qzl/social-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(backend): update API routes and service layer

Browse Source 
- Update agent router/service/repository with new endpoints
- Update auth routes with phone-based authentication
- Update users service with new phone lookup
- Update schedule_items with new schemas
- Update message schemas with visibility support
- Update settings with new automation scheduler config
- Update CLI with new commands
- Update tests to match new API contracts
This commit is contained in:
qzl
2026-03-19 18:42:59 +08:00
parent 641d847008
commit f0af44d840
36 changed files with 1083 additions and 1853 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/tests/unit/v1/agent/test_owner_guard.py
+1 -1
View File
@@ -10,7 +10,7 @@ from v1.agent.service import ensure_session_owner
def test_owner_guard_denies_non_owner() -> None:
user = CurrentUser(id=uuid4(), email="self@example.com")
user = CurrentUser(id=uuid4(), phone="self@example.com")
with pytest.raises(HTTPException):
ensure_session_owner(owner_id="other-user", current_user=user)
backend/tests/unit/v1/agent/test_repository.py
+14
View File
@@ -7,6 +7,8 @@ from uuid import uuid4
import pytest
from models.agent_chat_message import AgentChatMessageRole
from sqlalchemy import select
from models.agent_chat_message import AgentChatMessage
from v1.agent.repository import AgentRepository
@@ -79,6 +81,7 @@ async def test_persist_user_message_sets_session_title_when_empty() -> None:
session_id=session_id,
content=" 请帮我安排明天下午开会 ",
metadata=None,
visibility_mask=1,
)
assert session_row.title == "请帮我安排明天下午开会"
@@ -101,6 +104,7 @@ async def test_persist_user_message_keeps_existing_session_title() -> None:
session_id=session_id,
content="新的消息内容",
metadata=None,
visibility_mask=1,
)
assert session_row.title == "已有标题"
@@ -164,3 +168,13 @@ async def test_get_history_day_uses_target_day_queries_only() -> None:
messages = payload["messages"]
assert isinstance(messages, list)
assert len(messages) == 1
def test_apply_visibility_filter_adds_bitwise_expression() -> None:
repository = AgentRepository(session=SimpleNamespace()) # type: ignore[arg-type]
stmt = select(AgentChatMessage)
filtered = repository._apply_visibility_filter(stmt=stmt, visibility_mask=1)
assert "visibility_mask" in str(filtered)
assert "&" in str(filtered)
backend/tests/unit/v1/agent/test_service.py
+106 -7
View File
@@ -20,6 +20,7 @@ class _FakeRepository:
def __init__(self) -> None:
self.committed = False
self.persisted_user_messages: list[dict[str, object]] = []
self.created_session_calls = 0
async def get_session_owner(self, *, session_id: str) -> str:
if session_id == "00000000-0000-0000-0000-000000000001":
@@ -30,6 +31,7 @@ class _FakeRepository:
self, *, user_id: str, session_id: str | None = None
) -> str:
del user_id
self.created_session_calls += 1
return session_id or "00000000-0000-0000-0000-000000000999"
async def commit(self) -> None:
@@ -39,9 +41,13 @@ class _FakeRepository:
return None
async def get_history_day(
self, *, session_id: str, before: date | None
self,
*,
session_id: str,
before: date | None,
visibility_mask: int | None = None,
) -> dict[str, object] | None:
del session_id, before
del session_id, before, visibility_mask
return None
async def get_latest_session_id_for_user(self, *, user_id: str) -> str | None:
@@ -54,15 +60,42 @@ class _FakeRepository:
session_id: str,
content: str,
metadata: AgentChatMessageMetadata | None,
visibility_mask: int,
) -> None:
self.persisted_user_messages.append(
{
"session_id": session_id,
"content": content,
"metadata": metadata,
"visibility_mask": visibility_mask,
}
)
async def get_system_agent_config(
self, *, agent_type: str
) -> dict[str, object] | None:
normalized = agent_type.strip().lower()
mapping = {
"router": 16,
"worker": 17,
"memory": 18,
}
bit = mapping.get(normalized)
if bit is None:
return None
return {
"agent_type": normalized,
"status": "active",
"config": {
"temperature": 0.7,
"max_tokens": None,
"timeout_seconds": 30,
"visibility_consumer_bit": bit,
"context_messages": {"mode": "number", "count": 20},
"enabled_tools": [],
},
}
class _FakeQueue:
def __init__(self) -> None:
@@ -122,11 +155,11 @@ class _FakeAttachmentStorage:
def _user() -> CurrentUser:
return CurrentUser(
id=UUID("00000000-0000-0000-0000-000000000001"),
email="user@example.com",
phone="+8613812345678",
)
def _build_run_input(*, urls: list[str]) -> RunAgentInput:
def _build_run_input(*, urls: list[str], agent_type: str = "worker") -> RunAgentInput:
content: list[dict[str, str]] = [{"type": "text", "text": "hello"}]
for url in urls:
content.append({"type": "binary", "mimeType": "image/png", "url": url})
@@ -144,7 +177,7 @@ def _build_run_input(*, urls: list[str]) -> RunAgentInput:
],
"tools": [],
"context": [],
"forwardedProps": {},
"forwardedProps": {"agent_type": agent_type},
}
)
@@ -222,6 +255,68 @@ async def test_enqueue_run_persists_attachment_and_queue_without_user_token(
assert run_input["runId"] == "run-1"
@pytest.mark.asyncio
