Add auth JSON API subset coverage

jwfing · jwfing · commit b6b174b63bfb · 2026-03-28T12:51:20.000-07:00
diff --git a/insforge/auth/client.py b/insforge/auth/client.py
@@ -4,8 +4,25 @@
 from typing import Any
 
 from .._base_client import BaseClient
+from .._utils import quote_path_segment
 from ..exceptions import InsforgeAuthError
-from .models import CurrentProfileResponse, SignInResponse
+from .models import AdminSessionExchangeRequest
+from .models import AnonymousTokenResponse
+from .models import AuthConfigResponse
+from .models import AuthConfigUpdateRequest
+from .models import AuthCurrentSessionResponse
+from .models import AuthDeleteUsersRequest
+from .models import AuthDeleteUsersResponse
+from .models import AuthSessionResponse
+from .models import AuthUserCreateRequest
+from .models import AuthUsersResponse
+from .models import CurrentProfileResponse
+from .models import LogoutResponse
+from .models import ProfileResponse
+from .models import PublicAuthConfigResponse
+from .models import RefreshRequest
+from .models import SignInResponse
+from .models import UserResponse
 
 
 class AuthClient:
@@ -26,6 +43,191 @@ async def sign_in_with_password(
         )
         return SignInResponse.model_validate(payload)
 
+    async def get_public_config(self) -> PublicAuthConfigResponse:
+        payload = await self._client._request_json("GET", "/api/auth/public-config")
+        return PublicAuthConfigResponse.model_validate(payload)
+
+    async def get_profile(self, user_id: str) -> ProfileResponse:
+        payload = await self._client._request_json(
+            "GET",
+            f"/api/auth/profiles/{quote_path_segment(user_id)}",
+        )
+        return ProfileResponse.model_validate(payload)
+
+    async def get_config(
+        self,
+        *,
+        access_token: str | None = None,
+    ) -> AuthConfigResponse:
+        payload = await self._client._request_json(
+            "GET",
+            "/api/auth/config",
+            access_token=access_token,
+        )
+        return AuthConfigResponse.model_validate(payload)
+
+    async def update_config(
+        self,
+        config: Mapping[str, Any],
+        *,
+        access_token: str | None = None,
+    ) -> AuthConfigResponse:
+        payload = AuthConfigUpdateRequest.model_validate(config).model_dump(
+            by_alias=True,
+            exclude_none=True,
+        )
+        response = await self._client._request_json(
+            "PUT",
+            "/api/auth/config",
+            json=payload,
+            access_token=access_token,
+            exception_cls=InsforgeAuthError,
+        )
+        return AuthConfigResponse.model_validate(response)
+
+    async def list_users(
+        self,
+        *,
+        offset: int | str | None = None,
+        limit: int | str | None = None,
+        search: str | None = None,
+        access_token: str | None = None,
+    ) -> AuthUsersResponse:
+        params: dict[str, str] = {}
+        if offset is not None:
+            params["offset"] = str(offset)
+        if limit is not None:
+            params["limit"] = str(limit)
+        if search is not None:
+            params["search"] = search
+
+        payload = await self._client._request_json(
+            "GET",
+            "/api/auth/users",
+            params=params or None,
+            access_token=access_token,
+        )
+        return AuthUsersResponse.model_validate(payload)
+
+    async def create_user(
+        self,
+        *,
+        email: str,
+        password: str,
+        name: str | None = None,
+        redirect_to: str | None = None,
+    ) -> AuthSessionResponse:
+        payload = AuthUserCreateRequest(
+            email=email,
+            password=password,
