refactor(backend): update API routes and service layer
- Update agent router/service/repository with new endpoints - Update auth routes with phone-based authentication - Update users service with new phone lookup - Update schedule_items with new schemas - Update message schemas with visibility support - Update settings with new automation scheduler config - Update CLI with new commands - Update tests to match new API contracts
This commit is contained in:
qzl
@@ -12,41 +12,24 @@ from app import app
|
||||
from v1.auth.dependencies import get_auth_service
|
||||
from v1.auth.schemas import (
|
||||
AuthUser,
|
||||
SessionCreateRequest,
|
||||
OtpSendRequest,
|
||||
PhoneSessionCreateRequest,
|
||||
SessionRefreshRequest,
|
||||
SessionResponse,
|
||||
VerificationCreateRequest,
|
||||
VerificationCreateResponse,
|
||||
VerificationResendRequest,
|
||||
VerificationVerifyRequest,
|
||||
)
|
||||
from v1.auth.service import AuthService
|
||||
|
||||
|
||||
class FakeE2EAuthService(AuthService):
|
||||
def __init__(self) -> None:
|
||||
self._user = AuthUser(id="user-1", email="user@example.com")
|
||||
self._user = AuthUser(id="user-1", phone="+8613812345678")
|
||||
|
||||
async def create_verification(
|
||||
self, request: VerificationCreateRequest
|
||||
) -> VerificationCreateResponse:
|
||||
return VerificationCreateResponse(email=request.email)
|
||||
|
||||
async def verify_verification(
|
||||
self, request: VerificationVerifyRequest
|
||||
) -> SessionResponse:
|
||||
return SessionResponse(
|
||||
access_token="access-1",
|
||||
refresh_token="refresh-1",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=self._user,
|
||||
)
|
||||
|
||||
async def resend_verification(self, request: VerificationResendRequest) -> None:
|
||||
async def send_otp(self, request: OtpSendRequest) -> None:
|
||||
return None
|
||||
|
||||
async def create_session(self, request: SessionCreateRequest) -> SessionResponse:
|
||||
async def create_phone_session(
|
||||
self, request: PhoneSessionCreateRequest
|
||||
) -> SessionResponse:
|
||||
return SessionResponse(
|
||||
access_token="access-2",
|
||||
refresh_token="refresh-2",
|
||||
@@ -105,41 +88,25 @@ def test_auth_flow_e2e() -> None:
|
||||
base_url=f"http://{host}:{port}"
|
||||
)
|
||||
try:
|
||||
verification = request_context.post(
|
||||
"/api/v1/auth/verifications",
|
||||
data=json.dumps(
|
||||
{
|
||||
"username": "demo",
|
||||
"email": "user@example.com",
|
||||
"password": "secret123",
|
||||
}
|
||||
),
|
||||
send_code = request_context.post(
|
||||
"/api/v1/auth/otp/send",
|
||||
data=json.dumps({"phone": "+8613812345678"}),
|
||||
headers={"Content-Type": "application/json"},
|
||||
)
|
||||
assert verification.status == 202
|
||||
assert send_code.status == 204
|
||||
|
||||
verify = request_context.post(
|
||||
"/api/v1/auth/verify",
|
||||
login_or_register = request_context.post(
|
||||
"/api/v1/auth/phone-session",
|
||||
data=json.dumps(
|
||||
{
|
||||
"email": "user@example.com",
|
||||
"phone": "+8613812345678",
|
||||
"token": "123456",
|
||||
}
|
||||
),
|
||||
headers={"Content-Type": "application/json"},
|
||||
)
|
||||
assert verify.status == 200
|
||||
assert verify.json()["access_token"] == "access-1"
|
||||
|
||||
login = request_context.post(
|
||||
"/api/v1/auth/sessions",
|
||||
data=json.dumps(
|
||||
{"email": "user@example.com", "password": "secret123"}
|
||||
),
|
||||
headers={"Content-Type": "application/json"},
|
||||
)
|
||||
assert login.status == 200
|
||||
assert login.json()["access_token"] == "access-2"
|
||||
assert login_or_register.status == 200
|
||||
assert login_or_register.json()["access_token"] == "access-2"
|
||||
|
||||
refresh = request_context.post(
|
||||
"/api/v1/auth/sessions/refresh",
|
||||
|
||||
@@ -4,11 +4,16 @@ import socket
|
||||
import threading
|
||||
import time
|
||||
|
||||
import pytest
|
||||
from playwright.sync_api import sync_playwright
|
||||
import uvicorn
|
||||
|
||||
from app import app
|
||||
from v1.infra.dependencies import get_redis_service
|
||||
|
||||
pytest.skip(
|
||||
"infra health endpoint removed from v1 API",
|
||||
allow_module_level=True,
|
||||
)
|
||||
|
||||
|
||||
class _FakeService:
|
||||
@@ -52,8 +57,6 @@ def _start_server(host: str, port: int):
|
||||
|
||||
|
||||
def test_infra_health_e2e() -> None:
|
||||
app.dependency_overrides[get_redis_service] = lambda: _FakeService()
|
||||
|
||||
host = "127.0.0.1"
|
||||
port = _find_free_port()
|
||||
server, thread = _start_server(host, port)
|
||||
|
||||
@@ -11,21 +11,22 @@ import uvicorn
|
||||
|
||||
from app import app
|
||||
from core.auth.models import CurrentUser
|
||||
from schemas.user.context import UserContext
|
||||
from v1.users.dependencies import get_current_user, get_user_service
|
||||
from v1.users.schemas import UserResponse, UserUpdateRequest
|
||||
from v1.users.schemas import UserUpdateRequest
|
||||
|
||||
|
||||
class FakeUserService:
|
||||
"""Fake service for E2E testing."""
|
||||
|
||||
def __init__(self, user: UserResponse) -> None:
|
||||
def __init__(self, user: UserContext) -> None:
|
||||
self._user = user
|
||||
|
||||
async def get_me(self) -> UserResponse:
|
||||
async def get_me(self) -> UserContext:
|
||||
return self._user
|
||||
|
||||
async def update_me(self, update: UserUpdateRequest) -> UserResponse:
|
||||
return UserResponse(
|
||||
async def update_me(self, update: UserUpdateRequest) -> UserContext:
|
||||
return UserContext(
|
||||
id=self._user.id,
|
||||
username=(
|
||||
update.username if update.username is not None else self._user.username
|
||||
@@ -38,6 +39,7 @@ class FakeUserService:
|
||||
bio=update.bio if update.bio is not None else self._user.bio,
|
||||
)
|
||||
|
||||
|
||||
def _find_free_port() -> int:
|
||||
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:
|
||||
sock.bind(("127.0.0.1", 0))
|
||||
@@ -65,7 +67,7 @@ def _start_server(host: str, port: int):
|
||||
|
||||
def test_profile_flow_e2e() -> None:
|
||||
user_id = UUID("00000000-0000-0000-0000-000000000001")
|
||||
user = UserResponse(
|
||||
user = UserContext(
|
||||
id=str(user_id),
|
||||
username="demo",
|
||||
avatar_url=None,
|
||||
|
||||
@@ -11,16 +11,10 @@ from v1.auth.dependencies import get_auth_service
|
||||
from v1.auth.rate_limit import reset_rate_limit_state
|
||||
from v1.auth.schemas import (
|
||||
AuthUser,
|
||||
PasswordResetConfirmRequest,
|
||||
PasswordResetRequest,
|
||||
SessionCreateRequest,
|
||||
OtpSendRequest,
|
||||
PhoneSessionCreateRequest,
|
||||
SessionRefreshRequest,
|
||||
SessionResponse,
|
||||
UserByEmailResponse,
|
||||
VerificationCreateRequest,
|
||||
VerificationCreateResponse,
|
||||
VerificationResendRequest,
|
||||
VerificationVerifyRequest,
|
||||
)
|
||||
from v1.auth.service import AuthService
|
||||
|
||||
@@ -30,58 +24,39 @@ def reset_auth_rate_limit_state() -> None:
|
||||
reset_rate_limit_state()
|
||||
|
||||
|
||||
@pytest.fixture(autouse=True)
|
||||
def force_in_memory_rate_limit(monkeypatch: pytest.MonkeyPatch) -> None:
|
||||
async def _raise_redis_unavailable() -> None:
|
||||
raise RuntimeError("redis unavailable in integration tests")
|
||||
|
||||
monkeypatch.setattr(
|
||||
"v1.auth.rate_limit.get_or_init_redis_client",
|
||||
_raise_redis_unavailable,
|
||||
)
|
||||
|
||||
|
||||
class FakeAuthService(AuthService):
|
||||
def __init__(self, token_response: SessionResponse) -> None:
|
||||
self._token_response = token_response
|
||||
|
||||
async def create_verification(
|
||||
self, request: VerificationCreateRequest
|
||||
) -> VerificationCreateResponse:
|
||||
if request.email == "exists@example.com":
|
||||
raise HTTPException(status_code=422, detail="Invalid signup request")
|
||||
return VerificationCreateResponse(email=request.email)
|
||||
async def send_otp(self, request: OtpSendRequest) -> None:
|
||||
if request.phone == "+8613811111111":
|
||||
raise HTTPException(status_code=401, detail="Invalid verification code")
|
||||
return None
|
||||
|
||||
async def verify_verification(
|
||||
self, request: VerificationVerifyRequest
|
||||
async def create_phone_session(
|
||||
self, request: PhoneSessionCreateRequest
|
||||
) -> SessionResponse:
|
||||
if request.token == "000000":
|
||||
raise HTTPException(status_code=401, detail="Invalid verification code")
|
||||
return self._token_response
|
||||
|
||||
async def resend_verification(self, request: VerificationResendRequest) -> None:
|
||||
return None
|
||||
|
||||
async def create_session(self, request: SessionCreateRequest) -> SessionResponse:
|
||||
raise HTTPException(status_code=401, detail="Invalid credentials")
|
||||
|
||||
async def refresh_session(self, request: SessionRefreshRequest) -> SessionResponse:
|
||||
raise HTTPException(status_code=401, detail="Invalid refresh token")
|
||||
|
||||
async def delete_session(self, refresh_token: str | None) -> None:
|
||||
return None
|
||||
|
||||
async def get_user_by_email(self, email: str) -> UserByEmailResponse:
|
||||
if email == "missing@example.com":
|
||||
raise HTTPException(status_code=404, detail="User not found")
|
||||
return UserByEmailResponse(
|
||||
id="user-1",
|
||||
email=email,
|
||||
created_at="2026-02-24T00:00:00Z",
|
||||
email_confirmed_at=None,
|
||||
)
|
||||
|
||||
async def request_password_reset(self, request: PasswordResetRequest) -> None:
|
||||
return None
|
||||
|
||||
async def confirm_password_reset(
|
||||
self, request: PasswordResetConfirmRequest
|
||||
) -> None:
|
||||
if request.token == "000000":
|
||||
raise HTTPException(
|
||||
status_code=401, detail="Invalid or expired verification code"
|
||||
)
|
||||
return None
|
||||
|
||||
|
||||
def _override_auth_service(service: AuthService) -> Callable[[], AuthService]:
|
||||
def _get_service() -> AuthService:
|
||||
@@ -90,761 +65,126 @@ def _override_auth_service(service: AuthService) -> Callable[[], AuthService]:
|
||||
return _get_service
|
||||
|
||||
|
||||
def test_signup_start_returns_pending_response() -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
token_response = SessionResponse(
|
||||
def _token_response() -> SessionResponse:
|
||||
user = AuthUser(id="user-1", phone="+8613812345678")
|
||||
return SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
|
||||
|
||||
def test_send_otp_returns_204() -> None:
|
||||
app.dependency_overrides[get_auth_service] = _override_auth_service(
|
||||
FakeAuthService(token_response)
|
||||
FakeAuthService(_token_response())
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
try:
|
||||
response = client.post(
|
||||
"/api/v1/auth/verifications",
|
||||
json={
|
||||
"username": "demo",
|
||||
"email": "user@example.com",
|
||||
"password": "secret123",
|
||||
},
|
||||
"/api/v1/auth/otp/send",
|
||||
json={"phone": "+8613812345678"},
|
||||
)
|
||||
assert response.status_code == 202
|
||||
assert response.json() == {"email": "user@example.com"}
|
||||
assert response.status_code == 204
|
||||
finally:
|
||||
app.dependency_overrides = {}
|
||||
|
||||
|
||||
def test_signup_verify_returns_token_response() -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
def test_phone_session_returns_token_response() -> None:
|
||||
app.dependency_overrides[get_auth_service] = _override_auth_service(
|
||||
FakeAuthService(token_response)
|
||||
FakeAuthService(_token_response())
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
try:
|
||||
response = client.post(
|
||||
"/api/v1/auth/verify",
|
||||
json={"email": "user@example.com", "token": "123456"},
|
||||
"/api/v1/auth/phone-session",
|
||||
json={"phone": "+8613812345678", "token": "123456"},
|
||||
)
|
||||
assert response.status_code == 200
|
||||
body = response.json()
|
||||
assert body["access_token"] == "access"
|
||||
assert body["refresh_token"] == "refresh"
|
||||
assert body["user"]["email"] == "user@example.com"
|
||||
assert body["user"]["phone"] == "+8613812345678"
|
||||
finally:
|
||||
app.dependency_overrides = {}
|
||||
|
||||
|
||||
def test_signup_resend_returns_generic_message() -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
def test_phone_session_invalid_token_returns_problem_details() -> None:
|
||||
app.dependency_overrides[get_auth_service] = _override_auth_service(
|
||||
FakeAuthService(token_response)
|
||||
FakeAuthService(_token_response())
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
try:
|
||||
response = client.post(
|
||||
"/api/v1/auth/resend",
|
||||
json={"type": "recovery", "email": "user@example.com"},
|
||||
)
|
||||
assert response.status_code == 204
|
