nopkce

tests/auth/test_oauth_functional.py

@@ -251,6 +251,34 @@ class TestOAuthFunctional:
             if isinstance(body, memoryview):
                 body = bytes(body)
             assert b"Missing authorization code" in body
+    
+    @pytest.mark.asyncio
+    async def test_vk_oauth_without_pkce(self):
+        """Тест VK OAuth без PKCE (VK не поддерживает code_challenge)"""
+        
+        request = MagicMock(spec=Request)
+        request.path_params = {"provider": "vk"}
+        
+        mock_client = AsyncMock()
+        # VK должен вызываться без code_challenge
+        mock_client.create_authorization_url = AsyncMock(return_value={
+            "url": "https://oauth.vk.com/authorize?client_id=test&state=abc123"
+        })
+        
+        with patch("auth.oauth.oauth.create_client", return_value=mock_client), \
+             patch("auth.oauth.store_oauth_state") as mock_store:
+            
+            response = await oauth_login_http(request)
+            
+            assert isinstance(response, RedirectResponse)
+            assert response.status_code == 302
+            
+            # Проверяем что create_authorization_url вызван БЕЗ code_challenge для VK
+            call_args = mock_client.create_authorization_url.call_args
+            assert "code_challenge" not in call_args.kwargs
+            assert "code_challenge_method" not in call_args.kwargs
+            assert "state" in call_args.kwargs
+    
 
 
 if __name__ == "__main__":