test: 补充 moe_mail 多封验证码的跨请求回归用例

ZHOUKAILIAN · ZHOUKAILIAN · commit 06f2c9a7db0a · 2026-03-27T09:20:36.000+08:00
diff --git a/tests/test_mail_code_reuse_guard.py b/tests/test_mail_code_reuse_guard.py
@@ -410,3 +410,114 @@ def fake_make_request(method, endpoint, **kwargs):
     )
 
     assert code == "654321"
+
+
+def test_moe_mail_service_cross_request_state_prefers_latest_of_three_messages():
+    first_service = MeoMailEmailService({
+        "base_url": "https://mail.example.com",
+        "api_key": "api-key",
+    })
+
+    first_responses = [
+        {
+            "messages": [
+                {
+                    "id": "msg-1",
+                    "from_address": "noreply@openai.com",
+                    "subject": "Your verification code",
+                    "received_at": 1742378400000,
+                },
+            ]
+        },
+        {
+            "message": {
+                "content": "Your OpenAI verification code is 111111",
+            }
+        },
+    ]
+
+    def fake_make_request_first(method, endpoint, **kwargs):
+        if not first_responses:
+            raise AssertionError(f"未准备响应: {method} {endpoint}")
+        return first_responses.pop(0)
+
+    first_service._make_request = fake_make_request_first
+
+    first_code = first_service.get_verification_code(
+        email="tester@example.com",
+        email_id="email-1",
+        timeout=1,
+    )
+    state = first_service.export_verification_state("tester@example.com")
+
+    second_service = MeoMailEmailService({
+        "base_url": "https://mail.example.com",
+        "api_key": "api-key",
+    })
+    second_service.load_verification_state("tester@example.com", **state)
+
+    second_calls = []
+    second_responses = {
+        "/api/emails/email-1": {
+            "messages": [
+                {
+                    "id": "msg-1",
+                    "from_address": "noreply@openai.com",
+                    "subject": "Your verification code",
+                    "received_at": 1742378400000,
+                },
+                {
+                    "id": "msg-2",
+                    "from_address": "noreply@openai.com",
+                    "subject": "Your verification code",
+                    "received_at": 1742378403000,
+                },
+                {
+                    "id": "msg-3",
+                    "from_address": "noreply@openai.com",
+                    "subject": "Your verification code",
+                    "received_at": 1742378406000,
+                },
+            ]
+        },
+        "/api/emails/email-1/msg-3": {
+            "message": {
+                "content": "Your OpenAI verification code is 333333",
+            }
+        },
+        "/api/emails/email-1/msg-2": {
+            "message": {
+                "content": "Your OpenAI verification code is 222222",
+            }
+        },
+        "/api/emails/email-1/msg-1": {
+            "message": {
+                "content": "Your OpenAI verification code is 111111",
+            }
+        },
+    }
+
+    def fake_make_request_second(method, endpoint, **kwargs):
+        second_calls.append(endpoint)
+        if endpoint not in second_responses:
+            raise AssertionError(f"未准备响应: {method} {endpoint}")
+        return second_responses[endpoint]
+
+    second_service._make_request = fake_make_request_second
+
+    second_code = second_service.get_verification_code(
+        email="tester@example.com",
+        email_id="email-1",
+        timeout=1,
+    )
+
+    assert first_code == "111111"
+    assert state == {
+        "used_codes": ["111111"],
+        "seen_messages": ["id:msg-1"],
+    }
+    assert second_code == "333333"
+    assert second_calls == [
+        "/api/emails/email-1",
+        "/api/emails/email-1/msg-3",
+    ]