+            name=name,
+            redirect_to=redirect_to,
+        ).model_dump(by_alias=True, exclude_none=True)
+        response = await self._client._request_json(
+            "POST",
+            "/api/auth/users",
+            json=payload,
+            exception_cls=InsforgeAuthError,
+        )
+        return AuthSessionResponse.model_validate(response)
+
+    async def delete_users(
+        self,
+        user_ids: list[str],
+        *,
+        access_token: str | None = None,
+    ) -> AuthDeleteUsersResponse:
+        payload = AuthDeleteUsersRequest(user_ids=user_ids).model_dump(by_alias=True)
+        response = await self._client._request_json(
+            "DELETE",
+            "/api/auth/users",
+            json=payload,
+            access_token=access_token,
+        )
+        return AuthDeleteUsersResponse.model_validate(response)
+
+    async def get_user(
+        self,
+        user_id: str,
+        *,
+        access_token: str | None = None,
+    ) -> UserResponse:
+        payload = await self._client._request_json(
+            "GET",
+            f"/api/auth/users/{quote_path_segment(user_id)}",
+            access_token=access_token,
+        )
+        return UserResponse.model_validate(payload)
+
+    async def refresh(
+        self,
+        *,
+        refresh_token: str,
+    ) -> AuthSessionResponse:
+        payload = await self._client._request_json(
+            "POST",
+            "/api/auth/refresh",
+            params={"client_type": "server"},
+            json=RefreshRequest(refresh_token=refresh_token).model_dump(by_alias=True),
+            exception_cls=InsforgeAuthError,
+        )
+        return AuthSessionResponse.model_validate(payload)
+
+    async def logout(self) -> LogoutResponse:
+        payload = await self._client._request_json("POST", "/api/auth/logout")
+        return LogoutResponse.model_validate(payload)
+
+    async def get_current_session(
+        self,
+        *,
+        access_token: str | None = None,
+    ) -> AuthCurrentSessionResponse:
+        payload = await self._client._request_json(
+            "GET",
+            "/api/auth/sessions/current",
+            access_token=access_token,
+        )
+        return AuthCurrentSessionResponse.model_validate(payload)
+
+    async def admin_sign_in(
+        self,
+        *,
+        email: str,
+        password: str,
+    ) -> AuthSessionResponse:
+        payload = await self._client._request_json(
+            "POST",
+            "/api/auth/admin/sessions",
+            json={"email": email, "password": password},
+            exception_cls=InsforgeAuthError,
+        )
+        return AuthSessionResponse.model_validate(payload)
+
+    async def exchange_admin_session(
+        self,
+        *,
+        code: str,
+    ) -> AuthSessionResponse:
+        payload = await self._client._request_json(
+            "POST",
+            "/api/auth/admin/sessions/exchange",
+            json=AdminSessionExchangeRequest(code=code).model_dump(by_alias=True),
+            exception_cls=InsforgeAuthError,
+        )
+        return AuthSessionResponse.model_validate(payload)
+
+    async def create_anon_token(
+        self,
+        *,
+        access_token: str | None = None,
+    ) -> AnonymousTokenResponse:
+        payload = await self._client._request_json(
+            "POST",
+            "/api/auth/tokens/anon",
+            access_token=access_token,
+        )
+        return AnonymousTokenResponse.model_validate(payload)
+
     async def update_current_profile(
         self,
         profile: Mapping[str, Any],
diff --git a/insforge/auth/models.py b/insforge/auth/models.py
@@ -1,5 +1,6 @@
 from __future__ import annotations
 
