134 lines
4.9 KiB
Go
134 lines
4.9 KiB
Go
// SPDX-License-Identifier: EUPL-1.2
|
|
|
|
package agentic
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
core "dappco.re/go/core"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestAuth_HandleAuthProvision_Good(t *testing.T) {
|
|
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
require.Equal(t, "/v1/agent/auth/provision", r.URL.Path)
|
|
require.Equal(t, http.MethodPost, r.Method)
|
|
require.Equal(t, "Bearer secret-token", r.Header.Get("Authorization"))
|
|
|
|
bodyResult := core.ReadAll(r.Body)
|
|
require.True(t, bodyResult.OK)
|
|
|
|
var payload map[string]any
|
|
parseResult := core.JSONUnmarshalString(bodyResult.Value.(string), &payload)
|
|
require.True(t, parseResult.OK)
|
|
require.Equal(t, "user-42", payload["oauth_user_id"])
|
|
require.Equal(t, "codex local", payload["name"])
|
|
require.Equal(t, float64(60), payload["rate_limit"])
|
|
require.Equal(t, "2026-04-01T00:00:00Z", payload["expires_at"])
|
|
|
|
permissions, ok := payload["permissions"].([]any)
|
|
require.True(t, ok)
|
|
require.Equal(t, []any{"plans:read", "plans:write"}, permissions)
|
|
|
|
ipRestrictions, ok := payload["ip_restrictions"].([]any)
|
|
require.True(t, ok)
|
|
require.Equal(t, []any{"10.0.0.0/8", "192.168.0.0/16"}, ipRestrictions)
|
|
|
|
_, _ = w.Write([]byte(`{"data":{"id":7,"workspace_id":3,"name":"codex local","key":"ak_live_secret","prefix":"ak_live","permissions":["plans:read","plans:write"],"ip_restrictions":["10.0.0.0/8","192.168.0.0/16"],"rate_limit":60,"call_count":2,"expires_at":"2026-04-01T00:00:00Z"}}`))
|
|
}))
|
|
defer server.Close()
|
|
|
|
subsystem := testPrepWithPlatformServer(t, server, "secret-token")
|
|
result := subsystem.handleAuthProvision(context.Background(), core.NewOptions(
|
|
core.Option{Key: "oauth_user_id", Value: "user-42"},
|
|
core.Option{Key: "name", Value: "codex local"},
|
|
core.Option{Key: "permissions", Value: "plans:read,plans:write"},
|
|
core.Option{Key: "ip_restrictions", Value: "10.0.0.0/8,192.168.0.0/16"},
|
|
core.Option{Key: "rate_limit", Value: 60},
|
|
core.Option{Key: "expires_at", Value: "2026-04-01T00:00:00Z"},
|
|
))
|
|
require.True(t, result.OK)
|
|
|
|
output, ok := result.Value.(AuthProvisionOutput)
|
|
require.True(t, ok)
|
|
assert.True(t, output.Success)
|
|
assert.Equal(t, 7, output.Key.ID)
|
|
assert.Equal(t, 3, output.Key.WorkspaceID)
|
|
assert.Equal(t, "codex local", output.Key.Name)
|
|
assert.Equal(t, "ak_live_secret", output.Key.Key)
|
|
assert.Equal(t, "ak_live", output.Key.Prefix)
|
|
assert.Equal(t, []string{"plans:read", "plans:write"}, output.Key.Permissions)
|
|
assert.Equal(t, []string{"10.0.0.0/8", "192.168.0.0/16"}, output.Key.IPRestrictions)
|
|
assert.Equal(t, 60, output.Key.RateLimit)
|
|
assert.Equal(t, 2, output.Key.CallCount)
|
|
}
|
|
|
|
func TestAuth_HandleAuthProvision_Bad(t *testing.T) {
|
|
subsystem := testPrepWithPlatformServer(t, nil, "secret-token")
|
|
result := subsystem.handleAuthProvision(context.Background(), core.NewOptions())
|
|
assert.False(t, result.OK)
|
|
}
|
|
|
|
func TestAuth_HandleAuthProvision_Ugly(t *testing.T) {
|
|
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
_, _ = w.Write([]byte(`{broken json`))
|
|
}))
|
|
defer server.Close()
|
|
|
|
subsystem := testPrepWithPlatformServer(t, server, "secret-token")
|
|
result := subsystem.handleAuthProvision(context.Background(), core.NewOptions(
|
|
core.Option{Key: "oauth_user_id", Value: "user-42"},
|
|
))
|
|
assert.False(t, result.OK)
|
|
}
|
|
|
|
func TestAuth_HandleAuthRevoke_Good(t *testing.T) {
|
|
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
require.Equal(t, "/v1/agent/auth/revoke/7", r.URL.Path)
|
|
require.Equal(t, http.MethodDelete, r.Method)
|
|
require.Equal(t, "Bearer secret-token", r.Header.Get("Authorization"))
|
|
_, _ = w.Write([]byte(`{"data":{"key_id":"7","revoked":true}}`))
|
|
}))
|
|
defer server.Close()
|
|
|
|
subsystem := testPrepWithPlatformServer(t, server, "secret-token")
|
|
result := subsystem.handleAuthRevoke(context.Background(), core.NewOptions(
|
|
core.Option{Key: "key_id", Value: "7"},
|
|
))
|
|
require.True(t, result.OK)
|
|
|
|
output, ok := result.Value.(AuthRevokeOutput)
|
|
require.True(t, ok)
|
|
assert.True(t, output.Success)
|
|
assert.Equal(t, "7", output.KeyID)
|
|
assert.True(t, output.Revoked)
|
|
}
|
|
|
|
func TestAuth_HandleAuthRevoke_Bad(t *testing.T) {
|
|
subsystem := testPrepWithPlatformServer(t, nil, "secret-token")
|
|
result := subsystem.handleAuthRevoke(context.Background(), core.NewOptions())
|
|
assert.False(t, result.OK)
|
|
}
|
|
|
|
func TestAuth_HandleAuthRevoke_Ugly(t *testing.T) {
|
|
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
_, _ = w.Write([]byte(`{"data":true}`))
|
|
}))
|
|
defer server.Close()
|
|
|
|
subsystem := testPrepWithPlatformServer(t, server, "secret-token")
|
|
result := subsystem.handleAuthRevoke(context.Background(), core.NewOptions(
|
|
core.Option{Key: "key_id", Value: "7"},
|
|
))
|
|
require.True(t, result.OK)
|
|
|
|
output, ok := result.Value.(AuthRevokeOutput)
|
|
require.True(t, ok)
|
|
assert.True(t, output.Success)
|
|
assert.Equal(t, "7", output.KeyID)
|
|
assert.True(t, output.Revoked)
|
|
}
|