7a0da7932b
OSV-Scanner (Scheduled) / scan-scheduled (push) Failing after 0s
Create Release / test-gate (push) Has been cancelled
Create Release / release-gate (push) Has been cancelled
Create Release / ci-gate (push) Has been cancelled
Create Release / version-check (push) Has been cancelled
Create Release / e2e-test-gate (push) Has been cancelled
Create Release / responsive-test-gate (push) Has been cancelled
Create Release / compat-test-gate (push) Has been cancelled
Create Release / compose-integration-gate (push) Has been cancelled
Create Release / vulture-gate (push) Has been cancelled
Create Release / build (push) Has been cancelled
Create Release / provenance (push) Has been cancelled
Create Release / prerelease-docker (push) Has been cancelled
Create Release / publish-docker (push) Has been cancelled
Create Release / create-release (push) Has been cancelled
Create Release / cleanup-changelog (push) Has been cancelled
Create Release / trigger-pypi (push) Has been cancelled
Create Release / monitor-pypi (push) Has been cancelled
Create Release / Clean up orphan prerelease tags and signatures (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-form] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-metrics] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-workflow] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [settings-core] (push) Has been cancelled
CodeQL Advanced / Analyze (javascript-typescript) (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [history-news] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [library] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [link-analytics] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [chat-core] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [chat-lifecycle] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [error-benchmark] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [settings-pages] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) (push) Has been cancelled
Docker Tests (Consolidated) / Accessibility Tests (push) Has been cancelled
Docker Tests (Consolidated) / LLM Unit Tests (push) Has been cancelled
Docker Tests (Consolidated) / LLM Example Tests (push) Has been cancelled
Docker Tests (Consolidated) / Production Image Smoke Test (push) Has been cancelled
Docker Tests (Consolidated) / Infrastructure Tests (push) Has been cancelled
OSSF Scorecard / OSSF Security Scorecard Analysis (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [mobile] (push) Has been cancelled
Backwards Compatibility / Verify Encryption Constants (push) Has been cancelled
Backwards Compatibility / PyPI Version Compatibility (push) Has been cancelled
Backwards Compatibility / Database Migration Tests (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Docker Tests (Consolidated) / detect-changes (push) Has been cancelled
Docker Tests (Consolidated) / Build Test Image (push) Has been cancelled
Docker Tests (Consolidated) / All Pytest Tests + Coverage (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [accessibility] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [api-crud] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-login] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-pages] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-register] (push) Has been cancelled
436 lines
15 KiB
Python
436 lines
15 KiB
Python
"""
|
|
Tests for web/auth/database_middleware.py
|
|
|
|
Tests cover:
|
|
- ensure_user_database() function
|
|
- Password retrieval from various sources
|
|
- Database session setup via db_manager.open_user_database()
|
|
"""
|
|
|
|
from unittest.mock import MagicMock, patch
|
|
|
|
from flask import Flask
|
|
|
|
|
|
class TestEnsureUserDatabase:
|
|
"""Tests for ensure_user_database function."""
|
|
|
|
def test_skips_when_middleware_should_skip(self):
|
|
"""Should skip when should_skip_database_middleware returns True."""
|
|
app = Flask(__name__)
|
|
app.secret_key = "test"
|
|
|
|
with patch(
|
|
"local_deep_research.web.auth.database_middleware.should_skip_database_middleware"
|
|
) as mock_skip:
|
|
mock_skip.return_value = True
|
|
|
|
from local_deep_research.web.auth.database_middleware import (
|
|
ensure_user_database,
|
|
)
|
|
|
|
with app.test_request_context("/static/app.js"):
|
|
result = ensure_user_database()
|
|
assert result is None
|
|
|
|
def test_skips_when_already_initialized(self):
|
|
"""Should skip when _db_initialized flag is already set."""
|
|
app = Flask(__name__)
|
|
app.secret_key = "test"
|
|
|
|
with patch(
|
|
"local_deep_research.web.auth.database_middleware.should_skip_database_middleware"
|
|
) as mock_skip:
|
|
mock_skip.return_value = False
|
|
|
|
from local_deep_research.web.auth.database_middleware import (
|
|
ensure_user_database,
|
|
)
|
|
from flask import g
|
|
|
|
with app.test_request_context("/dashboard"):
|
|
g._db_initialized = True
|
|
|
|
result = ensure_user_database()
|
|
assert result is None
|
|
|
|
def test_skips_when_no_username(self):
|
|
"""Should skip when no username in session."""