+from datetime import datetime
 from typing import Any
 
 from pydantic import BaseModel, ConfigDict, Field
@@ -17,3 +18,156 @@ class CurrentProfileResponse(BaseModel):
 
     user_id: str = Field(alias="userId")
     profile: dict[str, Any]
+
+
+class PublicAuthConfigResponse(BaseModel):
+    model_config = ConfigDict(extra="ignore", populate_by_name=True)
+
+    o_auth_providers: list[str] = Field(default_factory=list, alias="oAuthProviders")
+    custom_o_auth_providers: list[str] = Field(default_factory=list, alias="customOAuthProviders")
+    require_email_verification: bool | None = Field(default=None, alias="requireEmailVerification")
+    password_min_length: int | None = Field(default=None, alias="passwordMinLength")
+    require_number: bool | None = Field(default=None, alias="requireNumber")
+    require_lowercase: bool | None = Field(default=None, alias="requireLowercase")
+    require_uppercase: bool | None = Field(default=None, alias="requireUppercase")
+    require_special_char: bool | None = Field(default=None, alias="requireSpecialChar")
+    verify_email_method: str | None = Field(default=None, alias="verifyEmailMethod")
+    reset_password_method: str | None = Field(default=None, alias="resetPasswordMethod")
+
+
+class ProfileResponse(BaseModel):
+    model_config = ConfigDict(extra="ignore", populate_by_name=True)
+
+    id: str
+    profile: dict[str, Any] | None = None
+
+
+class AuthConfigResponse(BaseModel):
+    model_config = ConfigDict(extra="ignore", populate_by_name=True)
+
+    id: str | None = None
+    require_email_verification: bool | None = Field(default=None, alias="requireEmailVerification")
+    password_min_length: int | None = Field(default=None, alias="passwordMinLength")
+    require_number: bool | None = Field(default=None, alias="requireNumber")
+    require_lowercase: bool | None = Field(default=None, alias="requireLowercase")
+    require_uppercase: bool | None = Field(default=None, alias="requireUppercase")
+    require_special_char: bool | None = Field(default=None, alias="requireSpecialChar")
+    verify_email_method: str | None = Field(default=None, alias="verifyEmailMethod")
+    reset_password_method: str | None = Field(default=None, alias="resetPasswordMethod")
+    allowed_redirect_urls: list[str] = Field(default_factory=list, alias="allowedRedirectUrls")
+    created_at: datetime | None = Field(default=None, alias="createdAt")
+    updated_at: datetime | None = Field(default=None, alias="updatedAt")
+
+
+class AuthConfigUpdateRequest(BaseModel):
+    model_config = ConfigDict(extra="ignore", populate_by_name=True)
+
+    require_email_verification: bool | None = Field(default=None, alias="requireEmailVerification")
+    password_min_length: int | None = Field(default=None, alias="passwordMinLength")
+    require_number: bool | None = Field(default=None, alias="requireNumber")
+    require_lowercase: bool | None = Field(default=None, alias="requireLowercase")
+    require_uppercase: bool | None = Field(default=None, alias="requireUppercase")
+    require_special_char: bool | None = Field(default=None, alias="requireSpecialChar")
+    verify_email_method: str | None = Field(default=None, alias="verifyEmailMethod")
+    reset_password_method: str | None = Field(default=None, alias="resetPasswordMethod")
+    allowed_redirect_urls: list[str] | None = Field(default=None, alias="allowedRedirectUrls")
+
+
+class UserResponse(BaseModel):
+    model_config = ConfigDict(extra="ignore", populate_by_name=True)
+
+    id: str | None = None
+    email: str | None = None
+    profile: dict[str, Any] | None = None
+    metadata: dict[str, Any] | None = None
+    email_verified: bool | None = Field(default=None, alias="emailVerified")
+    providers: list[str] | None = None
+    created_at: datetime | None = Field(default=None, alias="createdAt")
+    updated_at: datetime | None = Field(default=None, alias="updatedAt")
+
+
+class AuthUserCreateRequest(BaseModel):
+    model_config = ConfigDict(extra="ignore", populate_by_name=True)
+
+    email: str
+    password: str
+    name: str | None = None
+    redirect_to: str | None = Field(default=None, alias="redirectTo")
+
+
+class AuthPagination(BaseModel):
+    model_config = ConfigDict(extra="ignore", populate_by_name=True)
+
+    offset: int | None = None
+    limit: int | None = None
+    total: int | None = None
+
+
+class AuthUsersResponse(BaseModel):
+    model_config = ConfigDict(extra="ignore", populate_by_name=True)
+
+    data: list[UserResponse] = Field(default_factory=list)
+    pagination: AuthPagination | None = None
+
+
+class AuthDeleteUsersRequest(BaseModel):
+    model_config = ConfigDict(extra="ignore", populate_by_name=True)
+
+    user_ids: list[str] = Field(alias="userIds")
+
+
+class AuthDeleteUsersResponse(BaseModel):
+    model_config = ConfigDict(extra="ignore", populate_by_name=True)
+
+    message: str | None = None
+    deleted_count: int | None = Field(default=None, alias="deletedCount")
+
+
+class AuthCurrentSessionUser(BaseModel):
+    model_config = ConfigDict(extra="ignore", populate_by_name=True)
+
+    id: str | None = None
+    email: str | None = None
+    role: str | None = None
+
+
+class AuthCurrentSessionResponse(BaseModel):
+    model_config = ConfigDict(extra="ignore", populate_by_name=True)
+
+    user: AuthCurrentSessionUser
+
+
+class AuthSessionResponse(BaseModel):
+    model_config = ConfigDict(extra="ignore", populate_by_name=True)
+
+    user: UserResponse | None = None
+    access_token: str | None = Field(default=None, alias="accessToken")
+    csrf_token: str | None = Field(default=None, alias="csrfToken")
+    refresh_token: str | None = Field(default=None, alias="refreshToken")
+    require_email_verification: bool | None = Field(default=None, alias="requireEmailVerification")
+
+
+class RefreshRequest(BaseModel):
+    model_config = ConfigDict(extra="ignore", populate_by_name=True)
+
+    refresh_token: str = Field(alias="refreshToken")
+
+
+class AdminSessionExchangeRequest(BaseModel):
+    model_config = ConfigDict(extra="ignore", populate_by_name=True)
+
+    code: str
+
+
+class LogoutResponse(BaseModel):
+    model_config = ConfigDict(extra="ignore", populate_by_name=True)
+
+    success: bool | None = None
+    message: str | None = None
+
+
+class AnonymousTokenResponse(BaseModel):
+    model_config = ConfigDict(extra="ignore", populate_by_name=True)
+
+    access_token: str | None = Field(default=None, alias="accessToken")
+    message: str | None = None
diff --git a/tests/auth/test_auth_client.py b/tests/auth/test_auth_client.py
