Fix TeamSnap callback stalls

backend/tests/test_api.py

@@ -111,6 +111,89 @@ def test_teamsnap_token_returns_proxy_api_root() -> None:
     assert response.headers["cache-control"] == "no-store"
 
 
+def test_teamsnap_callback_redirects_without_waiting_for_user_lookup(monkeypatch: pytest.MonkeyPatch) -> None:
+    from app.routes import auth as auth_routes
+
+    async def fake_exchange_code_for_token(code: str) -> dict:
+        assert code == "test-code"
+        return {
+            "access_token": "callback-access-token",
+            "refresh_token": "callback-refresh-token",
+            "expires_in": 3600,
+        }
+
+    async def fail_fetch_teamsnap_user_id(_: str) -> str | None:
+        raise AssertionError("callback should not fetch the TeamSnap user profile before redirecting")
+
+    monkeypatch.setattr(auth_routes, "exchange_code_for_token", fake_exchange_code_for_token)
+    monkeypatch.setattr(auth_routes, "fetch_teamsnap_user_id", fail_fetch_teamsnap_user_id)
+
+    client.cookies.set(settings.auth_return_cookie_name, "/library")
+    response = client.get("/auth/teamsnap/callback", params={"code": "test-code"}, follow_redirects=False)
+
+    assert response.status_code == 303
+    assert response.headers["location"] == "/library"
+    assert response.headers["cache-control"] == "no-store"
+    assert settings.session_cookie_name in response.cookies
+
+    db = SessionLocal()
+    session = db.query(UserSession).filter_by(session_token=response.cookies[settings.session_cookie_name]).one()
+    assert session.provider == "teamsnap"
+    assert session.access_token == "callback-access-token"
+    assert session.refresh_token == "callback-refresh-token"
+    assert session.external_user_id is None
+    db.close()
+
+
+def test_teamsnap_callback_redirects_to_signin_when_code_is_blank() -> None:
+    client.cookies.set(settings.auth_return_cookie_name, "/library")
+
+    response = client.get("/auth/teamsnap/callback", params={"code": ""}, follow_redirects=False)
+
+    assert response.status_code == 303
+    assert response.headers["location"] == "/signin?error=TeamSnap+sign-in+did+not+return+an+authorization+code."
+    assert settings.auth_return_cookie_name not in response.cookies
+
+
+def test_teamsnap_callback_redirects_to_signin_when_teamsnap_returns_error() -> None:
+    client.cookies.set(settings.auth_return_cookie_name, "/library")
+
+    response = client.get("/auth/teamsnap/callback", params={"error": "access_denied"}, follow_redirects=False)
+
+    assert response.status_code == 303
+    assert response.headers["location"] == "/signin?error=TeamSnap+sign-in+failed%3A+access_denied"
+    assert settings.auth_return_cookie_name not in response.cookies
+
+
+def test_teamsnap_token_backfills_external_user_id(monkeypatch: pytest.MonkeyPatch) -> None:
+    from app.routes import auth as auth_routes
+
+    async def fake_fetch_teamsnap_user_id(access_token: str) -> str | None:
+        assert access_token == "token-value"
+        return "user-42"
+
+    monkeypatch.setattr(auth_routes, "fetch_teamsnap_user_id", fake_fetch_teamsnap_user_id)
+
+    db = SessionLocal()
+    session = UserSession(session_token="teamsnap-session", provider="teamsnap", access_token="token-value")
+    db.add(session)
+    db.commit()
+    db.close()
+
+    client.cookies.set(settings.session_cookie_name, "teamsnap-session")
+    response = client.post(
+        "/auth/teamsnap/token",
+        headers={"host": "kif.local.ascorrea.com", "x-forwarded-proto": "https"},
+    )
+
+    assert response.status_code == 200
+
+    db = SessionLocal()
+    refreshed_session = db.query(UserSession).filter_by(session_token="teamsnap-session").one()
+    assert refreshed_session.external_user_id == "user-42"
+    db.close()
+
+
 def test_session_and_clip_reads_use_cache_validators() -> None:
     login = client.post("/auth/admin/login", json={"username": "admin", "password": "admin"})
     assert login.status_code == 200