BTHLABS-58: Share Extension in Apple Apps

2025-10-04 08:02:13 +02:00
parent 0c12f52569
commit 99e9226338
122 changed files with 5488 additions and 411 deletions
--- a/services/backend/tests/ui/views/integrations/extension/test_authenticate.py
+++ b/services/backend/tests/ui/views/integrations/extension/test_authenticate.py
@@ -9,11 +9,15 @@ from django.urls import reverse
 import pytest
 from pytest_django import asserts

+from hotpocket_backend_testing.services.accounts import AuthKeysTestingService
 from hotpocket_common.url import URL


@pytest.mark.django_db
-def test_ok(authenticated_client: Client):
+def test_ok(authenticated_client: Client,
+            extension_auth_source_extension,
+            account,
+            ):
    # When
    result = authenticated_client.get(
        reverse('ui.integrations.extension.authenticate'),
@@ -28,8 +32,118 @@ def test_ok(authenticated_client: Client):
    assert redirect_url.raw_path == reverse('ui.integrations.extension.post_authenticate')
    assert 'auth_key' in redirect_url.query

-    assert 'extension_auth_key' in authenticated_client.session
-    assert authenticated_client.session['extension_auth_key'] == redirect_url.query['auth_key'][0]
+    assert 'extension_source' in authenticated_client.session
+    assert authenticated_client.session['extension_source'] == extension_auth_source_extension
+
+    assert 'extension_session_token' in authenticated_client.session
+
+    AuthKeysTestingService().assert_created(
+        key=redirect_url.query['auth_key'][0],
+        account_uuid=account.pk,
+    )
+
+
+@pytest.mark.parametrize(
+    'source_fixture_name',
+    ['extension_auth_source_desktop', 'extension_auth_source_mobile'],
+)
+@pytest.mark.django_db
+def test_ok_with_source(source_fixture_name,
+                        request: pytest.FixtureRequest,
+                        authenticated_client: Client,
+                        extension_auth_session_token,
+                        ):
+    # Given
+    source = request.getfixturevalue(source_fixture_name)
+
+    # When
+    result = authenticated_client.get(
+        reverse(
+            'ui.integrations.extension.authenticate',
+            query=[
+                ('source', source),
+                ('session_token', extension_auth_session_token),
+            ],
+        ),
+        follow=False,
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.FOUND
+    assert 'Location' in result.headers
+
+    redirect_url = URL(result.headers['Location'])
+    assert redirect_url.raw_path == reverse('ui.integrations.extension.post_authenticate')
+    assert 'auth_key' in redirect_url.query
+
+    assert 'extension_source' in authenticated_client.session
+    assert authenticated_client.session['extension_source'] == source
+
+    assert 'extension_session_token' in authenticated_client.session
+    assert authenticated_client.session['extension_session_token'] == extension_auth_session_token
+
+
+@pytest.mark.django_db
+def test_source_without_session_token(authenticated_client: Client,
+                                      extension_auth_source_desktop,
+                                      ):
+    # Given
+    with pytest.raises(AssertionError) as exception_info:
+        # When
+        _ = authenticated_client.get(
+            reverse(
+                'ui.integrations.extension.authenticate',
+                query=[
+                    ('source', extension_auth_source_desktop),
+                ],
+            ),
+            follow=False,
+        )
+
+    # Then
+    assert exception_info.value.args[0] == 'Session token missing'
+
+
+@pytest.mark.django_db
+def test_source_without_empty_session_token(authenticated_client: Client,
+                                            extension_auth_source_desktop,
+                                            ):
+    # Given
+    with pytest.raises(AssertionError) as exception_info:
+        # When
+        _ = authenticated_client.get(
+            reverse(
+                'ui.integrations.extension.authenticate',
+                query=[
+                    ('source', extension_auth_source_desktop),
+                    ('session_token', ''),
+                ],
+            ),
+            follow=False,
+        )
+
+    # Then
+    assert exception_info.value.args[0] == 'Session token missing'
+
+
+@pytest.mark.django_db
+def test_unknown_source(authenticated_client: Client, extension_auth_session_token):
+    # Given
+    with pytest.raises(ValueError) as exception_info:
+        # When
+        _ = authenticated_client.get(
+            reverse(
+                'ui.integrations.extension.authenticate',
+                query=[
+                    ('source', 'thisisntright'),
+                    ('session_token', extension_auth_session_token),
+                ],
+            ),
+            follow=False,
+        )
+
+    # Then
+    assert exception_info.value.args[0] == 'Unknown source: `thisisntright`'


