auth: replace UUID-based login with JWT credential verification

Login now requires login/email + password verified against DB via /api/auth/login. Only approved registrations can access the app. Signal endpoint accepts JWT Bearer tokens alongside legacy api_key auth. Old UUID-only registration flow removed from frontend. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-21 14:14:12 +02:00 · 2026-03-21 14:14:12 +02:00 · 04f7bd79e2
commit 04f7bd79e2
parent 1adcabf3a6
8 changed files with 173 additions and 128 deletions
--- a/tests/test_fix_012.py
+++ b/tests/test_fix_012.py
@ -102,10 +102,10 @@ def test_register_request_rejects_old_placeholder_uuid(bad_uuid: str) -> None:
    "agg-uuid-001",
    "create-uuid-001",
 ])
-def test_signal_request_rejects_old_placeholder_uuid(bad_uuid: str) -> None:
-    """SignalRequest.user_id must reject old-style placeholder strings."""
-    with pytest.raises(ValidationError):
-        SignalRequest(user_id=bad_uuid, timestamp=1700000000000)
+def test_signal_request_accepts_any_user_id_string(bad_uuid: str) -> None:
+    """SignalRequest.user_id is optional (no pattern) — validation is at endpoint level."""
+    req = SignalRequest(user_id=bad_uuid, timestamp=1700000000000)
+    assert req.user_id == bad_uuid


 # ---------------------------------------------------------------------------
@ -152,17 +152,16 @@ def test_register_request_rejects_uuid_v3_version_digit() -> None:
        RegisterRequest(uuid="550e8400-e29b-31d4-a716-446655440000", name="Test")


-def test_signal_request_rejects_uuid_wrong_variant_bits() -> None:
-    """UUID with invalid variant bits (0xxx in fourth group) must be rejected."""
-    with pytest.raises(ValidationError):
-        # fourth group starts with '0' — not 8/9/a/b variant
-        SignalRequest(user_id="550e8400-e29b-41d4-0716-446655440000", timestamp=1700000000000)
+def test_signal_request_accepts_any_variant_bits() -> None:
+    """SignalRequest.user_id is now optional and unvalidated (JWT auth doesn't use it)."""
+    req = SignalRequest(user_id="550e8400-e29b-41d4-0716-446655440000", timestamp=1700000000000)
+    assert req.user_id is not None


-def test_signal_request_rejects_uuid_wrong_variant_c() -> None:
-    """UUID with variant 'c' (1100 bits) must be rejected — only 8/9/a/b allowed."""
-    with pytest.raises(ValidationError):
-        SignalRequest(user_id="550e8400-e29b-41d4-c716-446655440000", timestamp=1700000000000)
+def test_signal_request_without_user_id() -> None:
+    """SignalRequest works without user_id (JWT auth mode)."""
+    req = SignalRequest(timestamp=1700000000000)
+    assert req.user_id is None


 def test_register_request_accepts_all_valid_v4_variants() -> None: