qzl/social-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9a231dae9e5b72bb53da2e73dc95a8600af9ceb0
social-app/backend/tests/integration/test_auth_routes.py
T
qzl f0af44d840 refactor(backend): update API routes and service layer 
- Update agent router/service/repository with new endpoints
- Update auth routes with phone-based authentication
- Update users service with new phone lookup
- Update schedule_items with new schemas
- Update message schemas with visibility support
- Update settings with new automation scheduler config
- Update CLI with new commands
- Update tests to match new API contracts
2026-03-19 18:42:59 +08:00

191 lines
5.7 KiB
Python
Raw Blame History

from __future__ import annotations
from typing import Callable
import pytest
from fastapi import HTTPException
from fastapi.testclient import TestClient
from app import app
from v1.auth.dependencies import get_auth_service
from v1.auth.rate_limit import reset_rate_limit_state
from v1.auth.schemas import (
AuthUser,
OtpSendRequest,
PhoneSessionCreateRequest,
SessionRefreshRequest,
SessionResponse,
)
from v1.auth.service import AuthService
@pytest.fixture(autouse=True)
def reset_auth_rate_limit_state() -> None:
reset_rate_limit_state()
@pytest.fixture(autouse=True)
def force_in_memory_rate_limit(monkeypatch: pytest.MonkeyPatch) -> None:
async def _raise_redis_unavailable() -> None:
raise RuntimeError("redis unavailable in integration tests")
monkeypatch.setattr(
"v1.auth.rate_limit.get_or_init_redis_client",
_raise_redis_unavailable,
)
class FakeAuthService(AuthService):
def __init__(self, token_response: SessionResponse) -> None:
self._token_response = token_response
async def send_otp(self, request: OtpSendRequest) -> None:
if request.phone == "+8613811111111":
raise HTTPException(status_code=401, detail="Invalid verification code")
return None
async def create_phone_session(
self, request: PhoneSessionCreateRequest
) -> SessionResponse:
if request.token == "000000":
raise HTTPException(status_code=401, detail="Invalid verification code")
return self._token_response
async def refresh_session(self, request: SessionRefreshRequest) -> SessionResponse:
raise HTTPException(status_code=401, detail="Invalid refresh token")
async def delete_session(self, refresh_token: str | None) -> None:
return None
def _override_auth_service(service: AuthService) -> Callable[[], AuthService]:
def _get_service() -> AuthService:
return service
return _get_service
def _token_response() -> SessionResponse:
user = AuthUser(id="user-1", phone="+8613812345678")
return SessionResponse(
access_token="access",
refresh_token="refresh",
expires_in=3600,
token_type="bearer",
user=user,
)
def test_send_otp_returns_204() -> None:
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(_token_response())
)
client = TestClient(app)
try:
response = client.post(
"/api/v1/auth/otp/send",
json={"phone": "+8613812345678"},
)
assert response.status_code == 204
finally:
app.dependency_overrides = {}
def test_phone_session_returns_token_response() -> None:
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(_token_response())
)
client = TestClient(app)
try:
response = client.post(
"/api/v1/auth/phone-session",
json={"phone": "+8613812345678", "token": "123456"},
)
assert response.status_code == 200
body = response.json()
assert body["access_token"] == "access"
assert body["refresh_token"] == "refresh"
assert body["user"]["phone"] == "+8613812345678"
finally:
app.dependency_overrides = {}
def test_phone_session_invalid_token_returns_problem_details() -> None:
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(_token_response())
)
client = TestClient(app)
try:
response = client.post(
"/api/v1/auth/phone-session",
json={"phone": "+8613812345678", "token": "000000"},
)
assert response.status_code == 401
assert response.headers["content-type"].startswith("application/problem+json")
finally:
app.dependency_overrides = {}
def test_legacy_routes_are_removed() -> None:
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(_token_response())
)
client = TestClient(app)
try:
assert client.post("/api/v1/auth/verifications", json={}).status_code == 404
assert client.post("/api/v1/auth/verify", json={}).status_code == 404
assert client.post("/api/v1/auth/resend", json={}).status_code == 404
assert client.post("/api/v1/auth/sessions", json={}).status_code == 405
finally:
app.dependency_overrides = {}
def test_send_otp_phone_rate_limited_after_too_many_attempts() -> None:
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(_token_response())
)
client = TestClient(app)
try:
for _ in range(3):
ok = client.post(
"/api/v1/auth/otp/send",
json={"phone": "+8613812345678"},
)
assert ok.status_code == 204
blocked = client.post(
"/api/v1/auth/otp/send",
json={"phone": "+8613812345678"},
)
assert blocked.status_code == 429
finally:
app.dependency_overrides = {}
def test_phone_session_rate_limited_after_too_many_attempts() -> None:
app.dependency_overrides[get_auth_service] = _override_auth_service(
FakeAuthService(_token_response())
)
client = TestClient(app)
try:
for _ in range(6):
blocked = client.post(
"/api/v1/auth/phone-session",
json={"phone": "+8613812345678", "token": "000000"},
)
assert blocked.status_code == 401
blocked = client.post(
"/api/v1/auth/phone-session",
json={"phone": "+8613812345678", "token": "000000"},
)
assert blocked.status_code == 429
finally:
app.dependency_overrides = {}
Reference in New Issue View Git Blame Copy Permalink