gabriel / musehub public
test_auth_authorization.py python
190 lines 8.3 KB
Raw
sha256:34035d72cef530c1ab9d6a6f53be18d803dde705fc3157617d70352a96d0747b Merge branch 'fix/wire-push-external-parent-manifest' into dev Human 8 days ago
1 """Tests for checklist section 1.2 — Authorization guards.
2
3 Covers the three guard helpers that enforce repo-level access control:
4
5 _guard_visibility — 404 on missing repo; 401 on private + unauthenticated
6 _guard_write_access — 403 when non-owner tries to write to a private repo
7 _guard_repo_owner — 403 when non-owner attempts an owner-only action
8
9 All tests are synchronous unit tests — no DB or HTTP fixtures needed.
10 """
11 from __future__ import annotations
12
13 import pytest
14 from fastapi import HTTPException
15 from unittest.mock import AsyncMock, MagicMock
16
17
18 # ---------------------------------------------------------------------------
19 # Helpers — build lightweight repo/claims stand-ins without importing ORM
20 # ---------------------------------------------------------------------------
21
22 def _repo(*, visibility: str = "public", owner: str = "alice") -> MagicMock:
23 r = MagicMock()
24 r.visibility = visibility
25 r.owner = owner
26 return r
27
28
29 def _claims(*, handle: str = "alice") -> MagicMock:
30 c = MagicMock()
31 c.handle = handle
32 return c
33
34
35 def _db_no_collab() -> AsyncMock:
36 """Async DB session stub that returns no collaborator row."""
37 result = MagicMock()
38 result.scalar_one_or_none.return_value = None
39 db = AsyncMock()
40 db.execute = AsyncMock(return_value=result)
41 return db
42
43
44 def _db_with_collab() -> AsyncMock:
45 """Async DB session stub that returns an accepted write/admin collaborator row."""
46 result = MagicMock()
47 result.scalar_one_or_none.return_value = MagicMock() # any truthy row
48 db = AsyncMock()
49 db.execute = AsyncMock(return_value=result)
50 return db
51
52
53 # ---------------------------------------------------------------------------
54 # _guard_visibility
55 # ---------------------------------------------------------------------------
56
57 class TestGuardVisibility:
58 def setup_method(self) -> None:
59 from musehub.api.routes.musehub.repos import _guard_visibility
60 self.guard = _guard_visibility
61
62 def test_none_repo_raises_404(self) -> None:
63 with pytest.raises(HTTPException) as exc_info:
64 self.guard(None, _claims())
65 assert exc_info.value.status_code == 404
66
67 def test_none_repo_none_claims_raises_404(self) -> None:
68 """404 takes priority over 401 — missing repo is never exposed as 401."""
69 with pytest.raises(HTTPException) as exc_info:
70 self.guard(None, None)
71 assert exc_info.value.status_code == 404
72
73 def test_public_repo_no_claims_allowed(self) -> None:
74 """Public repo with no auth must not raise."""
75 self.guard(_repo(visibility="public"), None)
76
77 def test_public_repo_with_claims_allowed(self) -> None:
78 self.guard(_repo(visibility="public"), _claims())
79
80 def test_private_repo_with_claims_allowed(self) -> None:
81 """Authenticated user may access a private repo."""
82 self.guard(_repo(visibility="private"), _claims())
83
84 def test_private_repo_no_claims_raises_401(self) -> None:
85 with pytest.raises(HTTPException) as exc_info:
86 self.guard(_repo(visibility="private"), None)
87 assert exc_info.value.status_code == 401
88
89 def test_private_repo_401_includes_www_authenticate(self) -> None:
90 with pytest.raises(HTTPException) as exc_info:
91 self.guard(_repo(visibility="private"), None)
92 assert "WWW-Authenticate" in exc_info.value.headers
93 assert "MSign" in exc_info.value.headers["WWW-Authenticate"]
94
95
96 # ---------------------------------------------------------------------------
97 # _guard_write_access
98 # ---------------------------------------------------------------------------
99
100 class TestGuardWriteAccess:
101 def setup_method(self) -> None:
102 from musehub.api.routes.musehub.issues import _guard_write_access
103 self.guard = _guard_write_access
104
105 def test_public_repo_any_user_may_write(self) -> None:
106 """Any authenticated user can write to a public repo."""
