from __future__ import annotations from uuid import UUID import pytest from pydantic import SecretStr from core.config.settings import config from core.http.errors import ApiProblemError from v1.auth.dev_phone_session import create_dev_phone_session, refresh_dev_phone_session from v1.auth.schemas import PhoneSessionCreateRequest, SessionRefreshRequest _TEST_JWT_SECRET = "test-secret-key-with-32-bytes-minimum!!" @pytest.mark.asyncio async def test_dev_session_refresh_round_trip(monkeypatch: pytest.MonkeyPatch) -> None: monkeypatch.setattr(config.runtime, "environment", "dev") monkeypatch.setattr(config.supabase, "jwt_secret", SecretStr(_TEST_JWT_SECRET)) monkeypatch.setattr(config.supabase, "jwt_issuer", "http://localhost:8001/auth/v1") async def _fake_find_or_create_user_by_phone(_phone: str) -> UUID: return UUID("00000000-0000-0000-0000-000000000123") monkeypatch.setattr( "v1.auth.dev_phone_session._find_or_create_user_by_phone", _fake_find_or_create_user_by_phone, ) created = await create_dev_phone_session( request=PhoneSessionCreateRequest(phone="+8613812345678", token="123456") ) refreshed = await refresh_dev_phone_session( request=SessionRefreshRequest(refresh_token=created.refresh_token) ) assert refreshed.user.id == "00000000-0000-0000-0000-000000000123" assert refreshed.user.phone == "+8613812345678" assert refreshed.access_token assert refreshed.refresh_token @pytest.mark.asyncio async def test_dev_session_refresh_rejects_invalid_token( monkeypatch: pytest.MonkeyPatch, ) -> None: monkeypatch.setattr(config.runtime, "environment", "dev") monkeypatch.setattr(config.supabase, "jwt_secret", SecretStr(_TEST_JWT_SECRET)) monkeypatch.setattr(config.supabase, "jwt_issuer", "http://localhost:8001/auth/v1") with pytest.raises(ApiProblemError) as exc_info: await refresh_dev_phone_session( request=SessionRefreshRequest(refresh_token="invalid-token") ) assert exc_info.value.status_code == 401 assert exc_info.value.code == "AUTH_REFRESH_TOKEN_INVALID"