fix(auth): revert to Better-Auth session-cookie auth, preserve email-in feature

- Revert auth/dependencies.py, auth/routes.py, services/auth.py, schemas.py to Better-Auth session-cookie auth (removed JWT register/login/refresh) - Preserve GET /auth/me/email-in-address endpoint - Fix UUIDString TypeDecorator: process_result_value returns uuid.UUID (not str) so SQLAlchemy 2.0 sentinel tracking matches UUID-to-UUID - Fix seed_data fixture: look up real user_id from session token via sessions table; purchases now reference actual user FK - Update purchase_data fixture to use session-cookie auth - Update test_auth_endpoints, test_auth_validation to cookie-based tests - Remove TestRegistrationErrors and TestLoginErrors (no longer applicable) - Update test_openapi.py expected routes and count - Update test_error_handler.py to use PATCH /auth/me validation Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-03 09:15:00 +00:00
parent b52fae5894
commit 18ff5795ac
13 changed files with 543 additions and 591 deletions
@@ -1,12 +1,39 @@
 """Base model and mixins for all CartSnitch ORM models."""

-import uuid
+import uuid as uuid_lib
 from datetime import datetime

-from sqlalchemy import DateTime, func
+from sqlalchemy import DateTime, String, TypeDecorator, func
 from sqlalchemy.orm import DeclarativeBase, Mapped, mapped_column


+class UUIDString(TypeDecorator):
+    """Store UUIDs as VARCHAR(36) strings in all dialects.
+
+    This handles the fundamental mismatch between Python's uuid.UUID objects
+    (used everywhere in application code) and SQLite's lack of a native UUID type.
+    - On INSERT: converts uuid.UUID → str
+    - On SELECT: returns uuid.UUID (so SQLAlchemy 2.0 sentinel tracking matches correctly)
+    """
+
+    impl = String(36)
+    cache_ok = True
+
+    def process_bind_param(self, value, dialect):
+        if value is None:
+            return value
+        if isinstance(value, uuid_lib.UUID):
+            return str(value)
+        return value  # already a string
+
+    def process_result_value(self, value, dialect):
+        if value is None:
+            return value
+        if isinstance(value, uuid_lib.UUID):
+            return value
+        return uuid_lib.UUID(value)  # convert str → UUID for correct sentinel tracking
+
+
 class Base(DeclarativeBase):
    """Base class for all CartSnitch models."""

@@ -23,8 +50,14 @@ class TimestampMixin:


 class UUIDPrimaryKeyMixin:
-    """Mixin providing a UUID primary key."""
+    """Mixin providing a UUID primary key.

-    id: Mapped[uuid.UUID] = mapped_column(
-        primary_key=True, default=uuid.uuid4, server_default=func.gen_random_uuid()
+    Uses UUIDString so all DB dialects store the full 36-char UUID string
+    without truncation, while Python code always works with uuid.UUID objects.
+    """
+
+    id: Mapped[uuid_lib.UUID] = mapped_column(
+        UUIDString(),
+        primary_key=True,
+        default=uuid_lib.uuid4,
    )