fix(orchestrator): Apply refinements from code review

2026-02-23 15:46:21 -08:00
parent c5cf4b38a1
commit 2cfbc5d1d0
19 changed files with 252 additions and 33 deletions
--- a/backend/tests/api/test_api_auth.py
+++ b/backend/tests/api/test_api_auth.py
@@ -123,3 +123,20 @@ def test_get_me_success(client):
        assert response.status_code == 200
        assert response.json()["email"] == "test@example.com"
        assert response.json()["id"] == "123"
+
+def test_get_me_rejects_refresh_token(client):
+    """Test that /auth/me rejects refresh tokens for authentication."""
+    from ea_chatbot.api.utils import create_refresh_token
+    token = create_refresh_token(data={"sub": "123"})
+    
+    with patch("ea_chatbot.api.dependencies.history_manager") as mock_hm:
+        # Even if the user exists, the dependency should reject the token type
+        mock_hm.get_user_by_id.return_value = User(id="123", username="test@example.com")
+        
+        response = client.get(
+            "/api/v1/auth/me",
+            headers={"Authorization": f"Bearer {token}"}
+        )
+        
+        assert response.status_code == 401
+        assert "Cannot use refresh token" in response.json()["detail"]