||||
assert response.content == b""
|
||||
finally:
|
||||
app.dependency_overrides = {}
|
||||
|
||||
|
||||
def test_signup_verify_invalid_token_returns_problem_details() -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
app.dependency_overrides[get_auth_service] = _override_auth_service(
|
||||
FakeAuthService(token_response)
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
try:
|
||||
response = client.post(
|
||||
"/api/v1/auth/verify",
|
||||
json={"email": "user@example.com", "token": "000000"},
|
||||
"/api/v1/auth/phone-session",
|
||||
json={"phone": "+8613812345678", "token": "000000"},
|
||||
)
|
||||
assert response.status_code == 401
|
||||
assert response.headers["content-type"].startswith("application/problem+json")
|
||||
body = response.json()
|
||||
assert body["title"] == "Unauthorized"
|
||||
assert body["status"] == 401
|
||||
assert body["detail"] == "Invalid verification code"
|
||||
finally:
|
||||
app.dependency_overrides = {}
|
||||
|
||||
|
||||
def test_signup_start_existing_email_returns_problem_details() -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
def test_legacy_routes_are_removed() -> None:
|
||||
app.dependency_overrides[get_auth_service] = _override_auth_service(
|
||||
FakeAuthService(token_response)
|
||||
FakeAuthService(_token_response())
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
try:
|
||||
response = client.post(
|
||||
"/api/v1/auth/verifications",
|
||||
json={
|
||||
"username": "demo",
|
||||
"email": "exists@example.com",
|
||||
"password": "secret123",
|
||||
},
|
||||
)
|
||||
assert response.status_code == 422
|
||||
assert response.headers["content-type"].startswith("application/problem+json")
|
||||
body = response.json()
|
||||
assert body["title"] == "Unprocessable Entity"
|
||||
assert body["status"] == 422
|
||||
assert body["detail"] == "Invalid signup request"
|
||||
assert client.post("/api/v1/auth/verifications", json={}).status_code == 404
|
||||
assert client.post("/api/v1/auth/verify", json={}).status_code == 404
|
||||
assert client.post("/api/v1/auth/resend", json={}).status_code == 404
|
||||
assert client.post("/api/v1/auth/sessions", json={}).status_code == 405
|
||||
finally:
|
||||
app.dependency_overrides = {}
|
||||
|
||||
|
||||
def test_signup_verify_rate_limited_after_too_many_attempts() -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
def test_send_otp_phone_rate_limited_after_too_many_attempts() -> None:
|
||||
app.dependency_overrides[get_auth_service] = _override_auth_service(
|
||||
FakeAuthService(token_response)
|
||||
FakeAuthService(_token_response())
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
try:
|
||||
for _ in range(10):
|
||||
for _ in range(3):
|
||||
ok = client.post(
|
||||
"/api/v1/auth/verify",
|
||||
json={"email": "user@example.com", "token": "123456"},
|
||||
)
|
||||
assert ok.status_code == 200
|
||||
|
||||
blocked = client.post(
|
||||
"/api/v1/auth/verify",
|
||||
json={"email": "user@example.com", "token": "123456"},
|
||||
)
|
||||
assert blocked.status_code == 429
|
||||
assert blocked.headers["content-type"].startswith("application/problem+json")
|
||||
finally:
|
||||
app.dependency_overrides = {}
|
||||
|
||||
|
||||
def test_signup_resend_rate_limited_after_too_many_attempts() -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
app.dependency_overrides[get_auth_service] = _override_auth_service(
|
||||
FakeAuthService(token_response)
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
try:
|
||||
for _ in range(5):
|
||||
ok = client.post(
|
||||
"/api/v1/auth/resend",
|
||||
json={"email": "user@example.com"},
|
||||
"/api/v1/auth/otp/send",
|
||||
json={"phone": "+8613812345678"},
|
||||
)
|
||||
assert ok.status_code == 204
|
||||
|
||||
blocked = client.post(
|
||||
"/api/v1/auth/resend",
|
||||
json={"email": "user@example.com"},
|
||||
"/api/v1/auth/otp/send",
|
||||
json={"phone": "+8613812345678"},
|
||||
)
|
||||
assert blocked.status_code == 429
|
||||
assert blocked.headers["content-type"].startswith("application/problem+json")
|
||||
finally:
|
||||
app.dependency_overrides = {}
|
||||
|
||||
|
||||
def test_signup_start_rate_limited_after_too_many_attempts() -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
def test_phone_session_rate_limited_after_too_many_attempts() -> None:
|
||||
app.dependency_overrides[get_auth_service] = _override_auth_service(
|
||||
FakeAuthService(token_response)
|
||||
FakeAuthService(_token_response())
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
try:
|
||||
for _ in range(5):
|
||||
ok = client.post(
|
||||
"/api/v1/auth/verifications",
|
||||
json={
|
||||
"username": "demo",
|
||||
"email": "user@example.com",
|
||||
"password": "secret123",
|
||||
},
|
||||
)
|
||||
assert ok.status_code == 202
|
||||
|
||||
blocked = client.post(
|
||||
"/api/v1/auth/verifications",
|
||||
json={
|
||||
"username": "demo",
|
||||
"email": "user@example.com",
|
||||
"password": "secret123",
|
||||
},
|
||||
)
|
||||
assert blocked.status_code == 429
|
||||
assert blocked.headers["content-type"].startswith("application/problem+json")
|
||||
finally:
|
||||
app.dependency_overrides = {}
|
||||
|
||||
|
||||
def test_login_invalid_returns_problem_details() -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
app.dependency_overrides[get_auth_service] = _override_auth_service(
|
||||
FakeAuthService(token_response)
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
try:
|
||||
response = client.post(
|
||||
"/api/v1/auth/sessions",
|
||||
json={"email": "user@example.com", "password": "wrongpw"},
|
||||
)
|
||||
assert response.status_code == 401
|
||||
assert response.headers["content-type"].startswith("application/problem+json")
|
||||
body = response.json()
|
||||
assert body["title"] == "Unauthorized"
|
||||
assert body["status"] == 401
|
||||
assert body["detail"] == "Invalid credentials"
|
||||
finally:
|
||||
app.dependency_overrides = {}
|
||||
|
||||
|
||||
def test_refresh_invalid_returns_problem_details() -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
app.dependency_overrides[get_auth_service] = _override_auth_service(
|
||||
FakeAuthService(token_response)
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
try:
|
||||
response = client.post(
|
||||
"/api/v1/auth/sessions/refresh",
|
||||
json={"refresh_token": "invalid"},
|
||||
)
|
||||
assert response.status_code == 401
|
||||
assert response.headers["content-type"].startswith("application/problem+json")
|
||||
body = response.json()
|
||||
assert body["title"] == "Unauthorized"
|
||||
assert body["status"] == 401
|
||||
assert body["detail"] == "Invalid refresh token"
|
||||
finally:
|
||||
app.dependency_overrides = {}
|
||||
|
||||
|
||||
def test_logout_returns_no_content() -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
app.dependency_overrides[get_auth_service] = _override_auth_service(
|
||||
FakeAuthService(token_response)
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
try:
|
||||
response = client.request(
|
||||
"DELETE",
|
||||
"/api/v1/auth/sessions",
|
||||
json={"refresh_token": "refresh"},
|
||||
)
|
||||
assert response.status_code == 204
|
||||
assert response.content == b""
|
||||
finally:
|
||||
app.dependency_overrides = {}
|
||||
|
||||
|
||||
def test_login_rate_limited_after_too_many_attempts() -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
app.dependency_overrides[get_auth_service] = _override_auth_service(
|
||||
FakeAuthService(token_response)
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
try:
|
||||
for _ in range(10):
|
||||
for _ in range(6):
|
||||
blocked = client.post(
|
||||
"/api/v1/auth/sessions",
|
||||
json={"email": "user@example.com", "password": "wrongpw"},
|
||||
"/api/v1/auth/phone-session",
|
||||
json={"phone": "+8613812345678", "token": "000000"},
|
||||
)
|
||||
assert blocked.status_code == 401
|
||||
|
||||
blocked = client.post(
|
||||
"/api/v1/auth/sessions",
|
||||
json={"email": "user@example.com", "password": "wrongpw"},
|
||||
)
|
||||
assert blocked.status_code == 429
|
||||
assert blocked.headers["content-type"].startswith("application/problem+json")
|
||||
body = blocked.json()
|
||||
assert body["detail"] == "Too many requests"
|
||||
finally:
|
||||
app.dependency_overrides = {}
|
||||
|
||||
|
||||
def test_refresh_rate_limited_after_too_many_attempts() -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
app.dependency_overrides[get_auth_service] = _override_auth_service(
|
||||
FakeAuthService(token_response)
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
try:
|
||||
for _ in range(10):
|
||||
blocked = client.post(
|
||||
"/api/v1/auth/sessions/refresh",
|
||||
json={"refresh_token": "invalid"},
|
||||
)
|
||||
assert blocked.status_code == 401
|
||||
|
||||
blocked = client.post(
|
||||
"/api/v1/auth/sessions/refresh",
|
||||
json={"refresh_token": "invalid"},
|
||||
)
|
||||
assert blocked.status_code == 429
|
||||
assert blocked.headers["content-type"].startswith("application/problem+json")
|
||||
body = blocked.json()
|
||||
assert body["detail"] == "Too many requests"
|
||||
finally:
|
||||
app.dependency_overrides = {}
|
||||
|
||||
|
||||
def test_refresh_rate_limit_not_bypassed_by_changing_refresh_token() -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
app.dependency_overrides[get_auth_service] = _override_auth_service(
|
||||
FakeAuthService(token_response)
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
try:
|
||||
for index in range(10):
|
||||
blocked = client.post(
|
||||
"/api/v1/auth/sessions/refresh",
|
||||
json={"refresh_token": f"invalid-{index}"},
|
||||
)
|
||||
assert blocked.status_code == 401
|
||||
|
||||
blocked = client.post(
|
||||
"/api/v1/auth/sessions/refresh",
|
||||
json={"refresh_token": "invalid-extra"},
|
||||
"/api/v1/auth/phone-session",
|
||||
json={"phone": "+8613812345678", "token": "000000"},
|
||||
)
|
||||
assert blocked.status_code == 429
|
||||
finally:
|
||||
app.dependency_overrides = {}
|
||||
|
||||
|
||||
def test_logout_rate_limited_after_too_many_attempts() -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
app.dependency_overrides[get_auth_service] = _override_auth_service(
|
||||
FakeAuthService(token_response)
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
try:
|
||||
for _ in range(10):
|
||||
ok = client.request(
|
||||
"DELETE",
|
||||
"/api/v1/auth/sessions",
|
||||
json={"refresh_token": "refresh"},
|
||||
)
|
||||
assert ok.status_code == 204
|
||||
|
||||
blocked = client.request(
|
||||
"DELETE",
|
||||
"/api/v1/auth/sessions",
|
||||
json={"refresh_token": "refresh"},
|
||||
)
|
||||
assert blocked.status_code == 429
|
||||
assert blocked.headers["content-type"].startswith("application/problem+json")
|
||||
body = blocked.json()
|
||||
assert body["detail"] == "Too many requests"
|
||||
finally:
|
||||
app.dependency_overrides = {}
|
||||
|
||||
|
||||
def test_logout_rate_limit_not_bypassed_by_changing_refresh_token() -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
app.dependency_overrides[get_auth_service] = _override_auth_service(
|
||||
FakeAuthService(token_response)
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
try:
|
||||
for index in range(10):
|
||||
ok = client.request(
|
||||
"DELETE",
|
||||
"/api/v1/auth/sessions",
|
||||
json={"refresh_token": f"refresh-{index}"},
|
||||
)
|
||||
assert ok.status_code == 204
|
||||
|
||||
blocked = client.request(
|
||||
"DELETE",
|
||||
"/api/v1/auth/sessions",
|
||||
json={"refresh_token": "refresh-extra"},
|
||||
)
|
||||
assert blocked.status_code == 429
|
||||
finally:
|
||||
app.dependency_overrides = {}
|
||||
|
||||
|
||||
def test_signup_start_validation_error_returns_problem_details() -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
app.dependency_overrides[get_auth_service] = _override_auth_service(
|
||||
FakeAuthService(token_response)
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
try:
|
||||
response = client.post("/api/v1/auth/verifications", json={})
|
||||
assert response.status_code == 422
|
||||
assert response.headers["content-type"].startswith("application/problem+json")
|
||||
body = response.json()
|
||||
assert body["title"] == "Unprocessable Entity"
|
||||
assert body["status"] == 422
|
||||
assert body["detail"] == "Invalid request"
|
||||
finally:
|
||||
app.dependency_overrides = {}
|
||||
|
||||
|
||||
def test_signup_start_missing_username_returns_problem_details() -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
