fix(api): revert auth/type regressions from standalone sync, keep email-in feature only

- Revert auth/dependencies.py to cookie+Bearer dual auth with str user IDs - Add GET /auth/me/email-in-address endpoint for receipt email routing - Update User model: add email_inbound_token, change id/store_id/user_id to str - Update AuthService and UserResponse to use str user IDs - Update route count test: 33 -> 34 routes - Restore e2e test for email-in-address endpoint Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-03 09:40:39 +00:00
parent 18ff5795ac
commit bbbf97d027
18 changed files with 360 additions and 236 deletions
@@ -5,6 +5,74 @@ import pytest
 from tests.test_e2e.conftest import BAD_UUID, ZERO_UUID


+@pytest.mark.asyncio
+class TestRegistrationErrors:
+    """Validation errors during user registration."""
+
+    async def test_short_password(self, client, db_engine):
+        resp = await client.post(
+            "/auth/register",
+            json={"email": "short@example.com", "password": "short", "display_name": "Test"},
+        )
+        assert resp.status_code == 422
+
+    async def test_invalid_email(self, client, db_engine):
+        resp = await client.post(
+            "/auth/register",
+            json={"email": "not-an-email", "password": "securepass123", "display_name": "Test"},
+        )
+        assert resp.status_code == 422
+
+    async def test_missing_fields(self, client, db_engine):
+        resp = await client.post("/auth/register", json={})
+        assert resp.status_code == 422
+
+    async def test_empty_display_name(self, client, db_engine):
+        resp = await client.post(
+            "/auth/register",
+            json={"email": "empty@example.com", "password": "securepass123", "display_name": ""},
+        )
+        assert resp.status_code == 422
+
+    async def test_duplicate_email(self, client, db_engine):
+        payload = {
+            "email": "dupe@example.com",
+            "password": "securepass123",
+            "display_name": "First",
+        }
+        first = await client.post("/auth/register", json=payload)
+        assert first.status_code == 201
+        second = await client.post("/auth/register", json=payload)
+        assert second.status_code == 409
+
+
+@pytest.mark.asyncio
+class TestLoginErrors:
+    """Login failure modes."""
+
+    async def test_wrong_password(self, client, db_engine):
+        await client.post(
+            "/auth/register",
+            json={
+                "email": "login-err@example.com",
+                "password": "correctpass1",
+                "display_name": "Login",
+            },
+        )
+        resp = await client.post(
+            "/auth/login",
+            json={"email": "login-err@example.com", "password": "wrongpass123"},
+        )
+        assert resp.status_code == 401
+
+    async def test_nonexistent_user(self, client, db_engine):
+        resp = await client.post(
+            "/auth/login",
+            json={"email": "nobody@example.com", "password": "doesntmatter"},
+        )
+        assert resp.status_code == 401
+
+
@pytest.mark.asyncio
 class TestNotFoundErrors:
    """404 responses for missing resources."""