OpenSource
/
dify
İzle 4
Yıldızla 0
Çatalla 0
Kod Sorunlar 0 Değişiklik İstekleri 0 Sürümler 152 Wiki Aktivite
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7133 İşlemeler
4 Dallar
Ağaç: 16a3e21410
Dallar Biçim İmleri
${ item.name }
Branş ${ searchTerm } oluştur
'16a3e21410'den
${ noResults }
dify/api/tests/unit_tests/services/auth/test_auth_integration.py

test_auth_integration.py 10KB
Ham Blame Geçmiş

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234 
  1. """

  2. API Key Authentication System Integration Tests

  3. """

  4. 

  5. import json

  6. from concurrent.futures import ThreadPoolExecutor

  7. from unittest.mock import Mock, patch

  8. 

  9. import pytest

  10. import requests

  11. 

  12. from services.auth.api_key_auth_factory import ApiKeyAuthFactory

  13. from services.auth.api_key_auth_service import ApiKeyAuthService

  14. from services.auth.auth_type import AuthType

  15. 

  16. 

  17. class TestAuthIntegration:

  18.     def setup_method(self):

  19.         self.tenant_id_1 = "tenant_123"

  20.         self.tenant_id_2 = "tenant_456"  # For multi-tenant isolation testing

  21.         self.category = "search"

  22. 

  23.         # Realistic authentication configurations

  24.         self.firecrawl_credentials = {"auth_type": "bearer", "config": {"api_key": "fc_test_key_123"}}

  25.         self.jina_credentials = {"auth_type": "bearer", "config": {"api_key": "jina_test_key_456"}}

  26.         self.watercrawl_credentials = {"auth_type": "x-api-key", "config": {"api_key": "wc_test_key_789"}}

  27. 

  28.     @patch("services.auth.api_key_auth_service.db.session")

  29.     @patch("services.auth.firecrawl.firecrawl.requests.post")

  30.     @patch("services.auth.api_key_auth_service.encrypter.encrypt_token")

  31.     def test_end_to_end_auth_flow(self, mock_encrypt, mock_http, mock_session):

  32.         """Test complete authentication flow: request → validation → encryption → storage"""

  33.         mock_http.return_value = self._create_success_response()

  34.         mock_encrypt.return_value = "encrypted_fc_test_key_123"

  35.         mock_session.add = Mock()

  36.         mock_session.commit = Mock()

  37. 

  38.         args = {"category": self.category, "provider": AuthType.FIRECRAWL, "credentials": self.firecrawl_credentials}

  39.         ApiKeyAuthService.create_provider_auth(self.tenant_id_1, args)

  40. 

  41.         mock_http.assert_called_once()

  42.         call_args = mock_http.call_args

  43.         assert "https://api.firecrawl.dev/v1/crawl" in call_args[0][0]

  44.         assert call_args[1]["headers"]["Authorization"] == "Bearer fc_test_key_123"

  45. 

  46.         mock_encrypt.assert_called_once_with(self.tenant_id_1, "fc_test_key_123")

  47.         mock_session.add.assert_called_once()

  48.         mock_session.commit.assert_called_once()

  49. 

  50.     @patch("services.auth.firecrawl.firecrawl.requests.post")

  51.     def test_cross_component_integration(self, mock_http):

  52.         """Test factory → provider → HTTP call integration"""

  53.         mock_http.return_value = self._create_success_response()

  54.         factory = ApiKeyAuthFactory(AuthType.FIRECRAWL, self.firecrawl_credentials)

  55.         result = factory.validate_credentials()

  56. 

  57.         assert result is True

  58.         mock_http.assert_called_once()

  59. 

  60.     @patch("services.auth.api_key_auth_service.db.session")

  61.     def test_multi_tenant_isolation(self, mock_session):

  62.         """Ensure complete tenant data isolation"""

  63.         tenant1_binding = self._create_mock_binding(self.tenant_id_1, AuthType.FIRECRAWL, self.firecrawl_credentials)

  64.         tenant2_binding = self._create_mock_binding(self.tenant_id_2, AuthType.JINA, self.jina_credentials)

  65. 

  66.         mock_session.query.return_value.where.return_value.all.return_value = [tenant1_binding]

  67.         result1 = ApiKeyAuthService.get_provider_auth_list(self.tenant_id_1)

  68. 

