api/tests/test_auth_google_login.py

from __future__ import annotations

from unittest.mock import MagicMock

import pytest

from app.features.auth import repo
from app.features.auth.google import GoogleIdentity
from app.features.auth.service import AuthError, AuthService
from app.features.user.models import User


def _identity(
    *,
    subject: str = "google-sub-1",
    email: str = "person@example.com",
    name: str = "Google Person",
) -> GoogleIdentity:
    return GoogleIdentity(
        subject=subject,
        email=email,
        email_verified=True,
        name=name,
        picture="https://example.com/avatar.jpg",
    )


@pytest.mark.asyncio
async def test_google_login_creates_user(
    auth_session_factory,
    monkeypatch: pytest.MonkeyPatch,
) -> None:
    monkeypatch.setattr(
        "app.features.auth.service.verify_google_id_token",
        lambda _token: _identity(),
    )

    async with auth_session_factory() as db:
        svc = AuthService(db=db, sms=MagicMock())
        result = await svc.login_with_google("id-token", language="en")

        assert result["access_token"]
        assert result["refresh_token"]
        assert result["is_new_user"] is True

        user = await repo.get_user_by_openid("google:google-sub-1", db)
        assert user is not None
        assert user.phone == "google:google-sub-1"
        assert user.email == "person@example.com"
        assert user.nickname == "Google Person"
        assert user.language_preference == "en"


@pytest.mark.asyncio
async def test_google_login_links_existing_verified_email_user(
    auth_session_factory,
    make_test_user,
    monkeypatch: pytest.MonkeyPatch,
) -> None:
    monkeypatch.setattr(
        "app.features.auth.service.verify_google_id_token",
        lambda _token: _identity(email="linked@example.com"),
    )

    async with auth_session_factory() as db:
        existing: User = make_test_user(nickname="Existing")
        existing.email = "linked@example.com"
        db.add(existing)
        await db.commit()

        svc = AuthService(db=db, sms=MagicMock())
        result = await svc.login_with_google("id-token", language="en")

        assert result["is_new_user"] is False
        await db.refresh(existing)
        assert existing.openid == "google:google-sub-1"
        assert existing.nickname == "Existing"
        assert existing.language_preference != "en"


@pytest.mark.asyncio
async def test_google_login_rejects_email_bound_to_other_openid(
    auth_session_factory,
    make_test_user,
    monkeypatch: pytest.MonkeyPatch,
) -> None:
    monkeypatch.setattr(
        "app.features.auth.service.verify_google_id_token",
        lambda _token: _identity(email="taken@example.com"),
    )

    async with auth_session_factory() as db:
        existing: User = make_test_user(nickname="Existing")
        existing.email = "taken@example.com"
        existing.openid = "google:another-sub"
        db.add(existing)
        await db.commit()

        svc = AuthService(db=db, sms=MagicMock())
        with pytest.raises(AuthError) as exc_info:
            await svc.login_with_google("id-token")

        assert exc_info.value.code == "EMAIL_EXISTS"
merge dark mode and google OAuth (#35) * feat(api): implement Google OAuth login and user management - Added Google OpenID Connect login functionality, allowing users to authenticate using their Google accounts. - Created new endpoints for Google login, including user registration and linking existing accounts. - Introduced Google token verification logic and error handling for authentication failures. - Updated environment configuration to include Google OAuth client IDs and verification settings. - Enhanced user model to support OpenID and linked Google accounts. This feature improves user experience by enabling seamless sign-in with Google, while maintaining security and integrity of user data. * fix(auth): wire staging Google token verifier * chore(deps): update expo to version 55.0.6 and adjust @expo/env dependency in pnpm-lock.yaml * chore(deps): update Babel dependencies to version 7.29.7 in package-lock.json * feat(auth): enhance phone login for China users - Updated phone login functionality to support only mainland China (+86) mobile numbers. - Added user prompts and descriptions for phone login, including confirmation and cancellation options. - Adjusted translations for both English and Chinese to reflect the new phone login requirements. - Updated Google OAuth client IDs in configuration files for production and staging environments. * chore(deps): add peer flag to use-sync-external-store in package-lock.json * chore(deps): add @emnapi/core and @emnapi/runtime to package-lock.json * fix(app-expo): align Android native dependencies * fix(app-expo): normalize lockfile for npm 10 * fix(config): update environment variable handling to use static access - Introduced a static mapping for public environment variables to ensure proper access during the release bundle. - Updated the `requirePublicEnv` and `optionalPublicEnv` functions to reference the new `PUBLIC_ENV` object instead of directly accessing `process.env`. - Added comments to clarify the necessity of static access for certain environment variables. * feat(app-expo): dark mode, FAQ i18n, eval ASR, and theme cleanup (#34) * feat(app-expo): dark mode, FAQ i18n, version CI, and theme cleanup Implement light/dark scene colors across chat, reading, and headers; remove default/brand theme picker and ThemeVariablesProvider. Localize FAQ in-app, fix dark-mode text visibility, and remove the unused /api/faqs endpoint. Align About/version with Expo config and inject APP_VERSION in CI builds. Also includes phone E164 auth/SMS updates, eval ASR page, and related API work. * revert: remove phone E.164 changes from dark-mode branch These auth/SMS internationalization updates were accidentally bundled into the dark-mode commit; restore 11-digit CN phone flow and drop related API, migration, and Expo UI work from this branch. * fix: address PR review issues for dark mode and eval ASR Use light foreground colors for sepia reading in dark mode, fix chat send button contrast, stream-limit eval ASR uploads, restore LiveTester phone validation, and remove unused AudioSegmenter code. * fix(app-expo): improve chat send button contrast in light and dark mode Add dedicated send button colors (accent fill in dark, primary fill in light), use RNText to avoid NativeWind overrides, and restore dark labels in light mode for readable composer actions. --------- Co-authored-by: Kevin <kevin@brighteng.org> --------- Co-authored-by: penghanyuan <penghanyuan@gmail.com> Co-authored-by: Kevin <kevin@brighteng.org> 2026-06-09 11:14:36 +08:00			`from __future__ import annotations`