@pytest.mark.django_db
--- a/services/backend/tests/ui/views/integrations/extension/test_post_authenticate.py
+++ b/services/backend/tests/ui/views/integrations/extension/test_post_authenticate.py
@@ -3,6 +3,7 @@
 from __future__ import annotations

 import http
+import urllib.parse
 import uuid

 from django.test import Client
@@ -17,10 +18,15 @@ def auth_key():


@pytest.mark.django_db
-def test_ok(authenticated_client: Client, auth_key):
+def test_ok(authenticated_client: Client,
+            auth_key,
+            extension_auth_source_extension,
+            extension_auth_session_token,
+            ):
    # Given
    session = authenticated_client.session
-    session['extension_auth_key'] = auth_key
+    session['extension_source'] = extension_auth_source_extension
+    session['extension_session_token'] = extension_auth_session_token
    session.save()

    # When
@@ -34,13 +40,95 @@ def test_ok(authenticated_client: Client, auth_key):
    # Then
    assert result.status_code == http.HTTPStatus.OK

+    assert 'extension_source' not in authenticated_client.session
+    assert 'extension_session_token' not in authenticated_client.session
+
    asserts.assertTemplateUsed(
        result, 'ui/integrations/extension/post_authenticate.html',
    )

+    assert result.context[0]['app_redirect_url'] is None
+
+
+@pytest.mark.parametrize(
+    'source_fixture_name,expected_app_redirect_url_scheme',
+    [
+        ('extension_auth_source_desktop', 'hotpocket-desktop'),
+        ('extension_auth_source_mobile', 'hotpocket-mobile'),
+    ],
+)
+@pytest.mark.django_db
+def test_ok_with_source(source_fixture_name,
+                        expected_app_redirect_url_scheme,
+                        request: pytest.FixtureRequest,
+                        authenticated_client: Client,
+                        auth_key,
+                        extension_auth_session_token,
+                        ):
+    # Given
+    source = request.getfixturevalue(source_fixture_name)
+
+    session = authenticated_client.session
+    session['extension_source'] = source
+    session['extension_session_token'] = extension_auth_session_token
+    session.save()
+
+    # When
+    result = authenticated_client.get(
+        reverse('ui.integrations.extension.post_authenticate'),
+        data={
+            'auth_key': auth_key,
+        },
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.OK
+    assert result.context[0]['app_redirect_url'] is not None
+
+    app_redirect_url = result.context[0]['app_redirect_url']
+
+    parsed_app_redirect_url = urllib.parse.urlsplit(app_redirect_url)
+    assert parsed_app_redirect_url.scheme == expected_app_redirect_url_scheme
+    assert parsed_app_redirect_url.netloc == 'post-authenticate'
+    assert parsed_app_redirect_url.path == '/'
+
+    parsed_app_redirect_url_query = urllib.parse.parse_qs(parsed_app_redirect_url.query)
+    assert parsed_app_redirect_url_query['session_token'] == [extension_auth_session_token]
+    assert parsed_app_redirect_url_query['auth_key'] == [auth_key]
+

@pytest.mark.django_db
-def test_auth_key_not_in_session(authenticated_client: Client, auth_key):
+def test_auth_key_not_request(authenticated_client: Client,
+                              extension_auth_source_extension,
+                              extension_auth_session_token,
+                              ):
+    # Given
+    session = authenticated_client.session
+    session['extension_source'] = extension_auth_source_extension
+    session['extension_session_token'] = extension_auth_session_token
+    session.save()
+
+    # When
+    result = authenticated_client.get(
+        reverse('ui.integrations.extension.post_authenticate'),
+        data={
+        },
+    )
+
+    # Then
+    assert result.status_code == http.HTTPStatus.FORBIDDEN
+
+
+@pytest.mark.django_db
+def test_source_not_in_session(authenticated_client: Client,
+                               extension_auth_session_token,
+                               auth_key,
+                               ):
+    # Given
+    session = authenticated_client.session
+    session['extension_session_token'] = extension_auth_session_token
+    session.save()
+
    # When
    result = authenticated_client.get(
        reverse('ui.integrations.extension.post_authenticate'),
@@ -54,16 +142,20 @@ def test_auth_key_not_in_session(authenticated_client: Client, auth_key):


@pytest.mark.django_db
-def test_auth_key_not_request(authenticated_client: Client, auth_key):
+def test_session_token_in_session(authenticated_client: Client,
+                                  extension_auth_source_extension,
+                                  auth_key,
+                                  ):
    # Given
    session = authenticated_client.session
-    session['extension_auth_key'] = auth_key
+    session['extension_source'] = extension_auth_source_extension
    session.save()

    # When
    result = authenticated_client.get(
        reverse('ui.integrations.extension.post_authenticate'),
        data={
+            'auth_key': auth_key,
        },
    )