|
|
app = Flask(__name__)
|
|
app.secret_key = "test"
|
|
|
|
with patch(
|
|
"local_deep_research.web.auth.database_middleware.should_skip_database_middleware"
|
|
) as mock_skip:
|
|
mock_skip.return_value = False
|
|
|
|
from local_deep_research.web.auth.database_middleware import (
|
|
ensure_user_database,
|
|
)
|
|
|
|
with app.test_request_context("/dashboard"):
|
|
result = ensure_user_database()
|
|
assert result is None
|
|
|
|
def test_retrieves_password_from_temp_auth_token(self):
|
|
"""Should retrieve password from temp auth token."""
|
|
app = Flask(__name__)
|
|
app.secret_key = "test"
|
|
|
|
mock_temp_auth = MagicMock()
|
|
mock_temp_auth.retrieve_auth.return_value = ("testuser", "password123")
|
|
|
|
mock_session_password_store = MagicMock()
|
|
|
|
with (
|
|
patch(
|
|
"local_deep_research.web.auth.database_middleware.should_skip_database_middleware"
|
|
) as mock_skip,
|
|
patch(
|
|
"local_deep_research.web.auth.database_middleware.db_manager"
|
|
) as mock_db_manager,
|
|
patch(
|
|
"local_deep_research.database.temp_auth.temp_auth_store",
|
|
mock_temp_auth,
|
|
),
|
|
patch(
|
|
"local_deep_research.database.session_passwords.session_password_store",
|
|
mock_session_password_store,
|
|
),
|
|
):
|
|
mock_skip.return_value = False
|
|
mock_db_manager.is_user_connected.return_value = False
|
|
mock_db_manager.open_user_database.return_value = MagicMock()
|
|
|
|
from local_deep_research.web.auth.database_middleware import (
|
|
ensure_user_database,
|
|
)
|
|
from flask import session
|
|
|
|
with app.test_request_context("/dashboard"):
|
|
session["username"] = "testuser"
|
|
session["temp_auth_token"] = "test_token_123"
|
|
session["session_id"] = "session_456"
|
|
|
|
ensure_user_database()
|
|
|
|
mock_temp_auth.retrieve_auth.assert_called_once_with(
|
|
"test_token_123"
|
|
)
|
|
|
|
def test_stores_password_in_session_password_store(self):
|
|
"""Should store password in session password store after temp auth."""
|
|
app = Flask(__name__)
|
|
app.secret_key = "test"
|
|
|
|
mock_temp_auth = MagicMock()
|
|
mock_temp_auth.retrieve_auth.return_value = ("testuser", "password123")
|
|
|
|
mock_session_password_store = MagicMock()
|
|
|
|
with (
|
|
patch(
|
|
"local_deep_research.web.auth.database_middleware.should_skip_database_middleware"
|
|
) as mock_skip,
|
|
patch(
|
|
"local_deep_research.web.auth.database_middleware.db_manager"
|
|
) as mock_db_manager,
|
|
patch(
|
|
"local_deep_research.database.temp_auth.temp_auth_store",
|
|
mock_temp_auth,
|
|
),
|
|
patch(
|
|
"local_deep_research.database.session_passwords.session_password_store",
|
|
mock_session_password_store,
|
|
),
|
|
):
|
|
mock_skip.return_value = False
|
|
mock_db_manager.is_user_connected.return_value = False
|
|
mock_db_manager.open_user_database.return_value = MagicMock()
|
|
|
|
from local_deep_research.web.auth.database_middleware import (
|
|
ensure_user_database,
|
|
)
|
|
from flask import session
|
|
|
|
with app.test_request_context("/dashboard"):
|
|
session["username"] = "testuser"
|
|
session["temp_auth_token"] = "test_token_123"
|
|
session["session_id"] = "session_456"
|
|
|
|
ensure_user_database()
|
|
|
|
mock_session_password_store.store_session_password.assert_called_once_with(
|
|
"testuser", "session_456", "password123"
|
|
)
|
|
|
|
def test_retrieves_password_from_session_password_store(self):
|
|
"""Should retrieve password from session password store."""
