feat(auth): validate Authelia tokens in FastAPI

backend/tests/conftest.py

@@ -1,4 +1,6 @@
 import os
+from datetime import UTC, datetime, timedelta
+from uuid import uuid4
 
 # Must be set before importing db (which calls create_engine at module level)
 os.environ.setdefault("DATABASE_URL", "sqlite://")
@@ -10,6 +12,9 @@ from sqlmodel.pool import StaticPool
 
 import db as db_module
 from db import get_session
+from innercontext.api.auth_deps import get_current_user
+from innercontext.auth import CurrentUser, IdentityData, TokenClaims
+from innercontext.models import Role
 from main import app
 
 
@@ -38,7 +43,24 @@ def client(session, monkeypatch):
     def _override():
         yield session
 
+    def _current_user_override():
+        claims = TokenClaims(
+            issuer="https://auth.test",
+            subject="test-user",
+            audience=("innercontext-web",),
+            expires_at=datetime.now(UTC) + timedelta(hours=1),
+            groups=("innercontext-admin",),
+            raw_claims={"iss": "https://auth.test", "sub": "test-user"},
+        )
+        return CurrentUser(
+            user_id=uuid4(),
+            role=Role.ADMIN,
+            identity=IdentityData.from_claims(claims),
+            claims=claims,
+        )
+
     app.dependency_overrides[get_session] = _override
+    app.dependency_overrides[get_current_user] = _current_user_override
     with TestClient(app) as c:
         yield c
     app.dependency_overrides.clear()