  69.         mock_session.query.return_value.where.return_value.all.return_value = [tenant2_binding]

  70.         result2 = ApiKeyAuthService.get_provider_auth_list(self.tenant_id_2)

  71. 

  72.         assert len(result1) == 1

  73.         assert result1[0].tenant_id == self.tenant_id_1

  74.         assert len(result2) == 1

  75.         assert result2[0].tenant_id == self.tenant_id_2

  76. 

  77.     @patch("services.auth.api_key_auth_service.db.session")

  78.     def test_cross_tenant_access_prevention(self, mock_session):

  79.         """Test prevention of cross-tenant credential access"""

  80.         mock_session.query.return_value.where.return_value.first.return_value = None

  81. 

  82.         result = ApiKeyAuthService.get_auth_credentials(self.tenant_id_2, self.category, AuthType.FIRECRAWL)

  83. 

  84.         assert result is None

  85. 

  86.     def test_sensitive_data_protection(self):

  87.         """Ensure API keys don't leak to logs"""

  88.         credentials_with_secrets = {

  89.             "auth_type": "bearer",

  90.             "config": {"api_key": "super_secret_key_do_not_log", "secret": "another_secret"},

  91.         }

  92. 

  93.         factory = ApiKeyAuthFactory(AuthType.FIRECRAWL, credentials_with_secrets)

  94.         factory_str = str(factory)

  95. 

  96.         assert "super_secret_key_do_not_log" not in factory_str

  97.         assert "another_secret" not in factory_str

  98. 

  99.     @patch("services.auth.api_key_auth_service.db.session")

  100.     @patch("services.auth.firecrawl.firecrawl.requests.post")

  101.     @patch("services.auth.api_key_auth_service.encrypter.encrypt_token")

  102.     def test_concurrent_creation_safety(self, mock_encrypt, mock_http, mock_session):

  103.         """Test concurrent authentication creation safety"""

  104.         mock_http.return_value = self._create_success_response()

  105.         mock_encrypt.return_value = "encrypted_key"

  106.         mock_session.add = Mock()

  107.         mock_session.commit = Mock()

  108. 

  109.         args = {"category": self.category, "provider": AuthType.FIRECRAWL, "credentials": self.firecrawl_credentials}

  110. 

  111.         results = []

  112.         exceptions = []

  113. 

  114.         def create_auth():

  115.             try:

  116.                 ApiKeyAuthService.create_provider_auth(self.tenant_id_1, args)

  117.                 results.append("success")

  118.             except Exception as e:

  119.                 exceptions.append(e)

  120. 

  121.         with ThreadPoolExecutor(max_workers=5) as executor:

  122.             futures = [executor.submit(create_auth) for _ in range(5)]

  123.             for future in futures:

  124.                 future.result()

  125. 

  126.         assert len(results) == 5

  127.         assert len(exceptions) == 0

  128.         assert mock_session.add.call_count == 5

  129.         assert mock_session.commit.call_count == 5

  130. 

  131.     @pytest.mark.parametrize(

  132.         "invalid_input",

  133.         [

  134.             None,  # Null input

  135.             {},  # Empty dictionary - missing required fields

  136.             {"auth_type": "bearer"},  # Missing config section

  137.             {"auth_type": "bearer", "config": {}},  # Missing api_key

  138.         ],

  139.     )

  140.     def test_invalid_input_boundary(self, invalid_input):

  141.         """Test boundary handling for invalid inputs"""

  142.         with pytest.raises((ValueError, KeyError, TypeError, AttributeError)):

  143.             ApiKeyAuthFactory(AuthType.FIRECRAWL, invalid_input)

  144. 

  145.     @patch("services.auth.firecrawl.firecrawl.requests.post")

  146.     def test_http_error_handling(self, mock_http):

  147.         """Test proper HTTP error handling"""

  148.         mock_response = Mock()

  149.         mock_response.status_code = 401

  150.         mock_response.text = '{"error": "Unauthorized"}'

  151.         mock_response.raise_for_status.side_effect = requests.exceptions.HTTPError("Unauthorized")

  152.         mock_http.return_value = mock_response

  153. 