app.dependency_overrides[get_auth_service] = _override_auth_service(
|
||||
FakeAuthService(token_response)
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
try:
|
||||
response = client.post(
|
||||
"/api/v1/auth/verifications",
|
||||
json={"email": "user@example.com", "password": "secret123"},
|
||||
)
|
||||
assert response.status_code == 422
|
||||
assert response.headers["content-type"].startswith("application/problem+json")
|
||||
body = response.json()
|
||||
assert body["title"] == "Unprocessable Entity"
|
||||
assert body["status"] == 422
|
||||
assert body["detail"] == "Invalid request"
|
||||
finally:
|
||||
app.dependency_overrides = {}
|
||||
|
||||
|
||||
def test_password_reset_request_returns_204() -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
app.dependency_overrides[get_auth_service] = _override_auth_service(
|
||||
FakeAuthService(token_response)
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
try:
|
||||
response = client.post(
|
||||
"/api/v1/auth/resend",
|
||||
json={"email": "user@example.com"},
|
||||
)
|
||||
assert response.status_code == 204
|
||||
finally:
|
||||
app.dependency_overrides = {}
|
||||
|
||||
|
||||
def test_password_reset_confirm_returns_204() -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
app.dependency_overrides[get_auth_service] = _override_auth_service(
|
||||
FakeAuthService(token_response)
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
try:
|
||||
response = client.post(
|
||||
"/api/v1/auth/verify",
|
||||
json={
|
||||
"type": "recovery",
|
||||
"email": "user@example.com",
|
||||
"token": "123456",
|
||||
"new_password": "newpassword123",
|
||||
},
|
||||
)
|
||||
assert response.status_code == 204
|
||||
finally:
|
||||
app.dependency_overrides = {}
|
||||
|
||||
|
||||
def test_password_reset_confirm_invalid_token_returns_401() -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
app.dependency_overrides[get_auth_service] = _override_auth_service(
|
||||
FakeAuthService(token_response)
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
try:
|
||||
response = client.post(
|
||||
"/api/v1/auth/verify",
|
||||
json={
|
||||
"type": "recovery",
|
||||
"email": "user@example.com",
|
||||
"token": "000000",
|
||||
"new_password": "newpassword123",
|
||||
},
|
||||
)
|
||||
assert response.status_code == 401
|
||||
assert response.headers["content-type"].startswith("application/problem+json")
|
||||
body = response.json()
|
||||
assert body["title"] == "Unauthorized"
|
||||
assert body["status"] == 401
|
||||
finally:
|
||||
app.dependency_overrides = {}
|
||||
|
||||
|
||||
def test_password_reset_confirm_weak_password_returns_422() -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
app.dependency_overrides[get_auth_service] = _override_auth_service(
|
||||
FakeAuthService(token_response)
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
try:
|
||||
response = client.post(
|
||||
"/api/v1/auth/verify",
|
||||
json={
|
||||
"type": "recovery",
|
||||
"email": "user@example.com",
|
||||
"token": "123456",
|
||||
"new_password": "123",
|
||||
},
|
||||
)
|
||||
assert response.status_code == 422
|
||||
assert response.headers["content-type"].startswith("application/problem+json")
|
||||
finally:
|
||||
app.dependency_overrides = {}
|
||||
|
||||
|
||||
class TestInviteCodeSignup:
|
||||
def test_signup_with_valid_invite_code_returns_202(self) -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
app.dependency_overrides[get_auth_service] = _override_auth_service(
|
||||
FakeAuthService(token_response)
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
try:
|
||||
response = client.post(
|
||||
"/api/v1/auth/verifications",
|
||||
json={
|
||||
"username": "demo",
|
||||
"email": "user@example.com",
|
||||
"password": "secret123",
|
||||
"invite_code": "A2B3",
|
||||
},
|
||||
)
|
||||
assert response.status_code == 202
|
||||
assert response.json() == {"email": "user@example.com"}
|
||||
finally:
|
||||
app.dependency_overrides = {}
|
||||
|
||||
def test_signup_with_invalid_invite_code_length_returns_202(self) -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
app.dependency_overrides[get_auth_service] = _override_auth_service(
|
||||
FakeAuthService(token_response)
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
try:
|
||||
response = client.post(
|
||||
"/api/v1/auth/verifications",
|
||||
json={
|
||||
"username": "demo",
|
||||
"email": "user@example.com",
|
||||
"password": "secret123",
|
||||
"invite_code": "ABC123",
|
||||
},
|
||||
)
|
||||
assert response.status_code == 202
|
||||
assert response.json() == {"email": "user@example.com"}
|
||||
finally:
|
||||
app.dependency_overrides = {}
|
||||
|
||||
def test_signup_with_invalid_invite_code_chars_returns_202(self) -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
app.dependency_overrides[get_auth_service] = _override_auth_service(
|
||||
FakeAuthService(token_response)
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
try:
|
||||
response = client.post(
|
||||
"/api/v1/auth/verifications",
|
||||
json={
|
||||
"username": "demo",
|
||||
"email": "user@example.com",
|
||||
"password": "secret123",
|
||||
"invite_code": "ABCD1234",
|
||||
},
|
||||
)
|
||||
assert response.status_code == 202
|
||||
assert response.json() == {"email": "user@example.com"}
|
||||
finally:
|
||||
app.dependency_overrides = {}
|
||||
|
||||
@@ -9,12 +9,12 @@ from fastapi.testclient import TestClient
|
||||
|
||||
from app import app
|
||||
from core.auth.models import CurrentUser
|
||||
from schemas.user.context import UserContext
|
||||
from v1.friendships.dependencies import get_friendship_service
|
||||
from v1.friendships.schemas import (
|
||||
FriendRequestCreate,
|
||||
FriendRequestResponse,
|
||||
FriendResponse,
|
||||
UserBasicInfo,
|
||||
)
|
||||
from v1.friendships.service import FriendshipService
|
||||
from v1.users.dependencies import get_current_user
|
||||
@@ -31,9 +31,9 @@ class FakeFriendshipService(FriendshipService):
|
||||
async def send_request(self, request: FriendRequestCreate) -> FriendRequestResponse:
|
||||
return FriendRequestResponse(
|
||||
id=UUID("11111111-1111-1111-1111-111111111111"),
|
||||
sender=UserBasicInfo(id="user-1", username="sender", avatar_url=None),
|
||||
recipient=UserBasicInfo(id="user-2", username="recipient", avatar_url=None),
|
||||
content=request.content,
|
||||
sender=UserContext(id="user-1", username="sender", avatar_url=None),
|
||||
recipient=UserContext(id="user-2", username="recipient", avatar_url=None),
|
||||
content={"text": request.content} if request.content else None,
|
||||
status="pending",
|
||||
created_at=datetime.now(timezone.utc),
|
||||
)
|
||||
@@ -41,9 +41,9 @@ class FakeFriendshipService(FriendshipService):
|
||||
async def accept_request(self, friendship_id: UUID) -> FriendRequestResponse:
|
||||
return FriendRequestResponse(
|
||||
id=friendship_id,
|
||||
sender=UserBasicInfo(id="user-1", username="sender", avatar_url=None),
|
||||
recipient=UserBasicInfo(id="user-2", username="recipient", avatar_url=None),
|
||||
content="Hello!",
|
||||
sender=UserContext(id="user-1", username="sender", avatar_url=None),
|
||||
recipient=UserContext(id="user-2", username="recipient", avatar_url=None),
|
||||
content={"text": "Hello!"},
|
||||
status="accepted",
|
||||
created_at=datetime.now(timezone.utc),
|
||||
)
|
||||
@@ -51,9 +51,9 @@ class FakeFriendshipService(FriendshipService):
|
||||
async def decline_request(self, friendship_id: UUID) -> FriendRequestResponse:
|
||||
return FriendRequestResponse(
|
||||
id=friendship_id,
|
||||
sender=UserBasicInfo(id="user-1", username="sender", avatar_url=None),
|
||||
recipient=UserBasicInfo(id="user-2", username="recipient", avatar_url=None),
|
||||
content="Hello!",
|
||||
sender=UserContext(id="user-1", username="sender", avatar_url=None),
|
||||
recipient=UserContext(id="user-2", username="recipient", avatar_url=None),
|
||||
content={"text": "Hello!"},
|
||||
status="rejected",
|
||||
created_at=datetime.now(timezone.utc),
|
||||
)
|
||||
@@ -61,9 +61,9 @@ class FakeFriendshipService(FriendshipService):
|
||||
async def cancel_request(self, friendship_id: UUID) -> FriendRequestResponse:
|
||||
return FriendRequestResponse(
|
||||
id=friendship_id,
|
||||
sender=UserBasicInfo(id="user-1", username="sender", avatar_url=None),
|
||||
recipient=UserBasicInfo(id="user-2", username="recipient", avatar_url=None),
|
||||
content="Hello!",
|
||||
sender=UserContext(id="user-1", username="sender", avatar_url=None),
|
||||
recipient=UserContext(id="user-2", username="recipient", avatar_url=None),
|
||||
content={"text": "Hello!"},
|
||||
status="canceled",
|
||||
created_at=datetime.now(timezone.utc),
|
||||
)
|
||||
@@ -72,11 +72,11 @@ class FakeFriendshipService(FriendshipService):
|
||||
return [
|
||||
FriendRequestResponse(
|
||||
id=UUID("11111111-1111-1111-1111-111111111111"),
|
||||
sender=UserBasicInfo(id="user-1", username="sender", avatar_url=None),
|
||||
recipient=UserBasicInfo(
|
||||
sender=UserContext(id="user-1", username="sender", avatar_url=None),
|
||||
recipient=UserContext(
|
||||
id="user-2", username="recipient", avatar_url=None
|
||||
),
|
||||
content="Hello!",
|
||||
content={"text": "Hello!"},
|
||||
status="pending",
|
||||
created_at=datetime.now(timezone.utc),
|
||||
)
|
||||
@@ -86,10 +86,8 @@ class FakeFriendshipService(FriendshipService):
|
||||
return [
|
||||
FriendRequestResponse(
|
||||
id=UUID("22222222-2222-2222-2222-222222222222"),
|
||||
sender=UserBasicInfo(id="user-1", username="sender", avatar_url=None),
|
||||
recipient=UserBasicInfo(
|
||||
id="user-3", username="target", avatar_url=None
|
||||
),
|
||||
sender=UserContext(id="user-1", username="sender", avatar_url=None),
|
||||
recipient=UserContext(id="user-3", username="target", avatar_url=None),
|
||||
content=None,
|
||||
status="pending",
|
||||
created_at=datetime.now(timezone.utc),
|
||||
@@ -100,7 +98,7 @@ class FakeFriendshipService(FriendshipService):
|
||||
return [
|
||||
FriendResponse(
|
||||
id=UUID("33333333-3333-3333-3333-333333333333"),
|
||||
friend=UserBasicInfo(id="user-2", username="friend", avatar_url=None),
|
||||
friend=UserContext(id="user-2", username="friend", avatar_url=None),
|
||||
status="active",
|
||||
created_at=datetime.now(timezone.utc),
|
||||
accepted_at=datetime.now(timezone.utc),
|
||||
@@ -110,7 +108,7 @@ class FakeFriendshipService(FriendshipService):
|
||||
async def remove_friend(self, friend_id: UUID) -> FriendResponse:
|
||||
return FriendResponse(
|
||||
id=UUID("33333333-3333-3333-3333-333333333333"),
|
||||
friend=UserBasicInfo(id=str(friend_id), username="friend", avatar_url=None),
|
||||
friend=UserContext(id=str(friend_id), username="friend", avatar_url=None),
|
||||
status="active",
|
||||
created_at=datetime.now(timezone.utc),
|
||||
accepted_at=datetime.now(timezone.utc),
|
||||
@@ -129,7 +127,7 @@ def _override_friendship_service(
|
||||
def _get_fake_current_user() -> CurrentUser:
|
||||
return CurrentUser(
|
||||
id=UUID("00000000-0000-0000-0000-000000000001"),
|
||||
email="test@example.com",
|
||||
phone="+8613812345678",
|
||||
)
|
||||
|
||||
|
||||
|
||||
@@ -52,7 +52,7 @@ def test_share_schedule_item_returns_200() -> None:
|
||||
response = client.post(
|
||||
f"/api/v1/schedule-items/{item_id}/share",
|
||||
json={
|
||||
"email": "friend@example.com",
|
||||
"phone": "+8613810000000",
|
||||
"permission_view": True,
|
||||
"permission_edit": False,
|
||||
"permission_invite": True,
|
||||
@@ -62,7 +62,7 @@ def test_share_schedule_item_returns_200() -> None:
|
||||
body = response.json()
|
||||
assert body["message"] == "Calendar invitation sent"
|
||||
assert service.last_share_request is not None
|
||||
assert service.last_share_request.email == "friend@example.com"
|
||||
assert service.last_share_request.phone == "+8613810000000"
|
||||
assert service.last_share_request.permission_invite is True
|
||||
finally:
|
||||
app.dependency_overrides = {}
|
||||
|
||||
@@ -8,30 +8,31 @@ from fastapi.testclient import TestClient
|
||||
|
||||
from app import app
|
||||
from core.auth.models import CurrentUser
|
||||
from schemas.user.context import UserContext
|
||||
from v1.users.dependencies import get_current_user, get_user_service
|
||||
from v1.users.schemas import UserResponse, UserSearchRequest, UserUpdateRequest
|
||||
from v1.users.schemas import UserSearchRequest, UserUpdateRequest
|
||||
from v1.users.service import UserService
|
||||
|
||||
|
||||
class FakeUserService:
|
||||
"""Fake service for integration testing."""
