with(
+            {
+                "type": "recovery",
+                "email": "test@example.com",
+                "token": "123456",
+            }
+        )
+        mock_update_user_by_id.assert_called_once_with(
+            "user-1",
+            {"password": "newpassword123"},
+        )
+
+    @pytest.mark.asyncio
+    async def test_confirm_password_reset_raises_when_user_id_missing(
+        self, gateway: SupabaseAuthGateway
+    ) -> None:
+        verify_response = SimpleNamespace(
+            session=SimpleNamespace(access_token="access"),
+            user=SimpleNamespace(id=""),
+        )
+        gateway._client.auth.verify_otp = MagicMock(return_value=verify_response)
+
+        request = PasswordResetConfirmRequest(
+            email="test@example.com",
+            token="123456",
+            new_password="newpassword123",
+        )
+
+        with pytest.raises(HTTPException) as exc_info:
+            await gateway.confirm_password_reset(request)
+
+        assert exc_info.value.status_code == 401
+        assert exc_info.value.detail == "Invalid or expired verification code"