Salon/backend/apps/accounts/tests/test_authentica_e2e_mock.py

"""Mocked end-to-end phone auth flow using Authentica OTP provider."""

import os
from unittest.mock import MagicMock, patch

import pytest
from django.test import override_settings
from django.urls import reverse

from apps.accounts.models import User


@pytest.mark.django_db
@override_settings(OTP_PROVIDER="authentica")
@patch("requests.post")
def test_phone_auth_flow_with_authentica_mock(mock_post, client):
    def make_response(payload, ok=True):
        response = MagicMock()
        response.ok = ok
        response.json.return_value = payload
        response.text = ""
        return response

    def side_effect(url, headers=None, json=None, timeout=None):
        assert headers and headers.get("X-Authorization") == "api-key"
        assert timeout == 7.0
        if url.endswith("/api/v2/send-otp"):
            assert json == {"method": "sms", "phone": "+966512345678"}
            return make_response({"success": True})
        if url.endswith("/api/v2/verify-otp"):
            if json == {"phone": "+966512345678", "otp": "123456"}:
                return make_response({"verified": True})
            return make_response({"verified": False})
        raise AssertionError(f"Unexpected URL {url}")

    with patch.dict(
        os.environ,
        {
            "AUTHENTICA_API_KEY": "api-key",
            "AUTHENTICA_TIMEOUT_SECONDS": "7",
        },
    ):
        mock_post.side_effect = side_effect

        request_url = reverse("phone_auth_request")
        verify_url = reverse("phone_auth_verify")

        response = client.post(
            request_url,
            {"phone_number": "0512345678", "channel": "sms", "first_name": "Sara"},
            content_type="application/json",
        )
        assert response.status_code == 201
        request_id = response.json()["request_id"]

        bad = client.post(
            verify_url,
            {"request_id": request_id, "code": "000000"},
            content_type="application/json",
        )
        assert bad.status_code == 400

        good = client.post(
            verify_url,
            {"request_id": request_id, "code": "123456"},
            content_type="application/json",
        )
        assert good.status_code == 200

        user = User.objects.filter(phone_number="+966512345678").first()
        assert user is not None
        assert user.is_phone_verified is True