test_auth_authorization.py
python
sha256:34035d72cef530c1ab9d6a6f53be18d803dde705fc3157617d70352a96d0747b
Merge branch 'fix/wire-push-external-parent-manifest' into dev
Human
8 days ago
| 1 | """Tests for checklist section 1.2 — Authorization guards. |
| 2 | |
| 3 | Covers the three guard helpers that enforce repo-level access control: |
| 4 | |
| 5 | _guard_visibility — 404 on missing repo; 401 on private + unauthenticated |
| 6 | _guard_write_access — 403 when non-owner tries to write to a private repo |
| 7 | _guard_repo_owner — 403 when non-owner attempts an owner-only action |
| 8 | |
| 9 | All tests are synchronous unit tests — no DB or HTTP fixtures needed. |
| 10 | """ |
| 11 | from __future__ import annotations |
| 12 | |
| 13 | import pytest |
| 14 | from fastapi import HTTPException |
| 15 | from unittest.mock import AsyncMock, MagicMock |
| 16 | |
| 17 | |
| 18 | # --------------------------------------------------------------------------- |
| 19 | # Helpers — build lightweight repo/claims stand-ins without importing ORM |
| 20 | # --------------------------------------------------------------------------- |
| 21 | |
| 22 | def _repo(*, visibility: str = "public", owner: str = "alice") -> MagicMock: |
| 23 | r = MagicMock() |
| 24 | r.visibility = visibility |
| 25 | r.owner = owner |
| 26 | return r |
| 27 | |
| 28 | |
| 29 | def _claims(*, handle: str = "alice") -> MagicMock: |
| 30 | c = MagicMock() |
| 31 | c.handle = handle |
| 32 | return c |
| 33 | |
| 34 | |
| 35 | def _db_no_collab() -> AsyncMock: |
| 36 | """Async DB session stub that returns no collaborator row.""" |
| 37 | result = MagicMock() |
| 38 | result.scalar_one_or_none.return_value = None |
| 39 | db = AsyncMock() |
| 40 | db.execute = AsyncMock(return_value=result) |
| 41 | return db |
| 42 | |
| 43 | |
| 44 | def _db_with_collab() -> AsyncMock: |
| 45 | """Async DB session stub that returns an accepted write/admin collaborator row.""" |
| 46 | result = MagicMock() |
| 47 | result.scalar_one_or_none.return_value = MagicMock() # any truthy row |
| 48 | db = AsyncMock() |
| 49 | db.execute = AsyncMock(return_value=result) |
| 50 | return db |
| 51 | |
| 52 | |
| 53 | # --------------------------------------------------------------------------- |
| 54 | # _guard_visibility |
| 55 | # --------------------------------------------------------------------------- |
| 56 | |
| 57 | class TestGuardVisibility: |
| 58 | def setup_method(self) -> None: |
| 59 | from musehub.api.routes.musehub.repos import _guard_visibility |
| 60 | self.guard = _guard_visibility |
| 61 | |
| 62 | def test_none_repo_raises_404(self) -> None: |
| 63 | with pytest.raises(HTTPException) as exc_info: |
| 64 | self.guard(None, _claims()) |
| 65 | assert exc_info.value.status_code == 404 |
| 66 | |
| 67 | def test_none_repo_none_claims_raises_404(self) -> None: |
| 68 | """404 takes priority over 401 — missing repo is never exposed as 401.""" |
| 69 | with pytest.raises(HTTPException) as exc_info: |
| 70 | self.guard(None, None) |
| 71 | assert exc_info.value.status_code == 404 |
| 72 | |
| 73 | def test_public_repo_no_claims_allowed(self) -> None: |
| 74 | """Public repo with no auth must not raise.""" |
| 75 | self.guard(_repo(visibility="public"), None) |
| 76 | |
| 77 | def test_public_repo_with_claims_allowed(self) -> None: |
| 78 | self.guard(_repo(visibility="public"), _claims()) |
| 79 | |
| 80 | def test_private_repo_with_claims_allowed(self) -> None: |
| 81 | """Authenticated user may access a private repo.""" |
| 82 | self.guard(_repo(visibility="private"), _claims()) |
| 83 | |
| 84 | def test_private_repo_no_claims_raises_401(self) -> None: |
| 85 | with pytest.raises(HTTPException) as exc_info: |
| 86 | self.guard(_repo(visibility="private"), None) |
| 87 | assert exc_info.value.status_code == 401 |
| 88 | |
| 89 | def test_private_repo_401_includes_www_authenticate(self) -> None: |
