feat: update login api

2026-06-05 15:36:31 +08:00
parent fd0b3e1982
commit ba9fb33062
15 changed files with 714 additions and 163 deletions
@@ -18,7 +18,7 @@ from .conftest import (
    USER_LIST_URL, user_detail_url,
    DEFAULT_INSTITUTION_CODE, DEFAULT_INSTITUTION_NAME,
    inject_sms_code, create_test_user, get_auth_client, get_tokens,
-    create_teacher_student_relation,
+    create_teacher_student_relation, ensure_institution,
 )


@@ -39,32 +39,37 @@ class UserAuthHappyPathTest(CacheTestCase):
    # ── HP-1: 注册 → 密码登录 → /me ──────────────────────────────────────

    def test_flow_register_login_me(self):
-        """HP-1: U2 register(管理员代注册,默认密码) → U3 login(默认密码) → GET /me"""
+        """HP-1: U2 register(管理员代注册,默认密码) → U3 login(CMS:账号+密码+角色) → GET /me"""
        phone = '13900000001'
        default_password = f'Pass{phone}'
        real_name = '张三'

+        # 代注册需超级管理员 / 医院管理员身份
+        admin = create_test_user(phone='13900000009', password='Admin123', role_type='super_admin')
+        admin_client = get_auth_client(admin)
+
        with ExitStack() as stack:
            _bypass_all_auth_throttles(stack)

-            # U2: register（管理员代注册，无需验证码，密码自动为 Pass+手机号）
-            resp = self.client.post(USER_REGISTER_URL, {
+            # U2: register（超管代注册，CMS 角色 doctor，密码自动为 Pass+手机号）
+            resp = admin_client.post(USER_REGISTER_URL, {
                'phone': phone,
                'real_name': real_name,
+                'role_type': 'doctor',
                'institution_code': DEFAULT_INSTITUTION_CODE,
                'institution_name': DEFAULT_INSTITUTION_NAME,
            })
            self.assertEqual(resp.status_code, 201, resp.content)
            data = resp.json()
-            self.assertIn('tokens', data)
+            self.assertNotIn('tokens', data)  # 代注册不返回 tokens
            self.assertEqual(data['user']['phone'], phone)
            self.assertEqual(data['user']['real_name'], real_name)
            self.assertEqual(data['user']['institution_name'], DEFAULT_INSTITUTION_NAME)
            self.assertEqual(data['user']['institution_code'], DEFAULT_INSTITUTION_CODE)

-        # U3: login (默认密码 Pass+手机号)
+        # U3: CMS 登录（用户名或手机号 + 密码 + 角色）
        resp = self.client.post(USER_LOGIN_URL, {
-            'phone': phone, 'password': default_password,
+            'account': phone, 'password': default_password, 'role': 'doctor',
        })
        self.assertEqual(resp.status_code, 200, resp.content)
        tokens = resp.json()['tokens']
@@ -79,9 +84,10 @@ class UserAuthHappyPathTest(CacheTestCase):
    # ── HP-2: 验证码登录 ─────────────────────────────────────────────────

    def test_flow_code_login(self):
-        """HP-2: 预创建用户 → U1 send-code(login) → U4 login-code → /me"""
+        """HP-2: 预创建学生(已录入机构) → U1 send-code(login) → U4 login-code → /me"""
        phone = '13900000002'
-        user = create_test_user(phone=phone, password='TestPass1')
+        inst = ensure_institution(name=DEFAULT_INSTITUTION_NAME, code=DEFAULT_INSTITUTION_CODE)
+        user = create_test_user(phone=phone, password='TestPass1', institution=inst)

        with ExitStack() as stack:
            _bypass_all_auth_throttles(stack)
@@ -121,7 +127,7 @@ class UserAuthHappyPathTest(CacheTestCase):
        phone = '13900000003'
        old_pwd = 'OldPass1'
        new_pwd = 'NewPass1'
-        create_test_user(phone=phone, password=old_pwd)
+        create_test_user(phone=phone, password=old_pwd, role_type='doctor')

        with ExitStack() as stack:
            _bypass_all_auth_throttles(stack)
@@ -145,13 +151,13 @@ class UserAuthHappyPathTest(CacheTestCase):

        # 新密码登录成功
        resp = self.client.post(USER_LOGIN_URL, {
-            'phone': phone, 'password': new_pwd,
+            'account': phone, 'password': new_pwd, 'role': 'doctor',
        })
        self.assertEqual(resp.status_code, 200, resp.content)

        # 旧密码登录失败
        resp = self.client.post(USER_LOGIN_URL, {
-            'phone': phone, 'password': old_pwd,
+            'account': phone, 'password': old_pwd, 'role': 'doctor',
        })
        self.assertIn(resp.status_code, (400, 401))

@@ -162,11 +168,11 @@ class UserAuthHappyPathTest(CacheTestCase):
        phone = '13900000004'
        old_pwd = 'OldPass1'
        new_pwd = 'NewPass1'
-        user = create_test_user(phone=phone, password=old_pwd)
+        user = create_test_user(phone=phone, password=old_pwd, role_type='doctor')

        # U3: login
        resp = self.client.post(USER_LOGIN_URL, {
-            'phone': phone, 'password': old_pwd,
+            'account': phone, 'password': old_pwd, 'role': 'doctor',
        })
        self.assertEqual(resp.status_code, 200, resp.content)
        old_access = resp.json()['tokens']['access']
@@ -190,7 +196,7 @@ class UserAuthHappyPathTest(CacheTestCase):
        # 新密码登录
        self.client.credentials()  # 清除旧 auth
        resp = self.client.post(USER_LOGIN_URL, {
-            'phone': phone, 'password': new_pwd,
+            'account': phone, 'password': new_pwd, 'role': 'doctor',
        })
        self.assertEqual(resp.status_code, 200, resp.content)
        new_access = resp.json()['tokens']['access']