wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 6 Packages Projects Releases Wiki Activity
Files
4744670e4e3d79dc3d9405ff2face6c7980da2fa
awoooi/apps/api/tests/test_awooop_operator_auth.py
OG T c696b99ccf
All checks were successful
Code Review / ai-code-review (push) Successful in 11s
Details
CD Pipeline / tests (push) Successful in 1m3s
Details
CD Pipeline / build-and-deploy (push) Successful in 3m28s
Details
CD Pipeline / post-deploy-checks (push) Successful in 1m25s
Details
fix(awooop): authenticate approval decisions
2026-05-06 13:05:51 +08:00

103 lines
2.8 KiB
Python
Raw Blame History

from __future__ import annotations
import pytest
from fastapi import HTTPException
from src.api.v1.platform import operator_runs
from src.core.awooop_operator_auth import (
AwoooPOperatorPrincipal,
authenticate_awooop_operator_headers,
)
def test_operator_auth_rejects_missing_key_in_prod() -> None:
with pytest.raises(HTTPException) as exc:
authenticate_awooop_operator_headers(
operator_id="ops@example.com",
operator_key=None,
configured_key="",
environment="prod",
)
assert exc.value.status_code == 401
def test_operator_auth_rejects_invalid_key() -> None:
with pytest.raises(HTTPException) as exc:
authenticate_awooop_operator_headers(
operator_id="ops@example.com",
operator_key="wrong",
configured_key="expected",
environment="prod",
)
assert exc.value.status_code == 401
def test_operator_auth_returns_principal_for_valid_key() -> None:
principal = authenticate_awooop_operator_headers(
operator_id="telegram:123456",
operator_key="expected",
configured_key="expected",
environment="prod",
)
assert principal == AwoooPOperatorPrincipal(
operator_id="telegram:123456",
auth_method="operator_api_key",
)
def test_operator_auth_rejects_malformed_identity() -> None:
with pytest.raises(HTTPException) as exc:
authenticate_awooop_operator_headers(
operator_id="../operator",
operator_key="expected",
configured_key="expected",
environment="prod",
)
assert exc.value.status_code == 422
@pytest.mark.asyncio
async def test_decide_approval_uses_trusted_principal_not_body(
monkeypatch: pytest.MonkeyPatch,
) -> None:
captured: dict[str, object] = {}
async def fake_decide_approval_svc(**kwargs: object) -> dict[str, object]:
captured.update(kwargs)
return {
"run_id": kwargs["run_id"],
"decision": kwargs["decision"],
"new_state": "running",
"approval_token_jti": "jti-test",
}
monkeypatch.setattr(
operator_runs,
"decide_approval_svc",
fake_decide_approval_svc,
)
body = operator_runs.DecideApprovalRequest(
project_id="awoooi",
decision="approve",
approver_id="spoofed-browser-value",
)
principal = AwoooPOperatorPrincipal(
operator_id="telegram:123456",
auth_method="operator_api_key",
)
response = await operator_runs.decide_approval(
"018f2d04-4c37-7a18-b764-df0df0cbe111",
body,
principal,
)
assert response["approval_token_jti"] == "jti-test"
assert captured["approver_id"] == "telegram:123456"
assert captured["project_id"] == "awoooi"
Reference in New Issue View Git Blame Copy Permalink