zl-q
ec33bb0cee
- 合并 auth 端点: /verifications/verify → /verify, /verifications/resend → /resend - 整合密码重置到 /verify 端点 (type=recovery) - 移除未使用的 /auth/users 端点 - 添加 redirect URL 白名单验证 (site_url + additional_redirect_urls) - 限流改用 Redis + IP 标识,替代内存锁 - 删除 v1/profile 死代码模块 - 更新前端 auth_api 适配新端点 - 添加 supabase site_url 和 additional_redirect_urls 配置
167 lines
4.9 KiB
Python
167 lines
4.9 KiB
Python
from __future__ import annotations
|
|
|
|
import pytest
|
|
|
|
import v1.auth.gateway as auth_gateway_module
|
|
from v1.auth.schemas import (
|
|
AuthUser,
|
|
PasswordResetConfirmRequest,
|
|
PasswordResetRequest,
|
|
SessionCreateRequest,
|
|
SessionRefreshRequest,
|
|
SessionResponse,
|
|
UserByEmailResponse,
|
|
VerificationCreateRequest,
|
|
VerificationCreateResponse,
|
|
VerificationResendRequest,
|
|
VerificationVerifyRequest,
|
|
)
|
|
from v1.auth.service import AuthService, AuthServiceGateway
|
|
|
|
|
|
class FakeGateway(AuthServiceGateway):
|
|
def __init__(self, response: SessionResponse) -> None:
|
|
self._response = response
|
|
|
|
async def create_verification(
|
|
self, request: VerificationCreateRequest
|
|
) -> VerificationCreateResponse:
|
|
return VerificationCreateResponse(email=request.email)
|
|
|
|
async def verify_verification(
|
|
self, request: VerificationVerifyRequest
|
|
) -> SessionResponse:
|
|
return self._response
|
|
|
|
async def resend_verification(self, request: VerificationResendRequest) -> None:
|
|
return None
|
|
|
|
async def create_session(self, request: SessionCreateRequest) -> SessionResponse:
|
|
return self._response
|
|
|
|
async def refresh_session(self, request: SessionRefreshRequest) -> SessionResponse:
|
|
return self._response
|
|
|
|
async def delete_session(self, refresh_token: str | None) -> None:
|
|
return None
|
|
|
|
async def get_user_by_email(self, email: str) -> UserByEmailResponse:
|
|
raise NotImplementedError
|
|
|
|
async def request_password_reset(self, request: PasswordResetRequest) -> None:
|
|
raise NotImplementedError
|
|
|
|
async def confirm_password_reset(
|
|
self, request: PasswordResetConfirmRequest
|
|
) -> None:
|
|
raise NotImplementedError
|
|
|
|
|
|
class LogoutAssertingGateway(AuthServiceGateway):
|
|
def __init__(self, expected_refresh_token: str) -> None:
|
|
self._expected_refresh_token = expected_refresh_token
|
|
|
|
async def create_verification(
|
|
self, request: VerificationCreateRequest
|
|
) -> VerificationCreateResponse:
|
|
raise NotImplementedError
|
|
|
|
async def verify_verification(
|
|
self, request: VerificationVerifyRequest
|
|
) -> SessionResponse:
|
|
raise NotImplementedError
|
|
|
|
async def resend_verification(self, request: VerificationResendRequest) -> None:
|
|
raise NotImplementedError
|
|
|
|
async def create_session(self, request: SessionCreateRequest) -> SessionResponse:
|
|
raise NotImplementedError
|
|
|
|
async def refresh_session(self, request: SessionRefreshRequest) -> SessionResponse:
|
|
raise NotImplementedError
|
|
|
|
async def delete_session(self, refresh_token: str | None) -> None:
|
|
assert refresh_token == self._expected_refresh_token
|
|
|
|
async def get_user_by_email(self, email: str) -> UserByEmailResponse:
|
|
raise NotImplementedError
|
|
|
|
async def request_password_reset(self, request: PasswordResetRequest) -> None:
|
|
raise NotImplementedError
|
|
|
|
async def confirm_password_reset(
|
|
self, request: PasswordResetConfirmRequest
|
|
) -> None:
|
|
raise NotImplementedError
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_logout_forwards_refresh_token() -> None:
|
|
service = AuthService(gateway=LogoutAssertingGateway("refresh-token"))
|
|
|
|
await service.delete_session("refresh-token")
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_signup_resend_returns_none() -> None:
|
|
user = AuthUser(id="user-1", email="user@example.com")
|
|
token_response = SessionResponse(
|
|
access_token="access",
|
|
refresh_token="refresh",
|
|
expires_in=3600,
|
|
token_type="bearer",
|
|
user=user,
|
|
)
|
|
service = AuthService(gateway=FakeGateway(token_response))
|
|
|
|
result = await service.resend_verification(
|
|
VerificationResendRequest(email="user@example.com")
|
|
)
|
|
|
|
assert result is None
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_supabase_signup_passes_username_in_metadata(
|
|
monkeypatch: pytest.MonkeyPatch,
|
|
) -> None:
|
|
captured_payload: dict[str, object] = {}
|
|
|
|
class FakeSupabaseAuth:
|
|
def sign_up(self, payload: dict[str, object]) -> object:
|
|
captured_payload.update(payload)
|
|
|
|
class _User:
|
|
id = "user-1"
|
|
email = "user@example.com"
|
|
|
|
class _Session:
|
|
access_token = "access"
|
|
refresh_token = "refresh"
|
|
expires_in = 3600
|
|
token_type = "bearer"
|
|
|
|
class _Response:
|
|
user = _User()
|
|
session = None
|
|
|
|
return _Response()
|
|
|
|
class FakeClient:
|
|
auth = FakeSupabaseAuth()
|
|
|
|
monkeypatch.setattr(
|
|
auth_gateway_module.supabase_service, "get_client", lambda: FakeClient()
|
|
)
|
|
|
|
gateway = auth_gateway_module.SupabaseAuthGateway()
|
|
await gateway.create_verification(
|
|
VerificationCreateRequest(
|
|
username="demo",
|
|
email="user@example.com",
|
|
password="secret123",
|
|
)
|
|
)
|
|
|
|
assert captured_payload["data"] == {"username": "demo"}
|