async def test_enqueue_run_rejects_unknown_agent_type(monkeypatch) -> None:
monkeypatch.setattr(
agent_service_module.config.storage, "bucket", "agent-test-bucket"
)
service = AgentService(
repository=_FakeRepository(),
queue=_FakeQueue(),
stream=_FakeStream(),
attachment_storage=_FakeAttachmentStorage(),
)
base_url = str(config.supabase.url).rstrip("/")
safe_path = quote(
"agent-inputs/00000000-0000-0000-0000-000000000001/"
"00000000-0000-0000-0000-000000000001/uploads/a.png"
)
run_input = _build_run_input(
urls=[
f"{base_url}/storage/v1/object/sign/agent-test-bucket/{safe_path}?token=1"
],
agent_type="planner",
)
with pytest.raises(HTTPException) as exc_info:
await service.enqueue_run(run_input=run_input, current_user=_user())
assert exc_info.value.status_code == 422
@pytest.mark.asyncio
async def test_enqueue_run_rejects_memory_mode_for_api(monkeypatch) -> None:
monkeypatch.setattr(
agent_service_module.config.storage, "bucket", "agent-test-bucket"
)
repository = _FakeRepository()
service = AgentService(
repository=repository,
queue=_FakeQueue(),
stream=_FakeStream(),
attachment_storage=_FakeAttachmentStorage(),
)
base_url = str(config.supabase.url).rstrip("/")
safe_path = quote(
"agent-inputs/00000000-0000-0000-0000-000000000001/"
"00000000-0000-0000-0000-000000000001/uploads/a.png"
)
run_input = _build_run_input(
urls=[
f"{base_url}/storage/v1/object/sign/agent-test-bucket/{safe_path}?token=1"
],
agent_type="memory",
)
with pytest.raises(HTTPException) as exc_info:
await service.enqueue_run(run_input=run_input, current_user=_user())
assert exc_info.value.status_code == 422
assert exc_info.value.detail == "memory mode is automation-only"
assert repository.created_session_calls == 0
assert repository.persisted_user_messages == []
@pytest.mark.asyncio
async def test_create_attachment_signed_url_returns_url(monkeypatch) -> None:
monkeypatch.setattr(
@@ -317,9 +412,13 @@ async def test_enqueue_run_rejects_too_many_attachments(monkeypatch) -> None:
async def test_get_history_snapshot_filters_out_tool_messages() -> None:
class _HistoryRepository(_FakeRepository):
async def get_history_day(
self, *, session_id: str, before: date | None
self,
*,
session_id: str,
before: date | None,
visibility_mask: int | None = None,
) -> dict[str, object] | None:
del session_id, before
del session_id, before, visibility_mask
return {
"day": "2026-03-17",
"hasMore": False,
backend/tests/unit/v1/auth/test_auth_gateway.py
+90 -295
View File
@@ -8,13 +8,9 @@ from fastapi import HTTPException
from v1.auth.gateway import SupabaseAuthGateway
from v1.auth.schemas import (
PasswordResetConfirmRequest,
PasswordResetRequest,
SessionCreateRequest,
OtpSendRequest,
PhoneSessionCreateRequest,
SessionRefreshRequest,
VerificationCreateRequest,
VerificationVerifyRequest,
VerificationResendRequest,
)
@@ -35,314 +31,83 @@ class TestSupabaseAuthGateway:
return SupabaseAuthGateway(), mock_client, mock_admin_client
@pytest.mark.asyncio
async def test_request_password_reset_calls_email_with_string(
async def test_send_otp_sets_should_create_user(
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
) -> None:
sut, mock_client, _ = gateway
mock_reset_email = MagicMock()
mock_client.auth.reset_password_email = mock_reset_email
mock_sign_in_with_otp = MagicMock()
mock_client.auth.sign_in_with_otp = mock_sign_in_with_otp
request = PasswordResetRequest(email="test@example.com")
await sut.request_password_reset(request)
await sut.send_otp(OtpSendRequest(phone="+8613812345678"))
mock_reset_email.assert_called_once_with("test@example.com")
@pytest.mark.asyncio
async def test_create_verification_maps_timeout_error_to_503(
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
) -> None:
sut, mock_client, _ = gateway
from supabase import AuthError
mock_client.auth.sign_up = MagicMock(
side_effect=AuthError("request_timeout", None)
)
with pytest.raises(HTTPException) as exc_info:
await sut.create_verification(
VerificationCreateRequest(
username="tester",
email="test@example.com",
password="secret123",
)
)
assert exc_info.value.status_code == 503
assert exc_info.value.detail == "Auth service temporarily unavailable"
@pytest.mark.asyncio
async def test_request_password_reset_with_redirect(
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
) -> None:
sut, mock_client, _ = gateway
mock_reset_email = MagicMock()
mock_client.auth.reset_password_email = mock_reset_email
request = PasswordResetRequest(
email="test@example.com",
redirect_to="http://localhost:3000/reset-password",
)
await sut.request_password_reset(request)
mock_reset_email.assert_called_once_with(
"test@example.com",
options={"redirect_to": "http://localhost:3000/reset-password"},
)
@pytest.mark.asyncio
async def test_create_verification_rejects_untrusted_redirect_url(
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
) -> None:
sut, _, _ = gateway
with pytest.raises(HTTPException) as exc_info:
await sut.create_verification(
VerificationCreateRequest(
username="tester",
email="test@example.com",