  154.         # PT012: Split into single statement for pytest.raises

  155.         factory = ApiKeyAuthFactory(AuthType.FIRECRAWL, self.firecrawl_credentials)

  156.         with pytest.raises((requests.exceptions.HTTPError, Exception)):

  157.             factory.validate_credentials()

  158. 

  159.     @patch("services.auth.api_key_auth_service.db.session")

  160.     @patch("services.auth.firecrawl.firecrawl.requests.post")

  161.     def test_network_failure_recovery(self, mock_http, mock_session):

  162.         """Test system recovery from network failures"""

  163.         mock_http.side_effect = requests.exceptions.RequestException("Network timeout")

  164.         mock_session.add = Mock()

  165.         mock_session.commit = Mock()

  166. 

  167.         args = {"category": self.category, "provider": AuthType.FIRECRAWL, "credentials": self.firecrawl_credentials}

  168. 

  169.         with pytest.raises(requests.exceptions.RequestException):

  170.             ApiKeyAuthService.create_provider_auth(self.tenant_id_1, args)

  171. 

  172.         mock_session.commit.assert_not_called()

  173. 

  174.     @pytest.mark.parametrize(

  175.         ("provider", "credentials"),

  176.         [

  177.             (AuthType.FIRECRAWL, {"auth_type": "bearer", "config": {"api_key": "fc_key"}}),

  178.             (AuthType.JINA, {"auth_type": "bearer", "config": {"api_key": "jina_key"}}),

  179.             (AuthType.WATERCRAWL, {"auth_type": "x-api-key", "config": {"api_key": "wc_key"}}),

  180.         ],

  181.     )

  182.     def test_all_providers_factory_creation(self, provider, credentials):

  183.         """Test factory creation for all supported providers"""

  184.         try:

  185.             auth_class = ApiKeyAuthFactory.get_apikey_auth_factory(provider)

  186.             assert auth_class is not None

  187. 

  188.             factory = ApiKeyAuthFactory(provider, credentials)

  189.             assert factory.auth is not None

  190.         except ImportError:

  191.             pytest.skip(f"Provider {provider} not implemented yet")

  192. 

  193.     def _create_success_response(self, status_code=200):

  194.         """Create successful HTTP response mock"""

  195.         mock_response = Mock()

  196.         mock_response.status_code = status_code

  197.         mock_response.json.return_value = {"status": "success"}

  198.         mock_response.raise_for_status.return_value = None

  199.         return mock_response

  200. 

  201.     def _create_mock_binding(self, tenant_id: str, provider: str, credentials: dict) -> Mock:

  202.         """Create realistic database binding mock"""

  203.         mock_binding = Mock()

  204.         mock_binding.id = f"binding_{provider}_{tenant_id}"

  205.         mock_binding.tenant_id = tenant_id

  206.         mock_binding.category = self.category

  207.         mock_binding.provider = provider

  208.         mock_binding.credentials = json.dumps(credentials, ensure_ascii=False)

  209.         mock_binding.disabled = False

  210. 

  211.         mock_binding.created_at = Mock()

  212.         mock_binding.created_at.timestamp.return_value = 1640995200

  213.         mock_binding.updated_at = Mock()

  214.         mock_binding.updated_at.timestamp.return_value = 1640995200

  215. 

  216.         return mock_binding

  217. 

  218.     def test_integration_coverage_validation(self):

  219.         """Validate integration test coverage meets quality standards"""

  220.         core_scenarios = {

  221.             "business_logic": ["end_to_end_auth_flow", "cross_component_integration"],

  222.             "security": ["multi_tenant_isolation", "cross_tenant_access_prevention", "sensitive_data_protection"],

  223.             "reliability": ["concurrent_creation_safety", "network_failure_recovery"],

  224.             "compatibility": ["all_providers_factory_creation"],

  225.             "boundaries": ["invalid_input_boundary", "http_error_handling"],

  226.         }

  227. 

  228.         total_scenarios = sum(len(scenarios) for scenarios in core_scenarios.values())

  229.         assert total_scenarios >= 10

  230. 

  231.         security_tests = core_scenarios["security"]

  232.         assert "multi_tenant_isolation" in security_tests

  233.         assert "sensitive_data_protection" in security_tests

  234.         assert True