|
||||
|
||||
def __init__(self, user: UserResponse) -> None:
|
||||
def __init__(self, user: UserContext) -> None:
|
||||
self._user = user
|
||||
self._search_results: list[UserResponse] = []
|
||||
self._search_results: list[UserContext] = []
|
||||
|
||||
def set_search_results(self, results: list[UserResponse]) -> None:
|
||||
def set_search_results(self, results: list[UserContext]) -> None:
|
||||
self._search_results = results
|
||||
|
||||
async def get_me(self) -> UserResponse:
|
||||
async def get_me(self) -> UserContext:
|
||||
if self._user.id is None:
|
||||
raise HTTPException(status_code=404, detail="User not found")
|
||||
return self._user
|
||||
|
||||
async def update_me(self, update: UserUpdateRequest) -> UserResponse:
|
||||
async def update_me(self, update: UserUpdateRequest) -> UserContext:
|
||||
if self._user.id is None:
|
||||
raise HTTPException(status_code=404, detail="User not found")
|
||||
return UserResponse(
|
||||
return UserContext(
|
||||
id=self._user.id,
|
||||
username=(
|
||||
update.username if update.username is not None else self._user.username
|
||||
@@ -44,7 +45,7 @@ class FakeUserService:
|
||||
bio=update.bio if update.bio is not None else self._user.bio,
|
||||
)
|
||||
|
||||
async def search_users(self, request: UserSearchRequest) -> list[UserResponse]:
|
||||
async def search_users(self, request: UserSearchRequest) -> list[UserContext]:
|
||||
if request.query:
|
||||
return self._search_results if self._search_results else [self._user]
|
||||
return []
|
||||
@@ -68,7 +69,7 @@ def _override_current_user(user_id: UUID) -> Callable[[], CurrentUser]:
|
||||
|
||||
def test_get_me_returns_user() -> None:
|
||||
user_id = UUID("00000000-0000-0000-0000-000000000001")
|
||||
user = UserResponse(
|
||||
user = UserContext(
|
||||
id=str(user_id),
|
||||
username="demo",
|
||||
avatar_url=None,
|
||||
@@ -91,7 +92,7 @@ def test_get_me_returns_user() -> None:
|
||||
|
||||
def test_patch_me_updates_user() -> None:
|
||||
user_id = UUID("00000000-0000-0000-0000-000000000001")
|
||||
user = UserResponse(
|
||||
user = UserContext(
|
||||
id=str(user_id),
|
||||
username="demo",
|
||||
avatar_url=None,
|
||||
@@ -117,7 +118,7 @@ def test_patch_me_updates_user() -> None:
|
||||
|
||||
def test_patch_me_validation_error_returns_problem_details() -> None:
|
||||
user_id = UUID("00000000-0000-0000-0000-000000000001")
|
||||
user = UserResponse(
|
||||
user = UserContext(
|
||||
id=str(user_id),
|
||||
username="demo",
|
||||
avatar_url=None,
|
||||
@@ -142,7 +143,7 @@ def test_patch_me_validation_error_returns_problem_details() -> None:
|
||||
|
||||
def test_search_users_returns_list() -> None:
|
||||
user_id = UUID("00000000-0000-0000-0000-000000000001")
|
||||
user = UserResponse(
|
||||
user = UserContext(
|
||||
id=str(user_id),
|
||||
username="demo",
|
||||
avatar_url=None,
|
||||
@@ -167,7 +168,7 @@ def test_search_users_returns_list() -> None:
|
||||
|
||||
def test_search_users_empty_query_returns_422() -> None:
|
||||
user_id = UUID("00000000-0000-0000-0000-000000000001")
|
||||
user = UserResponse(
|
||||
user = UserContext(
|
||||
id=str(user_id),
|
||||
username="demo",
|
||||
avatar_url=None,
|
||||
|
||||
@@ -115,6 +115,34 @@ class _FailingStreamAgentService(_FakeAgentService):
|
||||
raise RuntimeError("redis timeout")
|
||||
|
||||
|
||||
class _TerminalStreamAgentService(_FakeAgentService):
|
||||
def __init__(self) -> None:
|
||||
super().__init__()
|
||||
self.stream_calls = 0
|
||||
|
||||
async def stream_events(
|
||||
self,
|
||||
*,
|
||||
thread_id: str,
|
||||
last_event_id: str | None,
|
||||
current_user: CurrentUser,
|
||||
) -> list[dict[str, object]]:
|
||||
del thread_id, last_event_id, current_user
|
||||
self.stream_calls += 1
|
||||
if self.stream_calls == 1:
|
||||
return [
|
||||
{
|
||||
"id": "9-0",
|
||||
"event": {
|
||||
"type": "RUN_FINISHED",
|
||||
"threadId": "00000000-0000-0000-0000-000000000001",
|
||||
"runId": "run-1",
|
||||
},
|
||||
}
|
||||
]
|
||||
return []
|
||||
|
||||
|
||||
def test_run_requires_auth_and_returns_202_task_id() -> None:
|
||||
app.dependency_overrides[get_agent_service] = lambda: _FakeAgentService()
|
||||
client = TestClient(app)
|
||||
@@ -129,13 +157,13 @@ def test_run_requires_auth_and_returns_202_task_id() -> None:
|
||||
"messages": [{"id": "u1", "role": "user", "content": "hello"}],
|
||||
"tools": [],
|
||||
"context": [],
|
||||
"forwardedProps": {},
|
||||
"forwardedProps": {"agent_type": "worker"},
|
||||
},
|
||||
)
|
||||
assert unauthorized.status_code == 401
|
||||
|
||||
app.dependency_overrides[get_current_user] = lambda: CurrentUser(
|
||||
id=uuid4(), email="user@example.com"
|
||||
id=uuid4(), phone="+8613812345678"
|
||||
)
|
||||
authorized = client.post(
|
||||
"/api/v1/agent/runs",
|
||||
@@ -146,7 +174,7 @@ def test_run_requires_auth_and_returns_202_task_id() -> None:
|
||||
"messages": [{"id": "u1", "role": "user", "content": "hello"}],
|
||||
"tools": [],
|
||||
"context": [],
|
||||
"forwardedProps": {},
|
||||
"forwardedProps": {"agent_type": "worker"},
|
||||
},
|
||||
)
|
||||
assert authorized.status_code == 202
|
||||
@@ -161,7 +189,7 @@ def test_run_requires_auth_and_returns_202_task_id() -> None:
|
||||
def test_stream_reads_from_last_event_id() -> None:
|
||||
app.dependency_overrides[get_agent_service] = lambda: _FakeAgentService()
|
||||
app.dependency_overrides[get_current_user] = lambda: CurrentUser(
|
||||
id=uuid4(), email="user@example.com"
|
||||
id=uuid4(), phone="+8613812345678"
|
||||
)
|
||||
client = TestClient(app)
|
||||
original_acquire = agent_router._acquire_sse_slot
|
||||
@@ -197,7 +225,7 @@ def test_stream_reads_from_last_event_id() -> None:
|
||||
def test_stream_handles_stream_backend_errors_without_connection_crash() -> None:
|
||||
app.dependency_overrides[get_agent_service] = lambda: _FailingStreamAgentService()
|
||||
app.dependency_overrides[get_current_user] = lambda: CurrentUser(
|
||||
id=uuid4(), email="user@example.com"
|
||||
id=uuid4(), phone="+8613812345678"
|
||||
)
|
||||
client = TestClient(app)
|
||||
original_acquire = agent_router._acquire_sse_slot
|
||||
@@ -226,10 +254,45 @@ def test_stream_handles_stream_backend_errors_without_connection_crash() -> None
|
||||
app.dependency_overrides = {}
|
||||
|
||||
|
||||
def test_stream_stops_after_terminal_run_event() -> None:
|
||||
service = _TerminalStreamAgentService()
|
||||
app.dependency_overrides[get_agent_service] = lambda: service
|
||||
app.dependency_overrides[get_current_user] = lambda: CurrentUser(
|
||||
id=uuid4(), phone="+8613812345678"
|
||||
)
|
||||
client = TestClient(app)
|
||||
original_acquire = agent_router._acquire_sse_slot
|
||||
original_release = agent_router._release_sse_slot
|
||||
|
||||
async def _allow_slot(*, user_id: str) -> bool:
|
||||
del user_id
|
||||
return True
|
||||
|
||||
async def _noop_release(*, user_id: str) -> None:
|
||||
del user_id
|
||||
return None
|
||||
|
||||
agent_router._acquire_sse_slot = _allow_slot # type: ignore[assignment]
|
||||
agent_router._release_sse_slot = _noop_release # type: ignore[assignment]
|
||||
|
||||
try:
|
||||
response = client.get(
|
||||
"/api/v1/agent/runs/00000000-0000-0000-0000-000000000001/events?idle_limit=3"
|
||||
)
|
||||
assert response.status_code == 200
|
||||
assert response.headers["content-type"].startswith("text/event-stream")
|
||||
assert "event: RUN_FINISHED" in response.text
|
||||
assert service.stream_calls == 1
|
||||
finally:
|
||||
agent_router._acquire_sse_slot = original_acquire # type: ignore[assignment]
|
||||
agent_router._release_sse_slot = original_release # type: ignore[assignment]
|
||||
app.dependency_overrides = {}
|
||||
|
||||
|
||||
def test_stream_rejects_invalid_last_event_id() -> None:
|
||||
app.dependency_overrides[get_agent_service] = lambda: _FakeAgentService()
|
||||
app.dependency_overrides[get_current_user] = lambda: CurrentUser(
|
||||
id=uuid4(), email="user@example.com"
|
||||
id=uuid4(), phone="+8613812345678"
|
||||
)
|
||||
client = TestClient(app)
|
||||
|
||||
@@ -255,7 +318,7 @@ def test_history_returns_state_snapshot() -> None:
|
||||
assert unauthorized.status_code == 401
|
||||
|
||||
app.dependency_overrides[get_current_user] = lambda: CurrentUser(
|
||||
id=uuid4(), email="user@example.com"
|
||||
id=uuid4(), phone="+8613812345678"
|
||||
)
|
||||
authorized = client.get(
|
||||
"/api/v1/agent/history",
|
||||
@@ -276,7 +339,7 @@ def test_history_returns_state_snapshot() -> None:
|
||||
def test_user_history_returns_latest_snapshot() -> None:
|
||||
app.dependency_overrides[get_agent_service] = lambda: _FakeAgentService()
|
||||
app.dependency_overrides[get_current_user] = lambda: CurrentUser(
|
||||
id=uuid4(), email="user@example.com"
|
||||
id=uuid4(), phone="+8613812345678"
|
||||
)
|
||||
client = TestClient(app)
|
||||
try:
|
||||
@@ -292,7 +355,7 @@ def test_user_history_returns_latest_snapshot() -> None:
|
||||
def test_run_rejects_oversized_user_text_payload() -> None:
|
||||
app.dependency_overrides[get_agent_service] = lambda: _FakeAgentService()
|
||||
app.dependency_overrides[get_current_user] = lambda: CurrentUser(
|
||||
id=uuid4(), email="user@example.com"
|
||||
id=uuid4(), phone="+8613812345678"
|
||||
)
|
||||
client = TestClient(app)
|
||||
|
||||
@@ -312,7 +375,7 @@ def test_run_rejects_oversized_user_text_payload() -> None:
|
||||
],
|
||||
"tools": [],
|
||||
"context": [],
|
||||
"forwardedProps": {},
|
||||
"forwardedProps": {"agent_type": "worker"},
|
||||
},
|
||||
)
|
||||
assert response.status_code == 422
|
||||
@@ -323,7 +386,7 @@ def test_run_rejects_oversized_user_text_payload() -> None:
|
||||
def test_run_rejects_client_supplied_history_messages() -> None:
|
||||
app.dependency_overrides[get_agent_service] = lambda: _FakeAgentService()
|
||||
app.dependency_overrides[get_current_user] = lambda: CurrentUser(
|
||||
id=uuid4(), email="user@example.com"
|
||||
id=uuid4(), phone="+8613812345678"
|
||||
)
|
||||
client = TestClient(app)
|
||||
|
||||
@@ -340,7 +403,7 @@ def test_run_rejects_client_supplied_history_messages() -> None:
|
||||
],
|
||||
"tools": [],
|
||||
"context": [],
|
||||
"forwardedProps": {},
|
||||
"forwardedProps": {"agent_type": "worker"},
|
||||
},
|
||||
)
|
||||
assert response.status_code == 422
|
||||
@@ -351,7 +414,7 @@ def test_run_rejects_client_supplied_history_messages() -> None:
|
||||
def test_upload_attachment_returns_reference() -> None:
|
||||
app.dependency_overrides[get_agent_service] = lambda: _FakeAgentService()
|
||||
app.dependency_overrides[get_current_user] = lambda: CurrentUser(
|
||||
id=uuid4(), email="user@example.com"
|
||||
id=uuid4(), phone="+8613812345678"
|
||||
)
|
||||
client = TestClient(app)
|
||||
|
||||
@@ -376,7 +439,7 @@ def test_upload_attachment_returns_reference() -> None:
|
||||
def test_create_attachment_signed_url_returns_url() -> None:
|
||||
app.dependency_overrides[get_agent_service] = lambda: _FakeAgentService()
|
||||
app.dependency_overrides[get_current_user] = lambda: CurrentUser(
|
||||
id=uuid4(), email="user@example.com"
|
||||
id=uuid4(), phone="+8613812345678"
|
||||
)
|
||||
client = TestClient(app)
|
||||
|
||||
@@ -399,7 +462,7 @@ def test_create_attachment_signed_url_returns_url() -> None:
|
||||
|
||||
def test_asr_transcribe_returns_sync_transcript(monkeypatch) -> None:
|
||||
app.dependency_overrides[get_current_user] = lambda: CurrentUser(
|
||||
id=uuid4(), email="user@example.com"
|
||||
id=uuid4(), phone="+8613812345678"
|
||||
)
|
||||
|
||||
async def mock_transcribe_file(file_path: str, filename: str) -> str:
|
||||
@@ -434,7 +497,7 @@ def test_asr_transcribe_returns_sync_transcript(monkeypatch) -> None:
|
||||
|
||||
def test_asr_transcribe_rejects_oversized_audio(monkeypatch) -> None:
|
||||
app.dependency_overrides[get_current_user] = lambda: CurrentUser(
|
||||
id=uuid4(), email="user@example.com"
|
||||
id=uuid4(), phone="+8613812345678"
|
||||
)
|
||||
|
||||
monkeypatch.setattr(agent_router, "_MAX_TRANSCRIBE_AUDIO_BYTES", 4)
|
||||
@@ -457,7 +520,7 @@ def test_asr_transcribe_rejects_oversized_audio(monkeypatch) -> None:
|
||||
|
||||
def test_asr_transcribe_rejects_non_wav_audio(monkeypatch) -> None:
|
||||
app.dependency_overrides[get_current_user] = lambda: CurrentUser(
|
||||
id=uuid4(), email="user@example.com"
|
||||
id=uuid4(), phone="+8613812345678"