password="secret123",
redirect_to="https://evil.example.com/callback",
)
)
assert exc_info.value.status_code == 422
assert exc_info.value.detail == "Invalid redirect URL"
@pytest.mark.asyncio
async def test_request_password_reset_rejects_untrusted_redirect_url(
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
) -> None:
sut, _, _ = gateway
with pytest.raises(HTTPException) as exc_info:
await sut.request_password_reset(
PasswordResetRequest(
email="test@example.com",
redirect_to="https://evil.example.com/reset",
)
)
assert exc_info.value.status_code == 422
assert exc_info.value.detail == "Invalid redirect URL"
@pytest.mark.asyncio
async def test_request_password_reset_swallows_auth_error(
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
) -> None:
sut, mock_client, _ = gateway
from supabase import AuthError
mock_reset_email = MagicMock(side_effect=AuthError("rate limit exceeded", None))
mock_client.auth.reset_password_email = mock_reset_email
request = PasswordResetRequest(email="test@example.com")
result = await sut.request_password_reset(request)
mock_reset_email.assert_called_once()
assert result is None
@pytest.mark.asyncio
async def test_request_password_reset_extracts_email_from_mapping(
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
) -> None:
sut, mock_client, _ = gateway
mock_reset_email = MagicMock()
mock_client.auth.reset_password_email = mock_reset_email
request = PasswordResetRequest.model_construct(
email={"email": "test@example.com"},
redirect_to=None,
)
await sut.request_password_reset(request)
mock_reset_email.assert_called_once_with("test@example.com")
@pytest.mark.asyncio
async def test_request_password_reset_rejects_invalid_email_shape(
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
) -> None:
sut, _, _ = gateway
request = PasswordResetRequest.model_construct(
email={"unexpected": "value"},
redirect_to=None,
)
with pytest.raises(HTTPException) as exc_info:
await sut.request_password_reset(request)
assert exc_info.value.status_code == 422
assert exc_info.value.detail == "Invalid email"
@pytest.mark.asyncio
async def test_confirm_password_reset_updates_password_by_user_id(
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
) -> None:
sut, mock_client, mock_admin_client = gateway
verify_response = SimpleNamespace(
session=SimpleNamespace(access_token="access"),
user=SimpleNamespace(id="user-1"),
)
mock_verify_otp = MagicMock(return_value=verify_response)
mock_client.auth.verify_otp = mock_verify_otp
mock_update_user_by_id = MagicMock()
mock_admin_client.auth.admin = SimpleNamespace(
update_user_by_id=mock_update_user_by_id
)
request = PasswordResetConfirmRequest(
email="test@example.com",
token="123456",
new_password="newpassword123",
)
await sut.confirm_password_reset(request)
mock_verify_otp.assert_called_once_with(
mock_sign_in_with_otp.assert_called_once_with(
{
"type": "recovery",
"email": "test@example.com",
"token": "123456",
"phone": "+8613812345678",
"options": {"should_create_user": True},
}
)
mock_update_user_by_id.assert_called_once_with(
"user-1",
{"password": "newpassword123"},
)
@pytest.mark.asyncio
async def test_confirm_password_reset_raises_when_user_id_missing(
async def test_create_phone_session_uses_verify_otp(
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
) -> None:
sut, mock_client, _ = gateway
verify_response = SimpleNamespace(
session=SimpleNamespace(access_token="access"),
user=SimpleNamespace(id=""),
session=SimpleNamespace(
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
),
user=SimpleNamespace(id="user-1", phone="+8613812345678"),
)
mock_client.auth.verify_otp = MagicMock(return_value=verify_response)
request = PasswordResetConfirmRequest(
email="test@example.com",
token="123456",
new_password="newpassword123",
response = await sut.create_phone_session(
PhoneSessionCreateRequest(phone="+8613812345678", token="123456")
)
assert response.user.id == "user-1"
assert response.access_token == "access"
@pytest.mark.asyncio
async def test_create_phone_session_normalizes_phone_without_plus_prefix(
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
) -> None:
sut, mock_client, _ = gateway
verify_response = SimpleNamespace(
session=SimpleNamespace(
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
),
user=SimpleNamespace(id="user-1", phone="14155552671"),
)
mock_client.auth.verify_otp = MagicMock(return_value=verify_response)
response = await sut.create_phone_session(
PhoneSessionCreateRequest(phone="+14155552671", token="123456")
)
assert response.user.phone == "+14155552671"
@pytest.mark.asyncio
async def test_refresh_session_maps_invalid_token(
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
) -> None:
sut, mock_client, _ = gateway
mock_client.auth.refresh_session = MagicMock(
return_value=SimpleNamespace(session=None, user=None)
)
with pytest.raises(HTTPException) as exc_info:
await sut.confirm_password_reset(request)
await sut.refresh_session(SessionRefreshRequest(refresh_token="bad"))
assert exc_info.value.status_code == 401
