1aafc28621
引入 JWT 认证、极光一键登录、短信 mock 登录与用户表,并补充技术实施文档与部署配置。 Co-authored-by: Cursor <cursoragent@cursor.com>
71 lines
2.5 KiB
Python
71 lines
2.5 KiB
Python
"""auth 流程测试(不依赖真实极光,只测 sms mock 路径 + JWT 闭环)。"""
|
|
from __future__ import annotations
|
|
|
|
|
|
def test_sms_login_and_me_flow(client) -> None:
|
|
"""sms_send → sms_login → 用 access_token 调 /me 拿到自己。"""
|
|
phone = "13800138000"
|
|
|
|
# 1. 发短信(mock,任意 6 位均通过)
|
|
r = client.post("/api/v1/auth/sms/send", json={"phone": phone})
|
|
assert r.status_code == 200, r.text
|
|
body = r.json()
|
|
assert body["sent"] is True
|
|
assert body["mock"] is True
|
|
|
|
# 2. 登录
|
|
r = client.post("/api/v1/auth/sms/login", json={"phone": phone, "code": "123456"})
|
|
assert r.status_code == 200, r.text
|
|
data = r.json()
|
|
assert "access_token" in data
|
|
assert "refresh_token" in data
|
|
assert data["user"]["phone"] == phone
|
|
assert data["user"]["register_channel"] == "sms"
|
|
access = data["access_token"]
|
|
refresh = data["refresh_token"]
|
|
|
|
# 3. /me
|
|
r = client.get("/api/v1/auth/me", headers={"Authorization": f"Bearer {access}"})
|
|
assert r.status_code == 200, r.text
|
|
assert r.json()["phone"] == phone
|
|
|
|
# 4. /me 不带 token → 401
|
|
r = client.get("/api/v1/auth/me")
|
|
assert r.status_code == 401
|
|
|
|
# 5. 用 refresh 换新 token
|
|
r = client.post("/api/v1/auth/refresh", json={"refresh_token": refresh})
|
|
assert r.status_code == 200, r.text
|
|
assert "access_token" in r.json()
|
|
|
|
# 6. 用 access 当 refresh 拒绝(防 token 类型混用)
|
|
r = client.post("/api/v1/auth/refresh", json={"refresh_token": access})
|
|
assert r.status_code == 401
|
|
|
|
# 7. logout
|
|
r = client.post("/api/v1/auth/logout", headers={"Authorization": f"Bearer {access}"})
|
|
assert r.status_code == 200
|
|
assert r.json()["ok"] is True
|
|
|
|
|
|
def test_sms_send_too_frequent(client) -> None:
|
|
phone = "13900139000"
|
|
r1 = client.post("/api/v1/auth/sms/send", json={"phone": phone})
|
|
assert r1.status_code == 200
|
|
r2 = client.post("/api/v1/auth/sms/send", json={"phone": phone})
|
|
assert r2.status_code == 429
|
|
|
|
|
|
def test_sms_login_bad_code(client) -> None:
|
|
"""mock 模式下,5 位通过 schema 长度校验,但业务层只接受 6 位 → 400。"""
|
|
phone = "13700137000"
|
|
client.post("/api/v1/auth/sms/send", json={"phone": phone})
|
|
r = client.post("/api/v1/auth/sms/login", json={"phone": phone, "code": "12345"})
|
|
assert r.status_code == 400
|
|
assert "invalid sms code" in r.json()["detail"]
|
|
|
|
|
|
def test_phone_format_validation(client) -> None:
|
|
r = client.post("/api/v1/auth/sms/send", json={"phone": "1234567"})
|
|
assert r.status_code == 422
|