|
|
app = Flask(__name__)
|
|
app.secret_key = "test"
|
|
|
|
mock_session_password_store = MagicMock()
|
|
mock_session_password_store.get_session_password.return_value = (
|
|
"stored_password"
|
|
)
|
|
|
|
with (
|
|
patch(
|
|
"local_deep_research.web.auth.database_middleware.should_skip_database_middleware"
|
|
) as mock_skip,
|
|
patch(
|
|
"local_deep_research.web.auth.database_middleware.db_manager"
|
|
) as mock_db_manager,
|
|
patch(
|
|
"local_deep_research.database.session_passwords.session_password_store",
|
|
mock_session_password_store,
|
|
),
|
|
):
|
|
mock_skip.return_value = False
|
|
mock_db_manager.is_user_connected.return_value = False
|
|
mock_db_manager.open_user_database.return_value = MagicMock()
|
|
|
|
from local_deep_research.web.auth.database_middleware import (
|
|
ensure_user_database,
|
|
)
|
|
from flask import session
|
|
|
|
with app.test_request_context("/dashboard"):
|
|
session["username"] = "testuser"
|
|
session["session_id"] = "session_456"
|
|
|
|
ensure_user_database()
|
|
|
|
mock_session_password_store.get_session_password.assert_called_with(
|
|
"testuser", "session_456"
|
|
)
|
|
|
|
def test_uses_dummy_password_for_unencrypted_db(self):
|
|
"""Should use dummy password for unencrypted database."""
|
|
app = Flask(__name__)
|
|
app.secret_key = "test"
|
|
|
|
with (
|
|
patch(
|
|
"local_deep_research.web.auth.database_middleware.should_skip_database_middleware"
|
|
) as mock_skip,
|
|
patch(
|
|
"local_deep_research.web.auth.database_middleware.db_manager"
|
|
) as mock_db_manager,
|
|
):
|
|
mock_skip.return_value = False
|
|
mock_db_manager.has_encryption = False
|
|
mock_db_manager.is_user_connected.return_value = False
|
|
mock_db_manager.open_user_database.return_value = MagicMock()
|
|
|
|
from local_deep_research.web.auth.database_middleware import (
|
|
ensure_user_database,
|
|
)
|
|
from flask import session
|
|
|
|
with app.test_request_context("/dashboard"):
|
|
session["username"] = "testuser"
|
|
|
|
ensure_user_database()
|
|
|
|
mock_db_manager.open_user_database.assert_called_with(
|
|
"testuser", "dummy"
|
|
)
|
|
|
|
def test_sets_db_initialized_flag(self):
|
|
"""Should set _db_initialized flag when database is opened."""
|
|
app = Flask(__name__)
|
|
app.secret_key = "test"
|
|
|
|
with (
|
|
patch(
|
|
"local_deep_research.web.auth.database_middleware.should_skip_database_middleware"
|
|
) as mock_skip,
|
|
patch(
|
|
"local_deep_research.web.auth.database_middleware.db_manager"
|
|
) as mock_db_manager,
|
|
):
|
|
mock_skip.return_value = False
|
|
mock_db_manager.has_encryption = False
|
|
mock_db_manager.is_user_connected.return_value = False
|
|
mock_db_manager.open_user_database.return_value = MagicMock()
|
|
|
|
from local_deep_research.web.auth.database_middleware import (
|
|
ensure_user_database,
|
|
)
|
|
from flask import g, session
|
|
|
|
with app.test_request_context("/dashboard"):
|
|
session["username"] = "testuser"
|
|
|
|
ensure_user_database()
|
|
|
|
assert g._db_initialized is True
|
|
|
|
def test_sets_g_username(self):
|
|
"""Should set g.username."""
|
|
app = Flask(__name__)
|
|
app.secret_key = "test"
|
|
|
|
with (
|
|
patch(
|
|
"local_deep_research.web.auth.database_middleware.should_skip_database_middleware"
|
|
) as mock_skip,
|
|
patch(
|
|
"local_deep_research.web.auth.database_middleware.db_manager"
|
|
) as mock_db_manager,
|
|
):
|
|
mock_skip.return_value = False
|
|
mock_db_manager.has_encryption = False
|
|
mock_db_manager.is_user_connected.return_value = False
|
|
mock_db_manager.open_user_database.return_value = MagicMock()
|
|
|
|
from local_deep_research.web.auth.database_middleware import (
|
|
ensure_user_database,
|
|
)
|
|
from flask import g, session
|
|
|
|
with app.test_request_context("/dashboard"):
|
|
session["username"] = "testuser"
|
|
|
|
ensure_user_database()
|
|
|
|
assert g.username == "testuser"
|
|
|
|
def test_handles_exception_gracefully(self):
|
|
"""Should handle exceptions gracefully without raising."""