assert exc_info.value.detail == "Invalid or expired verification code"
@pytest.mark.asyncio
async def test_recovery_resend_calls_reset_password_email(
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
) -> None:
sut, mock_client, _ = gateway
mock_reset_email = MagicMock()
mock_client.auth.reset_password_email = mock_reset_email
await sut.resend_verification(
VerificationResendRequest(
type="recovery",
email="test@example.com",
redirect_to="http://localhost:3000/reset-password",
)
)
mock_reset_email.assert_called_once_with(
"test@example.com",
options={"redirect_to": "http://localhost:3000/reset-password"},
)
@pytest.mark.asyncio
async def test_verify_verification_maps_internal_error_to_503(
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
) -> None:
sut, mock_client, _ = gateway
from supabase import AuthError
mock_client.auth.verify_otp = MagicMock(
side_effect=AuthError("internal_server_error", None)
)
with pytest.raises(HTTPException) as exc_info:
await sut.verify_verification(
VerificationVerifyRequest(
type="signup",
email="test@example.com",
token="123456",
)
)
assert exc_info.value.status_code == 503
assert exc_info.value.detail == "Auth service temporarily unavailable"
@pytest.mark.asyncio
async def test_create_session_maps_internal_error_to_503(
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
) -> None:
sut, mock_client, _ = gateway
from supabase import AuthError
mock_client.auth.sign_in_with_password = MagicMock(
side_effect=AuthError("internal_server_error", None)
)
with pytest.raises(HTTPException) as exc_info:
await sut.create_session(
SessionCreateRequest(
email="test@example.com",
password="secret123",
)
)
assert exc_info.value.status_code == 503
assert exc_info.value.detail == "Auth service temporarily unavailable"
@pytest.mark.asyncio
async def test_refresh_session_maps_bad_gateway_to_503(
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
) -> None:
sut, mock_client, _ = gateway
from supabase import AuthError
mock_client.auth.refresh_session = MagicMock(
side_effect=AuthError("bad_gateway", None)
)
with pytest.raises(HTTPException) as exc_info:
await sut.refresh_session(SessionRefreshRequest(refresh_token="rt"))
assert exc_info.value.status_code == 503
assert exc_info.value.detail == "Auth service temporarily unavailable"
@pytest.mark.asyncio
async def test_confirm_password_reset_maps_service_unavailable_to_503(
self, gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock]
) -> None:
sut, mock_client, _ = gateway
from supabase import AuthError
mock_client.auth.verify_otp = MagicMock(
side_effect=AuthError("service_unavailable", None)
)
with pytest.raises(HTTPException) as exc_info:
await sut.confirm_password_reset(
PasswordResetConfirmRequest(
email="test@example.com",
token="123456",
new_password="newpassword123",
)
)
assert exc_info.value.status_code == 503
assert exc_info.value.detail == "Auth service temporarily unavailable"
@pytest.mark.asyncio
async def test_get_user_by_email_uses_in_memory_cache(
async def test_get_user_by_phone_uses_in_memory_cache(
self,
gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock],
monkeypatch: pytest.MonkeyPatch,
@@ -350,9 +115,9 @@ class TestSupabaseAuthGateway:
sut, _, _ = gateway
user = SimpleNamespace(
id="user-1",
email="cached@example.com",
phone="+8613811112222",
created_at="2026-03-16T00:00:00Z",
email_confirmed_at=None,
phone_confirmed_at=None,
)
list_calls = {"count": 0}
@@ -362,9 +127,39 @@ class TestSupabaseAuthGateway:
monkeypatch.setattr("v1.auth.gateway._list_auth_users", _fake_list_auth_users)
first = await sut.get_user_by_email("cached@example.com")
second = await sut.get_user_by_email("CACHED@example.com")
first = await sut.get_user_by_phone("+8613811112222")
second = await sut.get_user_by_phone("+8613811112222")
assert first.id == "user-1"
assert second.email == "cached@example.com"
assert second.phone == "+8613811112222"
assert list_calls["count"] == 1
@pytest.mark.asyncio
async def test_search_user_ids_by_phone_supports_suffix_query(
self,
gateway: tuple[SupabaseAuthGateway, MagicMock, MagicMock],
monkeypatch: pytest.MonkeyPatch,
) -> None:
sut, _, _ = gateway
users = [
SimpleNamespace(
id="user-cn",
phone="+8613811112222",
created_at="2026-03-16T00:00:00Z",
phone_confirmed_at=None,
),
SimpleNamespace(
id="user-us",
phone="+14155552671",
created_at="2026-03-16T00:00:00Z",
phone_confirmed_at=None,
),
]
monkeypatch.setattr("v1.auth.gateway._list_auth_users", lambda _client: users)
matched_cn = await sut.search_user_ids_by_phone("13811112222")
matched_us = await sut.search_user_ids_by_phone("4155552671")
assert matched_cn == ["user-cn"]
assert matched_us == ["user-us"]
backend/tests/unit/v1/auth/test_auth_models.py
+20 -59
View File
@@ -5,72 +5,28 @@ from pydantic import ValidationError
from v1.auth.schemas import (
AuthUser,
SessionCreateRequest,
OtpSendRequest,
PhoneSessionCreateRequest,
SessionDeleteRequest,
SessionRefreshRequest,
SessionResponse,
VerificationCreateRequest,
VerificationVerifyRequest,
