OpenSource
/
dify
Watch 4
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 152 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7323 Commits
4 Branches
Tree: 8940decd1b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8940decd1b'
${ noResults }
dify/api/tests/unit_tests/libs/test_oauth_clients.py

test_oauth_clients.py 8.8KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249 
  1. import urllib.parse

  2. from unittest.mock import MagicMock, patch

  3. 

  4. import httpx

  5. import pytest

  6. 

  7. from libs.oauth import GitHubOAuth, GoogleOAuth, OAuthUserInfo

  8. 

  9. 

  10. class BaseOAuthTest:

  11.     """Base class for OAuth provider tests with common fixtures"""

  12. 

  13.     @pytest.fixture

  14.     def oauth_config(self):

  15.         return {

  16.             "client_id": "test_client_id",

  17.             "client_secret": "test_client_secret",

  18.             "redirect_uri": "http://localhost/callback",

  19.         }

  20. 

  21.     @pytest.fixture

  22.     def mock_response(self):

  23.         response = MagicMock()

  24.         response.json.return_value = {}

  25.         return response

  26. 

  27.     def parse_auth_url(self, url):

  28.         """Helper to parse authorization URL"""

  29.         parsed = urllib.parse.urlparse(url)

  30.         params = urllib.parse.parse_qs(parsed.query)

  31.         return parsed, params

  32. 

  33. 

  34. class TestGitHubOAuth(BaseOAuthTest):

  35.     @pytest.fixture

  36.     def oauth(self, oauth_config):

  37.         return GitHubOAuth(oauth_config["client_id"], oauth_config["client_secret"], oauth_config["redirect_uri"])

  38. 

  39.     @pytest.mark.parametrize(

  40.         ("invite_token", "expected_state"),

  41.         [

  42.             (None, None),

  43.             ("test_invite_token", "test_invite_token"),

  44.             ("", None),

  45.         ],

  46.     )

  47.     def test_should_generate_authorization_url_correctly(self, oauth, oauth_config, invite_token, expected_state):

  48.         url = oauth.get_authorization_url(invite_token)

  49.         parsed, params = self.parse_auth_url(url)

  50. 

  51.         assert parsed.scheme == "https"

  52.         assert parsed.netloc == "github.com"

  53.         assert parsed.path == "/login/oauth/authorize"

  54.         assert params["client_id"][0] == oauth_config["client_id"]

  55.         assert params["redirect_uri"][0] == oauth_config["redirect_uri"]

  56.         assert params["scope"][0] == "user:email"

  57. 

  58.         if expected_state:

  59.             assert params["state"][0] == expected_state

  60.         else:

  61.             assert "state" not in params

  62. 

  63.     @pytest.mark.parametrize(

  64.         ("response_data", "expected_token", "should_raise"),

  65.         [

  66.             ({"access_token": "test_token"}, "test_token", False),

  67.             ({"error": "invalid_grant"}, None, True),

  68.             ({}, None, True),

  69.         ],

  70.     )

  71.     @patch("httpx.post")

  72.     def test_should_retrieve_access_token(

  73.         self, mock_post, oauth, mock_response, response_data, expected_token, should_raise

  74.     ):

  75.         mock_response.json.return_value = response_data

  76.         mock_post.return_value = mock_response

  77. 

  78.         if should_raise:

  79.             with pytest.raises(ValueError) as exc_info:

  80.                 oauth.get_access_token("test_code")

  81.             assert "Error in GitHub OAuth" in str(exc_info.value)

  82.         else:

  83.             token = oauth.get_access_token("test_code")

  84.             assert token == expected_token

  85. 

  86.     @pytest.mark.parametrize(

  87.         ("user_data", "email_data", "expected_email"),

  88.         [

  89.             # User with primary email

  90.             (

  91.                 {"id": 12345, "login": "testuser", "name": "Test User"},

  92.                 [

  93.                     {"email": "secondary@example.com", "primary": False},

  94.                     {"email": "primary@example.com", "primary": True},

  95.                 ],

  96.                 "primary@example.com",

  97.             ),

  98.             # User with no emails - fallback to noreply

  99.             ({"id": 12345, "login": "testuser", "name": "Test User"}, [], "12345+testuser@users.noreply.github.com"),

  100.             # User with only secondary email - fallback to noreply

  101.             (

  102.                 {"id": 12345, "login": "testuser", "name": "Test User"},

  103.                 [{"email": "secondary@example.com", "primary": False}],

  104.                 "12345+testuser@users.noreply.github.com",

  105.             ),

  106.         ],

  107.     )

  108.     @patch("httpx.get")

  109.     def test_should_retrieve_user_info_correctly(self, mock_get, oauth, user_data, email_data, expected_email):

  110.         user_response = MagicMock()

  111.         user_response.json.return_value = user_data

  112. 

  113.         email_response = MagicMock()

  114.         email_response.json.return_value = email_data

  115. 

  116.         mock_get.side_effect = [user_response, email_response]

  117. 

  118.         user_info = oauth.get_user_info("test_token")

  119. 

  120.         assert user_info.id == str(user_data["id"])

  121.         assert user_info.name == user_data["name"]

  122.         assert user_info.email == expected_email

  123. 

  124.     @patch("httpx.get")

  125.     def test_should_handle_network_errors(self, mock_get, oauth):

  126.         mock_get.side_effect = httpx.RequestError("Network error")

  127. 