			`from unittest.mock import MagicMock`

			`import pytest`

			`from app.features.auth import repo`
			`from app.features.auth.google import GoogleIdentity`
			`from app.features.auth.service import AuthError, AuthService`
			`from app.features.user.models import User`


			`def _identity(`
			`*,`
			`subject: str = "google-sub-1",`
			`email: str = "person@example.com",`
			`name: str = "Google Person",`
			`) -> GoogleIdentity:`
			`return GoogleIdentity(`
			`subject=subject,`
			`email=email,`
			`email_verified=True,`
			`name=name,`
			`picture="https://example.com/avatar.jpg",`
			`)`


			`@pytest.mark.asyncio`
			`async def test_google_login_creates_user(`
			`auth_session_factory,`
			`monkeypatch: pytest.MonkeyPatch,`
			`) -> None:`
			`monkeypatch.setattr(`
			`"app.features.auth.service.verify_google_id_token",`
			`lambda _token: _identity(),`
			`)`

			`async with auth_session_factory() as db:`
			`svc = AuthService(db=db, sms=MagicMock())`
			`result = await svc.login_with_google("id-token", language="en")`

			`assert result["access_token"]`
			`assert result["refresh_token"]`
			`assert result["is_new_user"] is True`

			`user = await repo.get_user_by_openid("google:google-sub-1", db)`
			`assert user is not None`
			`assert user.phone == "google:google-sub-1"`
			`assert user.email == "person@example.com"`
			`assert user.nickname == "Google Person"`
			`assert user.language_preference == "en"`


			`@pytest.mark.asyncio`
			`async def test_google_login_links_existing_verified_email_user(`
			`auth_session_factory,`
			`make_test_user,`
			`monkeypatch: pytest.MonkeyPatch,`
			`) -> None:`
			`monkeypatch.setattr(`
			`"app.features.auth.service.verify_google_id_token",`
			`lambda _token: _identity(email="linked@example.com"),`
			`)`

			`async with auth_session_factory() as db:`
			`existing: User = make_test_user(nickname="Existing")`
			`existing.email = "linked@example.com"`
			`db.add(existing)`
			`await db.commit()`

			`svc = AuthService(db=db, sms=MagicMock())`
			`result = await svc.login_with_google("id-token", language="en")`

			`assert result["is_new_user"] is False`
			`await db.refresh(existing)`
			`assert existing.openid == "google:google-sub-1"`
			`assert existing.nickname == "Existing"`
			`assert existing.language_preference != "en"`


			`@pytest.mark.asyncio`
			`async def test_google_login_rejects_email_bound_to_other_openid(`
			`auth_session_factory,`
			`make_test_user,`
			`monkeypatch: pytest.MonkeyPatch,`
			`) -> None:`
			`monkeypatch.setattr(`
			`"app.features.auth.service.verify_google_id_token",`
			`lambda _token: _identity(email="taken@example.com"),`
			`)`

			`async with auth_session_factory() as db:`
			`existing: User = make_test_user(nickname="Existing")`
			`existing.email = "taken@example.com"`
			`existing.openid = "google:another-sub"`
			`db.add(existing)`
			`await db.commit()`

			`svc = AuthService(db=db, sms=MagicMock())`
			`with pytest.raises(AuthError) as exc_info:`
			`await svc.login_with_google("id-token")`

			`assert exc_info.value.code == "EMAIL_EXISTS"`