VerificationResendRequest,
)
def test_signup_requires_valid_email() -> None:
def test_send_otp_requires_valid_phone() -> None:
with pytest.raises(ValidationError):
VerificationCreateRequest(
username="demo", email="not-an-email", password="secret123"
)
OtpSendRequest(phone="13812345678")
def test_signup_requires_username() -> None:
def test_send_otp_accepts_e164_phone() -> None:
request = OtpSendRequest(phone="+14155552671")
assert request.phone == "+14155552671"
def test_phone_session_requires_six_digit_token() -> None:
with pytest.raises(ValidationError):
VerificationCreateRequest.model_validate(
{"email": "user@example.com", "password": "secret123"}
)
def test_signup_allows_any_invite_code_input() -> None:
request = VerificationCreateRequest(
username="demo",
email="user@example.com",
password="secret123",
invite_code="abc123",
)
assert request.invite_code == "abc123"
def test_signup_verify_requires_six_digit_token() -> None:
with pytest.raises(ValidationError):
VerificationVerifyRequest(email="user@example.com", token="abc123")
def test_signup_verify_disallows_new_password() -> None:
with pytest.raises(ValidationError):
VerificationVerifyRequest(
type="signup",
email="user@example.com",
token="123456",
new_password="secret123",
)
def test_recovery_verify_requires_new_password() -> None:
with pytest.raises(ValidationError):
VerificationVerifyRequest(
type="recovery",
email="user@example.com",
token="123456",
)
def test_signup_resend_requires_valid_email() -> None:
with pytest.raises(ValidationError):
VerificationResendRequest(email="invalid")
def test_login_requires_valid_email() -> None:
with pytest.raises(ValidationError):
SessionCreateRequest(email="invalid", password="secret123")
PhoneSessionCreateRequest(phone="+8613812345678", token="abc123")
def test_refresh_requires_token() -> None:
@@ -78,8 +34,13 @@ def test_refresh_requires_token() -> None:
SessionRefreshRequest(refresh_token="")
def test_logout_requires_token() -> None:
with pytest.raises(ValidationError):
SessionDeleteRequest(refresh_token="")
def test_session_response_maps_user() -> None:
user = AuthUser(id="user-1", email="user@example.com")
user = AuthUser(id="user-1", phone="+14155552671")
response = SessionResponse(
access_token="access",
refresh_token="refresh",
@@ -89,4 +50,4 @@ def test_session_response_maps_user() -> None:
)
assert response.user.id == "user-1"
assert response.user.email == "user@example.com"
assert response.user.phone == "+14155552671"
backend/tests/unit/v1/auth/test_auth_service.py
+33 -160
View File
@@ -2,19 +2,12 @@ from __future__ import annotations
import pytest
import v1.auth.gateway as auth_gateway_module
from v1.auth.schemas import (
AuthUser,
PasswordResetConfirmRequest,
PasswordResetRequest,
SessionCreateRequest,
OtpSendRequest,
PhoneSessionCreateRequest,
SessionRefreshRequest,
SessionResponse,
UserByEmailResponse,
VerificationCreateRequest,
VerificationCreateResponse,
VerificationResendRequest,
VerificationVerifyRequest,
)
from v1.auth.service import AuthService, AuthServiceGateway
@@ -22,23 +15,16 @@ from v1.auth.service import AuthService, AuthServiceGateway
class FakeGateway(AuthServiceGateway):
def __init__(self, response: SessionResponse) -> None:
self._response = response
self.last_create_verification_request: VerificationCreateRequest | None = None
self.last_send_otp_request: OtpSendRequest | None = None
self.last_phone_session_request: PhoneSessionCreateRequest | None = None
async def create_verification(
self, request: VerificationCreateRequest
) -> VerificationCreateResponse:
self.last_create_verification_request = request
return VerificationCreateResponse(email=request.email)
async def send_otp(self, request: OtpSendRequest) -> None:
self.last_send_otp_request = request
async def verify_verification(
self, request: VerificationVerifyRequest
async def create_phone_session(
self, request: PhoneSessionCreateRequest
) -> SessionResponse:
return self._response
async def resend_verification(self, request: VerificationResendRequest) -> None:
return None
async def create_session(self, request: SessionCreateRequest) -> SessionResponse:
self.last_phone_session_request = request
return self._response
async def refresh_session(self, request: SessionRefreshRequest) -> SessionResponse:
@@ -47,85 +33,10 @@ class FakeGateway(AuthServiceGateway):
async def delete_session(self, refresh_token: str | None) -> None:
return None
async def get_user_by_email(self, email: str) -> UserByEmailResponse:
raise NotImplementedError
async def request_password_reset(self, request: PasswordResetRequest) -> None:
raise NotImplementedError
async def confirm_password_reset(
self, request: PasswordResetConfirmRequest
) -> None:
raise NotImplementedError
class LogoutAssertingGateway(AuthServiceGateway):
def __init__(self, expected_refresh_token: str) -> None:
self._expected_refresh_token = expected_refresh_token
async def create_verification(
self, request: VerificationCreateRequest
) -> VerificationCreateResponse:
raise NotImplementedError
