zl-q
ec33bb0cee
- 合并 auth 端点: /verifications/verify → /verify, /verifications/resend → /resend - 整合密码重置到 /verify 端点 (type=recovery) - 移除未使用的 /auth/users 端点 - 添加 redirect URL 白名单验证 (site_url + additional_redirect_urls) - 限流改用 Redis + IP 标识,替代内存锁 - 删除 v1/profile 死代码模块 - 更新前端 auth_api 适配新端点 - 添加 supabase site_url 和 additional_redirect_urls 配置
82 lines
2.2 KiB
Python
82 lines
2.2 KiB
Python
from __future__ import annotations
|
|
|
|
import pytest
|
|
from pydantic import ValidationError
|
|
|
|
from v1.auth.schemas import (
|
|
AuthUser,
|
|
SessionCreateRequest,
|
|
SessionRefreshRequest,
|
|
SessionResponse,
|
|
VerificationCreateRequest,
|
|
VerificationVerifyRequest,
|
|
VerificationResendRequest,
|
|
)
|
|
|
|
|
|
def test_signup_requires_valid_email() -> None:
|
|
with pytest.raises(ValidationError):
|
|
VerificationCreateRequest(
|
|
username="demo", email="not-an-email", password="secret123"
|
|
)
|
|
|
|
|
|
def test_signup_requires_username() -> None:
|
|
with pytest.raises(ValidationError):
|
|
VerificationCreateRequest.model_validate(
|
|
{"email": "user@example.com", "password": "secret123"}
|
|
)
|
|
|
|
|
|
def test_signup_verify_requires_six_digit_token() -> None:
|
|
with pytest.raises(ValidationError):
|
|
VerificationVerifyRequest(email="user@example.com", token="abc123")
|
|
|
|
|
|
def test_signup_verify_disallows_new_password() -> None:
|
|
with pytest.raises(ValidationError):
|
|
VerificationVerifyRequest(
|
|
type="signup",
|
|
email="user@example.com",
|
|
token="123456",
|
|
new_password="secret123",
|
|
)
|
|
|
|
|
|
def test_recovery_verify_requires_new_password() -> None:
|
|
with pytest.raises(ValidationError):
|
|
VerificationVerifyRequest(
|
|
type="recovery",
|
|
email="user@example.com",
|
|
token="123456",
|
|
)
|
|
|
|
|
|
def test_signup_resend_requires_valid_email() -> None:
|
|
with pytest.raises(ValidationError):
|
|
VerificationResendRequest(email="invalid")
|
|
|
|
|
|
def test_login_requires_valid_email() -> None:
|
|
with pytest.raises(ValidationError):
|
|
SessionCreateRequest(email="invalid", password="secret123")
|
|
|
|
|
|
def test_refresh_requires_token() -> None:
|
|
with pytest.raises(ValidationError):
|
|
SessionRefreshRequest(refresh_token="")
|
|
|
|
|
|
def test_session_response_maps_user() -> None:
|
|
user = AuthUser(id="user-1", email="user@example.com")
|
|
response = SessionResponse(
|
|
access_token="access",
|
|
refresh_token="refresh",
|
|
expires_in=3600,
|
|
token_type="bearer",
|
|
user=user,
|
|
)
|
|
|
|
assert response.user.id == "user-1"
|
|
assert response.user.email == "user@example.com"
|