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
@@ -478,7 +541,7 @@ def test_asr_transcribe_rejects_non_wav_audio(monkeypatch) -> None:
|
||||
|
||||
def test_asr_transcribe_rejects_invalid_wav_payload(monkeypatch) -> None:
|
||||
app.dependency_overrides[get_current_user] = lambda: CurrentUser(
|
||||
id=uuid4(), email="user@example.com"
|
||||
id=uuid4(), phone="+8613812345678"
|
||||
)
|
||||
|
||||
client = TestClient(app)
|
||||
|
||||
@@ -20,16 +20,16 @@ FIXTURE_IMAGE_PATH = (
|
||||
|
||||
|
||||
async def _live_access_token(client: httpx.AsyncClient) -> str:
|
||||
email = os.getenv("AGENT_LIVE_EMAIL")
|
||||
phone = os.getenv("AGENT_LIVE_PHONE")
|
||||
password = os.getenv("AGENT_LIVE_PASSWORD")
|
||||
if not email or not password:
|
||||
if not phone or not password:
|
||||
pytest.fail(
|
||||
"AGENT_LIVE_INTEGRATION=1 requires AGENT_LIVE_EMAIL and AGENT_LIVE_PASSWORD"
|
||||
"AGENT_LIVE_INTEGRATION=1 requires AGENT_LIVE_PHONE and AGENT_LIVE_PASSWORD"
|
||||
)
|
||||
|
||||
response = await client.post(
|
||||
f"{BASE_URL}/api/v1/auth/sessions",
|
||||
json={"email": email, "password": password},
|
||||
json={"phone": phone, "password": password},
|
||||
)
|
||||
response_text = response.text.strip().replace("\n", " ")
|
||||
truncated_text = response_text[:200]
|
||||
@@ -67,7 +67,7 @@ async def test_agent_sse_closed_loop_live() -> None:
|
||||
],
|
||||
"tools": [],
|
||||
"context": [],
|
||||
"forwardedProps": {},
|
||||
"forwardedProps": {"agent_type": "worker"},
|
||||
},
|
||||
)
|
||||
assert run_resp.status_code == 202
|
||||
@@ -143,7 +143,7 @@ async def test_agent_runs_events_history_live_with_image_input() -> None:
|
||||
],
|
||||
"tools": [],
|
||||
"context": [],
|
||||
"forwardedProps": {},
|
||||
"forwardedProps": {"agent_type": "worker"},
|
||||
},
|
||||
)
|
||||
assert run_resp.status_code == 202
|
||||
|
||||
@@ -10,7 +10,7 @@ from v1.agent.service import ensure_session_owner
|
||||
|
||||
|
||||
def test_owner_guard_denies_non_owner() -> None:
|
||||
user = CurrentUser(id=uuid4(), email="self@example.com")
|
||||
user = CurrentUser(id=uuid4(), phone="self@example.com")
|
||||
|
||||
with pytest.raises(HTTPException):
|
||||
ensure_session_owner(owner_id="other-user", current_user=user)
|
||||
|
||||
@@ -7,6 +7,8 @@ from uuid import uuid4
|
||||
import pytest
|
||||
|
||||
from models.agent_chat_message import AgentChatMessageRole
|
||||
from sqlalchemy import select
|
||||
from models.agent_chat_message import AgentChatMessage
|
||||
from v1.agent.repository import AgentRepository
|
||||
|
||||
|
||||
@@ -79,6 +81,7 @@ async def test_persist_user_message_sets_session_title_when_empty() -> None:
|
||||
session_id=session_id,
|
||||
content=" 请帮我安排明天下午开会 ",
|
||||
metadata=None,
|
||||
visibility_mask=1,
|
||||
)
|
||||
|
||||
assert session_row.title == "请帮我安排明天下午开会"
|
||||
@@ -101,6 +104,7 @@ async def test_persist_user_message_keeps_existing_session_title() -> None:
|
||||
session_id=session_id,
|
||||
content="新的消息内容",
|
||||
metadata=None,
|
||||
visibility_mask=1,
|
||||
)
|
||||
|
||||
assert session_row.title == "已有标题"
|
||||
@@ -164,3 +168,13 @@ async def test_get_history_day_uses_target_day_queries_only() -> None:
|
||||
messages = payload["messages"]
|
||||
assert isinstance(messages, list)
|
||||
assert len(messages) == 1
|
||||
|
||||
|
||||
def test_apply_visibility_filter_adds_bitwise_expression() -> None:
|
||||
repository = AgentRepository(session=SimpleNamespace()) # type: ignore[arg-type]
|
||||
stmt = select(AgentChatMessage)
|
||||
|
||||
filtered = repository._apply_visibility_filter(stmt=stmt, visibility_mask=1)
|
||||
|
||||
assert "visibility_mask" in str(filtered)
|
||||
assert "&" in str(filtered)
|
||||
|
||||
@@ -20,6 +20,7 @@ class _FakeRepository:
|
||||
def __init__(self) -> None:
|
||||
self.committed = False
|
||||
self.persisted_user_messages: list[dict[str, object]] = []
|
||||
self.created_session_calls = 0
|
||||
|
||||
async def get_session_owner(self, *, session_id: str) -> str:
|
||||
if session_id == "00000000-0000-0000-0000-000000000001":
|
||||
@@ -30,6 +31,7 @@ class _FakeRepository:
|
||||
self, *, user_id: str, session_id: str | None = None
|
||||
) -> str:
|
||||
del user_id
|
||||
self.created_session_calls += 1
|
||||
return session_id or "00000000-0000-0000-0000-000000000999"
|
||||
|
||||
async def commit(self) -> None:
|
||||
@@ -39,9 +41,13 @@ class _FakeRepository:
|
||||
return None
|
||||
|
||||
async def get_history_day(
|
||||
self, *, session_id: str, before: date | None
|
||||
self,
|
||||
*,
|
||||
session_id: str,
|
||||
before: date | None,
|
||||
visibility_mask: int | None = None,
|
||||
) -> dict[str, object] | None:
|
||||
del session_id, before
|
||||
del session_id, before, visibility_mask
|
||||
return None
|
||||
|
||||
async def get_latest_session_id_for_user(self, *, user_id: str) -> str | None:
|
||||
@@ -54,15 +60,42 @@ class _FakeRepository:
|
||||
session_id: str,
|
||||
content: str,
|
||||
metadata: AgentChatMessageMetadata | None,
|
||||
visibility_mask: int,
|
||||
) -> None:
|
||||
self.persisted_user_messages.append(
|
||||
{
|
||||
"session_id": session_id,
|
||||
"content": content,
|
||||
"metadata": metadata,
|
||||
"visibility_mask": visibility_mask,
|
||||
}
|
||||
)
|
||||
|
||||
async def get_system_agent_config(
|
||||
self, *, agent_type: str
|
||||
) -> dict[str, object] | None:
|
||||
normalized = agent_type.strip().lower()
|
||||
mapping = {
|
||||
"router": 16,
|
||||
"worker": 17,
|
||||
"memory": 18,
|
||||
}
|
||||
bit = mapping.get(normalized)
|
||||
if bit is None:
|
||||
return None
|
||||
return {
|
||||
"agent_type": normalized,
|
||||
"status": "active",
|
||||
"config": {
|
||||
"temperature": 0.7,
|
||||
"max_tokens": None,
|
||||
"timeout_seconds": 30,
|
||||
"visibility_consumer_bit": bit,
|
||||
"context_messages": {"mode": "number", "count": 20},
|
||||
"enabled_tools": [],
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
class _FakeQueue:
|
||||
def __init__(self) -> None:
|
||||
@@ -122,11 +155,11 @@ class _FakeAttachmentStorage:
|
||||
def _user() -> CurrentUser:
|
||||
return CurrentUser(
|
||||
id=UUID("00000000-0000-0000-0000-000000000001"),
|
||||
email="user@example.com",
|
||||
phone="+8613812345678",
|
||||
)
|
||||
|
||||
|
||||
def _build_run_input(*, urls: list[str]) -> RunAgentInput:
|
||||
def _build_run_input(*, urls: list[str], agent_type: str = "worker") -> RunAgentInput:
|
||||
content: list[dict[str, str]] = [{"type": "text", "text": "hello"}]
|
||||
for url in urls:
|
||||
content.append({"type": "binary", "mimeType": "image/png", "url": url})
|
||||
@@ -144,7 +177,7 @@ def _build_run_input(*, urls: list[str]) -> RunAgentInput:
|
||||
],
|
||||
"tools": [],
|
||||
"context": [],
|
||||
"forwardedProps": {},
|
||||
"forwardedProps": {"agent_type": agent_type},
|
||||
}
|
||||
)
|
||||
|
||||
@@ -222,6 +255,68 @@ async def test_enqueue_run_persists_attachment_and_queue_without_user_token(
|
||||
assert run_input["runId"] == "run-1"
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_enqueue_run_rejects_unknown_agent_type(monkeypatch) -> None:
|
||||
monkeypatch.setattr(
|
||||
agent_service_module.config.storage, "bucket", "agent-test-bucket"
|
||||
)
|
||||
service = AgentService(
|
||||
repository=_FakeRepository(),
|
||||
queue=_FakeQueue(),
|
||||
stream=_FakeStream(),
|
||||
attachment_storage=_FakeAttachmentStorage(),
|
||||
)
|
||||
base_url = str(config.supabase.url).rstrip("/")
|
||||
safe_path = quote(
|
||||
"agent-inputs/00000000-0000-0000-0000-000000000001/"
|
||||
"00000000-0000-0000-0000-000000000001/uploads/a.png"
|
||||
)
|
||||
run_input = _build_run_input(
|
||||
urls=[
|
||||
f"{base_url}/storage/v1/object/sign/agent-test-bucket/{safe_path}?token=1"
|
||||
],
|
||||
agent_type="planner",
|
||||
)
|
||||
|
||||
with pytest.raises(HTTPException) as exc_info:
|
||||
await service.enqueue_run(run_input=run_input, current_user=_user())
|
||||
|
||||
assert exc_info.value.status_code == 422
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_enqueue_run_rejects_memory_mode_for_api(monkeypatch) -> None:
|
||||
monkeypatch.setattr(
|
||||
agent_service_module.config.storage, "bucket", "agent-test-bucket"
|
||||
)
|
||||
repository = _FakeRepository()
|
||||
service = AgentService(
|
||||
repository=repository,
|
||||
queue=_FakeQueue(),
|
||||
stream=_FakeStream(),
|
||||
attachment_storage=_FakeAttachmentStorage(),
|
||||
)
|
||||
base_url = str(config.supabase.url).rstrip("/")
|
||||
safe_path = quote(
|
||||
"agent-inputs/00000000-0000-0000-0000-000000000001/"
|
||||
"00000000-0000-0000-0000-000000000001/uploads/a.png"
|
||||
)
|
||||
run_input = _build_run_input(
|
||||
urls=[
|
||||
f"{base_url}/storage/v1/object/sign/agent-test-bucket/{safe_path}?token=1"
|
||||
],
|
||||
agent_type="memory",
|
||||
)
|
||||
|
||||
with pytest.raises(HTTPException) as exc_info:
|
||||
await service.enqueue_run(run_input=run_input, current_user=_user())
|
||||
|
||||
assert exc_info.value.status_code == 422
|
||||
assert exc_info.value.detail == "memory mode is automation-only"
|
||||
assert repository.created_session_calls == 0
|
||||
assert repository.persisted_user_messages == []
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_create_attachment_signed_url_returns_url(monkeypatch) -> None:
|
||||
monkeypatch.setattr(
|
||||
@@ -317,9 +412,13 @@ async def test_enqueue_run_rejects_too_many_attachments(monkeypatch) -> None:
|
||||
async def test_get_history_snapshot_filters_out_tool_messages() -> None:
|
||||
class _HistoryRepository(_FakeRepository):
|
||||
async def get_history_day(
|
||||
self, *, session_id: str, before: date | None
|
||||
self,
|
||||
*,
|
||||
session_id: str,
|
||||
before: date | None,
|
||||
visibility_mask: int | None = None,
|
||||
) -> dict[str, object] | None:
|
||||
del session_id, before
|
||||
del session_id, before, visibility_mask
|
||||
return {
|
||||
"day": "2026-03-17",
|
||||
"hasMore": False,
|
||||
|
||||
@@ -8,13 +8,9 @@ from fastapi import HTTPException
|
||||
|
||||
from v1.auth.gateway import SupabaseAuthGateway
|
||||
from v1.auth.schemas import (
|
||||
PasswordResetConfirmRequest,
|
||||
PasswordResetRequest,
|
||||
SessionCreateRequest,
|
||||
OtpSendRequest,
|
||||
PhoneSessionCreateRequest,
|
||||
SessionRefreshRequest,
|
||||
VerificationCreateRequest,
|
||||
VerificationVerifyRequest,
|
||||
VerificationResendRequest,
|
||||
)
|
||||
|
||||
|
||||
@@ -35,314 +31,83 @@ class TestSupabaseAuthGateway:
|
||||
return SupabaseAuthGateway(), mock_client, mock_admin_client
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_request_password_reset_calls_email_with_string(
|
||||
async def test_send_otp_sets_should_create_user(
|
||||
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
|
||||
) -> None:
|
||||
sut, mock_client, _ = gateway
|
||||
mock_reset_email = MagicMock()
|
||||
mock_client.auth.reset_password_email = mock_reset_email
|
||||
mock_sign_in_with_otp = MagicMock()
|
||||
mock_client.auth.sign_in_with_otp = mock_sign_in_with_otp
|
||||
|
||||
request = PasswordResetRequest(email="test@example.com")
|
||||
await sut.request_password_reset(request)
|
||||
await sut.send_otp(OtpSendRequest(phone="+8613812345678"))
|
||||
|
||||
mock_reset_email.assert_called_once_with("test@example.com")
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_create_verification_maps_timeout_error_to_503(
|
||||
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
|
||||
) -> None:
|
||||
sut, mock_client, _ = gateway
|
||||
from supabase import AuthError
|
||||
|
||||
mock_client.auth.sign_up = MagicMock(
|
||||
side_effect=AuthError("request_timeout", None)
|
||||
)
|
||||
|
||||
with pytest.raises(HTTPException) as exc_info:
|
||||
await sut.create_verification(
|
||||
VerificationCreateRequest(
|
||||
username="tester",
|
||||
email="test@example.com",
|
||||
password="secret123",
|
||||
)
|
||||
)
|
||||
|
||||
assert exc_info.value.status_code == 503
|
||||
assert exc_info.value.detail == "Auth service temporarily unavailable"
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_request_password_reset_with_redirect(
|
||||
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
|
||||
) -> None:
|
||||
sut, mock_client, _ = gateway
|
||||
mock_reset_email = MagicMock()
|
||||
mock_client.auth.reset_password_email = mock_reset_email
|
||||
|
||||
request = PasswordResetRequest(
