"""Tests for runtime components.""" import httpx import pytest import respx from gnexus_gauth.config import GAuthConfig from gnexus_gauth.exceptions import RuntimeApiException, TransportException from gnexus_gauth.runtime import HttpRuntimeUserProvider class TestHttpRuntimeUserProvider: def test_fetch_user_success(self) -> None: config = GAuthConfig( base_url="https://auth.example.test", client_id="billing", client_secret="secret", redirect_uri="https://billing.example.test/callback", ) with respx.mock: route = respx.get("https://auth.example.test/oauth/userinfo").mock( return_value=httpx.Response( 200, json={ "sub": "user_123", "id": "user_123", "email": "user@example.test", "email_verified": True, "system_role": "user", "status": "active", "profile": {"name": "Test User"}, "client": { "client_id": "billing", "roles": ["admin"], "permissions": ["read", "write"], }, }, ) ) client = httpx.Client() provider = HttpRuntimeUserProvider(config, http_client=client) user = provider.fetch_user("access_token_123") assert user.user_id == "user_123" assert user.email == "user@example.test" assert user.email_verified is True assert user.system_role == "user" assert user.status == "active" assert user.profile == {"name": "Test User"} assert len(user.client_access_list) == 1 assert user.client_access_list[0].client_id == "billing" assert user.client_access_list[0].role_ids == ["admin"] assert user.client_access_list[0].permission_ids == ["read", "write"] assert route.called request = route.calls.last.request assert request.headers["Authorization"] == "Bearer access_token_123" def test_fetch_user_error(self) -> None: config = GAuthConfig( base_url="https://auth.example.test", client_id="billing", client_secret="secret", redirect_uri="https://billing.example.test/callback", ) with respx.mock: respx.get("https://auth.example.test/oauth/userinfo").mock( return_value=httpx.Response(401, json={"error": "Unauthorized"}) ) client = httpx.Client() provider = HttpRuntimeUserProvider(config, http_client=client) with pytest.raises(RuntimeApiException, match="error response"): provider.fetch_user("bad_token") def test_fetch_user_transport_error(self) -> None: config = GAuthConfig( base_url="https://auth.example.test", client_id="billing", client_secret="secret", redirect_uri="https://billing.example.test/callback", ) with respx.mock: respx.get("https://auth.example.test/oauth/userinfo").mock(side_effect=httpx.ConnectError("Connection refused")) client = httpx.Client() provider = HttpRuntimeUserProvider(config, http_client=client) with pytest.raises(TransportException, match="runtime API failed"): provider.fetch_user("token") def test_fetch_user_malformed_json(self) -> None: config = GAuthConfig( base_url="https://auth.example.test", client_id="billing", client_secret="secret", redirect_uri="https://billing.example.test/callback", ) with respx.mock: respx.get("https://auth.example.test/oauth/userinfo").mock( return_value=httpx.Response(200, text="not-json") ) client = httpx.Client() provider = HttpRuntimeUserProvider(config, http_client=client) with pytest.raises(RuntimeApiException, match="malformed JSON"): provider.fetch_user("token")