| 90 | with pytest.raises(HTTPException) as exc_info: |
| 91 | self.guard(_repo(visibility="private"), None) |
| 92 | assert "WWW-Authenticate" in exc_info.value.headers |
| 93 | assert "MSign" in exc_info.value.headers["WWW-Authenticate"] |
| 94 | |
| 95 | |
| 96 | # --------------------------------------------------------------------------- |
| 97 | # _guard_write_access |
| 98 | # --------------------------------------------------------------------------- |
| 99 | |
| 100 | class TestGuardWriteAccess: |
| 101 | def setup_method(self) -> None: |
| 102 | from musehub.api.routes.musehub.issues import _guard_write_access |
| 103 | self.guard = _guard_write_access |
| 104 | |
| 105 | def test_public_repo_any_user_may_write(self) -> None: |
| 106 | """Any authenticated user can write to a public repo.""" |
| 107 | self.guard(_repo(visibility="public", owner="alice"), "bob") |
| 108 | |
| 109 | def test_public_repo_owner_may_write(self) -> None: |
| 110 | self.guard(_repo(visibility="public", owner="alice"), "alice") |
| 111 | |
| 112 | def test_private_repo_owner_may_write(self) -> None: |
| 113 | self.guard(_repo(visibility="private", owner="alice"), "alice") |
| 114 | |
| 115 | def test_private_repo_non_owner_raises_403(self) -> None: |
| 116 | with pytest.raises(HTTPException) as exc_info: |
| 117 | self.guard(_repo(visibility="private", owner="alice"), "bob") |
| 118 | assert exc_info.value.status_code == 403 |
| 119 | |
| 120 | def test_private_repo_403_detail_message(self) -> None: |
| 121 | with pytest.raises(HTTPException) as exc_info: |
| 122 | self.guard(_repo(visibility="private", owner="alice"), "bob") |
| 123 | assert "private" in exc_info.value.detail.lower() |
| 124 | |
| 125 | |
| 126 | # --------------------------------------------------------------------------- |
| 127 | # _guard_repo_owner |
| 128 | # --------------------------------------------------------------------------- |
| 129 | |
| 130 | class TestGuardRepoOwner: |
| 131 | async def test_owner_allowed(self) -> None: |
| 132 | from musehub.api.routes.musehub.issues import _guard_repo_owner |
| 133 | # Owner check short-circuits before any DB call. |
| 134 | await _guard_repo_owner(_repo(owner="alice"), "alice", _db_no_collab()) |
| 135 | |
| 136 | async def test_non_owner_raises_403(self) -> None: |
| 137 | from musehub.api.routes.musehub.issues import _guard_repo_owner |
| 138 | with pytest.raises(HTTPException) as exc_info: |
| 139 | await _guard_repo_owner(_repo(owner="alice"), "bob", _db_no_collab()) |
| 140 | assert exc_info.value.status_code == 403 |
| 141 | |
| 142 | async def test_non_owner_public_repo_still_raises_403(self) -> None: |
| 143 | """Even public repos: only owner may perform owner-only actions.""" |
| 144 | from musehub.api.routes.musehub.issues import _guard_repo_owner |
| 145 | with pytest.raises(HTTPException) as exc_info: |
| 146 | await _guard_repo_owner(_repo(visibility="public", owner="alice"), "bob", _db_no_collab()) |
| 147 | assert exc_info.value.status_code == 403 |
| 148 | |
| 149 | async def test_403_detail_message(self) -> None: |
| 150 | from musehub.api.routes.musehub.issues import _guard_repo_owner |
| 151 | with pytest.raises(HTTPException) as exc_info: |
| 152 | await _guard_repo_owner(_repo(owner="alice"), "bob", _db_no_collab()) |
| 153 | assert "owner" in exc_info.value.detail.lower() |
| 154 | |
| 155 | async def test_write_collaborator_allowed(self) -> None: |
| 156 | """A non-owner with an accepted write/admin collaborator row is allowed.""" |
| 157 | from musehub.api.routes.musehub.issues import _guard_repo_owner |
| 158 | await _guard_repo_owner(_repo(owner="alice"), "bob", _db_with_collab()) |
| 159 | |
| 160 | |
| 161 | # --------------------------------------------------------------------------- |
| 162 | # proposals._guard_repo_owner — musehub#132-adjacent: aaronrene (a write |
| 163 | # collaborator, and the proposal's own author) got a 403 requesting reviewers |