107 self.guard(_repo(visibility="public", owner="alice"), "bob")
108
109 def test_public_repo_owner_may_write(self) -> None:
110 self.guard(_repo(visibility="public", owner="alice"), "alice")
111
112 def test_private_repo_owner_may_write(self) -> None:
113 self.guard(_repo(visibility="private", owner="alice"), "alice")
114
115 def test_private_repo_non_owner_raises_403(self) -> None:
116 with pytest.raises(HTTPException) as exc_info:
117 self.guard(_repo(visibility="private", owner="alice"), "bob")
118 assert exc_info.value.status_code == 403
119
120 def test_private_repo_403_detail_message(self) -> None:
121 with pytest.raises(HTTPException) as exc_info:
122 self.guard(_repo(visibility="private", owner="alice"), "bob")
123 assert "private" in exc_info.value.detail.lower()
124
125
126 # ---------------------------------------------------------------------------
127 # _guard_repo_owner
128 # ---------------------------------------------------------------------------
129
130 class TestGuardRepoOwner:
131 async def test_owner_allowed(self) -> None:
132 from musehub.api.routes.musehub.issues import _guard_repo_owner
133 # Owner check short-circuits before any DB call.
134 await _guard_repo_owner(_repo(owner="alice"), "alice", _db_no_collab())
135
136 async def test_non_owner_raises_403(self) -> None:
137 from musehub.api.routes.musehub.issues import _guard_repo_owner
138 with pytest.raises(HTTPException) as exc_info:
139 await _guard_repo_owner(_repo(owner="alice"), "bob", _db_no_collab())
140 assert exc_info.value.status_code == 403
141
142 async def test_non_owner_public_repo_still_raises_403(self) -> None:
143 """Even public repos: only owner may perform owner-only actions."""
144 from musehub.api.routes.musehub.issues import _guard_repo_owner
145 with pytest.raises(HTTPException) as exc_info:
146 await _guard_repo_owner(_repo(visibility="public", owner="alice"), "bob", _db_no_collab())
147 assert exc_info.value.status_code == 403
148
149 async def test_403_detail_message(self) -> None:
150 from musehub.api.routes.musehub.issues import _guard_repo_owner
151 with pytest.raises(HTTPException) as exc_info:
152 await _guard_repo_owner(_repo(owner="alice"), "bob", _db_no_collab())
153 assert "owner" in exc_info.value.detail.lower()
154
155 async def test_write_collaborator_allowed(self) -> None:
156 """A non-owner with an accepted write/admin collaborator row is allowed."""
157 from musehub.api.routes.musehub.issues import _guard_repo_owner
158 await _guard_repo_owner(_repo(owner="alice"), "bob", _db_with_collab())
159
160
161 # ---------------------------------------------------------------------------
162 # proposals._guard_repo_owner — musehub#132-adjacent: aaronrene (a write
163 # collaborator, and the proposal's own author) got a 403 requesting reviewers
164 # on his own proposal, because proposals.py has its own, weaker, sync-only
165 # _guard_repo_owner that only checks literal ownership -- unlike issues.py's
166 # collaborator-aware version above, which this ports the same logic into.
167 # ---------------------------------------------------------------------------
168
169 class TestProposalsGuardRepoOwner:
170 async def test_owner_allowed(self) -> None:
171 from musehub.api.routes.musehub.proposals import _guard_repo_owner
172 await _guard_repo_owner(_repo(owner="alice"), "alice", _db_no_collab())
173
174 async def test_non_owner_no_collab_raises_403(self) -> None:
175 from musehub.api.routes.musehub.proposals import _guard_repo_owner
176 with pytest.raises(HTTPException) as exc_info:
177 await _guard_repo_owner(_repo(owner="alice"), "bob", _db_no_collab())
178 assert exc_info.value.status_code == 403
179
180 async def test_write_collaborator_allowed(self) -> None:
181 """The bug: a write collaborator (e.g. requesting reviewers on their
182 own proposal) must be allowed, not just the literal repo owner."""
