File size: 7,866 Bytes
6aecb2e | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 | from sqlalchemy import create_engine
from sqlalchemy.orm import sessionmaker
from types import SimpleNamespace
import pytest
class _HeaderMap(dict):
def __init__(self, values: dict | None = None):
super().__init__()
for key, value in (values or {}).items():
self[str(key).lower()] = str(value)
def get(self, key, default=None):
return super().get(str(key).lower(), default)
class _FakeRequest:
def __init__(self, headers: dict | None = None, cookies: dict | None = None):
self.headers = _HeaderMap(headers)
self.cookies = dict(cookies or {})
self.state = SimpleNamespace()
def _build_request(headers: dict | None = None, cookies: dict | None = None):
return _FakeRequest(headers=headers, cookies=cookies)
def _create_db():
from landppt.database.models import Base, User, UserSession, UserAPIKey
engine = create_engine("sqlite:///:memory:", connect_args={"check_same_thread": False})
Base.metadata.create_all(engine, tables=[User.__table__, UserSession.__table__, UserAPIKey.__table__])
SessionLocal = sessionmaker(bind=engine, autocommit=False, autoflush=False, expire_on_commit=False)
return SessionLocal()
def _create_user(db, username: str, email: str):
from landppt.database.models import User
user = User(username=username, email=email, is_admin=False, is_active=True, credits_balance=0)
user.set_password("pw")
db.add(user)
db.commit()
db.refresh(user)
return user
def test_auth_service_supports_single_api_key(monkeypatch):
from landppt.auth.auth_service import AuthService
from landppt.core.config import app_config
db = _create_db()
try:
admin = _create_user(db, "admin", "admin@example.com")
auth = AuthService()
monkeypatch.setattr(app_config, "api_key", "n8n-single-key")
monkeypatch.setattr(app_config, "api_key_user", "admin")
monkeypatch.setattr(app_config, "api_keys", None)
resolved = auth.get_user_by_api_key(db, "n8n-single-key")
assert resolved is not None
assert resolved.id == admin.id
assert auth.get_user_by_api_key(db, "wrong-key") is None
finally:
db.close()
def test_auth_service_supports_multiple_api_key_bindings(monkeypatch):
from landppt.auth.auth_service import AuthService
from landppt.core.config import app_config
db = _create_db()
try:
admin = _create_user(db, "admin", "admin@example.com")
alice = _create_user(db, "alice", "alice@example.com")
auth = AuthService()
monkeypatch.setattr(app_config, "api_key", None)
monkeypatch.setattr(app_config, "api_key_user", "admin")
monkeypatch.setattr(app_config, "api_keys", "alice:key-a,admin:key-admin,key-default")
resolved_alice = auth.get_user_by_api_key(db, "key-a")
assert resolved_alice is not None
assert resolved_alice.id == alice.id
resolved_admin = auth.get_user_by_api_key(db, "key-admin")
assert resolved_admin is not None
assert resolved_admin.id == admin.id
# Key without user binding falls back to LANDPPT_API_KEY_USER
resolved_default = auth.get_user_by_api_key(db, "key-default")
assert resolved_default is not None
assert resolved_default.id == admin.id
finally:
db.close()
def test_get_current_user_optional_reads_api_key_header(monkeypatch):
pytest.importorskip("fastapi")
from landppt.auth.middleware import get_current_user_optional
from landppt.core.config import app_config
db = _create_db()
try:
admin = _create_user(db, "admin", "admin@example.com")
monkeypatch.setattr(app_config, "api_key", "n8n-header-key")
monkeypatch.setattr(app_config, "api_key_user", "admin")
monkeypatch.setattr(app_config, "api_keys", None)
request = _build_request(headers={"x-api-key": "n8n-header-key"})
resolved = get_current_user_optional(request, db)
assert resolved is not None
assert resolved.id == admin.id
assert getattr(request.state, "user", None) is not None
finally:
db.close()
def test_get_current_user_optional_ignores_x_session_id_when_disabled(monkeypatch):
pytest.importorskip("fastapi")
from landppt.auth.auth_service import AuthService
from landppt.auth.middleware import get_current_user_optional
from landppt.core.config import app_config
db = _create_db()
try:
admin = _create_user(db, "admin", "admin@example.com")
auth = AuthService()
session_id = auth.create_session(db, admin)
monkeypatch.setattr(app_config, "allow_header_session_auth", False)
request = _build_request(headers={"x-session-id": session_id})
resolved = get_current_user_optional(request, db)
assert resolved is None
finally:
db.close()
def test_get_current_user_optional_reads_x_session_id(monkeypatch):
pytest.importorskip("fastapi")
from landppt.auth.auth_service import AuthService
from landppt.auth.middleware import get_current_user_optional
from landppt.core.config import app_config
db = _create_db()
try:
admin = _create_user(db, "admin", "admin@example.com")
auth = AuthService()
session_id = auth.create_session(db, admin)
monkeypatch.setattr(app_config, "allow_header_session_auth", True)
request = _build_request(headers={"x-session-id": session_id})
resolved = get_current_user_optional(request, db)
assert resolved is not None
assert resolved.id == admin.id
finally:
db.close()
def test_auth_service_supports_user_managed_api_key(monkeypatch):
from landppt.auth.auth_service import AuthService
from landppt.core.config import app_config
db = _create_db()
try:
user = _create_user(db, "bob", "bob@example.com")
auth = AuthService()
monkeypatch.setattr(app_config, "api_key", None)
monkeypatch.setattr(app_config, "api_key_user", "admin")
monkeypatch.setattr(app_config, "api_keys", None)
_, plaintext = auth.create_or_update_user_api_key(
db=db,
user=user,
key_name="n8n",
raw_api_key="bob-n8n-api-key-0001",
)
resolved = auth.get_user_by_api_key(db, plaintext)
assert resolved is not None
assert resolved.id == user.id
finally:
db.close()
def test_user_managed_api_key_rotation_and_revoke(monkeypatch):
from landppt.auth.auth_service import AuthService
from landppt.core.config import app_config
db = _create_db()
try:
user = _create_user(db, "carol", "carol@example.com")
auth = AuthService()
monkeypatch.setattr(app_config, "api_key", None)
monkeypatch.setattr(app_config, "api_key_user", "admin")
monkeypatch.setattr(app_config, "api_keys", None)
first_record, first_key = auth.create_or_update_user_api_key(
db=db,
user=user,
key_name="default",
raw_api_key="carol-initial-api-key-0001",
)
assert auth.get_user_by_api_key(db, first_key) is not None
second_record, second_key = auth.create_or_update_user_api_key(
db=db,
user=user,
key_name="default",
raw_api_key="carol-rotated-api-key-0002",
)
assert first_record.id == second_record.id
assert auth.get_user_by_api_key(db, first_key) is None
assert auth.get_user_by_api_key(db, second_key) is not None
revoked = auth.revoke_user_api_key(db=db, user_id=user.id, key_id=second_record.id)
assert revoked is True
assert auth.get_user_by_api_key(db, second_key) is None
finally:
db.close()
|