Auth : mode prototype factice en prod + fix test DB manquante

- Login : panneau proto-mode en avant quand DEMO_MODE actif (profils API) masque le formulaire extension-required ; note trustWallet à venir - auth.ts : TODO trustWallet avec protocole postMessage prévu - routers/auth.py : TODO trustWallet au point de vérification signature - test_middleware : fixture _create_tables (autouse) — ASGITransport ne déclenche pas le lifespan, init_db() ne tournait pas → duniter_identities introuvable au verify ; 224/224 passent Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-25 00:34:49 +02:00
parent 3b339b643c
commit 56d72eeec2
4 changed files with 80 additions and 45 deletions
@@ -132,7 +132,11 @@ async def verify_challenge(
            detail="Challenge invalide",
        )

-    # 4. Verify signature (bypass for demo profiles in dev/demo mode)
+    # 4. Verify signature
+    # TODO: trustWallet — déléguer la vérification au protocole trustWallet (librodrome)
+    # Quand trustWallet sera disponible : remplacer le bloc ci-dessous par une vérification
+    # du token signé fourni par trustWallet (JWT ou preuve Ed25519 via iframe postMessage).
+    # Le bypass DEMO_MODE sera alors supprimé.
    _demo_addresses = {p["address"] for p in DEV_PROFILES}
    is_demo_bypass = (settings.DEMO_MODE or settings.ENVIRONMENT == "development") and payload.address in _demo_addresses

@@ -14,8 +14,21 @@ from __future__ import annotations
 import pytest
 from httpx import ASGITransport, AsyncClient

+import app.models  # noqa: F401 — registers all models with Base.metadata before create_all
+from app.database import init_db
 from app.main import app

+
+@pytest.fixture(scope="module", autouse=True)
+async def _create_tables():
+    """Create DB tables once for this module.
+
+    ASGITransport does not trigger the FastAPI lifespan, so init_db() would
+    never run. Tests that hit endpoints backed by the DB need the tables to
+    exist beforehand.
+    """
+    await init_db()
+
 ORIGIN = "http://localhost:3002"
 CHALLENGE_URL = "/api/v1/auth/challenge"
 VERIFY_URL = "/api/v1/auth/verify"
@@ -100,6 +100,8 @@ const activeStepIndex = computed(() => {
  }
 })

+const isProtoMode = computed(() => devProfiles.value.length > 0)
+
 onMounted(() => {
  if (auth.isAuthenticated) {
    router.push('/')
@@ -166,24 +168,14 @@ onMounted(() => {
        <span>Connecte. Redirection...</span>
      </div>

-      <!-- Button -->
-      <button
-        class="login-card__btn"
-        :disabled="!address.trim() || step === 'success' || auth.loading"
-        @click="handleLogin"
-      >
-        <UIcon v-if="auth.loading" name="i-lucide-loader-2" class="animate-spin" />
-        <UIcon v-else name="i-lucide-log-in" />
-        <span>{{ auth.loading ? 'Verification...' : 'Se connecter' }}</span>
-      </button>
-
-      <!-- Dev Mode Panel -->
-      <div v-if="devProfiles.length" class="dev-panel">
-        <div class="dev-panel__header">
-          <UIcon name="i-lucide-bug" />
-          <span>Mode Dev — Connexion rapide</span>
+      <!-- Mode prototype : profils démo -->
+      <template v-if="isProtoMode">
+        <div class="proto-panel">
+          <div class="proto-panel__header">
+            <UIcon name="i-lucide-flask-conical" />
+            <span>Mode prototype — sélectionnez un profil</span>
          </div>
-        <div class="dev-panel__profiles">
+          <div class="proto-panel__profiles">
            <button
              v-for="p in devProfiles"
              :key="p.address"
@@ -199,12 +191,27 @@ onMounted(() => {
              <span class="dev-profile__addr">{{ p.address.slice(0, 8) }}...</span>
            </button>
          </div>
+          <p class="proto-panel__note">
+            Authentification trustWallet à venir — intégration librodrome
+          </p>
        </div>
+      </template>

-      <!-- Note -->
+      <!-- Mode production : formulaire + extension -->
+      <template v-else>
+        <button
+          class="login-card__btn"
+          :disabled="!address.trim() || step === 'success' || auth.loading"
+          @click="handleLogin"
+        >
+          <UIcon v-if="auth.loading" name="i-lucide-loader-2" class="animate-spin" />
+          <UIcon v-else name="i-lucide-log-in" />
+          <span>{{ auth.loading ? 'Verification...' : 'Se connecter' }}</span>
+        </button>
        <p class="login-card__note">
          Aucun mot de passe. Authentification par signature cryptographique.
        </p>
+      </template>
    </div>
  </div>
 </template>
@@ -453,32 +460,40 @@ onMounted(() => {
  cursor: not-allowed;
 }

-/* Dev panel */
-.dev-panel {
-  border: 2px dashed var(--mood-warning, #f59e0b);
+/* Proto panel */
+.proto-panel {
  border-radius: 16px;
  padding: 1rem;
-  background: rgba(245, 158, 11, 0.04);
+  background: var(--mood-accent-soft);
+  box-shadow: 0 2px 12px var(--mood-shadow, rgba(0,0,0,0.06));
 }

-.dev-panel__header {
+.proto-panel__header {
  display: flex;
  align-items: center;
  gap: 0.5rem;
  font-size: 0.8125rem;
  font-weight: 700;
-  color: var(--mood-warning, #f59e0b);
+  color: var(--mood-accent);
  margin-bottom: 0.75rem;
  text-transform: uppercase;
  letter-spacing: 0.04em;
 }

-.dev-panel__profiles {
+.proto-panel__profiles {
  display: flex;
  flex-direction: column;
  gap: 0.5rem;
 }

+.proto-panel__note {
+  margin-top: 0.75rem;
+  font-size: 0.75rem;
+  color: var(--mood-text-muted);
+  opacity: 0.7;
+  text-align: center;
+}
+
 .dev-profile {
  display: flex;
  align-items: center;
@@ -11,6 +11,9 @@
 *
 * The extension signs <Bytes>{challenge}</Bytes> to match the backend verifier.
 */
+// TODO: trustWallet — remplacer par postMessage vers l'iframe trustWallet (librodrome)
+// Protocole prévu : window.postMessage({ type: 'LD_SIGN_REQUEST', address, challenge })
+// → trustWallet répond { type: 'LD_SIGN_RESPONSE', signature }
 async function _signWithExtension(address: string, challenge: string): Promise<string> {
  const { web3Enable, web3FromAddress } = await import('@polkadot/extension-dapp')
  const { stringToHex } = await import('@polkadot/util')