|
||||
email="test@example.com",
|
||||
redirect_to="http://localhost:3000/reset-password",
|
||||
)
|
||||
await sut.request_password_reset(request)
|
||||
|
||||
mock_reset_email.assert_called_once_with(
|
||||
"test@example.com",
|
||||
options={"redirect_to": "http://localhost:3000/reset-password"},
|
||||
)
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_create_verification_rejects_untrusted_redirect_url(
|
||||
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
|
||||
) -> None:
|
||||
sut, _, _ = gateway
|
||||
|
||||
with pytest.raises(HTTPException) as exc_info:
|
||||
await sut.create_verification(
|
||||
VerificationCreateRequest(
|
||||
username="tester",
|
||||
email="test@example.com",
|
||||
password="secret123",
|
||||
redirect_to="https://evil.example.com/callback",
|
||||
)
|
||||
)
|
||||
|
||||
assert exc_info.value.status_code == 422
|
||||
assert exc_info.value.detail == "Invalid redirect URL"
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_request_password_reset_rejects_untrusted_redirect_url(
|
||||
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
|
||||
) -> None:
|
||||
sut, _, _ = gateway
|
||||
|
||||
with pytest.raises(HTTPException) as exc_info:
|
||||
await sut.request_password_reset(
|
||||
PasswordResetRequest(
|
||||
email="test@example.com",
|
||||
redirect_to="https://evil.example.com/reset",
|
||||
)
|
||||
)
|
||||
|
||||
assert exc_info.value.status_code == 422
|
||||
assert exc_info.value.detail == "Invalid redirect URL"
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_request_password_reset_swallows_auth_error(
|
||||
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
|
||||
) -> None:
|
||||
sut, mock_client, _ = gateway
|
||||
from supabase import AuthError
|
||||
|
||||
mock_reset_email = MagicMock(side_effect=AuthError("rate limit exceeded", None))
|
||||
mock_client.auth.reset_password_email = mock_reset_email
|
||||
|
||||
request = PasswordResetRequest(email="test@example.com")
|
||||
|
||||
result = await sut.request_password_reset(request)
|
||||
|
||||
mock_reset_email.assert_called_once()
|
||||
assert result is None
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_request_password_reset_extracts_email_from_mapping(
|
||||
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
|
||||
) -> None:
|
||||
sut, mock_client, _ = gateway
|
||||
mock_reset_email = MagicMock()
|
||||
mock_client.auth.reset_password_email = mock_reset_email
|
||||
|
||||
request = PasswordResetRequest.model_construct(
|
||||
email={"email": "test@example.com"},
|
||||
redirect_to=None,
|
||||
)
|
||||
|
||||
await sut.request_password_reset(request)
|
||||
|
||||
mock_reset_email.assert_called_once_with("test@example.com")
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_request_password_reset_rejects_invalid_email_shape(
|
||||
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
|
||||
) -> None:
|
||||
sut, _, _ = gateway
|
||||
request = PasswordResetRequest.model_construct(
|
||||
email={"unexpected": "value"},
|
||||
redirect_to=None,
|
||||
)
|
||||
|
||||
with pytest.raises(HTTPException) as exc_info:
|
||||
await sut.request_password_reset(request)
|
||||
|
||||
assert exc_info.value.status_code == 422
|
||||
assert exc_info.value.detail == "Invalid email"
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_confirm_password_reset_updates_password_by_user_id(
|
||||
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
|
||||
) -> None:
|
||||
sut, mock_client, mock_admin_client = gateway
|
||||
verify_response = SimpleNamespace(
|
||||
session=SimpleNamespace(access_token="access"),
|
||||
user=SimpleNamespace(id="user-1"),
|
||||
)
|
||||
mock_verify_otp = MagicMock(return_value=verify_response)
|
||||
mock_client.auth.verify_otp = mock_verify_otp
|
||||
|
||||
mock_update_user_by_id = MagicMock()
|
||||
mock_admin_client.auth.admin = SimpleNamespace(
|
||||
update_user_by_id=mock_update_user_by_id
|
||||
)
|
||||
|
||||
request = PasswordResetConfirmRequest(
|
||||
email="test@example.com",
|
||||
token="123456",
|
||||
new_password="newpassword123",
|
||||
)
|
||||
|
||||
await sut.confirm_password_reset(request)
|
||||
|
||||
mock_verify_otp.assert_called_once_with(
|
||||
mock_sign_in_with_otp.assert_called_once_with(
|
||||
{
|
||||
"type": "recovery",
|
||||
"email": "test@example.com",
|
||||
"token": "123456",
|
||||
"phone": "+8613812345678",
|
||||
"options": {"should_create_user": True},
|
||||
}
|
||||
)
|
||||
mock_update_user_by_id.assert_called_once_with(
|
||||
"user-1",
|
||||
{"password": "newpassword123"},
|
||||
)
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_confirm_password_reset_raises_when_user_id_missing(
|
||||
async def test_create_phone_session_uses_verify_otp(
|
||||
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
|
||||
) -> None:
|
||||
sut, mock_client, _ = gateway
|
||||
verify_response = SimpleNamespace(
|
||||
session=SimpleNamespace(access_token="access"),
|
||||
user=SimpleNamespace(id=""),
|
||||
session=SimpleNamespace(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
),
|
||||
user=SimpleNamespace(id="user-1", phone="+8613812345678"),
|
||||
)
|
||||
mock_client.auth.verify_otp = MagicMock(return_value=verify_response)
|
||||
|
||||
request = PasswordResetConfirmRequest(
|
||||
email="test@example.com",
|
||||
token="123456",
|
||||
new_password="newpassword123",
|
||||
response = await sut.create_phone_session(
|
||||
PhoneSessionCreateRequest(phone="+8613812345678", token="123456")
|
||||
)
|
||||
|
||||
assert response.user.id == "user-1"
|
||||
assert response.access_token == "access"
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_create_phone_session_normalizes_phone_without_plus_prefix(
|
||||
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
|
||||
) -> None:
|
||||
sut, mock_client, _ = gateway
|
||||
verify_response = SimpleNamespace(
|
||||
session=SimpleNamespace(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
),
|
||||
user=SimpleNamespace(id="user-1", phone="14155552671"),
|
||||
)
|
||||
mock_client.auth.verify_otp = MagicMock(return_value=verify_response)
|
||||
|
||||
response = await sut.create_phone_session(
|
||||
PhoneSessionCreateRequest(phone="+14155552671", token="123456")
|
||||
)
|
||||
|
||||
assert response.user.phone == "+14155552671"
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_refresh_session_maps_invalid_token(
|
||||
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
|
||||
) -> None:
|
||||
sut, mock_client, _ = gateway
|
||||
mock_client.auth.refresh_session = MagicMock(
|
||||
return_value=SimpleNamespace(session=None, user=None)
|
||||
)
|
||||
|
||||
with pytest.raises(HTTPException) as exc_info:
|
||||
await sut.confirm_password_reset(request)
|
||||
await sut.refresh_session(SessionRefreshRequest(refresh_token="bad"))
|
||||
|
||||
assert exc_info.value.status_code == 401
|
||||
assert exc_info.value.detail == "Invalid or expired verification code"
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_recovery_resend_calls_reset_password_email(
|
||||
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
|
||||
) -> None:
|
||||
sut, mock_client, _ = gateway
|
||||
mock_reset_email = MagicMock()
|
||||
mock_client.auth.reset_password_email = mock_reset_email
|
||||
|
||||
await sut.resend_verification(
|
||||
VerificationResendRequest(
|
||||
type="recovery",
|
||||
email="test@example.com",
|
||||
redirect_to="http://localhost:3000/reset-password",
|
||||
)
|
||||
)
|
||||
|
||||
mock_reset_email.assert_called_once_with(
|
||||
"test@example.com",
|
||||
options={"redirect_to": "http://localhost:3000/reset-password"},
|
||||
)
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_verify_verification_maps_internal_error_to_503(
|
||||
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
|
||||
) -> None:
|
||||
sut, mock_client, _ = gateway
|
||||
from supabase import AuthError
|
||||
|
||||
mock_client.auth.verify_otp = MagicMock(
|
||||
side_effect=AuthError("internal_server_error", None)
|
||||
)
|
||||
|
||||
with pytest.raises(HTTPException) as exc_info:
|
||||
await sut.verify_verification(
|
||||
VerificationVerifyRequest(
|
||||
type="signup",
|
||||
email="test@example.com",
|
||||
token="123456",
|
||||
)
|
||||
)
|
||||
|
||||
assert exc_info.value.status_code == 503
|
||||
assert exc_info.value.detail == "Auth service temporarily unavailable"
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_create_session_maps_internal_error_to_503(
|
||||
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
|
||||
) -> None:
|
||||
sut, mock_client, _ = gateway
|
||||
from supabase import AuthError
|
||||
|
||||
mock_client.auth.sign_in_with_password = MagicMock(
|
||||
side_effect=AuthError("internal_server_error", None)
|
||||
)
|
||||
|
||||
with pytest.raises(HTTPException) as exc_info:
|
||||
await sut.create_session(
|
||||
SessionCreateRequest(
|
||||
email="test@example.com",
|
||||
password="secret123",
|
||||
)
|
||||
)
|
||||
|
||||
assert exc_info.value.status_code == 503
|
||||
assert exc_info.value.detail == "Auth service temporarily unavailable"
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_refresh_session_maps_bad_gateway_to_503(
|
||||
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
|
||||
) -> None:
|
||||
sut, mock_client, _ = gateway
|
||||
from supabase import AuthError
|
||||
|
||||
mock_client.auth.refresh_session = MagicMock(
|
||||
side_effect=AuthError("bad_gateway", None)
|
||||
)
|
||||
|
||||
with pytest.raises(HTTPException) as exc_info:
|
||||
await sut.refresh_session(SessionRefreshRequest(refresh_token="rt"))
|
||||
|
||||
assert exc_info.value.status_code == 503
|
||||
assert exc_info.value.detail == "Auth service temporarily unavailable"
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_confirm_password_reset_maps_service_unavailable_to_503(
|
||||
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
|
||||
) -> None:
|
||||
sut, mock_client, _ = gateway
|
||||
from supabase import AuthError
|
||||
|
||||
mock_client.auth.verify_otp = MagicMock(
|
||||
side_effect=AuthError("service_unavailable", None)
|
||||
)
|
||||
|
||||
with pytest.raises(HTTPException) as exc_info:
|
||||
await sut.confirm_password_reset(
|
||||
PasswordResetConfirmRequest(
|
||||
email="test@example.com",
|
||||
token="123456",
|
||||
new_password="newpassword123",
|
||||
)
|
||||
)
|
||||
|
||||
assert exc_info.value.status_code == 503
|
||||
assert exc_info.value.detail == "Auth service temporarily unavailable"
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_get_user_by_email_uses_in_memory_cache(
|
||||
async def test_get_user_by_phone_uses_in_memory_cache(
|
||||
self,
|
||||
gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock],
|
||||
monkeypatch: pytest.MonkeyPatch,
|
||||
@@ -350,9 +115,9 @@ class TestSupabaseAuthGateway:
|
||||
sut, _, _ = gateway
|
||||
user = SimpleNamespace(
|
||||
id="user-1",
|
||||
email="cached@example.com",
|
||||
phone="+8613811112222",
|
||||
created_at="2026-03-16T00:00:00Z",
|
||||
email_confirmed_at=None,
|
||||
phone_confirmed_at=None,
|
||||
)
|
||||
list_calls = {"count": 0}
|
||||
|
||||
@@ -362,9 +127,39 @@ class TestSupabaseAuthGateway:
|
||||
|
||||
monkeypatch.setattr("v1.auth.gateway._list_auth_users", _fake_list_auth_users)
|
||||
|
||||
first = await sut.get_user_by_email("cached@example.com")
|
||||
second = await sut.get_user_by_email("CACHED@example.com")
|
||||
first = await sut.get_user_by_phone("+8613811112222")
|
||||
second = await sut.get_user_by_phone("+8613811112222")
|
||||
|
||||
assert first.id == "user-1"
|
||||
assert second.email == "cached@example.com"
|
||||
assert second.phone == "+8613811112222"
|
||||
assert list_calls["count"] == 1
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_search_user_ids_by_phone_supports_suffix_query(
|
||||
self,
|
||||
gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock],
|
||||
monkeypatch: pytest.MonkeyPatch,
|
||||
) -> None:
|
||||
sut, _, _ = gateway
|
||||
users = [
|
||||
SimpleNamespace(
|
||||
id="user-cn",
|
||||
phone="+8613811112222",
|
||||
created_at="2026-03-16T00:00:00Z",
|
||||
phone_confirmed_at=None,
|
||||
),
|
||||
SimpleNamespace(
|
||||
id="user-us",
|
||||
phone="+14155552671",
|
||||
created_at="2026-03-16T00:00:00Z",
|
||||
phone_confirmed_at=None,
|
||||
),
|
||||
]
|
||||
|
||||
