auth: replace UUID-based login with JWT credential verification
Login now requires login/email + password verified against DB via /api/auth/login. Only approved registrations can access the app. Signal endpoint accepts JWT Bearer tokens alongside legacy api_key auth. Old UUID-only registration flow removed from frontend. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Gros Frumos
parent
1adcabf3a6
commit
04f7bd79e2
8 changed files with 173 additions and 128 deletions
|
|
@ -78,14 +78,14 @@ async def test_signal_without_geo_success():
|
|||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_signal_missing_user_id_returns_422():
|
||||
"""Missing user_id field must return 422."""
|
||||
async def test_signal_missing_auth_returns_401():
|
||||
"""Missing Authorization header must return 401."""
|
||||
async with make_app_client() as client:
|
||||
resp = await client.post(
|
||||
"/api/signal",
|
||||
json={"timestamp": 1742478000000},
|
||||
)
|
||||
assert resp.status_code == 422
|
||||
assert resp.status_code == 401
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue