Files
shaguabijia-app-server/tests/test_auth.py
T
马润林 1aafc28621 feat: 正式 App 后端登录模块 v0.1.0
引入 JWT 认证、极光一键登录、短信 mock 登录与用户表,并补充技术实施文档与部署配置。

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-23 17:37:18 +08:00

71 lines
2.5 KiB
Python

"""auth 流程测试(不依赖真实极光,只测 sms mock 路径 + JWT 闭环)。"""
from __future__ import annotations
def test_sms_login_and_me_flow(client) -> None:
"""sms_send → sms_login → 用 access_token 调 /me 拿到自己。"""
phone = "13800138000"
# 1. 发短信(mock,任意 6 位均通过)
r = client.post("/api/v1/auth/sms/send", json={"phone": phone})
assert r.status_code == 200, r.text
body = r.json()
assert body["sent"] is True
assert body["mock"] is True
# 2. 登录
r = client.post("/api/v1/auth/sms/login", json={"phone": phone, "code": "123456"})
assert r.status_code == 200, r.text
data = r.json()
assert "access_token" in data
assert "refresh_token" in data
assert data["user"]["phone"] == phone
assert data["user"]["register_channel"] == "sms"
access = data["access_token"]
refresh = data["refresh_token"]
# 3. /me
r = client.get("/api/v1/auth/me", headers={"Authorization": f"Bearer {access}"})
assert r.status_code == 200, r.text
assert r.json()["phone"] == phone
# 4. /me 不带 token → 401
r = client.get("/api/v1/auth/me")
assert r.status_code == 401
# 5. 用 refresh 换新 token
r = client.post("/api/v1/auth/refresh", json={"refresh_token": refresh})
assert r.status_code == 200, r.text
assert "access_token" in r.json()
# 6. 用 access 当 refresh 拒绝(防 token 类型混用)
r = client.post("/api/v1/auth/refresh", json={"refresh_token": access})
assert r.status_code == 401
# 7. logout
r = client.post("/api/v1/auth/logout", headers={"Authorization": f"Bearer {access}"})
assert r.status_code == 200
assert r.json()["ok"] is True
def test_sms_send_too_frequent(client) -> None:
phone = "13900139000"
r1 = client.post("/api/v1/auth/sms/send", json={"phone": phone})
assert r1.status_code == 200
r2 = client.post("/api/v1/auth/sms/send", json={"phone": phone})
assert r2.status_code == 429
def test_sms_login_bad_code(client) -> None:
"""mock 模式下,5 位通过 schema 长度校验,但业务层只接受 6 位 → 400。"""
phone = "13700137000"
client.post("/api/v1/auth/sms/send", json={"phone": phone})
r = client.post("/api/v1/auth/sms/login", json={"phone": phone, "code": "12345"})
assert r.status_code == 400
assert "invalid sms code" in r.json()["detail"]
def test_phone_format_validation(client) -> None:
r = client.post("/api/v1/auth/sms/send", json={"phone": "1234567"})
assert r.status_code == 422