fix(backend): Refactor OIDC callback and auth dependency to correctly handle cookies and prefix all API routes with /api/v1.

2026-02-12 01:26:28 -08:00
parent 49a9da7c0c
commit 0dfdef738d
6 changed files with 51 additions and 29 deletions
--- a/backend/tests/api/test_api_auth.py
+++ b/backend/tests/api/test_api_auth.py
@@ -26,7 +26,7 @@ def test_register_user_success():
        mock_hm.create_user.return_value = User(id="1", username="new@example.com", display_name="New")
        
        response = client.post(
-            "/auth/register",
+            "/api/v1/auth/register",
            json={"email": "new@example.com", "password": "password123", "display_name": "New"}
        )
        
@@ -39,7 +39,7 @@ def test_login_success():
        mock_hm.authenticate_user.return_value = User(id="1", username="test@example.com")
        
        response = client.post(
-            "/auth/login",
+            "/api/v1/auth/login",
            data={"username": "test@example.com", "password": "password123"}
        )
        
@@ -53,7 +53,7 @@ def test_login_invalid_credentials():
        mock_hm.authenticate_user.return_value = None
        
        response = client.post(
-            "/auth/login",
+            "/api/v1/auth/login",
            data={"username": "test@example.com", "password": "wrongpassword"}
        )
        
@@ -62,7 +62,7 @@ def test_login_invalid_credentials():

 def test_protected_route_without_token():
    """Test that protected routes require a token."""
-    response = client.get("/auth/me")
+    response = client.get("/api/v1/auth/me")
    assert response.status_code == 401

 def test_oidc_login_redirect():
@@ -70,12 +70,12 @@ def test_oidc_login_redirect():
    with patch("ea_chatbot.api.routers.auth.oidc_client") as mock_oidc:
        mock_oidc.get_login_url.return_value = "https://oidc-provider.com/auth"
        
-        response = client.get("/auth/oidc/login")
+        response = client.get("/api/v1/auth/oidc/login")
        assert response.status_code == 200
        assert response.json()["url"] == "https://oidc-provider.com/auth"

-def test_oidc_callback_success():
-    """Test successful OIDC callback and JWT issuance."""
+def test_oidc_callback_success_ajax():
+    """Test successful OIDC callback and JWT issuance via AJAX."""
    with patch("ea_chatbot.api.routers.auth.oidc_client") as mock_oidc, \
         patch("ea_chatbot.api.routers.auth.history_manager") as mock_hm:
        
@@ -83,7 +83,10 @@ def test_oidc_callback_success():
        mock_oidc.get_user_info.return_value = {"email": "sso@example.com", "name": "SSO User"}
        mock_hm.sync_user_from_oidc.return_value = User(id="sso-123", username="sso@example.com", display_name="SSO User")
        
-        response = client.get("/auth/oidc/callback?code=some-code")
+        response = client.get(
+            "/api/v1/auth/oidc/callback?code=some-code",
+            headers={"Accept": "application/json"}
+        )
        
        assert response.status_code == 200
        assert "access_token" in response.json()
@@ -98,7 +101,7 @@ def test_get_me_success():
        mock_hm.get_user_by_id.return_value = User(id="123", username="test@example.com", display_name="Test")
        
        response = client.get(
-            "/auth/me",
+            "/api/v1/auth/me",
            headers={"Authorization": f"Bearer {token}"}
        )