async def verify_verification(
self, request: VerificationVerifyRequest
) -> SessionResponse:
raise NotImplementedError
async def resend_verification(self, request: VerificationResendRequest) -> None:
raise NotImplementedError
async def create_session(self, request: SessionCreateRequest) -> SessionResponse:
raise NotImplementedError
async def refresh_session(self, request: SessionRefreshRequest) -> SessionResponse:
raise NotImplementedError
async def delete_session(self, refresh_token: str | None) -> None:
assert refresh_token == self._expected_refresh_token
async def get_user_by_email(self, email: str) -> UserByEmailResponse:
raise NotImplementedError
async def request_password_reset(self, request: PasswordResetRequest) -> None:
raise NotImplementedError
async def confirm_password_reset(
self, request: PasswordResetConfirmRequest
) -> None:
raise NotImplementedError
@pytest.mark.asyncio
async def test_logout_forwards_refresh_token() -> None:
service = AuthService(gateway=LogoutAssertingGateway("refresh-token"))
await service.delete_session("refresh-token")
@pytest.mark.asyncio
async def test_signup_resend_returns_none() -> None:
user = AuthUser(id="user-1", email="user@example.com")
token_response = SessionResponse(
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
service = AuthService(gateway=FakeGateway(token_response))
result = await service.resend_verification(
VerificationResendRequest(email="user@example.com")
)
assert result is None
@pytest.mark.asyncio
async def test_create_verification_ignores_invalid_invite_code() -> None:
user = AuthUser(id="user-1", email="user@example.com")
async def test_send_otp_forwards_payload() -> None:
user = AuthUser(id="user-1", phone="+8613812345678")
token_response = SessionResponse(
access_token="access",
refresh_token="refresh",
@@ -136,22 +47,15 @@ async def test_create_verification_ignores_invalid_invite_code() -> None:
gateway = FakeGateway(token_response)
service = AuthService(gateway=gateway)
await service.create_verification(
VerificationCreateRequest(
username="demo",
email="user@example.com",
password="secret123",
invite_code="bad-code",
)
)
await service.send_otp(OtpSendRequest(phone="+8613812345678"))
assert gateway.last_create_verification_request is not None
assert gateway.last_create_verification_request.invite_code is None
assert gateway.last_send_otp_request is not None
assert gateway.last_send_otp_request.phone == "+8613812345678"
@pytest.mark.asyncio
async def test_create_verification_normalizes_valid_invite_code() -> None:
user = AuthUser(id="user-1", email="user@example.com")
async def test_create_phone_session_forwards_payload() -> None:
user = AuthUser(id="user-1", phone="+8613812345678")
token_response = SessionResponse(
access_token="access",
refresh_token="refresh",
@@ -162,59 +66,28 @@ async def test_create_verification_normalizes_valid_invite_code() -> None:
gateway = FakeGateway(token_response)
service = AuthService(gateway=gateway)
await service.create_verification(
VerificationCreateRequest(
username="demo",
email="user@example.com",
password="secret123",
invite_code="a2b3",
)
response = await service.create_phone_session(
PhoneSessionCreateRequest(phone="+8613812345678", token="123456")
)
assert gateway.last_create_verification_request is not None
assert gateway.last_create_verification_request.invite_code == "A2B3"
assert gateway.last_phone_session_request is not None
assert gateway.last_phone_session_request.token == "123456"
assert response.user.phone == "+8613812345678"
@pytest.mark.asyncio
async def test_supabase_signup_passes_username_in_metadata(
monkeypatch: pytest.MonkeyPatch,
) -> None:
captured_payload: dict[str, object] = {}
class FakeSupabaseAuth:
def sign_up(self, payload: dict[str, object]) -> object:
captured_payload.update(payload)
class _User:
id = "user-1"
email = "user@example.com"
class _Session:
access_token = "access"
refresh_token = "refresh"
expires_in = 3600
token_type = "bearer"
class _Response:
user = _User()
session = None
return _Response()
class FakeClient:
auth = FakeSupabaseAuth()
monkeypatch.setattr(
auth_gateway_module.supabase_service, "get_client", lambda: FakeClient()
async def test_refresh_session_forwards_payload() -> None:
user = AuthUser(id="user-1", phone="+8613812345678")
token_response = SessionResponse(
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
gateway = FakeGateway(token_response)
service = AuthService(gateway=gateway)
gateway = auth_gateway_module.SupabaseAuthGateway()
await gateway.create_verification(
VerificationCreateRequest(
username="demo",
email="user@example.com",
password="secret123",
)
)
response = await service.refresh_session(SessionRefreshRequest(refresh_token="rt"))
assert captured_payload["data"] == {"username": "demo"}
assert response.access_token == "access"
backend/tests/unit/v1/friendships/test_schemas.py
+14 -12
View File
@@ -1,11 +1,13 @@
from __future__ import annotations
import pytest
from datetime import datetime
from uuid import uuid4
import pytest
