tests/conftest.py

@@ -53,6 +53,10 @@ def disable_rate_limiting():
 def engine():
     """Sync in-memory SQLite engine for model unit tests."""
     eng = create_engine("sqlite:///:memory:")
+    from cartsnitch_api.models.user import User
+
+    col = User.__table__.columns["email_inbound_token"]
+    col.server_default = None
     Base.metadata.create_all(eng)
     yield eng
     eng.dispose()
@@ -77,6 +81,9 @@ async def db_engine():
         cursor.close()
 
     async with engine.begin() as conn:
+        from cartsnitch_api.models.user import User
+
+        User.__table__.columns["email_inbound_token"].server_default = None
         await conn.run_sync(Base.metadata.create_all)
         # Create Better-Auth tables (not managed by SQLAlchemy models)
         await conn.execute(
@@ -178,9 +185,9 @@ async def _create_test_user_and_session(
         await conn.execute(
             text(
                 "INSERT INTO users (id, email, hashed_password, display_name, "
-                "email_verified, created_at, updated_at) "
+                "email_verified, email_inbound_token, created_at, updated_at) "
-                "VALUES (:id, :email, :hashed_password, :display_name, :email_verified, "
+                "VALUES (:id, :email, :hashed_password, :display_name, "
-                ":created_at, :updated_at)"
+                ":email_verified, :email_inbound_token, :created_at, :updated_at)"
             ),
             {
                 "id": user_id,
@@ -188,6 +195,7 @@ async def _create_test_user_and_session(
                 "hashed_password": "not-used-with-better-auth",
                 "display_name": display_name,
                 "email_verified": False,
+                "email_inbound_token": secrets.token_urlsafe(16),
                 "created_at": now,
                 "updated_at": now,
             },

tests/test_auth/test_auth_endpoints.py

@@ -139,8 +139,8 @@ async def test_expired_session_rejected(client, db_engine):
         await conn.execute(
             text(
                 "INSERT INTO users (id, email, hashed_password, display_name, "
-                "email_verified, created_at, updated_at) "
+                "email_verified, email_inbound_token, created_at, updated_at) "
-                "VALUES (:id, :email, :hp, :dn, :ev, :ca, :ua)"
+                "VALUES (:id, :email, :hp, :dn, :ev, :token, :ca, :ua)"
             ),
             {
                 "id": user_id,
@@ -148,6 +148,7 @@ async def test_expired_session_rejected(client, db_engine):
                 "hp": "unused",
                 "dn": "Expired User",
                 "ev": False,
+                "token": secrets.token_urlsafe(16),
                 "ca": now,
                 "ua": now,
             },

tests/test_e2e/test_auth_validation.py

@@ -66,8 +66,8 @@ class TestSessionValidation:
             await conn.execute(
                 text(
                     "INSERT INTO users (id, email, hashed_password, display_name, "
-                    "email_verified, created_at, updated_at) "
+                    "email_verified, email_inbound_token, created_at, updated_at) "
-                    "VALUES (:id, :email, :hp, :dn, :ev, :ca, :ua)"
+                    "VALUES (:id, :email, :hp, :dn, :ev, :token, :ca, :ua)"
                 ),
                 {
                     "id": user_id,
@@ -75,6 +75,7 @@ class TestSessionValidation:
                     "hp": "unused",
                     "dn": "Expired User",
                     "ev": False,
+                    "token": secrets.token_urlsafe(16),
                     "ca": now,
                     "ua": now,
                 },