  128.         with pytest.raises(httpx.RequestError):

  129.             oauth.get_raw_user_info("test_token")

  130. 

  131. 

  132. class TestGoogleOAuth(BaseOAuthTest):

  133.     @pytest.fixture

  134.     def oauth(self, oauth_config):

  135.         return GoogleOAuth(oauth_config["client_id"], oauth_config["client_secret"], oauth_config["redirect_uri"])

  136. 

  137.     @pytest.mark.parametrize(

  138.         ("invite_token", "expected_state"),

  139.         [

  140.             (None, None),

  141.             ("test_invite_token", "test_invite_token"),

  142.             ("", None),

  143.         ],

  144.     )

  145.     def test_should_generate_authorization_url_correctly(self, oauth, oauth_config, invite_token, expected_state):

  146.         url = oauth.get_authorization_url(invite_token)

  147.         parsed, params = self.parse_auth_url(url)

  148. 

  149.         assert parsed.scheme == "https"

  150.         assert parsed.netloc == "accounts.google.com"

  151.         assert parsed.path == "/o/oauth2/v2/auth"

  152.         assert params["client_id"][0] == oauth_config["client_id"]

  153.         assert params["redirect_uri"][0] == oauth_config["redirect_uri"]

  154.         assert params["response_type"][0] == "code"

  155.         assert params["scope"][0] == "openid email"

  156. 

  157.         if expected_state:

  158.             assert params["state"][0] == expected_state

  159.         else:

  160.             assert "state" not in params

  161. 

  162.     @pytest.mark.parametrize(

  163.         ("response_data", "expected_token", "should_raise"),

  164.         [

  165.             ({"access_token": "test_token"}, "test_token", False),

  166.             ({"error": "invalid_grant"}, None, True),

  167.             ({}, None, True),

  168.         ],

  169.     )

  170.     @patch("httpx.post")

  171.     def test_should_retrieve_access_token(

  172.         self, mock_post, oauth, oauth_config, mock_response, response_data, expected_token, should_raise

  173.     ):

  174.         mock_response.json.return_value = response_data

  175.         mock_post.return_value = mock_response

  176. 

  177.         if should_raise:

  178.             with pytest.raises(ValueError) as exc_info:

  179.                 oauth.get_access_token("test_code")

  180.             assert "Error in Google OAuth" in str(exc_info.value)

  181.         else:

  182.             token = oauth.get_access_token("test_code")

  183.             assert token == expected_token

  184. 

  185.         mock_post.assert_called_once_with(

  186.             oauth._TOKEN_URL,

  187.             data={

  188.                 "client_id": oauth_config["client_id"],

  189.                 "client_secret": oauth_config["client_secret"],

  190.                 "code": "test_code",

  191.                 "grant_type": "authorization_code",

  192.                 "redirect_uri": oauth_config["redirect_uri"],

  193.             },

  194.             headers={"Accept": "application/json"},

  195.         )

  196. 

  197.     @pytest.mark.parametrize(

  198.         ("user_data", "expected_name"),

  199.         [

  200.             ({"sub": "123", "email": "test@example.com", "email_verified": True}, ""),

  201.             ({"sub": "123", "email": "test@example.com", "name": "Test User"}, ""),  # Always returns empty string

  202.         ],

  203.     )

  204.     @patch("httpx.get")

  205.     def test_should_retrieve_user_info_correctly(self, mock_get, oauth, mock_response, user_data, expected_name):

  206.         mock_response.json.return_value = user_data

  207.         mock_get.return_value = mock_response

  208. 

  209.         user_info = oauth.get_user_info("test_token")

  210. 

  211.         assert user_info.id == user_data["sub"]

  212.         assert user_info.name == expected_name

  213.         assert user_info.email == user_data["email"]

  214. 

  215.         mock_get.assert_called_once_with(oauth._USER_INFO_URL, headers={"Authorization": "Bearer test_token"})

  216. 

  217.     @pytest.mark.parametrize(

  218.         "exception_type",

  219.         [

  220.             httpx.HTTPError,

  221.             httpx.ConnectError,

  222.             httpx.TimeoutException,

  223.         ],

  224.     )

  225.     @patch("httpx.get")

  226.     def test_should_handle_http_errors(self, mock_get, oauth, exception_type):

  227.         mock_response = MagicMock()

  228.         mock_response.raise_for_status.side_effect = exception_type("Error")

  229.         mock_get.return_value = mock_response

  230. 

  231.         with pytest.raises(exception_type):

  232.             oauth.get_raw_user_info("invalid_token")

  233. 

  234. 

  235. class TestOAuthUserInfo:

  236.     @pytest.mark.parametrize(

  237.         "user_data",

  238.         [

  239.             {"id": "123", "name": "Test User", "email": "test@example.com"},

  240.             {"id": "456", "name": "", "email": "user@domain.com"},

  241.             {"id": "789", "name": "Another User", "email": "another@test.org"},

  242.         ],

  243.     )

  244.     def test_should_create_user_info_dataclass(self, user_data):

  245.         user_info = OAuthUserInfo(**user_data)

  246. 

  247.         assert user_info.id == user_data["id"]

  248.         assert user_info.name == user_data["name"]

  249.         assert user_info.email == user_data["email"]