from pydantic import ValidationError
from schemas.user.context import UserContext
from v1.friendships.schemas import (
UserBasicInfo,
FriendRequestCreate,
FriendRequestResponse,
FriendResponse,
@@ -13,16 +15,16 @@ from v1.friendships.schemas import (
)
def test_user_basic_info_maps_fields() -> None:
user = UserBasicInfo(id="user-1", username="alice", avatar_url=None)
def test_user_context_maps_fields() -> None:
user = UserContext(id="user-1", username="alice", avatar_url=None)
assert user.id == "user-1"
assert user.username == "alice"
assert user.avatar_url is None
def test_user_basic_info_with_avatar() -> None:
user = UserBasicInfo(
def test_user_context_with_avatar() -> None:
user = UserContext(
id="user-2", username="bob", avatar_url="https://example.com/avatar.png"
)
@@ -49,13 +51,13 @@ def test_friend_request_create_without_content() -> None:
def test_friend_request_create_content_max_length() -> None:
target_id = uuid4()
with pytest.raises(Exception):
with pytest.raises(ValidationError):
FriendRequestCreate(target_user_id=target_id, content="x" * 201)
def test_friend_request_response_maps_fields() -> None:
sender = UserBasicInfo(id="user-1", username="alice", avatar_url=None)
recipient = UserBasicInfo(id="user-2", username="bob", avatar_url=None)
sender = UserContext(id="user-1", username="alice", avatar_url=None)
recipient = UserContext(id="user-2", username="bob", avatar_url=None)
request_id = uuid4()
created = datetime(2026, 1, 15, 10, 30, 0)
@@ -63,7 +65,7 @@ def test_friend_request_response_maps_fields() -> None:
id=request_id,
sender=sender,
recipient=recipient,
content="Hello!",
content={"text": "Hello!"},
status="pending",
created_at=created,
)
@@ -76,7 +78,7 @@ def test_friend_request_response_maps_fields() -> None:
def test_friend_response_maps_fields() -> None:
friend_user = UserBasicInfo(id="user-2", username="bob", avatar_url=None)
friend_user = UserContext(id="user-2", username="bob", avatar_url=None)
request_id = uuid4()
created = datetime(2026, 1, 15, 10, 30, 0)
accepted = datetime(2026, 1, 16, 12, 0, 0)
@@ -96,7 +98,7 @@ def test_friend_response_maps_fields() -> None:
def test_friend_response_accepted_at_optional() -> None:
friend_user = UserBasicInfo(id="user-2", username="bob", avatar_url=None)
friend_user = UserContext(id="user-2", username="bob", avatar_url=None)
request_id = uuid4()
created = datetime(2026, 1, 15, 10, 30, 0)
backend/tests/unit/v1/schedule_items/test_share.py
+17 -17
View File
@@ -12,7 +12,7 @@ from sqlalchemy.exc import SQLAlchemyError
from core.auth.models import CurrentUser
from models.inbox_messages import InboxMessage, InboxMessageType
from models.schedule_items import ScheduleItem
from v1.auth.schemas import UserByEmailResponse
from v1.auth.schemas import UserByPhoneResponse
from v1.schedule_items.repository import ScheduleItemRepository
from v1.schedule_items.schemas import ScheduleItemShareRequest
from v1.schedule_items.service import ScheduleItemService
@@ -20,18 +20,18 @@ from v1.schedule_items.service import ScheduleItemService
def test_share_request_schema() -> None:
request = ScheduleItemShareRequest(
email="friend@example.com",
phone="+8613810000000",
permission_view=True,
permission_edit=True,
permission_invite=False,
)
assert request.email == "friend@example.com"
assert request.phone == "+8613810000000"
assert request.permission_view is True
def test_permission_bits_calculation() -> None:
request = ScheduleItemShareRequest(
email="friend@example.com",
phone="+8613810000000",
permission_view=True,
permission_edit=True,
permission_invite=False,
@@ -71,12 +71,12 @@ class ShareRepo:
class AuthGatewayStub:
async def get_user_by_email(self, email: str) -> UserByEmailResponse:
return UserByEmailResponse(
async def get_user_by_phone(self, phone: str) -> UserByPhoneResponse:
return UserByPhoneResponse(
id="00000000-0000-0000-0000-000000000222",
email=email,
phone=phone,
created_at="2026-02-28T10:00:00Z",
email_confirmed_at=None,
phone_confirmed_at=None,
)
@@ -119,12 +119,12 @@ class InboxRepoStub:
class AuthGatewayInvalidIdStub:
async def get_user_by_email(self, email: str) -> UserByEmailResponse:
return UserByEmailResponse(
async def get_user_by_phone(self, phone: str) -> UserByPhoneResponse:
return UserByPhoneResponse(
id="not-a-uuid",
email=email,
phone=phone,
created_at="2026-02-28T10:00:00Z",
email_confirmed_at=None,
phone_confirmed_at=None,
)
@@ -148,7 +148,7 @@ async def test_share_forbidden_when_not_owner() -> None:
await service.share(
item_id,
ScheduleItemShareRequest(
email="friend@example.com",
phone="+8613810000000",
permission_view=True,
permission_edit=False,
permission_invite=False,
@@ -178,7 +178,7 @@ async def test_share_success_creates_calendar_invitation_message() -> None:
result = await service.share(
item_id,
ScheduleItemShareRequest(
email="friend@example.com",
phone="+8613810000000",
permission_view=True,
permission_edit=True,
permission_invite=False,
@@ -211,7 +211,7 @@ async def test_share_returns_not_found_when_item_missing() -> None:
await service.share(
uuid4(),
ScheduleItemShareRequest(
email="friend@example.com",
phone="+8613810000000",
permission_view=True,
permission_edit=False,
permission_invite=False,
@@ -241,7 +241,7 @@ async def test_share_invalid_auth_user_id_returns_503() -> None:
await service.share(
item_id,
ScheduleItemShareRequest(
email="friend@example.com",
phone="+8613810000000",
permission_view=True,
permission_edit=False,
permission_invite=False,
@@ -274,7 +274,7 @@ async def test_share_sqlalchemy_error_rolls_back() -> None:
await service.share(
item_id,
ScheduleItemShareRequest(
email="friend@example.com",
phone="+8613810000000",
permission_view=True,
permission_edit=False,
permission_invite=False,
backend/tests/unit/v1/users/test_dependencies.py
+2 -2
View File
@@ -22,7 +22,7 @@ async def test_get_current_user_falls_back_to_supabase_validation(monkeypatch) -
del token
return deps.CurrentUser(
id=UUID("e8845a17-282b-4a63-8025-194a06235958"),
email="dagronl@126.com",
phone="dagronl@126.com",
role="authenticated",
)
@@ -31,7 +31,7 @@ async def test_get_current_user_falls_back_to_supabase_validation(monkeypatch) -
user = await deps.get_current_user(authorization="Bearer valid-token")
assert str(user.id) == "e8845a17-282b-4a63-8025-194a06235958"
assert user.email == "dagronl@126.com"
assert user.phone == "dagronl@126.com"
@pytest.mark.asyncio
backend/tests/unit/v1/users/test_user_service.py
+91 -3
View File
@@ -6,7 +6,7 @@ from uuid import uuid4
import pytest
from core.auth.models import CurrentUser
from v1.users.schemas import UserUpdateRequest
from v1.users.schemas import UserSearchRequest, UserUpdateRequest
from v1.users.service import UserService
@@ -16,6 +16,7 @@ class _FakeProfile:
username: str
avatar_url: str | None
bio: str | None
settings: dict | None = None
class _FakeRepository:
@@ -51,6 +52,37 @@ class _FakeSession:
self.rollback_called += 1
class _FakeSearchRepository:
def __init__(self, profiles: list[_FakeProfile]) -> None:
self._profiles_by_id = {profile.id: profile for profile in profiles}
async def get_by_user_ids(
self, user_ids: list[object]
) -> dict[object, _FakeProfile]:
return {
user_id: self._profiles_by_id[user_id]
for user_id in user_ids
if user_id in self._profiles_by_id
}
async def search_users(self, query: str, limit: int = 20) -> list[_FakeProfile]:
_ = limit
return [
profile
for profile in self._profiles_by_id.values()
if query.lower() in profile.username.lower()
]
class _FakeAuthLookup:
def __init__(self, mapping: dict[str, list[str]]) -> None:
self.mapping = mapping
async def search_user_ids_by_phone(self, query: str, limit: int = 20) -> list[str]:
_ = limit
return self.mapping.get(query, [])
class _FakeUserContextCache:
def __init__(self, *, should_fail: bool = False) -> None:
self.should_fail = should_fail
@@ -72,7 +104,7 @@ async def test_update_me_invalidates_user_context_cache() -> None:
session = _FakeSession()
cache = _FakeUserContextCache()
service = UserService(
repository=repo,
repository=repo, # type: ignore[arg-type]
session=session, # type: ignore[arg-type]
current_user=CurrentUser(id=user_id),
user_context_cache=cache, # type: ignore[arg-type]
@@ -94,7 +126,7 @@ async def test_update_me_succeeds_when_cache_invalidation_fails() -> None:
session = _FakeSession()
cache = _FakeUserContextCache(should_fail=True)
service = UserService(
repository=repo,
repository=repo, # type: ignore[arg-type]
session=session, # type: ignore[arg-type]
current_user=CurrentUser(id=user_id),
user_context_cache=cache, # type: ignore[arg-type]
@@ -105,3 +137,59 @@ async def test_update_me_succeeds_when_cache_invalidation_fails() -> None:
assert result.username == "new-name"
assert session.commit_called == 1
assert cache.invalidated_user_ids == [user_id]
@pytest.mark.asyncio
async def test_search_users_supports_phone_without_country_code() -> None:
user_id = uuid4()
repo = _FakeSearchRepository(
[
_FakeProfile(
id=user_id,
username="alice",
avatar_url=None,
bio=None,
)
]
)
session = _FakeSession()
auth_lookup = _FakeAuthLookup({"13812345678": [str(user_id)]})
service = UserService(
repository=repo, # type: ignore[arg-type]
session=session, # type: ignore[arg-type]
current_user=CurrentUser(id=user_id),
auth_gateway=auth_lookup, # type: ignore[arg-type]
)
results = await service.search_users(UserSearchRequest(query="13812345678"))
assert len(results) == 1
assert results[0].id == str(user_id)
@pytest.mark.asyncio
async def test_search_users_preserves_numeric_username_lookup() -> None:
user_id = uuid4()
repo = _FakeSearchRepository(
[
_FakeProfile(
id=user_id,
username="20260319",
avatar_url=None,
bio=None,
)
]
)
session = _FakeSession()
auth_lookup = _FakeAuthLookup({})
service = UserService(
repository=repo, # type: ignore[arg-type]
session=session, # type: ignore[arg-type]
current_user=CurrentUser(id=user_id),
auth_gateway=auth_lookup, # type: ignore[arg-type]
)
results = await service.search_users(UserSearchRequest(query="20260319"))
assert len(results) == 1
assert results[0].username == "20260319"