monkeypatch.setattr("v1.auth.gateway._list_auth_users", lambda _client: users)
|
||||
|
||||
matched_cn = await sut.search_user_ids_by_phone("13811112222")
|
||||
matched_us = await sut.search_user_ids_by_phone("4155552671")
|
||||
|
||||
assert matched_cn == ["user-cn"]
|
||||
assert matched_us == ["user-us"]
|
||||
|
||||
@@ -5,72 +5,28 @@ from pydantic import ValidationError
|
||||
|
||||
from v1.auth.schemas import (
|
||||
AuthUser,
|
||||
SessionCreateRequest,
|
||||
OtpSendRequest,
|
||||
PhoneSessionCreateRequest,
|
||||
SessionDeleteRequest,
|
||||
SessionRefreshRequest,
|
||||
SessionResponse,
|
||||
VerificationCreateRequest,
|
||||
VerificationVerifyRequest,
|
||||
VerificationResendRequest,
|
||||
)
|
||||
|
||||
|
||||
def test_signup_requires_valid_email() -> None:
|
||||
def test_send_otp_requires_valid_phone() -> None:
|
||||
with pytest.raises(ValidationError):
|
||||
VerificationCreateRequest(
|
||||
username="demo", email="not-an-email", password="secret123"
|
||||
)
|
||||
OtpSendRequest(phone="13812345678")
|
||||
|
||||
|
||||
def test_signup_requires_username() -> None:
|
||||
def test_send_otp_accepts_e164_phone() -> None:
|
||||
request = OtpSendRequest(phone="+14155552671")
|
||||
|
||||
assert request.phone == "+14155552671"
|
||||
|
||||
|
||||
def test_phone_session_requires_six_digit_token() -> None:
|
||||
with pytest.raises(ValidationError):
|
||||
VerificationCreateRequest.model_validate(
|
||||
{"email": "user@example.com", "password": "secret123"}
|
||||
)
|
||||
|
||||
|
||||
def test_signup_allows_any_invite_code_input() -> None:
|
||||
request = VerificationCreateRequest(
|
||||
username="demo",
|
||||
email="user@example.com",
|
||||
password="secret123",
|
||||
invite_code="abc123",
|
||||
)
|
||||
|
||||
assert request.invite_code == "abc123"
|
||||
|
||||
|
||||
def test_signup_verify_requires_six_digit_token() -> None:
|
||||
with pytest.raises(ValidationError):
|
||||
VerificationVerifyRequest(email="user@example.com", token="abc123")
|
||||
|
||||
|
||||
def test_signup_verify_disallows_new_password() -> None:
|
||||
with pytest.raises(ValidationError):
|
||||
VerificationVerifyRequest(
|
||||
type="signup",
|
||||
email="user@example.com",
|
||||
token="123456",
|
||||
new_password="secret123",
|
||||
)
|
||||
|
||||
|
||||
def test_recovery_verify_requires_new_password() -> None:
|
||||
with pytest.raises(ValidationError):
|
||||
VerificationVerifyRequest(
|
||||
type="recovery",
|
||||
email="user@example.com",
|
||||
token="123456",
|
||||
)
|
||||
|
||||
|
||||
def test_signup_resend_requires_valid_email() -> None:
|
||||
with pytest.raises(ValidationError):
|
||||
VerificationResendRequest(email="invalid")
|
||||
|
||||
|
||||
def test_login_requires_valid_email() -> None:
|
||||
with pytest.raises(ValidationError):
|
||||
SessionCreateRequest(email="invalid", password="secret123")
|
||||
PhoneSessionCreateRequest(phone="+8613812345678", token="abc123")
|
||||
|
||||
|
||||
def test_refresh_requires_token() -> None:
|
||||
@@ -78,8 +34,13 @@ def test_refresh_requires_token() -> None:
|
||||
SessionRefreshRequest(refresh_token="")
|
||||
|
||||
|
||||
def test_logout_requires_token() -> None:
|
||||
with pytest.raises(ValidationError):
|
||||
SessionDeleteRequest(refresh_token="")
|
||||
|
||||
|
||||
def test_session_response_maps_user() -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
user = AuthUser(id="user-1", phone="+14155552671")
|
||||
response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
@@ -89,4 +50,4 @@ def test_session_response_maps_user() -> None:
|
||||
)
|
||||
|
||||
assert response.user.id == "user-1"
|
||||
assert response.user.email == "user@example.com"
|
||||
assert response.user.phone == "+14155552671"
|
||||
|
||||
@@ -2,19 +2,12 @@ from __future__ import annotations
|
||||
|
||||
import pytest
|
||||
|
||||
import v1.auth.gateway as auth_gateway_module
|
||||
from v1.auth.schemas import (
|
||||
AuthUser,
|
||||
PasswordResetConfirmRequest,
|
||||
PasswordResetRequest,
|
||||
SessionCreateRequest,
|
||||
OtpSendRequest,
|
||||
PhoneSessionCreateRequest,
|
||||
SessionRefreshRequest,
|
||||
SessionResponse,
|
||||
UserByEmailResponse,
|
||||
VerificationCreateRequest,
|
||||
VerificationCreateResponse,
|
||||
VerificationResendRequest,
|
||||
VerificationVerifyRequest,
|
||||
)
|
||||
from v1.auth.service import AuthService, AuthServiceGateway
|
||||
|
||||
@@ -22,23 +15,16 @@ from v1.auth.service import AuthService, AuthServiceGateway
|
||||
class FakeGateway(AuthServiceGateway):
|
||||
def __init__(self, response: SessionResponse) -> None:
|
||||
self._response = response
|
||||
self.last_create_verification_request: VerificationCreateRequest | None = None
|
||||
self.last_send_otp_request: OtpSendRequest | None = None
|
||||
self.last_phone_session_request: PhoneSessionCreateRequest | None = None
|
||||
|
||||
async def create_verification(
|
||||
self, request: VerificationCreateRequest
|
||||
) -> VerificationCreateResponse:
|
||||
self.last_create_verification_request = request
|
||||
return VerificationCreateResponse(email=request.email)
|
||||
async def send_otp(self, request: OtpSendRequest) -> None:
|
||||
self.last_send_otp_request = request
|
||||
|
||||
async def verify_verification(
|
||||
self, request: VerificationVerifyRequest
|
||||
async def create_phone_session(
|
||||
self, request: PhoneSessionCreateRequest
|
||||
) -> SessionResponse:
|
||||
return self._response
|
||||
|
||||
async def resend_verification(self, request: VerificationResendRequest) -> None:
|
||||
return None
|
||||
|
||||
async def create_session(self, request: SessionCreateRequest) -> SessionResponse:
|
||||
self.last_phone_session_request = request
|
||||
return self._response
|
||||
|
||||
async def refresh_session(self, request: SessionRefreshRequest) -> SessionResponse:
|
||||
@@ -47,85 +33,10 @@ class FakeGateway(AuthServiceGateway):
|
||||
async def delete_session(self, refresh_token: str | None) -> None:
|
||||
return None
|
||||
|
||||
async def get_user_by_email(self, email: str) -> UserByEmailResponse:
|
||||
raise NotImplementedError
|
||||
|
||||
async def request_password_reset(self, request: PasswordResetRequest) -> None:
|
||||
raise NotImplementedError
|
||||
|
||||
async def confirm_password_reset(
|
||||
self, request: PasswordResetConfirmRequest
|
||||
) -> None:
|
||||
raise NotImplementedError
|
||||
|
||||
|
||||
class LogoutAssertingGateway(AuthServiceGateway):
|
||||
def __init__(self, expected_refresh_token: str) -> None:
|
||||
self._expected_refresh_token = expected_refresh_token
|
||||
|
||||
async def create_verification(
|
||||
self, request: VerificationCreateRequest
|
||||
) -> VerificationCreateResponse:
|
||||
raise NotImplementedError
|
||||
|
||||
async def verify_verification(
|
||||
self, request: VerificationVerifyRequest
|
||||
) -> SessionResponse:
|
||||
raise NotImplementedError
|
||||
|
||||
async def resend_verification(self, request: VerificationResendRequest) -> None:
|
||||
raise NotImplementedError
|
||||
|
||||
async def create_session(self, request: SessionCreateRequest) -> SessionResponse:
|
||||
raise NotImplementedError
|
||||
|
||||
async def refresh_session(self, request: SessionRefreshRequest) -> SessionResponse:
|
||||
raise NotImplementedError
|
||||
|
||||
async def delete_session(self, refresh_token: str | None) -> None:
|
||||
assert refresh_token == self._expected_refresh_token
|
||||
|
||||
async def get_user_by_email(self, email: str) -> UserByEmailResponse:
|
||||
raise NotImplementedError
|
||||
|
||||
async def request_password_reset(self, request: PasswordResetRequest) -> None:
|
||||
raise NotImplementedError
|
||||
|
||||
async def confirm_password_reset(
|
||||
self, request: PasswordResetConfirmRequest
|
||||
) -> None:
|
||||
raise NotImplementedError
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_logout_forwards_refresh_token() -> None:
|
||||
service = AuthService(gateway=LogoutAssertingGateway("refresh-token"))
|
||||
|
||||
await service.delete_session("refresh-token")
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_signup_resend_returns_none() -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
service = AuthService(gateway=FakeGateway(token_response))
|
||||
|
||||
result = await service.resend_verification(
|
||||
VerificationResendRequest(email="user@example.com")
|
||||
)
|
||||
|
||||
assert result is None
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_create_verification_ignores_invalid_invite_code() -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
async def test_send_otp_forwards_payload() -> None:
|
||||
user = AuthUser(id="user-1", phone="+8613812345678")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
@@ -136,22 +47,15 @@ async def test_create_verification_ignores_invalid_invite_code() -> None:
|
||||
gateway = FakeGateway(token_response)
|
||||
service = AuthService(gateway=gateway)
|
||||
|
||||
await service.create_verification(
|
||||
VerificationCreateRequest(
|
||||
username="demo",
|
||||
email="user@example.com",
|
||||
password="secret123",
|
||||
invite_code="bad-code",
|
||||
)
|
||||
)
|
||||
await service.send_otp(OtpSendRequest(phone="+8613812345678"))
|
||||
|
||||
assert gateway.last_create_verification_request is not None
|
||||
assert gateway.last_create_verification_request.invite_code is None
|
||||
assert gateway.last_send_otp_request is not None
|
||||
assert gateway.last_send_otp_request.phone == "+8613812345678"
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_create_verification_normalizes_valid_invite_code() -> None:
|
||||
user = AuthUser(id="user-1", email="user@example.com")
|
||||
async def test_create_phone_session_forwards_payload() -> None:
|
||||
user = AuthUser(id="user-1", phone="+8613812345678")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
@@ -162,59 +66,28 @@ async def test_create_verification_normalizes_valid_invite_code() -> None:
|
||||
gateway = FakeGateway(token_response)
|
||||
service = AuthService(gateway=gateway)
|
||||
|
||||
await service.create_verification(
|
||||
VerificationCreateRequest(
|
||||
username="demo",
|
||||
email="user@example.com",
|
||||
password="secret123",
|
||||
invite_code="a2b3",
|
||||
)
|
||||
response = await service.create_phone_session(
|
||||
PhoneSessionCreateRequest(phone="+8613812345678", token="123456")
|
||||
)
|
||||
|
||||
assert gateway.last_create_verification_request is not None
|
||||
assert gateway.last_create_verification_request.invite_code == "A2B3"
|
||||
assert gateway.last_phone_session_request is not None
|
||||
assert gateway.last_phone_session_request.token == "123456"
|
||||
assert response.user.phone == "+8613812345678"
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_supabase_signup_passes_username_in_metadata(
|
||||
monkeypatch: pytest.MonkeyPatch,
|
||||
) -> None:
|
||||
captured_payload: dict[str, object] = {}
|
||||
|
||||
class FakeSupabaseAuth:
|
||||
def sign_up(self, payload: dict[str, object]) -> object:
|
||||
captured_payload.update(payload)
|
||||
|
||||
class _User:
|
||||
id = "user-1"
|
||||
email = "user@example.com"
|
||||
|
||||
class _Session:
|
||||
access_token = "access"
|
||||
refresh_token = "refresh"
|
||||
expires_in = 3600
|
||||
token_type = "bearer"
|
||||
|
||||
class _Response:
|
||||
user = _User()
|
||||
session = None
|
||||
|
||||
return _Response()
|
||||
|
||||
class FakeClient:
|
||||
auth = FakeSupabaseAuth()
|
||||
|
||||
monkeypatch.setattr(
|
||||
auth_gateway_module.supabase_service, "get_client", lambda: FakeClient()
|
||||
async def test_refresh_session_forwards_payload() -> None:
|
||||
user = AuthUser(id="user-1", phone="+8613812345678")
|
||||
token_response = SessionResponse(
|
||||
access_token="access",
|
||||
refresh_token="refresh",
|
||||
expires_in=3600,
|
||||
token_type="bearer",
|
||||
user=user,
|
||||
)
|
||||
gateway = FakeGateway(token_response)
|
||||
service = AuthService(gateway=gateway)
|
||||
|
||||
gateway = auth_gateway_module.SupabaseAuthGateway()
|
||||
await gateway.create_verification(
|
||||
VerificationCreateRequest(
|
||||
username="demo",
|
||||
email="user@example.com",
|
||||
password="secret123",
|
||||
)
|
||||
)
|
||||
response = await service.refresh_session(SessionRefreshRequest(refresh_token="rt"))
|
||||
|
||||
assert captured_payload["data"] == {"username": "demo"}
|
||||
assert response.access_token == "access"