|
|
app = Flask(__name__)
|
|
app.secret_key = "test"
|
|
|
|
with (
|
|
patch(
|
|
"local_deep_research.web.auth.database_middleware.should_skip_database_middleware"
|
|
) as mock_skip,
|
|
patch(
|
|
"local_deep_research.web.auth.database_middleware.db_manager"
|
|
) as mock_db_manager,
|
|
):
|
|
mock_skip.return_value = False
|
|
mock_db_manager.has_encryption = False
|
|
mock_db_manager.is_user_connected.side_effect = Exception(
|
|
"DB error"
|
|
)
|
|
|
|
from local_deep_research.web.auth.database_middleware import (
|
|
ensure_user_database,
|
|
)
|
|
from flask import session
|
|
|
|
with app.test_request_context("/dashboard"):
|
|
session["username"] = "testuser"
|
|
|
|
# Should not raise exception
|
|
ensure_user_database()
|
|
|
|
def test_skips_temp_auth_if_username_mismatch(self):
|
|
"""Should skip temp auth if stored username doesn't match session."""
|
|
app = Flask(__name__)
|
|
app.secret_key = "test"
|
|
|
|
mock_temp_auth = MagicMock()
|
|
mock_temp_auth.retrieve_auth.return_value = (
|
|
"different_user",
|
|
"password123",
|
|
)
|
|
|
|
mock_session_password_store = MagicMock()
|
|
mock_session_password_store.get_session_password.return_value = None
|
|
|
|
with (
|
|
patch(
|
|
"local_deep_research.web.auth.database_middleware.should_skip_database_middleware"
|
|
) as mock_skip,
|
|
patch(
|
|
"local_deep_research.database.temp_auth.temp_auth_store",
|
|
mock_temp_auth,
|
|
),
|
|
patch(
|
|
"local_deep_research.database.session_passwords.session_password_store",
|
|
mock_session_password_store,
|
|
),
|
|
patch(
|
|
"local_deep_research.web.auth.database_middleware.db_manager"
|
|
) as mock_db_manager,
|
|
):
|
|
mock_skip.return_value = False
|
|
mock_db_manager.has_encryption = True
|
|
|
|
from local_deep_research.web.auth.database_middleware import (
|
|
ensure_user_database,
|
|
)
|
|
from flask import session
|
|
|
|
with app.test_request_context("/dashboard"):
|
|
session["username"] = "testuser"
|
|
session["temp_auth_token"] = "test_token_123"
|
|
|
|
ensure_user_database()
|
|
|
|
# Should not have stored password since username didn't match
|
|
mock_session_password_store.store_session_password.assert_not_called()
|
|
|
|
def test_skips_open_when_already_connected(self):
|
|
"""Should skip open_user_database when user is already connected."""
|
|
app = Flask(__name__)
|
|
app.secret_key = "test"
|
|
|
|
with (
|
|
patch(
|
|
"local_deep_research.web.auth.database_middleware.should_skip_database_middleware"
|
|
) as mock_skip,
|
|
patch(
|
|
"local_deep_research.web.auth.database_middleware.db_manager"
|
|
) as mock_db_manager,
|
|
):
|
|
mock_skip.return_value = False
|
|
mock_db_manager.has_encryption = False
|
|
mock_db_manager.is_user_connected.return_value = True
|
|
|
|
from local_deep_research.web.auth.database_middleware import (
|
|
ensure_user_database,
|
|
)
|
|
from flask import g, session
|
|
|
|
with app.test_request_context("/dashboard"):
|
|
session["username"] = "testuser"
|
|
|
|
ensure_user_database()
|
|
|
|
mock_db_manager.open_user_database.assert_not_called()
|
|
assert g._db_initialized is True
|
|
|
|
def test_returns_when_open_user_database_returns_none(self):
|
|
"""Should return early when open_user_database returns None."""
|
|
app = Flask(__name__)
|
|
app.secret_key = "test"
|
|
|
|
with (
|
|
patch(
|
|
"local_deep_research.web.auth.database_middleware.should_skip_database_middleware"
|
|
) as mock_skip,
|
|
patch(
|
|
"local_deep_research.web.auth.database_middleware.db_manager"
|
|
) as mock_db_manager,
|
|
):
|
|
mock_skip.return_value = False
|
|
mock_db_manager.has_encryption = False
|
|
mock_db_manager.is_user_connected.return_value = False
|
|
mock_db_manager.open_user_database.return_value = None
|
|
|
|
from local_deep_research.web.auth.database_middleware import (
|
|
ensure_user_database,
|
|
)
|
|
from flask import g, session
|
|
|
|
with app.test_request_context("/dashboard"):
|
|
session["username"] = "testuser"
|
|
|
|
ensure_user_database()
|
|
|
|
assert not getattr(g, "_db_initialized", False)
|