| 164 | # on his own proposal, because proposals.py has its own, weaker, sync-only |
| 165 | # _guard_repo_owner that only checks literal ownership -- unlike issues.py's |
| 166 | # collaborator-aware version above, which this ports the same logic into. |
| 167 | # --------------------------------------------------------------------------- |
| 168 | |
| 169 | class TestProposalsGuardRepoOwner: |
| 170 | async def test_owner_allowed(self) -> None: |
| 171 | from musehub.api.routes.musehub.proposals import _guard_repo_owner |
| 172 | await _guard_repo_owner(_repo(owner="alice"), "alice", _db_no_collab()) |
| 173 | |
| 174 | async def test_non_owner_no_collab_raises_403(self) -> None: |
| 175 | from musehub.api.routes.musehub.proposals import _guard_repo_owner |
| 176 | with pytest.raises(HTTPException) as exc_info: |
| 177 | await _guard_repo_owner(_repo(owner="alice"), "bob", _db_no_collab()) |
| 178 | assert exc_info.value.status_code == 403 |
| 179 | |
| 180 | async def test_write_collaborator_allowed(self) -> None: |
| 181 | """The bug: a write collaborator (e.g. requesting reviewers on their |
| 182 | own proposal) must be allowed, not just the literal repo owner.""" |
| 183 | from musehub.api.routes.musehub.proposals import _guard_repo_owner |
| 184 | await _guard_repo_owner(_repo(owner="alice"), "bob", _db_with_collab()) |
| 185 | |
| 186 | async def test_403_detail_message(self) -> None: |
| 187 | from musehub.api.routes.musehub.proposals import _guard_repo_owner |
| 188 | with pytest.raises(HTTPException) as exc_info: |
| 189 | await _guard_repo_owner(_repo(owner="alice"), "bob", _db_no_collab()) |
| 190 | assert "owner" in exc_info.value.detail.lower() or "collaborator" in exc_info.value.detail.lower() |
File History
14 commits
sha256:34035d72cef530c1ab9d6a6f53be18d803dde705fc3157617d70352a96d0747b
Merge branch 'fix/wire-push-external-parent-manifest' into dev
Human
8 days ago
sha256:fc04e4cae9e1774d6a21b65c45daeed0e6787eb581d13aa1b03bfe9384a34226
Merge branch 'fix/two-column-scroll-layout' into dev
Human
8 days ago
sha256:408916fc5973ba59c6e4eebaa80ebdcc801c0a63205651e25009d11548f79454
chore: bump version to 0.2.0.dev2 — nightly.2, matching muse
Sonnet 4.6
patch
11 days ago
sha256:d035733f21ccff27735fddebfbbe0ed24565a32a22db8de5885402262671ecd2
chore: bump version to 0.2.0rc15 for musehub#113 fix release
Sonnet 4.6
patch
14 days ago
sha256:0032d6cfa33bc3c8367436ad768e7dd0e339b4332153160247da8266cb5fa352
Merge branch 'task/version-tags-phase3-server' into dev
Human
17 days ago
sha256:4669620efda9ff41c55bdefd1f7bfe1c239d468428744c84ead9957e5a003a53
merge: rescue snapshot-recovery hardening (c00aa21d) into d…
Opus 4.8
minor
⚠
29 days ago
sha256:a59da49c4611b970fc4b6ae48678ce4943261c213a07ddbd73ce9201df869b4a
fix: remove false-positive proposal_comments index drop fro…
Sonnet 4.6
patch
33 days ago
sha256:0a240d6dbff234f07d98a28a4a9a68db702f3f9ff9260196f24219bdb1c0b6f3
feat: render markdown mists as HTML with heading anchor links
Sonnet 4.6
patch
34 days ago
sha256:24a7d47486ebc4ebd1832830580e177ec6f877b48dced8c000e198cdec4ce9d6
Merge 'task/bump-version-rc12' into 'dev' — proposal: Bump …
Human
35 days ago
sha256:b9ff931d147e0114a1f17060f415b89ed551c170a91ff226c70437aa5c85f9ee
Merge 'task/bump-version-rc12' into 'dev' — proposal: Bump …
Human
35 days ago
sha256:d1122d21e73471879b460037b22c0b50fded7c423444a176f248428f75dac39c
Merge 'task/fix-issue-pagination-cursor' into 'dev' — propo…
Human
35 days ago
sha256:01e18975e73d2b3cd5b6db7929c895bef9aa6e0d4391dc5b2adfc548b41318dd
Merge 'feat/adding-debug-logs-to-staging' into 'dev' — prop…
Human
35 days ago
sha256:6b1949fc2797ca4c1936a637a4cbfec828ef56cf52398a2e74ca3c4f494e728f
fix: use wire_bytes not mpack_bytes_raw in compute_object_b…
Sonnet 4.6
patch
48 days ago
sha256:b99f2455dc346966d040133f5203297e6e3ef5803a93728a2c30568d0a0f7583
rename: delta_add → delta_upsert across wire format, models…
Sonnet 4.6
patch
50 days ago