kevin/life-echo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
development
life-echo/api/tests/test_auth_google_remote_verifier.py

131 lines
3.8 KiB
Python
Raw Permalink Normal View History

merge dark mode and google OAuth (#35) * feat(api): implement Google OAuth login and user management - Added Google OpenID Connect login functionality, allowing users to authenticate using their Google accounts. - Created new endpoints for Google login, including user registration and linking existing accounts. - Introduced Google token verification logic and error handling for authentication failures. - Updated environment configuration to include Google OAuth client IDs and verification settings. - Enhanced user model to support OpenID and linked Google accounts. This feature improves user experience by enabling seamless sign-in with Google, while maintaining security and integrity of user data. * fix(auth): wire staging Google token verifier * chore(deps): update expo to version 55.0.6 and adjust @expo/env dependency in pnpm-lock.yaml * chore(deps): update Babel dependencies to version 7.29.7 in package-lock.json * feat(auth): enhance phone login for China users - Updated phone login functionality to support only mainland China (+86) mobile numbers. - Added user prompts and descriptions for phone login, including confirmation and cancellation options. - Adjusted translations for both English and Chinese to reflect the new phone login requirements. - Updated Google OAuth client IDs in configuration files for production and staging environments. * chore(deps): add peer flag to use-sync-external-store in package-lock.json * chore(deps): add @emnapi/core and @emnapi/runtime to package-lock.json * fix(app-expo): align Android native dependencies * fix(app-expo): normalize lockfile for npm 10 * fix(config): update environment variable handling to use static access - Introduced a static mapping for public environment variables to ensure proper access during the release bundle. - Updated the `requirePublicEnv` and `optionalPublicEnv` functions to reference the new `PUBLIC_ENV` object instead of directly accessing `process.env`. - Added comments to clarify the necessity of static access for certain environment variables. * feat(app-expo): dark mode, FAQ i18n, eval ASR, and theme cleanup (#34) * feat(app-expo): dark mode, FAQ i18n, version CI, and theme cleanup Implement light/dark scene colors across chat, reading, and headers; remove default/brand theme picker and ThemeVariablesProvider. Localize FAQ in-app, fix dark-mode text visibility, and remove the unused /api/faqs endpoint. Align About/version with Expo config and inject APP_VERSION in CI builds. Also includes phone E164 auth/SMS updates, eval ASR page, and related API work. * revert: remove phone E.164 changes from dark-mode branch These auth/SMS internationalization updates were accidentally bundled into the dark-mode commit; restore 11-digit CN phone flow and drop related API, migration, and Expo UI work from this branch. * fix: address PR review issues for dark mode and eval ASR Use light foreground colors for sepia reading in dark mode, fix chat send button contrast, stream-limit eval ASR uploads, restore LiveTester phone validation, and remove unused AudioSegmenter code. * fix(app-expo): improve chat send button contrast in light and dark mode Add dedicated send button colors (accent fill in dark, primary fill in light), use RNText to avoid NativeWind overrides, and restore dark labels in light mode for readable composer actions. --------- Co-authored-by: Kevin <kevin@brighteng.org> --------- Co-authored-by: penghanyuan <penghanyuan@gmail.com> Co-authored-by: Kevin <kevin@brighteng.org>
2026-06-09 11:14:36 +08:00
from __future__ import annotations
from typing import Any
import httpx
import pytest
from app.core.app_config import get_app_config
from app.core.config import settings
from app.core.errors import ServiceUnavailableError
from app.features.auth.google import verify_google_id_token
from app.features.auth.service_errors import AuthError
def _configure_remote_verifier(monkeypatch: pytest.MonkeyPatch) -> None:
monkeypatch.setattr(
get_app_config().deploy,
"google_oauth_client_ids",
"web-client",
)
monkeypatch.setattr(
settings,
"google_token_verifier_url",
"https://verifier.example/api/verify-google-token",
)
monkeypatch.setattr(settings, "google_token_verifier_secret", "shared-secret")
monkeypatch.setattr(settings, "google_token_verifier_timeout_seconds", 3.0)
def test_remote_google_verifier_success(monkeypatch: pytest.MonkeyPatch) -> None:
_configure_remote_verifier(monkeypatch)
calls: list[dict[str, Any]] = []
def fake_post(
url: str,
*,
json: dict[str, str],
headers: dict[str, str],
timeout: float,
) -> httpx.Response:
calls.append(
{
"url": url,
"json": json,
"headers": headers,
"timeout": timeout,
}
)
return httpx.Response(
200,
json={
"subject": "google-sub",
"email": "Person@Example.com",
"email_verified": True,
"name": "Google Person",
"picture": "https://example.com/avatar.jpg",
"audience": "web-client",
},
)
monkeypatch.setattr("app.features.auth.google.httpx.post", fake_post)
identity = verify_google_id_token("id-token")
assert identity.subject == "google-sub"
assert identity.email == "person@example.com"
assert identity.audience == "web-client"
assert calls == [
{
"url": "https://verifier.example/api/verify-google-token",
"json": {"id_token": "id-token"},
"headers": {
"Accept": "application/json",
"Authorization": "Bearer shared-secret",
},
"timeout": 3.0,
}
]
def test_remote_google_verifier_rejects_invalid_token(
monkeypatch: pytest.MonkeyPatch,
) -> None:
_configure_remote_verifier(monkeypatch)
def fake_post(*_args: object, **_kwargs: object) -> httpx.Response:
return httpx.Response(401, json={"error": "INVALID_TOKEN"})
monkeypatch.setattr("app.features.auth.google.httpx.post", fake_post)
with pytest.raises(AuthError) as exc_info:
verify_google_id_token("bad-token")
assert exc_info.value.code == "INVALID_TOKEN"
def test_remote_google_verifier_rejects_audience_mismatch(
monkeypatch: pytest.MonkeyPatch,
) -> None:
_configure_remote_verifier(monkeypatch)
def fake_post(*_args: object, **_kwargs: object) -> httpx.Response:
return httpx.Response(
200,
json={
"subject": "google-sub",
"email": "person@example.com",
"email_verified": True,
"name": "",
"picture": None,
"audience": "other-client",
},
)
monkeypatch.setattr("app.features.auth.google.httpx.post", fake_post)
with pytest.raises(AuthError) as exc_info:
verify_google_id_token("id-token")
assert exc_info.value.code == "INVALID_TOKEN"
def test_remote_google_verifier_requires_shared_secret(
monkeypatch: pytest.MonkeyPatch,
) -> None:
_configure_remote_verifier(monkeypatch)
monkeypatch.setattr(settings, "google_token_verifier_secret", "")
with pytest.raises(ServiceUnavailableError):
verify_google_id_token("id-token")
Reference in New Issue Copy Permalink