Files
wehub-resource-sync 1443d3fdf9
Ruff Format Check / Ruff Format & Lint (push) Failing after 7m39s
Deploy VitePress site to Pages / build (push) Failing after 9m11s
Deploy VitePress site to Pages / Deploy (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:32:26 +08:00

191 lines
7.5 KiB
Python

"""
Integration tests for API Key router endpoints.
"""
from __future__ import annotations
import pytest
pytestmark = [pytest.mark.asyncio, pytest.mark.integration]
API_KEYS_PATH = "/api/user/apikey/"
# 受登录保护的轻量端点,用于验证 Bearer 鉴权(API Key / JWT)是否生效,无需执行智能体
PROTECTED_PATH = "/api/agent"
async def test_list_api_keys_requires_auth(test_client):
"""List API keys should require authentication."""
response = await test_client.get(API_KEYS_PATH)
assert response.status_code == 401
async def test_list_api_keys_requires_admin(test_client, admin_headers):
"""List API keys should require admin privileges."""
response = await test_client.get(API_KEYS_PATH, headers=admin_headers)
assert response.status_code == 200, response.text
data = response.json()
assert "api_keys" in data
assert "total" in data
async def test_create_api_key(test_client, admin_headers):
"""Admin should be able to create a new API key."""
payload = {
"name": "Test API Key",
}
response = await test_client.post(API_KEYS_PATH, json=payload, headers=admin_headers)
assert response.status_code == 200, response.text
data = response.json()
assert "api_key" in data
assert "secret" in data
assert data["api_key"]["name"] == "Test API Key"
assert data["api_key"]["key_prefix"].startswith("yxkey_")
assert data["secret"].startswith(data["api_key"]["key_prefix"])
async def test_get_api_key(test_client, admin_headers):
"""Admin should be able to get a single API key."""
# First create a key
create_response = await test_client.post(API_KEYS_PATH, json={"name": "Get Test"}, headers=admin_headers)
assert create_response.status_code == 200
created = create_response.json()["api_key"]
# Then retrieve it
response = await test_client.get(f"{API_KEYS_PATH}{created['id']}", headers=admin_headers)
assert response.status_code == 200, response.text
data = response.json()
assert data["api_key"]["id"] == created["id"]
assert data["api_key"]["name"] == "Get Test"
async def test_update_api_key(test_client, admin_headers):
"""Admin should be able to update an API key."""
# Create a key
create_response = await test_client.post(API_KEYS_PATH, json={"name": "Update Test"}, headers=admin_headers)
assert create_response.status_code == 200
created = create_response.json()["api_key"]
# Update it
response = await test_client.put(
f"{API_KEYS_PATH}{created['id']}",
json={"name": "Updated Name", "is_enabled": False},
headers=admin_headers,
)
assert response.status_code == 200, response.text
data = response.json()
assert data["api_key"]["name"] == "Updated Name"
assert data["api_key"]["is_enabled"] is False
async def test_delete_api_key(test_client, admin_headers):
"""Admin should be able to delete an API key."""
# Create a key
create_response = await test_client.post(API_KEYS_PATH, json={"name": "Delete Test"}, headers=admin_headers)
assert create_response.status_code == 200
created = create_response.json()["api_key"]
# Delete it
response = await test_client.delete(f"{API_KEYS_PATH}{created['id']}", headers=admin_headers)
assert response.status_code == 200, response.text
assert response.json()["success"] is True
# Verify it's gone
get_response = await test_client.get(f"{API_KEYS_PATH}{created['id']}", headers=admin_headers)
assert get_response.status_code == 404
async def test_regenerate_api_key(test_client, admin_headers):
"""Admin should be able to regenerate an API key."""
# Create a key
create_response = await test_client.post(API_KEYS_PATH, json={"name": "Regenerate Test"}, headers=admin_headers)
assert create_response.status_code == 200
original_secret = create_response.json()["secret"]
created = create_response.json()["api_key"]
# Regenerate it
response = await test_client.post(f"{API_KEYS_PATH}{created['id']}/regenerate", headers=admin_headers)
assert response.status_code == 200, response.text
data = response.json()
assert "secret" in data
assert data["secret"] != original_secret
assert data["api_key"]["key_prefix"] != original_secret[:12]
async def test_api_key_auth_protected_endpoint(test_client, admin_headers):
"""Test that API Key can be used to authenticate to a protected endpoint via Bearer token."""
# Create an API key
create_response = await test_client.post(API_KEYS_PATH, json={"name": "Auth Test"}, headers=admin_headers)
assert create_response.status_code == 200
api_key_secret = create_response.json()["secret"]
created = create_response.json()["api_key"]
try:
response = await test_client.get(
PROTECTED_PATH,
headers={"Authorization": f"Bearer {api_key_secret}"},
)
assert response.status_code == 200, response.text
finally:
# Cleanup: delete the test API key
await test_client.delete(f"{API_KEYS_PATH}{created['id']}", headers=admin_headers)
async def test_api_key_auth_requires_valid_key(test_client):
"""Test that invalid API Key is rejected."""
# Call protected endpoint with invalid API Key
response = await test_client.get(
PROTECTED_PATH,
headers={"Authorization": "Bearer yxkey_invalid_key_that_does_not_exist"},
)
assert response.status_code == 401, response.text
async def test_api_key_auth_requires_bearer_prefix(test_client, admin_headers):
"""Test that API Key must be prefixed with 'Bearer '."""
# Create an API key
admin_response = await test_client.post(API_KEYS_PATH, json={"name": "Prefix Test"}, headers=admin_headers)
assert admin_response.status_code == 200
api_key_secret = admin_response.json()["secret"]
created = admin_response.json()["api_key"]
try:
# Call without Bearer prefix should fail
response = await test_client.get(
PROTECTED_PATH,
headers={"Authorization": api_key_secret}, # Missing "Bearer " prefix
)
assert response.status_code == 401, response.text
finally:
# Cleanup: delete the test API key
await test_client.delete(f"{API_KEYS_PATH}{created['id']}", headers=admin_headers)
async def test_jwt_still_works_after_apikey_auth(test_client, admin_headers):
"""Test that JWT Bearer tokens still work after API Key changes."""
# Call protected endpoint with JWT Bearer token (admin_headers)
response = await test_client.get(PROTECTED_PATH, headers=admin_headers)
assert response.status_code == 200, response.text
async def test_api_key_auto_binds_to_current_user(test_client, admin_headers):
"""Test that API Key created without user_id is auto-bound to creator."""
# Create API key as admin
create_response = await test_client.post(API_KEYS_PATH, json={"name": "Auto Bind Test"}, headers=admin_headers)
assert create_response.status_code == 200
created = create_response.json()["api_key"]
try:
# Verify user_id is set (auto-bound to admin)
assert created["user_id"] is not None, "API Key should be auto-bound to creator"
# Verify the key can be used for auth
api_key_secret = create_response.json()["secret"]
response = await test_client.get(
PROTECTED_PATH,
headers={"Authorization": f"Bearer {api_key_secret}"},
)
assert response.status_code == 200, response.text
finally:
# Cleanup: delete the test API key
await test_client.delete(f"{API_KEYS_PATH}{created['id']}", headers=admin_headers)