|
||||
|
||||
@@ -1,11 +1,13 @@
|
||||
from __future__ import annotations
|
||||
|
||||
import pytest
|
||||
from datetime import datetime
|
||||
from uuid import uuid4
|
||||
|
||||
import pytest
|
||||
from pydantic import ValidationError
|
||||
from schemas.user.context import UserContext
|
||||
|
||||
from v1.friendships.schemas import (
|
||||
UserBasicInfo,
|
||||
FriendRequestCreate,
|
||||
FriendRequestResponse,
|
||||
FriendResponse,
|
||||
@@ -13,16 +15,16 @@ from v1.friendships.schemas import (
|
||||
)
|
||||
|
||||
|
||||
def test_user_basic_info_maps_fields() -> None:
|
||||
user = UserBasicInfo(id="user-1", username="alice", avatar_url=None)
|
||||
def test_user_context_maps_fields() -> None:
|
||||
user = UserContext(id="user-1", username="alice", avatar_url=None)
|
||||
|
||||
assert user.id == "user-1"
|
||||
assert user.username == "alice"
|
||||
assert user.avatar_url is None
|
||||
|
||||
|
||||
def test_user_basic_info_with_avatar() -> None:
|
||||
user = UserBasicInfo(
|
||||
def test_user_context_with_avatar() -> None:
|
||||
user = UserContext(
|
||||
id="user-2", username="bob", avatar_url="https://example.com/avatar.png"
|
||||
)
|
||||
|
||||
@@ -49,13 +51,13 @@ def test_friend_request_create_without_content() -> None:
|
||||
|
||||
def test_friend_request_create_content_max_length() -> None:
|
||||
target_id = uuid4()
|
||||
with pytest.raises(Exception):
|
||||
with pytest.raises(ValidationError):
|
||||
FriendRequestCreate(target_user_id=target_id, content="x" * 201)
|
||||
|
||||
|
||||
def test_friend_request_response_maps_fields() -> None:
|
||||
sender = UserBasicInfo(id="user-1", username="alice", avatar_url=None)
|
||||
recipient = UserBasicInfo(id="user-2", username="bob", avatar_url=None)
|
||||
sender = UserContext(id="user-1", username="alice", avatar_url=None)
|
||||
recipient = UserContext(id="user-2", username="bob", avatar_url=None)
|
||||
request_id = uuid4()
|
||||
created = datetime(2026, 1, 15, 10, 30, 0)
|
||||
|
||||
@@ -63,7 +65,7 @@ def test_friend_request_response_maps_fields() -> None:
|
||||
id=request_id,
|
||||
sender=sender,
|
||||
recipient=recipient,
|
||||
content="Hello!",
|
||||
content={"text": "Hello!"},
|
||||
status="pending",
|
||||
created_at=created,
|
||||
)
|
||||
@@ -76,7 +78,7 @@ def test_friend_request_response_maps_fields() -> None:
|
||||
|
||||
|
||||
def test_friend_response_maps_fields() -> None:
|
||||
friend_user = UserBasicInfo(id="user-2", username="bob", avatar_url=None)
|
||||
friend_user = UserContext(id="user-2", username="bob", avatar_url=None)
|
||||
request_id = uuid4()
|
||||
created = datetime(2026, 1, 15, 10, 30, 0)
|
||||
accepted = datetime(2026, 1, 16, 12, 0, 0)
|
||||
@@ -96,7 +98,7 @@ def test_friend_response_maps_fields() -> None:
|
||||
|
||||
|
||||
def test_friend_response_accepted_at_optional() -> None:
|
||||
friend_user = UserBasicInfo(id="user-2", username="bob", avatar_url=None)
|
||||
friend_user = UserContext(id="user-2", username="bob", avatar_url=None)
|
||||
request_id = uuid4()
|
||||
created = datetime(2026, 1, 15, 10, 30, 0)
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@ from sqlalchemy.exc import SQLAlchemyError
|
||||
from core.auth.models import CurrentUser
|
||||
from models.inbox_messages import InboxMessage, InboxMessageType
|
||||
from models.schedule_items import ScheduleItem
|
||||
from v1.auth.schemas import UserByEmailResponse
|
||||
from v1.auth.schemas import UserByPhoneResponse
|
||||
from v1.schedule_items.repository import ScheduleItemRepository
|
||||
from v1.schedule_items.schemas import ScheduleItemShareRequest
|
||||
from v1.schedule_items.service import ScheduleItemService
|
||||
@@ -20,18 +20,18 @@ from v1.schedule_items.service import ScheduleItemService
|
||||
|
||||
def test_share_request_schema() -> None:
|
||||
request = ScheduleItemShareRequest(
|
||||
email="friend@example.com",
|
||||
phone="+8613810000000",
|
||||
permission_view=True,
|
||||
permission_edit=True,
|
||||
permission_invite=False,
|
||||
)
|
||||
assert request.email == "friend@example.com"
|
||||
assert request.phone == "+8613810000000"
|
||||
assert request.permission_view is True
|
||||
|
||||
|
||||
def test_permission_bits_calculation() -> None:
|
||||
request = ScheduleItemShareRequest(
|
||||
email="friend@example.com",
|
||||
phone="+8613810000000",
|
||||
permission_view=True,
|
||||
permission_edit=True,
|
||||
permission_invite=False,
|
||||
@@ -71,12 +71,12 @@ class ShareRepo:
|
||||
|
||||
|
||||
class AuthGatewayStub:
|
||||
async def get_user_by_email(self, email: str) -> UserByEmailResponse:
|
||||
return UserByEmailResponse(
|
||||
async def get_user_by_phone(self, phone: str) -> UserByPhoneResponse:
|
||||
return UserByPhoneResponse(
|
||||
id="00000000-0000-0000-0000-000000000222",
|
||||
email=email,
|
||||
phone=phone,
|
||||
created_at="2026-02-28T10:00:00Z",
|
||||
email_confirmed_at=None,
|
||||
phone_confirmed_at=None,
|
||||
)
|
||||
|
||||
|
||||
@@ -119,12 +119,12 @@ class InboxRepoStub:
|
||||
|
||||
|
||||
class AuthGatewayInvalidIdStub:
|
||||
async def get_user_by_email(self, email: str) -> UserByEmailResponse:
|
||||
return UserByEmailResponse(
|
||||
async def get_user_by_phone(self, phone: str) -> UserByPhoneResponse:
|
||||
return UserByPhoneResponse(
|
||||
id="not-a-uuid",
|
||||
email=email,
|
||||
phone=phone,
|
||||
created_at="2026-02-28T10:00:00Z",
|
||||
email_confirmed_at=None,
|
||||
phone_confirmed_at=None,
|
||||
)
|
||||
|
||||
|
||||
@@ -148,7 +148,7 @@ async def test_share_forbidden_when_not_owner() -> None:
|
||||
await service.share(
|
||||
item_id,
|
||||
ScheduleItemShareRequest(
|
||||
email="friend@example.com",
|
||||
phone="+8613810000000",
|
||||
permission_view=True,
|
||||
permission_edit=False,
|
||||
permission_invite=False,
|
||||
@@ -178,7 +178,7 @@ async def test_share_success_creates_calendar_invitation_message() -> None:
|
||||
result = await service.share(
|
||||
item_id,
|
||||
ScheduleItemShareRequest(
|
||||
email="friend@example.com",
|
||||
phone="+8613810000000",
|
||||
permission_view=True,
|
||||
permission_edit=True,
|
||||
permission_invite=False,
|
||||
@@ -211,7 +211,7 @@ async def test_share_returns_not_found_when_item_missing() -> None:
|
||||
await service.share(
|
||||
uuid4(),
|
||||
ScheduleItemShareRequest(
|
||||
email="friend@example.com",
|
||||
phone="+8613810000000",
|
||||
permission_view=True,
|
||||
permission_edit=False,
|
||||
permission_invite=False,
|
||||
@@ -241,7 +241,7 @@ async def test_share_invalid_auth_user_id_returns_503() -> None:
|
||||
await service.share(
|
||||
item_id,
|
||||
ScheduleItemShareRequest(
|
||||
email="friend@example.com",
|
||||
phone="+8613810000000",
|
||||
permission_view=True,
|
||||
permission_edit=False,
|
||||
permission_invite=False,
|
||||
@@ -274,7 +274,7 @@ async def test_share_sqlalchemy_error_rolls_back() -> None:
|
||||
await service.share(
|
||||
item_id,
|
||||
ScheduleItemShareRequest(
|
||||
email="friend@example.com",
|
||||
phone="+8613810000000",
|
||||
permission_view=True,
|
||||
permission_edit=False,
|
||||
permission_invite=False,
|
||||
|
||||
@@ -22,7 +22,7 @@ async def test_get_current_user_falls_back_to_supabase_validation(monkeypatch) -
|
||||
del token
|
||||
return deps.CurrentUser(
|
||||
id=UUID("e8845a17-282b-4a63-8025-194a06235958"),
|
||||
email="dagronl@126.com",
|
||||
phone="dagronl@126.com",
|
||||
role="authenticated",
|
||||
)
|
||||
|
||||
@@ -31,7 +31,7 @@ async def test_get_current_user_falls_back_to_supabase_validation(monkeypatch) -
|
||||
user = await deps.get_current_user(authorization="Bearer valid-token")
|
||||
|
||||
assert str(user.id) == "e8845a17-282b-4a63-8025-194a06235958"
|
||||
assert user.email == "dagronl@126.com"
|
||||
assert user.phone == "dagronl@126.com"
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
|
||||
@@ -6,7 +6,7 @@ from uuid import uuid4
|
||||
import pytest
|
||||
|
||||
from core.auth.models import CurrentUser
|
||||
from v1.users.schemas import UserUpdateRequest
|
||||
from v1.users.schemas import UserSearchRequest, UserUpdateRequest
|
||||
from v1.users.service import UserService
|
||||
|
||||
|
||||
@@ -16,6 +16,7 @@ class _FakeProfile:
|
||||
username: str
|
||||
avatar_url: str | None
|
||||
bio: str | None
|
||||
settings: dict | None = None
|
||||
|
||||
|
||||
class _FakeRepository:
|
||||
@@ -51,6 +52,37 @@ class _FakeSession:
|
||||
self.rollback_called += 1
|
||||
|
||||
|
||||
class _FakeSearchRepository:
|
||||
def __init__(self, profiles: list[_FakeProfile]) -> None:
|
||||
self._profiles_by_id = {profile.id: profile for profile in profiles}
|
||||
|
||||
async def get_by_user_ids(
|
||||
self, user_ids: list[object]
|
||||
) -> dict[object, _FakeProfile]:
|
||||
return {
|
||||
user_id: self._profiles_by_id[user_id]
|
||||
for user_id in user_ids
|
||||
if user_id in self._profiles_by_id
|
||||
}
|
||||
|
||||
async def search_users(self, query: str, limit: int = 20) -> list[_FakeProfile]:
|
||||
_ = limit
|
||||
return [
|
||||
profile
|
||||
for profile in self._profiles_by_id.values()
|
||||
if query.lower() in profile.username.lower()
|
||||
]
|
||||
|
||||
|
||||
class _FakeAuthLookup:
|
||||
def __init__(self, mapping: dict[str, list[str]]) -> None:
|
||||
self.mapping = mapping
|
||||
|
||||
async def search_user_ids_by_phone(self, query: str, limit: int = 20) -> list[str]:
|
||||
_ = limit
|
||||
return self.mapping.get(query, [])
|
||||
|
||||
|
||||
class _FakeUserContextCache:
|
||||
def __init__(self, *, should_fail: bool = False) -> None:
|
||||
self.should_fail = should_fail
|
||||
@@ -72,7 +104,7 @@ async def test_update_me_invalidates_user_context_cache() -> None:
|
||||
session = _FakeSession()
|
||||
cache = _FakeUserContextCache()
|
||||
service = UserService(
|
||||
repository=repo,
|
||||
repository=repo, # type: ignore[arg-type]
|
||||
session=session, # type: ignore[arg-type]
|
||||
current_user=CurrentUser(id=user_id),
|
||||
user_context_cache=cache, # type: ignore[arg-type]
|
||||
@@ -94,7 +126,7 @@ async def test_update_me_succeeds_when_cache_invalidation_fails() -> None:
|
||||
session = _FakeSession()
|
||||
cache = _FakeUserContextCache(should_fail=True)
|
||||
service = UserService(
|
||||
repository=repo,
|
||||
repository=repo, # type: ignore[arg-type]
|
||||
session=session, # type: ignore[arg-type]
|
||||
current_user=CurrentUser(id=user_id),
|
||||
user_context_cache=cache, # type: ignore[arg-type]
|
||||
@@ -105,3 +137,59 @@ async def test_update_me_succeeds_when_cache_invalidation_fails() -> None:
|
||||
assert result.username == "new-name"
|
||||
assert session.commit_called == 1
|
||||
assert cache.invalidated_user_ids == [user_id]
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_search_users_supports_phone_without_country_code() -> None:
|
||||
user_id = uuid4()
|
||||
repo = _FakeSearchRepository(
|
||||
[
|
||||
_FakeProfile(
|
||||
id=user_id,
|
||||
username="alice",
|
||||
avatar_url=None,
|
||||
bio=None,
|
||||
)
|
||||
]
|
||||
)
|
||||
session = _FakeSession()
|
||||
auth_lookup = _FakeAuthLookup({"13812345678": [str(user_id)]})
|
||||
service = UserService(
|
||||
repository=repo, # type: ignore[arg-type]
|
||||
session=session, # type: ignore[arg-type]
|
||||
current_user=CurrentUser(id=user_id),
|
||||
auth_gateway=auth_lookup, # type: ignore[arg-type]
|
||||
)
|
||||
|
||||
results = await service.search_users(UserSearchRequest(query="13812345678"))
|
||||
|
||||
assert len(results) == 1
|
||||
assert results[0].id == str(user_id)
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_search_users_preserves_numeric_username_lookup() -> None:
|
||||
user_id = uuid4()
|
||||
repo = _FakeSearchRepository(
|
||||
[
|
||||
_FakeProfile(
|
||||
id=user_id,
|
||||
username="20260319",
|
||||
avatar_url=None,
|
||||
bio=None,
|
||||
)
|
||||
]
|
||||
)
|
||||
session = _FakeSession()
|
||||
auth_lookup = _FakeAuthLookup({})
|
||||
service = UserService(
|
||||
repository=repo, # type: ignore[arg-type]
|
||||
session=session, # type: ignore[arg-type]
|
||||
current_user=CurrentUser(id=user_id),
|
||||
auth_gateway=auth_lookup, # type: ignore[arg-type]
|
||||
)
|
||||
|
||||
results = await service.search_users(UserSearchRequest(query="20260319"))
|
||||
|
||||
assert len(results) == 1
|
||||
assert results[0].username == "20260319"
|
||||
|
||||
Reference in New Issue
Block a user