183 from musehub.api.routes.musehub.proposals import _guard_repo_owner
184 await _guard_repo_owner(_repo(owner="alice"), "bob", _db_with_collab())
185
186 async def test_403_detail_message(self) -> None:
187 from musehub.api.routes.musehub.proposals import _guard_repo_owner
188 with pytest.raises(HTTPException) as exc_info:
189 await _guard_repo_owner(_repo(owner="alice"), "bob", _db_no_collab())
190 assert "owner" in exc_info.value.detail.lower() or "collaborator" in exc_info.value.detail.lower()
File History 14 commits
sha256:34035d72cef530c1ab9d6a6f53be18d803dde705fc3157617d70352a96d0747b Merge branch 'fix/wire-push-external-parent-manifest' into dev Human 8 days ago
sha256:fc04e4cae9e1774d6a21b65c45daeed0e6787eb581d13aa1b03bfe9384a34226 Merge branch 'fix/two-column-scroll-layout' into dev Human 8 days ago
sha256:408916fc5973ba59c6e4eebaa80ebdcc801c0a63205651e25009d11548f79454 chore: bump version to 0.2.0.dev2 — nightly.2, matching muse Sonnet 4.6 patch 11 days ago
sha256:d035733f21ccff27735fddebfbbe0ed24565a32a22db8de5885402262671ecd2 chore: bump version to 0.2.0rc15 for musehub#113 fix release Sonnet 4.6 patch 14 days ago
sha256:0032d6cfa33bc3c8367436ad768e7dd0e339b4332153160247da8266cb5fa352 Merge branch 'task/version-tags-phase3-server' into dev Human 17 days ago
sha256:4669620efda9ff41c55bdefd1f7bfe1c239d468428744c84ead9957e5a003a53 merge: rescue snapshot-recovery hardening (c00aa21d) into d… Opus 4.8 minor 29 days ago
sha256:a59da49c4611b970fc4b6ae48678ce4943261c213a07ddbd73ce9201df869b4a fix: remove false-positive proposal_comments index drop fro… Sonnet 4.6 patch 33 days ago
sha256:0a240d6dbff234f07d98a28a4a9a68db702f3f9ff9260196f24219bdb1c0b6f3 feat: render markdown mists as HTML with heading anchor links Sonnet 4.6 patch 34 days ago
sha256:24a7d47486ebc4ebd1832830580e177ec6f877b48dced8c000e198cdec4ce9d6 Merge 'task/bump-version-rc12' into 'dev' — proposal: Bump … Human 35 days ago
sha256:b9ff931d147e0114a1f17060f415b89ed551c170a91ff226c70437aa5c85f9ee Merge 'task/bump-version-rc12' into 'dev' — proposal: Bump … Human 35 days ago
sha256:d1122d21e73471879b460037b22c0b50fded7c423444a176f248428f75dac39c Merge 'task/fix-issue-pagination-cursor' into 'dev' — propo… Human 35 days ago
sha256:01e18975e73d2b3cd5b6db7929c895bef9aa6e0d4391dc5b2adfc548b41318dd Merge 'feat/adding-debug-logs-to-staging' into 'dev' — prop… Human 35 days ago
sha256:6b1949fc2797ca4c1936a637a4cbfec828ef56cf52398a2e74ca3c4f494e728f fix: use wire_bytes not mpack_bytes_raw in compute_object_b… Sonnet 4.6 patch 48 days ago
sha256:b99f2455dc346966d040133f5203297e6e3ef5803a93728a2c30568d0a0f7583 rename: delta_add → delta_upsert across wire format, models… Sonnet 4.6 patch 50 days ago